* Copyright © 2017-2018 WireGuard LLC. All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0
package com.wireguard.config;
import android.support.annotation.Nullable;
import com.wireguard.crypto.Key;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import java.util.Set;
import java9.util.Optional;
import java9.util.stream.Collectors;
import java9.util.stream.Stream;
* Represents the configuration for a WireGuard peer (a [Peer] block). Peers must have a public key,
* and may optionally have several other attributes.
* Instances of this class are immutable.
public final class Peer {
private final Set allowedIps;
private final Optional endpoint;
private final Optional persistentKeepalive;
private final Optional preSharedKey;
private final Key publicKey;
private Peer(final Builder builder) {
if (builder.publicKey == null)
throw new IllegalArgumentException("Peers must have a public key");
// Defensively copy to ensure immutability even if the Builder is reused.
allowedIps = Collections.unmodifiableSet(new LinkedHashSet<>(builder.allowedIps));
endpoint = builder.endpoint;
persistentKeepalive = builder.persistentKeepalive;
preSharedKey = builder.preSharedKey;
publicKey = builder.publicKey;
* Parses an series of "KEY = VALUE" lines into a {@code Peer}. Throws {@link ParseException} if
* the input is not well-formed or contains unknown attributes.
* @param lines an iterable sequence of lines, containing at least a public key attribute
* @return a {@code Peer} with all of its attributes set from {@code lines}
public static Peer parse(final Iterable extends CharSequence> lines) throws ParseException {
final Builder builder = new Builder();
for (final CharSequence line : lines) {
final Attribute attribute = Attribute.parse(line)
.orElseThrow(() -> new ParseException("[Peer]", line, "Syntax error"));
switch (attribute.getKey().toLowerCase(Locale.ENGLISH)) {
case "allowedips":
case "endpoint":
case "persistentkeepalive":
case "presharedkey":
case "publickey":
throw new ParseException("[Peer]", line, "Unknown attribute");
return builder.build();
public boolean equals(final Object obj) {
if (!(obj instanceof Peer))
return false;
final Peer other = (Peer) obj;
return allowedIps.equals(other.allowedIps)
&& endpoint.equals(other.endpoint)
&& persistentKeepalive.equals(other.persistentKeepalive)
&& preSharedKey.equals(other.preSharedKey)
&& publicKey.equals(other.publicKey);
* Returns the peer's set of allowed IPs.
* @return the set of allowed IPs
public Set getAllowedIps() {
// The collection is already immutable.
return allowedIps;
* Returns the peer's endpoint.
* @return the endpoint, or {@code Optional.empty()} if none is configured
public Optional getEndpoint() {
return endpoint;
* Returns the peer's persistent keepalive.
* @return the persistent keepalive, or {@code Optional.empty()} if none is configured
public Optional getPersistentKeepalive() {
return persistentKeepalive;
* Returns the peer's pre-shared key.
* @return the pre-shared key, or {@code Optional.empty()} if none is configured
public Optional getPreSharedKey() {
return preSharedKey;
* Returns the peer's public key.
* @return the public key
public Key getPublicKey() {
return publicKey;
public int hashCode() {
int hash = 1;
hash = 31 * hash + allowedIps.hashCode();
hash = 31 * hash + endpoint.hashCode();
hash = 31 * hash + persistentKeepalive.hashCode();
hash = 31 * hash + preSharedKey.hashCode();
hash = 31 * hash + publicKey.hashCode();
return hash;
* Converts the {@code Peer} into a string suitable for debugging purposes. The {@code Peer} is
* identified by its public key and (if known) its endpoint.
* @return a concise single-line identifier for the {@code Peer}
public String toString() {
final StringBuilder sb = new StringBuilder("(Peer ");
endpoint.ifPresent(ep -> sb.append(" @").append(ep));
return sb.toString();
* Converts the {@code Peer} into a string suitable for inclusion in a {@code wg-quick}
* configuration file.
