mirror of
https://github.com/passepartoutvpn/passepartout-apple.git
synced 2024-12-27 03:42:39 +00:00
ef9032e440
- Improve logging performance and privacy. - Fix server-side renegotiation issues.
294 lines
9.3 KiB
Swift
294 lines
9.3 KiB
Swift
//
|
|
// ConnectionService.swift
|
|
// Passepartout
|
|
//
|
|
// Created by Davide De Rosa on 9/3/18.
|
|
// Copyright (c) 2018 Davide De Rosa. All rights reserved.
|
|
//
|
|
// https://github.com/keeshux
|
|
//
|
|
// This file is part of Passepartout.
|
|
//
|
|
// Passepartout is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU General Public License as published by
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
//
|
|
// Passepartout is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU General Public License
|
|
// along with Passepartout. If not, see <http://www.gnu.org/licenses/>.
|
|
//
|
|
|
|
import Foundation
|
|
import TunnelKit
|
|
import NetworkExtension
|
|
import SwiftyBeaver
|
|
|
|
private let log = SwiftyBeaver.self
|
|
|
|
protocol ConnectionServiceDelegate: class {
|
|
func connectionService(didActivate profile: ConnectionProfile)
|
|
|
|
func connectionService(didDeactivate profile: ConnectionProfile)
|
|
}
|
|
|
|
class ConnectionService: Codable {
|
|
enum CodingKeys: String, CodingKey {
|
|
case appGroup
|
|
|
|
case tunnelConfiguration
|
|
|
|
case profiles
|
|
|
|
case activeProfileId
|
|
|
|
case preferences
|
|
}
|
|
|
|
private let appGroup: String
|
|
|
|
private let defaults: UserDefaults
|
|
|
|
private let keychain: Keychain
|
|
|
|
var tunnelConfiguration: TunnelKitProvider.Configuration
|
|
|
|
private var profiles: [String: ConnectionProfile]
|
|
|
|
private var activeProfileId: String? {
|
|
willSet {
|
|
if let oldProfile = activeProfile {
|
|
delegate?.connectionService(didDeactivate: oldProfile)
|
|
}
|
|
}
|
|
didSet {
|
|
if let newProfile = activeProfile {
|
|
delegate?.connectionService(didActivate: newProfile)
|
|
}
|
|
}
|
|
}
|
|
|
|
var activeProfile: ConnectionProfile? {
|
|
guard let id = activeProfileId else {
|
|
return nil
|
|
}
|
|
return profiles[id]
|
|
}
|
|
|
|
let preferences: EditablePreferences
|
|
|
|
weak var delegate: ConnectionServiceDelegate?
|
|
|
|
init(withAppGroup appGroup: String, tunnelConfiguration: TunnelKitProvider.Configuration) {
|
|
guard let defaults = UserDefaults(suiteName: appGroup) else {
|
|
fatalError("No entitlements for group '\(appGroup)'")
|
|
}
|
|
self.appGroup = appGroup
|
|
self.defaults = defaults
|
|
keychain = Keychain(group: appGroup)
|
|
|
|
self.tunnelConfiguration = tunnelConfiguration
|
|
profiles = [:]
|
|
activeProfileId = nil
|
|
preferences = EditablePreferences()
|
|
}
|
|
|
|
// MARK: Codable
|
|
|
|
required init(from decoder: Decoder) throws {
|
|
let container = try decoder.container(keyedBy: CodingKeys.self)
|
|
let appGroup = try container.decode(String.self, forKey: .appGroup)
|
|
guard let defaults = UserDefaults(suiteName: appGroup) else {
|
|
fatalError("No entitlements for group '\(appGroup)'")
|
|
}
|
|
self.appGroup = appGroup
|
|
self.defaults = defaults
|
|
keychain = Keychain(group: appGroup)
|
|
|
|
tunnelConfiguration = try container.decode(TunnelKitProvider.Configuration.self, forKey: .tunnelConfiguration)
|
|
let profilesArray = try container.decode([ConnectionProfileHolder].self, forKey: .profiles).map { $0.contained }
|
|
var profiles: [String: ConnectionProfile] = [:]
|
|
profilesArray.forEach {
|
|
guard let p = $0 else {
|
|
return
|
|
}
|
|
profiles[p.id] = p
|
|
}
|
|
self.profiles = profiles
|
|
activeProfileId = try container.decodeIfPresent(String.self, forKey: .activeProfileId)
|
|
preferences = try container.decode(EditablePreferences.self, forKey: .preferences)
|
|
}
|
|
|
|
func encode(to encoder: Encoder) throws {
|
|
var container = encoder.container(keyedBy: CodingKeys.self)
