Inject external resources into configuration

Passepartout/Sources/GroupConstants.swift

@@ -73,6 +73,8 @@ public class GroupConstants {
             try? FileManager.default.createDirectory(at: url, withIntermediateDirectories: true, attributes: nil)
             return url
         }()
+        
+        public static let externalURL = cachesURL.appendingPathComponent("External")
     }
     
     public class VPN {

Passepartout/Sources/Model/Profiles/ProviderConnectionProfile.swift

@@ -121,6 +121,12 @@ public class ProviderConnectionProfile: ConnectionProfile, Codable, Equatable {
         builder.debugLogFormat = configuration.debugLogFormat
         builder.masksPrivateData = configuration.masksPrivateData
         
+        do {
+            try preset.injectExternalConfiguration(&builder, with: name, pool: pool)
+        } catch {
+            fatalError("Could not find external preset resources")
+        }
+
         if let address = manualAddress {
             builder.prefersResolvedAddresses = true
             builder.resolvedAddresses = [address]
@@ -137,7 +143,7 @@ public class ProviderConnectionProfile: ConnectionProfile, Codable, Equatable {
         } else {
             
             // restrict "Any" protocol to UDP, unless there are no UDP endpoints
-            let allEndpoints = preset.configuration.sessionConfiguration.endpointProtocols
+            let allEndpoints = builder.sessionConfiguration.endpointProtocols
             var endpoints = allEndpoints?.filter { $0.socketType == .udp }
             if endpoints?.isEmpty ?? true {
                 endpoints = allEndpoints

Passepartout/Sources/Services/Infrastructure.swift

@@ -42,6 +42,10 @@ public struct Infrastructure: Codable {
             return rawValue.lowercased()
         }
 
+        public var externalURL: URL {
+            return GroupConstants.App.externalURL.appendingPathComponent(webName)
+        }
+
         public static func <(lhs: Name, rhs: Name) -> Bool {
             return lhs.webName < rhs.webName
         }

Passepartout/Sources/Services/InfrastructurePreset.swift

@@ -96,6 +96,32 @@ public struct InfrastructurePreset: Codable {
         return configuration.sessionConfiguration.endpointProtocols?.firstIndex(of: proto) != nil
     }
 
+    public func injectExternalConfiguration(_ configuration: inout TunnelKitProvider.ConfigurationBuilder, with name: Infrastructure.Name, pool: Pool) throws {
+        guard let external = external, !external.isEmpty else {
+            return
+        }
+        
+        let baseURL = name.externalURL
+
+        var sessionBuilder = configuration.sessionConfiguration.builder()
+        if let pattern = external[.ca] {
+            let filename = pattern.replacingOccurrences(of: "${id}", with: pool.id)
+            let caURL = baseURL.appendingPathComponent(filename)
+            sessionBuilder.ca = CryptoContainer(pem: try String(contentsOf: caURL))
+        }
+        if let pattern = external[.wrapKeyData] {
+            let filename = pattern.replacingOccurrences(of: "${id}", with: pool.id)
+            let tlsKeyURL = baseURL.appendingPathComponent(filename)
+            if let dummyWrap = sessionBuilder.tlsWrap {
+                let file = try String(contentsOf: tlsKeyURL)
+                if let staticKey = StaticKey(file: file, direction: .client) {
+                    sessionBuilder.tlsWrap = SessionProxy.TLSWrap(strategy: dummyWrap.strategy, key: staticKey)
+                }
+            }
+        }
+        configuration.sessionConfiguration = sessionBuilder.build()
+    }
+    
     // MARK: Codable
     
     public init(from decoder: Decoder) throws {