aboutsummaryrefslogtreecommitdiffstats
path: root/WireGuard/Shared/Model
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2019-02-06 02:01:12 +0100
committerJason A. Donenfeld <Jason@zx2c4.com>2019-02-06 06:20:23 +0100
commited8dc516dc5aa5b47afec780a69f4a8176e57500 (patch)
tree2b89fe0412262dd23215e1080665229fac93d43e /WireGuard/Shared/Model
parentKeychain: store configurations in keychain instead of providerConfig (diff)
downloadwireguard-apple-ed8dc516dc5aa5b47afec780a69f4a8176e57500.tar.xz
wireguard-apple-ed8dc516dc5aa5b47afec780a69f4a8176e57500.zip
LegacyConfig: Remove and support plaintext for .mobileconfig
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'WireGuard/Shared/Model')
-rw-r--r--WireGuard/Shared/Model/LegacyConfigMigration.swift205
-rw-r--r--WireGuard/Shared/Model/NETunnelProviderProtocol+Extension.swift13
2 files changed, 13 insertions, 205 deletions
diff --git a/WireGuard/Shared/Model/LegacyConfigMigration.swift b/WireGuard/Shared/Model/LegacyConfigMigration.swift
deleted file mode 100644
index 583e914d..00000000
--- a/WireGuard/Shared/Model/LegacyConfigMigration.swift
+++ /dev/null
@@ -1,205 +0,0 @@
-// SPDX-License-Identifier: MIT
-// Copyright © 2018-2019 WireGuard LLC. All Rights Reserved.
-
-import Foundation
-import Network
-import NetworkExtension
-
-protocol LegacyModel: Decodable {
- associatedtype Model
-
- var migrated: Model { get }
-}
-
-struct LegacyDNSServer: LegacyModel {
- let address: IPAddress
-
- var migrated: DNSServer {
- return DNSServer(address: address)
- }
-
- init(from decoder: Decoder) throws {
- let container = try decoder.singleValueContainer()
- var data = try container.decode(Data.self)
- let ipAddressFromData: IPAddress? = {
- switch data.count {
- case 4: return IPv4Address(data)
- case 16: return IPv6Address(data)
- default: return nil
- }
- }()
- guard let ipAddress = ipAddressFromData else {
- throw DecodingError.invalidData
- }
- address = ipAddress
- }
-
- enum DecodingError: Error {
- case invalidData
- }
-}
-
-extension Array where Element == LegacyDNSServer {
- var migrated: [DNSServer] {
- return map { $0.migrated }
- }
-}
-
-struct LegacyEndpoint: LegacyModel {
- let host: Network.NWEndpoint.Host
- let port: Network.NWEndpoint.Port
-
- var migrated: Endpoint {
- return Endpoint(host: host, port: port)
- }
-
- public init(from decoder: Decoder) throws {
- let container = try decoder.singleValueContainer()
- let endpointString = try container.decode(String.self)
- guard !endpointString.isEmpty else { throw DecodingError.invalidData }
- let startOfPort: String.Index
- let hostString: String
- if endpointString.first! == "[" {
- // Look for IPv6-style endpoint, like [::1]:80
- let startOfHost = endpointString.index(after: endpointString.startIndex)
- guard let endOfHost = endpointString.dropFirst().firstIndex(of: "]") else { throw DecodingError.invalidData }
- let afterEndOfHost = endpointString.index(after: endOfHost)
- guard endpointString[afterEndOfHost] == ":" else { throw DecodingError.invalidData }
- startOfPort = endpointString.index(after: afterEndOfHost)
- hostString = String(endpointString[startOfHost ..< endOfHost])
- } else {
- // Look for an IPv4-style endpoint, like 127.0.0.1:80
- guard let endOfHost = endpointString.firstIndex(of: ":") else { throw DecodingError.invalidData }
- startOfPort = endpointString.index(after: endOfHost)
- hostString = String(endpointString[endpointString.startIndex ..< endOfHost])
- }
- guard let endpointPort = NWEndpoint.Port(String(endpointString[startOfPort ..< endpointString.endIndex])) else { throw DecodingError.invalidData }
- let invalidCharacterIndex = hostString.unicodeScalars.firstIndex { char in
- return !CharacterSet.urlHostAllowed.contains(char)
- }
- guard invalidCharacterIndex == nil else { throw DecodingError.invalidData }
- host = NWEndpoint.Host(hostString)
- port = endpointPort
- }
-
- enum DecodingError: Error {
- case invalidData
- }
-}
-
-struct LegacyInterfaceConfiguration: LegacyModel {
- let name: String
- let privateKey: Data
- let addresses: [LegacyIPAddressRange]
- let listenPort: UInt16?
- let mtu: UInt16?
