Move model helpers to model directory

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

4 files changed, 463 insertions, 0 deletions

diff --git a/WireGuard/Shared/Model/LegacyConfigMigration.swift b/WireGuard/Shared/Model/LegacyConfigMigration.swift
new file mode 100644
index 0000000..b67301f
--- /dev/null
+++ b/WireGuard/Shared/Model/LegacyConfigMigration.swift
@@ -0,0 +1,193 @@
+// SPDX-License-Identifier: MIT
+// Copyright © 2018 WireGuard LLC. All Rights Reserved.
+
+import Foundation
+import Network
+import NetworkExtension
+
+protocol LegacyModel: Decodable {
+    associatedtype Model
+
+    var migrated: Model { get }
+}
+
+struct LegacyDNSServer: LegacyModel {
+    let address: IPAddress
+
+    var migrated: DNSServer {
+        return DNSServer(address: address)
+    }
+
+    init(from decoder: Decoder) throws {
+        let container = try decoder.singleValueContainer()
+        var data = try container.decode(Data.self)
+        let ipAddressFromData: IPAddress? = {
+            switch data.count {
+            case 4: return IPv4Address(data)
+            case 16: return IPv6Address(data)
+            default: return nil
+            }
+        }()
+        guard let ipAddress = ipAddressFromData else {
+            throw DecodingError.invalidData
+        }
+        address = ipAddress
+    }
+
+    enum DecodingError: Error {
+        case invalidData
+    }
+}
+
+extension Array where Element == LegacyDNSServer {
+    var migrated: [DNSServer] {
+        return map { $0.migrated }
+    }
+}
+
+struct LegacyEndpoint: LegacyModel {
+    let host: Network.NWEndpoint.Host
+    let port: Network.NWEndpoint.Port
+
+    var migrated: Endpoint {
+        return Endpoint(host: host, port: port)
+    }
+
+    public init(from decoder: Decoder) throws {
+        let container = try decoder.singleValueContainer()
+        let endpointString = try container.decode(String.self)
+        guard !endpointString.isEmpty else { throw DecodingError.invalidData }
+        let startOfPort: String.Index
+        let hostString: String
+        if endpointString.first! == "[" {
+            // Look for IPv6-style endpoint, like [::1]:80
+            let startOfHost = endpointString.index(after: endpointString.startIndex)
+            guard let endOfHost = endpointString.dropFirst().firstIndex(of: "]") else { throw DecodingError.invalidData }
+            let afterEndOfHost = endpointString.index(after: endOfHost)
+            guard endpointString[afterEndOfHost] == ":" else { throw DecodingError.invalidData }
+            startOfPort = endpointString.index(after: afterEndOfHost)
+            hostString = String(endpointString[startOfHost ..< endOfHost])
+        } else {
+            // Look for an IPv4-style endpoint, like 127.0.0.1:80
+            guard let endOfHost = endpointString.firstIndex(of: ":") else { throw DecodingError.invalidData }
+            startOfPort = endpointString.index(after: endOfHost)
+            hostString = String(endpointString[endpointString.startIndex ..< endOfHost])
+        }
+        guard let endpointPort = NWEndpoint.Port(String(endpointString[startOfPort ..< endpointString.endIndex])) else { throw DecodingError.invalidData }
+        let invalidCharacterIndex = hostString.unicodeScalars.firstIndex { char in
+            return !CharacterSet.urlHostAllowed.contains(char)
+        }
+        guard invalidCharacterIndex == nil else { throw DecodingError.invalidData }
+        host = NWEndpoint.Host(hostString)
+        port = endpointPort
+    }
+
+    enum DecodingError: Error {
+        case invalidData
+    }
+}
+
+struct LegacyInterfaceConfiguration: LegacyModel {
+    let name: String
+    let privateKey: Data
+    let addresses: [LegacyIPAddressRange]
+    let listenPort: UInt16?
+    let mtu: UInt16?