* @return the {@code Peer} represented as a series of "Key = Value" lines
public String toWgQuickString() {
final StringBuilder sb = new StringBuilder();
if (!allowedIps.isEmpty())
sb.append("AllowedIPs = ").append(Attribute.join(allowedIps)).append('\n');
endpoint.ifPresent(ep -> sb.append("Endpoint = ").append(ep).append('\n'));
persistentKeepalive.ifPresent(pk -> sb.append("PersistentKeepalive = ").append(pk).append('\n'));
preSharedKey.ifPresent(psk -> sb.append("PreSharedKey = ").append(psk.toBase64()).append('\n'));
sb.append("PublicKey = ").append(publicKey.toBase64()).append('\n');
return sb.toString();
* Serializes the {@code Peer} for use with the WireGuard cross-platform userspace API. Note
* that not all attributes are included in this representation.
* @return the {@code Peer} represented as a series of "key=value" lines
public String toWgUserspaceString() {
final StringBuilder sb = new StringBuilder();
// The order here is important: public_key signifies the beginning of a new peer.
for (final InetNetwork allowedIp : allowedIps)
endpoint.flatMap(InetEndpoint::getResolved).ifPresent(ep -> sb.append("endpoint=").append(ep).append('\n'));
persistentKeepalive.ifPresent(pk -> sb.append("persistent_keepalive_interval=").append(pk).append('\n'));
preSharedKey.ifPresent(psk -> sb.append("preshared_key=").append(psk.toHex()).append('\n'));
return sb.toString();
public static final class Builder {
// See wg(8)
private static final int MAX_PERSISTENT_KEEPALIVE = 65535;
// Defaults to an empty set.
private final Set allowedIps = new LinkedHashSet<>();
// Defaults to not present.
private Optional endpoint = Optional.empty();
// Defaults to not present.
private Optional persistentKeepalive = Optional.empty();
// Defaults to not present.
private Optional preSharedKey = Optional.empty();
// No default; must be provided before building.
@Nullable private Key publicKey;
public Builder addAllowedIp(final InetNetwork allowedIp) {
return this;
public Builder addAllowedIps(final Collection allowedIps) {
return this;
public Peer build() {
return new Peer(this);
public Builder parseAllowedIPs(final CharSequence allowedIps) throws ParseException {
try {
final List parsed = Stream.of(Attribute.split(allowedIps))
return addAllowedIps(parsed);
} catch (final IllegalArgumentException e) {
throw new ParseException("AllowedIPs", allowedIps, e);
public Builder parseEndpoint(final String endpoint) throws ParseException {
try {
return setEndpoint(InetEndpoint.parse(endpoint));
} catch (final IllegalArgumentException e) {
throw new ParseException("Endpoint", endpoint, e);
public Builder parsePersistentKeepalive(final String persistentKeepalive) throws ParseException {
try {
return setPersistentKeepalive(Integer.parseInt(persistentKeepalive));
} catch (final IllegalArgumentException e) {
throw new ParseException("PersistentKeepalive", persistentKeepalive, e);
public Builder parsePreSharedKey(final String preSharedKey) throws ParseException {
try {
return setPreSharedKey(Key.fromBase64(preSharedKey));
} catch (final Key.KeyFormatException e) {
throw new ParseException("PresharedKey", preSharedKey, e);
public Builder parsePublicKey(final String publicKey) throws ParseException {
try {
return setPublicKey(Key.fromBase64(publicKey));
} catch (final Key.KeyFormatException e) {
throw new ParseException("PublicKey", publicKey, e);
public Builder setEndpoint(final InetEndpoint endpoint) {
this.endpoint = Optional.of(endpoint);
return this;
public Builder setPersistentKeepalive(final int persistentKeepalive) {
if (persistentKeepalive < 0 || persistentKeepalive > MAX_PERSISTENT_KEEPALIVE)
throw new IllegalArgumentException("Invalid value for PersistentKeepalive");
this.persistentKeepalive = persistentKeepalive == 0 ?
Optional.empty() : Optional.of(persistentKeepalive);
return this;
public Builder setPreSharedKey(final Key preSharedKey) {
this.preSharedKey = Optional.of(preSharedKey);
return this;
public Builder setPublicKey(final Key publicKey) {
this.publicKey = publicKey;
return this;