From 1fecd8eb6c5c2327d4bfd5044876be12876fc7e5 Mon Sep 17 00:00:00 2001 From: Eric Kuck Date: Fri, 21 Dec 2018 15:16:09 -0600 Subject: providerConfiguration is now a WgQuickConfig Signed-off-by: Eric Kuck --- WireGuard/Shared/LegacyConfigMigration.swift | 7 +- WireGuard/Shared/Model/DNSServer.swift | 24 --- WireGuard/Shared/Model/Endpoint.swift | 20 --- WireGuard/Shared/Model/IPAddressRange.swift | 19 -- .../Shared/Model/InterfaceConfiguration.swift | 42 +---- WireGuard/Shared/Model/PeerConfiguration.swift | 39 ---- WireGuard/Shared/Model/TunnelConfiguration.swift | 20 --- .../NETunnelProviderProtocol+Extension.swift | 40 ++--- WireGuard/Shared/String+ArrayConversion.swift | 32 ++++ .../Shared/TunnelConfiguration+WgQuickConfig.swift | 200 +++++++++++++++++++++ 10 files changed, 248 insertions(+), 195 deletions(-) create mode 100644 WireGuard/Shared/String+ArrayConversion.swift create mode 100644 WireGuard/Shared/TunnelConfiguration+WgQuickConfig.swift (limited to 'WireGuard/Shared') diff --git a/WireGuard/Shared/LegacyConfigMigration.swift b/WireGuard/Shared/LegacyConfigMigration.swift index bd22ca4..e7588a2 100644 --- a/WireGuard/Shared/LegacyConfigMigration.swift +++ b/WireGuard/Shared/LegacyConfigMigration.swift @@ -186,11 +186,8 @@ extension NETunnelProviderProtocol { private func migrateFromConfigurationV1() { guard let serializedTunnelConfiguration = providerConfiguration?["tunnelConfiguration"] as? Data else { return } - guard let configuration = try? JSONDecoder().decode(LegacyTunnelConfiguration.self, from: serializedTunnelConfiguration) else { return } - guard let tunnelConfigData = try? JSONEncoder().encode(configuration.migrated) else { return } - guard let tunnelConfigDictionary = try? JSONSerialization.jsonObject(with: tunnelConfigData, options: .allowFragments) else { return } - - providerConfiguration = [Keys.wgQuickConfig.rawValue: tunnelConfigDictionary] + guard let configuration = try? JSONDecoder().decode(LegacyTunnelConfiguration.self, from: serializedTunnelConfiguration) else { return } + providerConfiguration = [Keys.wgQuickConfig.rawValue: configuration.migrated.asWgQuickConfig()] } } diff --git a/WireGuard/Shared/Model/DNSServer.swift b/WireGuard/Shared/Model/DNSServer.swift index 8703fbb..9078b59 100644 --- a/WireGuard/Shared/Model/DNSServer.swift +++ b/WireGuard/Shared/Model/DNSServer.swift @@ -12,30 +12,6 @@ struct DNSServer { } } -extension DNSServer: Codable { - public func encode(to encoder: Encoder) throws { - var container = encoder.singleValueContainer() - try container.encode(stringRepresentation) - } - - public init(from decoder: Decoder) throws { - let values = try decoder.singleValueContainer() - let addressString = try values.decode(String.self) - - if let address = IPv4Address(addressString) { - self.address = address - } else if let address = IPv6Address(addressString) { - self.address = address - } else { - throw DecodingError.invalidData - } - } - - enum DecodingError: Error { - case invalidData - } -} - extension DNSServer { var stringRepresentation: String { return "\(address)" diff --git a/WireGuard/Shared/Model/Endpoint.swift b/WireGuard/Shared/Model/Endpoint.swift index 891c564..b29a5a8 100644 --- a/WireGuard/Shared/Model/Endpoint.swift +++ b/WireGuard/Shared/Model/Endpoint.swift @@ -14,26 +14,6 @@ struct Endpoint { } } -extension Endpoint: Codable { - init(from decoder: Decoder) throws { - let container = try decoder.singleValueContainer() - let endpointString = try container.decode(String.self) - guard let endpoint = Endpoint(from: endpointString) else { - throw DecodingError.invalidData - } - self = endpoint - } - - func encode(to encoder: Encoder) throws { - var container = encoder.singleValueContainer() - try container.encode(stringRepresentation) - } - - enum DecodingError: Error { - case