+    let dns: [LegacyDNSServer]
+
+    var migrated: InterfaceConfiguration {
+        var interface = InterfaceConfiguration(privateKey: privateKey)
+        interface.addresses = addresses.migrated
+        interface.listenPort = listenPort
+        interface.mtu = mtu
+        interface.dns = dns.migrated
+        return interface
+    }
+}
+
+struct LegacyIPAddressRange: LegacyModel {
+    let address: IPAddress
+    let networkPrefixLength: UInt8
+
+    var migrated: IPAddressRange {
+        return IPAddressRange(address: address, networkPrefixLength: networkPrefixLength)
+    }
+
+    public init(from decoder: Decoder) throws {
+        let container = try decoder.singleValueContainer()
+        var data = try container.decode(Data.self)
+        networkPrefixLength = data.removeLast()
+        let ipAddressFromData: IPAddress? = {
+            switch data.count {
+            case 4: return IPv4Address(data)
+            case 16: return IPv6Address(data)
+            default: return nil
+            }
+        }()
+        guard let ipAddress = ipAddressFromData else { throw DecodingError.invalidData }
+        address = ipAddress
+    }
+
+    enum DecodingError: Error {
+        case invalidData
+    }
+}
+
+extension Array where Element == LegacyIPAddressRange {
+    var migrated: [IPAddressRange] {
+        return map { $0.migrated }
+    }
+}
+
+struct LegacyPeerConfiguration: LegacyModel {
+    let publicKey: Data
+    let preSharedKey: Data?
+    let allowedIPs: [LegacyIPAddressRange]
+    let endpoint: LegacyEndpoint?
+    let persistentKeepAlive: UInt16?
+
+    var migrated: PeerConfiguration {
+        var configuration = PeerConfiguration(publicKey: publicKey)
+        configuration.preSharedKey = preSharedKey
+        configuration.allowedIPs = allowedIPs.migrated
+        configuration.endpoint = endpoint?.migrated
+        configuration.persistentKeepAlive = persistentKeepAlive
+        return configuration
+    }
+}
+
+extension Array where Element == LegacyPeerConfiguration {
+    var migrated: [PeerConfiguration] {
+        return map { $0.migrated }
+    }
+}
+
+final class LegacyTunnelConfiguration: LegacyModel {
+    let interface: LegacyInterfaceConfiguration
+    let peers: [LegacyPeerConfiguration]
+
+    var migrated: TunnelConfiguration {
+        return TunnelConfiguration(name: interface.name, interface: interface.migrated, peers: peers.migrated)
+    }
+}
+
+extension NETunnelProviderProtocol {
+
+    @discardableResult
+    func migrateConfigurationIfNeeded() -> Bool {
+        guard let configurationVersion = providerConfiguration?["tunnelConfigurationVersion"] as? Int else { return false }
+        if configurationVersion == 1 {
+            migrateFromConfigurationV1()
+        } else {
+            fatalError("No migration from configuration version \(configurationVersion) exists.")
+        }
+        return true
+    }
+
+    private func migrateFromConfigurationV1() {
+        guard let serializedTunnelConfiguration = providerConfiguration?["tunnelConfiguration"] as? Data else { return }
+        guard let configuration = try? JSONDecoder().decode(LegacyTunnelConfiguration.self, from: serializedTunnelConfiguration) else { return }
+        providerConfiguration = [Keys.wgQuickConfig.rawValue: configuration.migrated.asWgQuickConfig()]
+    }
+
+}
diff --git a/WireGuard/Shared/Model/NETunnelProviderProtocol+Extension.swift b/WireGuard/Shared/Model/NETunnelProviderProtocol+Extension.swift
new file mode 100644
index 0000000..98634fd
--- /dev/null
+++ b/WireGuard/Shared/Model/NETunnelProviderProtocol+Extension.swift
@@ -0,0 +1,38 @@
+// SPDX-License-Identifier: MIT
+// Copyright © 2018 WireGuard LLC. All Rights Reserved.
