diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-02-06 02:01:12 +0100 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-02-06 06:20:23 +0100 |
commit | ed8dc516dc5aa5b47afec780a69f4a8176e57500 (patch) | |
tree | 2b89fe0412262dd23215e1080665229fac93d43e /WireGuard/Shared/Model | |
parent | Keychain: store configurations in keychain instead of providerConfig (diff) | |
download | wireguard-apple-ed8dc516dc5aa5b47afec780a69f4a8176e57500.tar.xz wireguard-apple-ed8dc516dc5aa5b47afec780a69f4a8176e57500.zip |
LegacyConfig: Remove and support plaintext for .mobileconfig
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'WireGuard/Shared/Model')
-rw-r--r-- | WireGuard/Shared/Model/LegacyConfigMigration.swift | 205 | ||||
-rw-r--r-- | WireGuard/Shared/Model/NETunnelProviderProtocol+Extension.swift | 13 |
2 files changed, 13 insertions, 205 deletions
diff --git a/WireGuard/Shared/Model/LegacyConfigMigration.swift b/WireGuard/Shared/Model/LegacyConfigMigration.swift deleted file mode 100644 index 583e914..0000000 --- a/WireGuard/Shared/Model/LegacyConfigMigration.swift +++ /dev/null @@ -1,205 +0,0 @@ -// SPDX-License-Identifier: MIT -// Copyright © 2018-2019 WireGuard LLC. All Rights Reserved. - -import Foundation -import Network -import NetworkExtension - -protocol LegacyModel: Decodable { - associatedtype Model - - var migrated: Model { get } -} - -struct LegacyDNSServer: LegacyModel { - let address: IPAddress - - var migrated: DNSServer { - return DNSServer(address: address) - } - - init(from decoder: Decoder) throws { - let container = try decoder.singleValueContainer() - var data = try container.decode(Data.self) - let ipAddressFromData: IPAddress? = { - switch data.count { - case 4: return IPv4Address(data) - case 16: return IPv6Address(data) - default: return nil - } - }() - guard let ipAddress = ipAddressFromData else { - throw DecodingError.invalidData - } - address = ipAddress - } - - enum DecodingError: Error { - case invalidData - } -} - -extension Array where Element == LegacyDNSServer { - var migrated: [DNSServer] { - return map { $0.migrated } - } -} - -struct LegacyEndpoint: LegacyModel { - let host: Network.NWEndpoint.Host - let port: Network.NWEndpoint.Port - - var migrated: Endpoint { - return Endpoint(host: host, port: port) - } - - public init(from decoder: Decoder) throws { - let container = try decoder.singleValueContainer() - let endpointString = try container.decode(String.self) - guard !endpointString.isEmpty else { throw DecodingError.invalidData } - let startOfPort: String.Index - let hostString: String - if endpointString.first! == "[" { - // Look for IPv6-style endpoint, like [::1]:80 - let startOfHost = endpointString.index(after: endpointString.startIndex) - guard let endOfHost = endpointString.dropFirst().firstIndex(of: "]") else { throw DecodingError.invalidData } - let afterEndOfHost = endpointString.index(after: endOfHost) - guard endpointString[afterEndOfHost] == ":" else { throw DecodingError.invalidData } - startOfPort = endpointString.index(after: afterEndOfHost) - hostString = String(endpointString[startOfHost ..< endOfHost]) - } else { - // Look for an IPv4-style endpoint, like 127.0.0.1:80 - guard let endOfHost = endpointString.firstIndex(of: ":") else { throw DecodingError.invalidData } - startOfPort = endpointString.index(after: endOfHost) - hostString = String(endpointString[endpointString.startIndex ..< endOfHost]) - } - guard let endpointPort = NWEndpoint.Port(String(endpointString[startOfPort ..< endpointString.endIndex])) else { throw DecodingError.invalidData } - let invalidCharacterIndex = hostString.unicodeScalars.firstIndex { char in - return !CharacterSet.urlHostAllowed.contains(char) - } - guard invalidCharacterIndex == nil else { throw DecodingError.invalidData } - host = NWEndpoint.Host(hostString) - port = endpointPort - } - - enum DecodingError: Error { - case invalidData - } -} - -struct LegacyInterfaceConfiguration: LegacyModel { - let name: String - let privateKey: Data - let addresses: [LegacyIPAddressRange] - let listenPort: UInt16? - let mtu: UInt16? - let dns: [LegacyDNSServer] - - var migrated: InterfaceConfiguration { - var interface = InterfaceConfiguration(privateKey: privateKey) - interface.addresses = addresses.migrated - interface.listenPort = listenPort - interface.mtu = mtu - interface.dns = dns.migrated - return interface - } -} - -struct LegacyIPAddressRange: LegacyModel { - let address: IPAddress - let networkPrefixLength: UInt8 - - var migrated: IPAddressRange { - return IPAddressRange(address: address, networkPrefixLength: networkPrefixLength) - } - - public init(from decoder: Decoder) throws { - let container = try decoder.singleValueContainer() - var data = try container.decode(Data.self) - networkPrefixLength = data.removeLast() - let ipAddressFromData: IPAddress? = { - switch data.count { - case 4: return IPv4Address(data) - case 16: return IPv6Address(data) - default: return nil - } - }() - guard let ipAddress = ipAddressFromData else { throw DecodingError.invalidData } - address = ipAddress - } - - enum DecodingError: Error { - case invalidData - } -} - -extension Array where Element == LegacyIPAddressRange { - var migrated: [IPAddressRange] { - return map { $0.migrated } - } -} - -struct LegacyPeerConfiguration: LegacyModel { - let publicKey: Data - let preSharedKey: Data? - let allowedIPs: [LegacyIPAddressRange] - let endpoint: LegacyEndpoint? - let persistentKeepAlive: UInt16? - - var migrated: PeerConfiguration { - var configuration = PeerConfiguration(publicKey: publicKey) - configuration.preSharedKey = preSharedKey - configuration.allowedIPs = allowedIPs.migrated - configuration.endpoint = endpoint?.migrated - configuration.persistentKeepAlive = persistentKeepAlive - return configuration - } -} - -extension Array where Element == LegacyPeerConfiguration { - var migrated: [PeerConfiguration] { - return map { $0.migrated } - } -} - -final class LegacyTunnelConfiguration: LegacyModel { - let interface: LegacyInterfaceConfiguration - let peers: [LegacyPeerConfiguration] - - var migrated: TunnelConfiguration { - return TunnelConfiguration(name: interface.name, interface: interface.migrated, peers: peers.migrated) - } -} - -extension NETunnelProviderProtocol { - - @discardableResult - func migrateConfigurationIfNeeded(called name: String) -> Bool { - var ret = false - if migrateFromConfigurationV1() { - ret = true - } - if migrateFromConfigurationV2(called: name) { - ret = true - } - return ret - } - - private func migrateFromConfigurationV1() -> Bool { - guard let configurationVersion = providerConfiguration?["tunnelConfigurationVersion"] as? Int else { return false } - guard configurationVersion == 1 else { return false } - guard let serializedTunnelConfiguration = providerConfiguration?["tunnelConfiguration"] as? Data else { return false } - guard let configuration = try? JSONDecoder().decode(LegacyTunnelConfiguration.self, from: serializedTunnelConfiguration) else { return false } - providerConfiguration = ["WgQuickConfig": configuration.migrated.asWgQuickConfig()] - return true - } - - private func migrateFromConfigurationV2(called name: String) -> Bool { - guard let oldConfig = providerConfiguration?["WgQuickConfig"] as? String else { return false } - providerConfiguration = nil - guard passwordReference == nil else { return true } - passwordReference = Keychain.makeReference(containing: oldConfig, called: name) - return true - } - -} diff --git a/WireGuard/Shared/Model/NETunnelProviderProtocol+Extension.swift b/WireGuard/Shared/Model/NETunnelProviderProtocol+Extension.swift index 3b7cd1e..bdc17ac 100644 --- a/WireGuard/Shared/Model/NETunnelProviderProtocol+Extension.swift +++ b/WireGuard/Shared/Model/NETunnelProviderProtocol+Extension.swift @@ -56,4 +56,17 @@ extension NETunnelProviderProtocol { guard let ref = passwordReference else { return nil } return Keychain.verifyReference(called: ref) ? ref : nil } + + @discardableResult + func migrateConfigurationIfNeeded(called name: String) -> Bool { + /* This is how we did things before we switched to putting items + * in the keychain. But it's still useful to keep the migration + * around so that .mobileconfig files are easier. + */ + guard let oldConfig = providerConfiguration?["WgQuickConfig"] as? String else { return false } + providerConfiguration = nil + guard passwordReference == nil else { return true } + passwordReference = Keychain.makeReference(containing: oldConfig, called: name) + return true + } } |