// SPDX-License-Identifier: MIT // Copyright © 2018-2019 WireGuard LLC. All Rights Reserved. import Foundation import Network import NetworkExtension protocol LegacyModel: Decodable { associatedtype Model var migrated: Model { get } } struct LegacyDNSServer: LegacyModel { let address: IPAddress var migrated: DNSServer { return DNSServer(address: address) } init(from decoder: Decoder) throws { let container = try decoder.singleValueContainer() var data = try container.decode(Data.self) let ipAddressFromData: IPAddress? = { switch data.count { case 4: return IPv4Address(data) case 16: return IPv6Address(data) default: return nil } }() guard let ipAddress = ipAddressFromData else { throw DecodingError.invalidData } address = ipAddress } enum DecodingError: Error { case invalidData } } extension Array where Element == LegacyDNSServer { var migrated: [DNSServer] { return map { $0.migrated } } } struct LegacyEndpoint: LegacyModel { let host: Network.NWEndpoint.Host let port: Network.NWEndpoint.Port var migrated: Endpoint { return Endpoint(host: host, port: port) } public init(from decoder: Decoder) throws { let container = try decoder.singleValueContainer() let endpointString = try container.decode(String.self) guard !endpointString.isEmpty else { throw DecodingError.invalidData } let startOfPort: String.Index let hostString: String if endpointString.first! == "[" { // Look for IPv6-style endpoint, like [::1]:80 let startOfHost = endpointString.index(after: endpointString.startIndex) guard let endOfHost = endpointString.dropFirst().firstIndex(of: "]") else { throw DecodingError.invalidData } let afterEndOfHost = endpointString.index(after: endOfHost) guard endpointString[afterEndOfHost] == ":" else { throw DecodingError.invalidData } startOfPort = endpointString.index(after: afterEndOfHost) hostString = String(endpointString[startOfHost ..< endOfHost]) } else { // Look for an IPv4-style endpoint, like 127.0.0.1:80 guard let endOfHost = endpointString.firstIndex(of: ":") else { throw DecodingError.invalidData } startOfPort = endpointString.index(after: endOfHost) hostString = String(endpointString[endpointString.startIndex ..< endOfHost]) } guard let endpointPort = NWEndpoint.Port(String(endpointString[startOfPort ..< endpointString.endIndex])) else { throw DecodingError.invalidData } let invalidCharacterIndex = hostString.unicodeScalars.firstIndex { char in return !CharacterSet.urlHostAllowed.contains(char) } guard invalidCharacterIndex == nil else { throw DecodingError.invalidData } host = NWEndpoint.Host(hostString) port = endpointPort } enum DecodingError: Error { case invalidData } } struct LegacyInterfaceConfiguration: LegacyModel { let name: String let privateKey: Data let addresses: [LegacyIPAddressRange] let listenPort: UInt16? let mtu: UInt16? let dns: [LegacyDNSServer] var migrated: InterfaceConfiguration { var interface = InterfaceConfiguration(privateKey: privateKey) interface.addresses = addresses.migrated interface.listenPort = listenPort interface.mtu = mtu interface.dns = dns.migrated return interface } } struct LegacyIPAddressRange: LegacyModel { let address: IPAddress let networkPrefixLength: UInt8 var migrated: IPAddressRange { return IPAddressRange(address: address, networkPrefixLength: networkPrefixLength) } public init(from decoder: Decoder) throws { let container = try decoder.singleValueContainer() var data = try container.decode(Data.self) networkPrefixLength = data.removeLast() let ipAddressFromData: IPAddress? = { switch data.count { case 4: return IPv4Address(data) case 16: return IPv6Address(data) default: return nil } }() guard let ipAddress = ipAddressFromData else { throw DecodingError.invalidData } address = ipAddress } enum DecodingError: Error { case invalidData } } extension Array where Element == LegacyIPAddressRange { var migrated: [IPAddressRange] { return map { $0.migrated } } } struct LegacyPeerConfiguration: LegacyModel { let publicKey: Data let preSharedKey: Data? let allowedIPs: [LegacyIPAddressRange] let endpoint: LegacyEndpoint? let persistentKeepAlive: UInt16? var migrated: PeerConfiguration { var configuration = PeerConfiguration(publicKey: publicKey) configuration.preSharedKey = preSharedKey configuration.allowedIPs = allowedIPs.migrated configuration.endpoint = endpoint?.migrated configuration.persistentKeepAlive = persistentKeepAlive return configuration } } extension Array where Element == LegacyPeerConfiguration { var migrated: [PeerConfiguration] { return map { $0.migrated } } } final class LegacyTunnelConfiguration: LegacyModel { let interface: LegacyInterfaceConfiguration let peers: [LegacyPeerConfiguration] var migrated: TunnelConfiguration { return TunnelConfiguration(name: interface.name, interface: interface.migrated, peers: peers.migrated) } } extension NETunnelProviderProtocol { @discardableResult func migrateConfigurationIfNeeded(called name: String) -> Bool { var ret = false if migrateFromConfigurationV1() { ret = true } if migrateFromConfigurationV2(called: name) { ret = true } return ret } private func migrateFromConfigurationV1() -> Bool { guard let configurationVersion = providerConfiguration?["tunnelConfigurationVersion"] as? Int else { return false } guard configurationVersion == 1 else { return false } guard let serializedTunnelConfiguration = providerConfiguration?["tunnelConfiguration"] as? Data else { return false } guard let configuration = try? JSONDecoder().decode(LegacyTunnelConfiguration.self, from: serializedTunnelConfiguration) else { return false } providerConfiguration = ["WgQuickConfig": configuration.migrated.asWgQuickConfig()] return true } private func migrateFromConfigurationV2(called name: String) -> Bool { guard let oldConfig = providerConfiguration?["WgQuickConfig"] as? String else { return false } providerConfiguration = nil guard passwordReference == nil else { return true } passwordReference = Keychain.makeReference(containing: oldConfig, called: name) return true } }