+
+import NetworkExtension
+
+extension NETunnelProviderProtocol {
+
+    enum Keys: String {
+        case wgQuickConfig = "WgQuickConfig"
+    }
+
+    convenience init?(tunnelConfiguration: TunnelConfiguration) {
+        self.init()
+
+        let appId = Bundle.main.bundleIdentifier!
+        providerBundleIdentifier = "\(appId).network-extension"
+        providerConfiguration = [Keys.wgQuickConfig.rawValue: tunnelConfiguration.asWgQuickConfig()]
+
+        let endpoints = tunnelConfiguration.peers.compactMap { $0.endpoint }
+        if endpoints.count == 1 {
+            serverAddress = endpoints[0].stringRepresentation
+        } else if endpoints.isEmpty {
+            serverAddress = "Unspecified"
+        } else {
+            serverAddress = "Multiple endpoints"
+        }
+
+        //TODO(roopc): Why are we doing this? Just for kicks? Is it useful? Seems needless.
+        username = tunnelConfiguration.name
+    }
+
+    func asTunnelConfiguration(called name: String? = nil) -> TunnelConfiguration? {
+        migrateConfigurationIfNeeded()
+        guard let serializedConfig = providerConfiguration?[Keys.wgQuickConfig.rawValue] as? String else { return nil }
+        return try? TunnelConfiguration(fromWgQuickConfig: serializedConfig, called: name)
+    }
+
+}
diff --git a/WireGuard/Shared/Model/String+ArrayConversion.swift b/WireGuard/Shared/Model/String+ArrayConversion.swift
new file mode 100644
index 0000000..6a3e794
--- /dev/null
+++ b/WireGuard/Shared/Model/String+ArrayConversion.swift
@@ -0,0 +1,32 @@
+// SPDX-License-Identifier: MIT
+// Copyright © 2018 WireGuard LLC. All Rights Reserved.
+
+import Foundation
+
+extension String {
+
+    func splitToArray(separator: Character = ",", trimmingCharacters: CharacterSet? = nil) -> [String] {
+        return split(separator: separator)
+            .map {
+                if let charSet = trimmingCharacters {
+                    return $0.trimmingCharacters(in: charSet)
+                } else {
+                    return String($0)
+                }
+        }
+    }
+
+}
+
+extension Optional where Wrapped == String {
+
+    func splitToArray(separator: Character = ",", trimmingCharacters: CharacterSet? = nil) -> [String] {
+        switch self {
+        case .none:
+            return []
+        case .some(let wrapped):
+            return wrapped.splitToArray(separator: separator, trimmingCharacters: trimmingCharacters)
+        }
+    }
+
+}
diff --git a/WireGuard/Shared/Model/TunnelConfiguration+WgQuickConfig.swift b/WireGuard/Shared/Model/TunnelConfiguration+WgQuickConfig.swift
new file mode 100644
index 0000000..94e1079
--- /dev/null
+++ b/WireGuard/Shared/Model/TunnelConfiguration+WgQuickConfig.swift
@@ -0,0 +1,200 @@
+// SPDX-License-Identifier: MIT
+// Copyright © 2018 WireGuard LLC. All Rights Reserved.
+
+import Foundation
+
+extension TunnelConfiguration {
+
+    enum ParserState {
+        case inInterfaceSection
+        case inPeerSection
+        case notInASection
+    }
+
+    enum ParseError: Error {
+        case invalidLine(_ line: String.SubSequence)
+        case noInterface
+        case invalidInterface
+        case multipleInterfaces
+        case multiplePeersWithSamePublicKey
+        case invalidPeer
+    }
+
+    //swiftlint:disable:next function_body_length cyclomatic_complexity
+    convenience init(fromWgQuickConfig wgQuickConfig: String, called name: String? = nil) throws {
+        var interfaceConfiguration: InterfaceConfiguration?