- let dns: [LegacyDNSServer]
-
- var migrated: InterfaceConfiguration {
- var interface = InterfaceConfiguration(privateKey: privateKey)
- interface.addresses = addresses.migrated
- interface.listenPort = listenPort
- interface.mtu = mtu
- interface.dns = dns.migrated
- return interface
- }
-}
-
-struct LegacyIPAddressRange: LegacyModel {
- let address: IPAddress
- let networkPrefixLength: UInt8
-
- var migrated: IPAddressRange {
- return IPAddressRange(address: address, networkPrefixLength: networkPrefixLength)
- }
-
- public init(from decoder: Decoder) throws {
- let container = try decoder.singleValueContainer()
- var data = try container.decode(Data.self)
- networkPrefixLength = data.removeLast()
- let ipAddressFromData: IPAddress? = {
- switch data.count {
- case 4: return IPv4Address(data)
- case 16: return IPv6Address(data)
- default: return nil
- }
- }()
- guard let ipAddress = ipAddressFromData else { throw DecodingError.invalidData }
- address = ipAddress
- }
-
- enum DecodingError: Error {
- case invalidData
- }
-}
-
-extension Array where Element == LegacyIPAddressRange {
- var migrated: [IPAddressRange] {
- return map { $0.migrated }
- }
-}
-
-struct LegacyPeerConfiguration: LegacyModel {
- let publicKey: Data
- let preSharedKey: Data?
- let allowedIPs: [LegacyIPAddressRange]
- let endpoint: LegacyEndpoint?
- let persistentKeepAlive: UInt16?
-
- var migrated: PeerConfiguration {
- var configuration = PeerConfiguration(publicKey: publicKey)
- configuration.preSharedKey = preSharedKey
- configuration.allowedIPs = allowedIPs.migrated
- configuration.endpoint = endpoint?.migrated
- configuration.persistentKeepAlive = persistentKeepAlive
- return configuration
- }
-}
-
-extension Array where Element == LegacyPeerConfiguration {
- var migrated: [PeerConfiguration] {
- return map { $0.migrated }
- }
-}
-
-final class LegacyTunnelConfiguration: LegacyModel {
- let interface: LegacyInterfaceConfiguration
- let peers: [LegacyPeerConfiguration]
-
- var migrated: TunnelConfiguration {
- return TunnelConfiguration(name: interface.name, interface: interface.migrated, peers: peers.migrated)
- }
-}
-
-extension NETunnelProviderProtocol {
-
- @discardableResult
- func migrateConfigurationIfNeeded(called name: String) -> Bool {
- var ret = false
- if migrateFromConfigurationV1() {
- ret = true
- }
- if migrateFromConfigurationV2(called: name) {
- ret = true
- }
- return ret
- }
-
- private func migrateFromConfigurationV1() -> Bool {
- guard let configurationVersion = providerConfiguration?["tunnelConfigurationVersion"] as? Int else { return false }
- guard configurationVersion == 1 else { return false }
- guard let serializedTunnelConfiguration = providerConfiguration?["tunnelConfiguration"] as? Data else { return false }
- guard let configuration = try? JSONDecoder().decode(LegacyTunnelConfiguration.self, from: serializedTunnelConfiguration) else { return false }
- providerConfiguration = ["WgQuickConfig": configuration.migrated.asWgQuickConfig()]
- return true
- }
-
- private func migrateFromConfigurationV2(called name: String) -> Bool {
- guard let oldConfig = providerConfiguration?["WgQuickConfig"] as? String else { return false }
- providerConfiguration = nil
- guard passwordReference == nil else { return true }
- passwordReference = Keychain.makeReference(containing: oldConfig, called: name)
- return true
- }
-
-}
diff --git a/WireGuard/Shared/Model/NETunnelProviderProtocol+Extension.swift b/WireGuard/Shared/Model/NETunnelProviderProtocol+Extension.swift
index 3b7cd1e0..bdc17ac0 100644
--- a/WireGuard/Shared/Model/NETunnelProviderProtocol+Extension.swift
+++ b/WireGuard/Shared/Model/NETunnelProviderProtocol+Extension.swift
@@ -56,4 +56,17 @@ extension NETunnelProviderProtocol {
guard let ref = passwordReference else { return nil }
return Keychain.verifyReference(called: ref) ? ref : nil
}
+
+ @discardableResult
+ func migrateConfigurationIfNeeded(called name: String) -> Bool {
+ /* This is how we did things before we switched to putting items
+ * in the keychain. But it's still useful to keep the migration
+ * around so that .mobileconfig files are easier.
+ */
+ guard let oldConfig = providerConfiguration?["WgQuickConfig"] as? String else { return false }
+ providerConfiguration = nil
+ guard passwordReference == nil else { return true }
+ passwordReference = Keychain.makeReference(containing: oldConfig, called: name)
+ return true
+ }
}