#!/usr/bin/env python3

from datetime import datetime
from subprocess import check_output
from sys import exit

# get wireguard interface names
try:
    interfaces = check_output(['wg', 'show', 'interfaces']).split()
except Exception as e:
    print('UNKNOWN: ' + repr(e))
    exit(3)

if len(interfaces) == 0:
    print('CRITICAL: no wireguard interfaces found!')
    exit(0)

now = datetime.timestamp(datetime.now())
warn = set()
critical = set()

for interface in interfaces:
    try:
        result = check_output(['wg', 'show', interface, 'latest-handshakes']).decode('utf-8').split('\n')
    except Exception as e:
        critical.add('{}: {}'.format(interface, repr(e)))
        continue

    for line in result:
        if len(line) == 0:
            continue

        pubkey, last_handshake = line.split()
        overdue = now - int(last_handshake) - 120

        if overdue > 15:
            critical.add('{}: {} is more than 120 seconds late'.format(interface, pubkey))
        elif overdue > 120:
            warn.add('{}: {} is more than 15 seconds late'.format(interface, pubkey))


for line in sorted(critical):
    print(line)

for line in sorted(warn):
    print(line)


if len(critical):
    exit(2)
elif len(warn):
    exit(1)
else:
    print('OK')
    exit(0)