+        var peerConfigurations = [PeerConfiguration]()
+
+        let lines = wgQuickConfig.split(separator: "\n")
+
+        var parserState = ParserState.notInASection
+        var attributes = [String: String]()
+
+        for (lineIndex, line) in lines.enumerated() {
+            var trimmedLine: String
+            if let commentRange = line.range(of: "#") {
+                trimmedLine = String(line[..<commentRange.lowerBound])
+            } else {
+                trimmedLine = String(line)
+            }
+
+            trimmedLine = trimmedLine.trimmingCharacters(in: .whitespaces)
+
+            guard !trimmedLine.isEmpty else { continue }
+            let lowercasedLine = line.lowercased()
+
+            if let equalsIndex = line.firstIndex(of: "=") {
+                // Line contains an attribute
+                let key = line[..<equalsIndex].trimmingCharacters(in: .whitespaces).lowercased()
+                let value = line[line.index(equalsIndex, offsetBy: 1)...].trimmingCharacters(in: .whitespaces)
+                let keysWithMultipleEntriesAllowed: Set<String> = ["address", "allowedips", "dns"]
+                if let presentValue = attributes[key], keysWithMultipleEntriesAllowed.contains(key) {
+                    attributes[key] = presentValue + "," + value
+                } else {
+                    attributes[key] = value
+                }
+            } else if lowercasedLine != "[interface]" && lowercasedLine != "[peer]" {
+                throw ParseError.invalidLine(line)
+            }
+
+            let isLastLine = lineIndex == lines.count - 1
+
+            if isLastLine || lowercasedLine == "[interface]" || lowercasedLine == "[peer]" {
+                // Previous section has ended; process the attributes collected so far
+                if parserState == .inInterfaceSection {
+                    guard let interface = TunnelConfiguration.collate(interfaceAttributes: attributes) else { throw ParseError.invalidInterface }
+                    guard interfaceConfiguration == nil else { throw ParseError.multipleInterfaces }
+                    interfaceConfiguration = interface
+                } else if parserState == .inPeerSection {
+                    guard let peer = TunnelConfiguration.collate(peerAttributes: attributes) else { throw ParseError.invalidPeer }
+                    peerConfigurations.append(peer)
+                }
+            }
+
+            if lowercasedLine == "[interface]" {
+                parserState = .inInterfaceSection
+                attributes.removeAll()
+            } else if lowercasedLine == "[peer]" {
+                parserState = .inPeerSection
+                attributes.removeAll()
+            }
+        }
+
+        let peerPublicKeysArray = peerConfigurations.map { $0.publicKey }
+        let peerPublicKeysSet = Set<Data>(peerPublicKeysArray)
+        if peerPublicKeysArray.count != peerPublicKeysSet.count {
+            throw ParseError.multiplePeersWithSamePublicKey
+        }
+
+        if let interfaceConfiguration = interfaceConfiguration {
+            self.init(name: name, interface: interfaceConfiguration, peers: peerConfigurations)
+        } else {
+            throw ParseError.noInterface
+        }
+    }
+
+    func asWgQuickConfig() -> String {
+        var output = "[Interface]\n"
+        output.append("PrivateKey = \(interface.privateKey.base64EncodedString())\n")
+        if let listenPort = interface.listenPort {
+            output.append("ListenPort = \(listenPort)\n")
+        }
+        if !interface.addresses.isEmpty {
+            let addressString = interface.addresses.map { $0.stringRepresentation }.joined(separator: ", ")
+            output.append("Address = \(addressString)\n")
+        }
+        if !interface.dns.isEmpty {
+            let dnsString = interface.dns.map { $0.stringRepresentation }.joined(separator: ", ")
+            output.append("DNS = \(dnsString)\n")
+        }
+        if let mtu = interface.mtu {
+            output.append("MTU = \(mtu)\n")
+        }
+
+        for peer in peers {
+            output.append("\n[Peer]\n")
+            output.append("PublicKey = \(peer.publicKey.base64EncodedString())\n")