invalidData - } -} - extension Endpoint { var stringRepresentation: String { switch host { diff --git a/WireGuard/Shared/Model/IPAddressRange.swift b/WireGuard/Shared/Model/IPAddressRange.swift index da4cbd5..28f3d00 100644 --- a/WireGuard/Shared/Model/IPAddressRange.swift +++ b/WireGuard/Shared/Model/IPAddressRange.swift @@ -52,22 +52,3 @@ extension IPAddressRange { return (address, networkPrefixLength) } } - -extension IPAddressRange: Codable { - public func encode(to encoder: Encoder) throws { - var container = encoder.singleValueContainer() - try container.encode(stringRepresentation) - } - - public init(from decoder: Decoder) throws { - let values = try decoder.singleValueContainer() - let addressString = try values.decode(String.self) - guard let parsed = IPAddressRange.parseAddressString(addressString) else { throw DecodingError.invalidData } - address = parsed.0 - networkPrefixLength = parsed.1 - } - - enum DecodingError: Error { - case invalidData - } -} diff --git a/WireGuard/Shared/Model/InterfaceConfiguration.swift b/WireGuard/Shared/Model/InterfaceConfiguration.swift index dfcb1fc..9094d14 100644 --- a/WireGuard/Shared/Model/InterfaceConfiguration.swift +++ b/WireGuard/Shared/Model/InterfaceConfiguration.swift @@ -4,56 +4,18 @@ import Foundation struct InterfaceConfiguration { - var name: String + var name: String? var privateKey: Data var addresses = [IPAddressRange]() var listenPort: UInt16? var mtu: UInt16? var dns = [DNSServer]() - init(name: String, privateKey: Data) { + init(name: String?, privateKey: Data) { self.name = name self.privateKey = privateKey - if name.isEmpty { - fatalError("Empty name") - } if privateKey.count != TunnelConfiguration.keyLength { fatalError("Invalid private key") } } } - -extension InterfaceConfiguration: Codable { - enum CodingKeys: String, CodingKey { - case name = "Name" - case privateKey = "PrivateKey" - case addresses = "Address" - case listenPort = "ListenPort" - case mtu = "MTU" - case dns = "DNS" - } - - init(from decoder: Decoder) throws { - let values = try decoder.container(keyedBy: CodingKeys.self) - name = try values.decode(String.self, forKey: .name) - privateKey = try Data(base64Encoded: values.decode(String.self, forKey: .privateKey))! - addresses = try values.decode([IPAddressRange].self, forKey: .addresses) - listenPort = try? values.decode(UInt16.self, forKey: .listenPort) - mtu = try? values.decode(UInt16.self, forKey: .mtu) - dns = try values.decode([DNSServer].self, forKey: .dns) - } - - func encode(to encoder: Encoder) throws { - var container = encoder.container(keyedBy: CodingKeys.self) - try container.encode(name, forKey: .name) - try container.encode(privateKey.base64EncodedString(), forKey: .privateKey) - try container.encode(addresses, forKey: .addresses) - if let listenPort = listenPort { - try container.encode(listenPort, forKey: .listenPort) - } - if let mtu = mtu { - try container.encode(mtu, forKey: .mtu) - } - try container.encode(dns, forKey: .dns) - } -} diff --git a/WireGuard/Shared/Model/PeerConfiguration.swift b/WireGuard/Shared/Model/PeerConfiguration.swift index 0fad842..a113821 100644 --- a/WireGuard/Shared/Model/PeerConfiguration.swift +++ b/WireGuard/Shared/Model/PeerConfiguration.swift @@ -25,42 +25,3 @@ struct PeerConfiguration { } } } - -extension PeerConfiguration: Codable { - enum CodingKeys: String, CodingKey { - case publicKey = "PublicKey" - case preSharedKey = "PreSharedKey" - case allowedIPs = "AllowedIPs" - case endpoint = "Endpoint" - case persistentKeepAlive = "PersistentKeepAlive" - } - - init(from decoder: Decoder) throws { - let values = try decoder.container(keyedBy: CodingKeys.self) - publicKey = try Data(base64Encoded: values.decode(String.self, forKey: .publicKey))! - if let base64PreSharedKey = try? values.decode(Data.self, forKey: .preSharedKey) { - preSharedKey = Data(base64Encoded: base64PreSharedKey) - } else { - preSharedKey = nil - } - allowedIPs = try values.decode([IPAddressRange].self, forKey: .allowedIPs) - endpoint = try? values.decode(Endpoint.self, forKey: .endpoint) - persistentKeepAlive = try? values.decode(UInt16.self, forKey: .persistentKeepAlive) - } - - func encode(to encoder: Encoder) throws { - var container = encoder.container(keyedBy: CodingKeys.self) - try container.encode(publicKey.base64EncodedString(), forKey: .publicKey) - if let preSharedKey = preSharedKey { - try container.encode(preSharedKey.base64EncodedString(), forKey: .preSharedKey) - } - - try container.encode(allowedIPs, forKey: .allowedIPs) - if let endpoint = endpoint { - try container.encode(endpoint, forKey: .endpoint) - } - if let persistentKeepAlive = persistentKeepAlive { - try container.encode(persistentKeepAlive, forKey: .persistentKeepAlive) - } - } -} diff --git a/WireGuard/Shared/Model/TunnelConfiguration.swift b/WireGuard/Shared/Model/TunnelConfiguration.swift index 87812cd..2e394ee 100644 --- a/WireGuard/Shared/Model/TunnelConfiguration.swift +++ b/WireGuard/Shared/Model/TunnelConfiguration.swift @@ -20,23 +20,3 @@ final class TunnelConfiguration { } } } - -extension TunnelConfiguration: Codable { - enum CodingKeys: String, CodingKey { - case interface = "Interface" - case peers = "Peer" - } - - convenience init(from decoder: Decoder) throws { - let values = try decoder.container(keyedBy: CodingKeys.self) - let interface = try values.decode(InterfaceConfiguration.self, forKey: .interface) - let peers = try values.decode([PeerConfiguration].self, forKey: .peers) - self.init(interface: interface, peers: peers) - } - - func encode(to encoder: Encoder) throws { - var container = encoder.container(keyedBy: CodingKeys.self) - try container.encode(interface, forKey: .interface) - try container.encode(peers, forKey: .peers) - } -} diff --git a/WireGuard/Shared/NETunnelProviderProtocol+Extension.swift b/WireGuard/Shared/NETunnelProviderProtocol+Extension.swift index 6f4e3eb..4f3e122 100644 --- a/WireGuard/Shared/NETunnelProviderProtocol+Extension.swift +++ b/WireGuard/Shared/NETunnelProviderProtocol+Extension.swift @@ -3,38 +3,21 @@ import NetworkExtension +private var tunnelNameKey: Void? + extension NETunnelProviderProtocol { enum Keys: String { - case wgQuickConfig = "WgQuickConfigV1" - } - - var tunnelConfiguration: TunnelConfiguration? { - migrateConfigurationIfNeeded() - - let tunnelConfigurationData: Data? - if let configurationDictionary = providerConfiguration?[Keys.wgQuickConfig.rawValue] { - tunnelConfigurationData = try? JSONSerialization.data(withJSONObject: configurationDictionary, options: []) - } else { - tunnelConfigurationData = nil - } - - guard tunnelConfigurationData != nil else { return nil } - return try? JSONDecoder().decode(TunnelConfiguration.self, from: tunnelConfigurationData!) + case wgQuickConfig = "WgQuickConfig" } convenience init?(tunnelConfiguration: TunnelConfiguration) { - assert(!tunnelConfiguration.interface.name.isEmpty) - - guard let tunnelConfigData = try? JSONEncoder().encode(tunnelConfiguration) else { return nil } - guard let tunnelConfigDictionary = try? JSONSerialization.jsonObject(with: tunnelConfigData, options: .allowFragments) else { return nil } - self.init() - + let appId = Bundle.main.bundleIdentifier! providerBundleIdentifier = "\(appId).network-extension" - providerConfiguration = [ Keys.wgQuickConfig.rawValue: tunnelConfigDictionary ] - + providerConfiguration = [Keys.wgQuickConfig.rawValue: tunnelConfiguration.asWgQuickConfig()] + let endpoints = tunnelConfiguration.peers.compactMap { $0.endpoint } if endpoints.count == 1 { serverAddress = endpoints[0].stringRepresentation @@ -43,13 +26,14 @@ extension NETunnelProviderProtocol { } else { serverAddress = "Multiple endpoints" } + username = tunnelConfiguration.interface.name } - - func hasTunnelConfiguration(tunnelConfiguration otherTunnelConfiguration: TunnelConfiguration) -> Bool { - guard let serializedThisTunnelConfiguration = try? JSONEncoder().encode(tunnelConfiguration) else { return false } - guard let serializedOtherTunnelConfiguration = try? JSONEncoder().encode(otherTunnelConfiguration) else { return false } - return serializedThisTunnelConfiguration == serializedOtherTunnelConfiguration + + func tunnelConfiguration(name: String?) -> TunnelConfiguration? { + migrateConfigurationIfNeeded() + guard let serializedConfig = providerConfiguration?[Keys.wgQuickConfig.rawValue] as? String else { return nil } + return try? TunnelConfiguration(serializedConfig, name: name) } } diff --git a/WireGuard/Shared/String+ArrayConversion.swift b/WireGuard/Shared/String+ArrayConversion.swift new file mode 100644 index 0000000..9b69cf4 --- /dev/null +++ b/WireGuard/Shared/String+ArrayConversion.swift @@ -0,0 +1,32 @@ +// SPDX-License-Identifier: MIT +// Copyright © 2018 WireGuard LLC. All Rights Reserved. + +import Foundation + +extension String { + + func splitToArray(separator: Character = ",", trimmingCharacters: CharacterSet? = nil) -> [String] { + return split(separator: separator) + .map { + if let charSet = trimmingCharacters { + return $0.trimmingCharacters(in: charSet) + } else { + return String($0) + } + } + } + +} + +extension Optional where Wrapped == String { + + func splitToArray(separator: Character = ",", trimmingCharacters: CharacterSet? = nil) -> [String] { + switch self { + case .none: + return [] + case .some(let wrapped): + return wrapped.splitToArray(separator: separator, trimmingCharacters: trimmingCharacters) + } + } + +} diff --git a/WireGuard/Shared/TunnelConfiguration+WgQuickConfig.swift b/WireGuard/Shared/TunnelConfiguration+WgQuickConfig.swift new file mode 100644 index 0000000..9121426 --- /dev/null +++ b/WireGuard/Shared/TunnelConfiguration+WgQuickConfig.swift @@ -0,0 +1,200 @@ +// SPDX-License-Identifier: MIT +// Copyright © 2018 WireGuard LLC. All Rights Reserved. + +import Foundation + +extension TunnelConfiguration { + + enum ParserState { + case inInterfaceSection + case inPeerSection + case notInASection + } + + enum ParseError: Error { + case invalidLine(_ line: String.SubSequence) + case noInterface + case invalidInterface + case multipleInterfaces + case multiplePeersWithSamePublicKey + case invalidPeer + } + + //swiftlint:disable:next cyclomatic_complexity function_body_length + convenience init(_ wgQuickConfig: String, name: String?) throws { + var interfaceConfiguration: InterfaceConfiguration? + var peerConfigurations = [PeerConfiguration]() + + let lines = wgQuickConfig.split(separator: "\n") + + var parserState = ParserState.notInASection + var attributes = [String: String]() + + for (lineIndex, line) in lines.enumerated() { + var trimmedLine: String + if let commentRange = line.range(of: "#") { + trimmedLine = String(line[..(peerPublicKeysArray) + if peerPublicKeysArray.count != peerPublicKeysSet.count { + throw ParseError.multiplePeersWithSamePublicKey + } + + if let interfaceConfiguration = interfaceConfiguration { + self.init(interface: interfaceConfiguration, peers: peerConfigurations) + } else { + throw ParseError.noInterface + } + } + + func asWgQuickConfig() -> String { + var output = "[Interface]\n" + output.append("PrivateKey = \(interface.privateKey.base64EncodedString())\n") + if let listenPort = interface.listenPort { + output.append("ListenPort = \(listenPort)\n") + } + if !interface.addresses.isEmpty { + let addressString = interface.addresses.map { $0.stringRepresentation }.joined(separator: ", ") + output.append("Address = \(addressString)\n") + } + if !interface.dns.isEmpty { + let dnsString = interface.dns.map { $0.stringRepresentation }.joined(separator: ", ") + output.append("DNS = \(dnsString)\n") + } + if let mtu = interface.mtu { + output.append("MTU = \(mtu)\n") + } + + for peer in peers { + output.append("\n[Peer]\n") + output.append("PublicKey = \(peer.publicKey.base64EncodedString())\n") + if let preSharedKey = peer.preSharedKey { + output.append("PresharedKey = \(preSharedKey.base64EncodedString())\n") + } + if !peer.allowedIPs.isEmpty { + let allowedIPsString = peer.allowedIPs.map { $0.stringRepresentation }.joined(separator: ", ") + output.append("AllowedIPs = \(allowedIPsString)\n") + } + if let endpoint = peer.endpoint { + output.append("Endpoint = \(endpoint.stringRepresentation)\n") + } + if let persistentKeepAlive = peer.persistentKeepAlive { + output.append("PersistentKeepalive = \(persistentKeepAlive)\n") + } + } + + return output + } + + //swiftlint:disable:next cyclomatic_complexity + private static func collate(interfaceAttributes attributes: [String: String], name: String?) -> InterfaceConfiguration? { + // required wg fields + guard let privateKeyString = attributes["privatekey"] else { return nil } + guard let privateKey = Data(base64Encoded: privateKeyString), privateKey.count == TunnelConfiguration.keyLength else { return nil } + var interface = InterfaceConfiguration(name: name, privateKey: privateKey) + // other wg fields + if let listenPortString = attributes["listenport"] { + guard let listenPort = UInt16(listenPortString) else { return nil } + interface.listenPort = listenPort + } + // wg-quick fields + if let addressesString = attributes["address"] { + var addresses = [IPAddressRange]() + for addressString in addressesString.splitToArray(trimmingCharacters: .whitespaces) { + guard let address = IPAddressRange(from: addressString) else { return nil } + addresses.append(address) + } + interface.addresses = addresses + } + if let dnsString = attributes["dns"] { + var dnsServers = [DNSServer]() + for dnsServerString in dnsString.splitToArray(trimmingCharacters: .whitespaces) { + guard let dnsServer = DNSServer(from: dnsServerString) else { return nil } + dnsServers.append(dnsServer) + } + interface.dns = dnsServers + } + if let mtuString = attributes["mtu"] { + guard let mtu = UInt16(mtuString) else { return nil } + interface.mtu = mtu + } + return interface + } + + //swiftlint:disable:next cyclomatic_complexity + private static func collate(peerAttributes attributes: [String: String]) -> PeerConfiguration? { + // required wg fields + guard let publicKeyString = attributes["publickey"] else { return nil } + guard let publicKey = Data(base64Encoded: publicKeyString), publicKey.count == TunnelConfiguration.keyLength else { return nil } + var peer = PeerConfiguration(publicKey: publicKey) + // wg fields + if let preSharedKeyString = attributes["presharedkey"] { + guard let preSharedKey = Data(base64Encoded: preSharedKeyString), preSharedKey.count == TunnelConfiguration.keyLength else { return nil } + peer.preSharedKey = preSharedKey + } + if let allowedIPsString = attributes["allowedips"] { + var allowedIPs = [IPAddressRange]() + for allowedIPString in allowedIPsString.splitToArray(trimmingCharacters: .whitespacesAndNewlines) { + guard let allowedIP = IPAddressRange(from: allowedIPString) else { return nil } + allowedIPs.append(allowedIP) + } + peer.allowedIPs = allowedIPs + } + if let endpointString = attributes["endpoint"] { + guard let endpoint = Endpoint(from: endpointString) else { return nil } + peer.endpoint = endpoint + } + if let persistentKeepAliveString = attributes["persistentkeepalive"] { + guard let persistentKeepAlive = UInt16(persistentKeepAliveString) else { return nil } + peer.persistentKeepAlive = persistentKeepAlive + } + return peer + } + +} -- cgit v1.2.3-59-g8ed1b