+            if let preSharedKey = peer.preSharedKey {
+                output.append("PresharedKey = \(preSharedKey.base64EncodedString())\n")
+            }
+            if !peer.allowedIPs.isEmpty {
+                let allowedIPsString = peer.allowedIPs.map { $0.stringRepresentation }.joined(separator: ", ")
+                output.append("AllowedIPs = \(allowedIPsString)\n")
+            }
+            if let endpoint = peer.endpoint {
+                output.append("Endpoint = \(endpoint.stringRepresentation)\n")
+            }
+            if let persistentKeepAlive = peer.persistentKeepAlive {
+                output.append("PersistentKeepalive = \(persistentKeepAlive)\n")
+            }
+        }
+
+        return output
+    }
+
+    //swiftlint:disable:next cyclomatic_complexity
+    private static func collate(interfaceAttributes attributes: [String: String]) -> InterfaceConfiguration? {
+        // required wg fields
+        guard let privateKeyString = attributes["privatekey"] else { return nil }
+        guard let privateKey = Data(base64Encoded: privateKeyString), privateKey.count == TunnelConfiguration.keyLength else { return nil }
+        var interface = InterfaceConfiguration(privateKey: privateKey)
+        // other wg fields
+        if let listenPortString = attributes["listenport"] {
+            guard let listenPort = UInt16(listenPortString) else { return nil }
+            interface.listenPort = listenPort
+        }
+        // wg-quick fields
+        if let addressesString = attributes["address"] {
+            var addresses = [IPAddressRange]()
+            for addressString in addressesString.splitToArray(trimmingCharacters: .whitespaces) {
+                guard let address = IPAddressRange(from: addressString) else { return nil }
+                addresses.append(address)
+            }
+            interface.addresses = addresses
+        }
+        if let dnsString = attributes["dns"] {
+            var dnsServers = [DNSServer]()
+            for dnsServerString in dnsString.splitToArray(trimmingCharacters: .whitespaces) {
+                guard let dnsServer = DNSServer(from: dnsServerString) else { return nil }
+                dnsServers.append(dnsServer)
+            }
+            interface.dns = dnsServers
+        }
+        if let mtuString = attributes["mtu"] {
+            guard let mtu = UInt16(mtuString) else { return nil }
+            interface.mtu = mtu
+        }
+        return interface
+    }
+
+    //swiftlint:disable:next cyclomatic_complexity
+    private static func collate(peerAttributes attributes: [String: String]) -> PeerConfiguration? {
+        // required wg fields
+        guard let publicKeyString = attributes["publickey"] else { return nil }
+        guard let publicKey = Data(base64Encoded: publicKeyString), publicKey.count == TunnelConfiguration.keyLength else { return nil }
+        var peer = PeerConfiguration(publicKey: publicKey)
+        // wg fields
+        if let preSharedKeyString = attributes["presharedkey"] {
+            guard let preSharedKey = Data(base64Encoded: preSharedKeyString), preSharedKey.count == TunnelConfiguration.keyLength else { return nil }
+            peer.preSharedKey = preSharedKey
+        }
+        if let allowedIPsString = attributes["allowedips"] {
+            var allowedIPs = [IPAddressRange]()
+            for allowedIPString in allowedIPsString.splitToArray(trimmingCharacters: .whitespacesAndNewlines) {
+                guard let allowedIP = IPAddressRange(from: allowedIPString) else { return nil }
+                allowedIPs.append(allowedIP)
+            }
+            peer.allowedIPs = allowedIPs
+        }
+        if let endpointString = attributes["endpoint"] {
+            guard let endpoint = Endpoint(from: endpointString) else { return nil }
+            peer.endpoint = endpoint
+        }
+        if let persistentKeepAliveString = attributes["persistentkeepalive"] {
+            guard let persistentKeepAlive = UInt16(persistentKeepAliveString) else { return nil }
+            peer.persistentKeepAlive = persistentKeepAlive
+        }
+        return peer
+    }
+
+}