|
|
try container.encode(appGroup, forKey: .appGroup)
|
|
try container.encode(tunnelConfiguration, forKey: .tunnelConfiguration)
|
|
try container.encode(profiles.map { ConnectionProfileHolder($0.value) }, forKey: .profiles)
|
|
try container.encodeIfPresent(activeProfileId, forKey: .activeProfileId)
|
|
try container.encode(preferences, forKey: .preferences)
|
|
}
|
|
|
|
// MARK: Profiles
|
|
|
|
func profileIds() -> [String] {
|
|
return Array(profiles.keys)
|
|
}
|
|
|
|
func profile(withId id: String) -> ConnectionProfile? {
|
|
return profiles[id]
|
|
}
|
|
|
|
func addProfile(_ profile: ConnectionProfile, credentials: Credentials?) -> Bool {
|
|
guard profiles.index(forKey: profile.id) == nil else {
|
|
return false
|
|
}
|
|
addOrReplaceProfile(profile, credentials: credentials)
|
|
return true
|
|
}
|
|
|
|
func addOrReplaceProfile(_ profile: ConnectionProfile, credentials: Credentials?) {
|
|
profiles[profile.id] = profile
|
|
try? setCredentials(credentials, for: profile)
|
|
if profiles.count == 1 {
|
|
activeProfileId = profile.id
|
|
}
|
|
}
|
|
|
|
func removeProfile(_ profile: ConnectionProfile) {
|
|
guard let i = profiles.index(forKey: profile.id) else {
|
|
return
|
|
}
|
|
profiles.remove(at: i)
|
|
if profiles.isEmpty {
|
|
activeProfileId = nil
|
|
}
|
|
}
|
|
|
|
func containsProfile(_ profile: ConnectionProfile) -> Bool {
|
|
return profiles.index(forKey: profile.id) != nil
|
|
}
|
|
|
|
func hasActiveProfile() -> Bool {
|
|
return activeProfileId != nil
|
|
}
|
|
|
|
func isActiveProfile(_ profile: ConnectionProfile) -> Bool {
|
|
return profile.id == activeProfileId
|
|
}
|
|
|
|
func activateProfile(_ profile: ConnectionProfile) {
|
|
activeProfileId = profile.id
|
|
}
|
|
|
|
// MARK: Credentials
|
|
|
|
func needsCredentials(for profile: ConnectionProfile) -> Bool {
|
|
guard profile.requiresCredentials else {
|
|
return false
|
|
}
|
|
guard let creds = credentials(for: profile) else {
|
|
return true
|
|
}
|
|
return creds.isEmpty
|
|
}
|
|
|
|
func credentials(for profile: ConnectionProfile) -> Credentials? {
|
|
guard let username = profile.username, let key = profile.passwordKey else {
|
|
return nil
|
|
}
|
|
guard let password = try? keychain.password(for: key) else {
|
|
return nil
|
|
}
|
|
return Credentials(username, password)
|
|
}
|
|
|
|
func setCredentials(_ credentials: Credentials?, for profile: ConnectionProfile) throws {
|
|
profile.username = credentials?.username
|
|
try profile.setPassword(credentials?.password, in: keychain)
|
|
}
|
|
|
|
// MARK: VPN
|
|
|
|
func vpnConfiguration() throws -> NetworkExtensionVPNConfiguration {
|
|
guard let profile = activeProfile else {
|
|
throw ApplicationError.missingProfile
|
|
}
|
|
let creds = credentials(for: profile)
|
|
if profile.requiresCredentials {
|
|
guard creds != nil else {
|
|
throw ApplicationError.missingCredentials
|
|
}
|
|
}
|
|
|
|
let cfg = try profile.generate(from: tunnelConfiguration, preferences: preferences)
|
|
let protocolConfiguration = try cfg.generatedTunnelProtocol(
|
|
withBundleIdentifier: GroupConstants.App.tunnelIdentifier,
|
|
appGroup: appGroup,
|
|
hostname: profile.mainAddress,
|
|
credentials: creds
|
|
)
|
|
protocolConfiguration.disconnectOnSleep = preferences.disconnectsOnSleep
|
|
|
|
log.verbose("Configuration:")
|
|
log.verbose(protocolConfiguration)
|
|
|
|
var rules: [NEOnDemandRule] = []
|
|
#if os(iOS)
|
|
if preferences.trustsMobileNetwork {
|
|
let rule = policyRule()
|
|
rule.interfaceTypeMatch = .cellular
|
|
rules.append(rule)
|
|
}
|
|
#endif
|
|
let reallyTrustedWifis = Array(preferences.trustedWifis.filter { $1 }.keys)
|
|
if !reallyTrustedWifis.isEmpty {
|
|
let rule = policyRule()
|
|
rule.interfaceTypeMatch = .wiFi
|
|
rule.ssidMatch = reallyTrustedWifis
|
|
rules.append(rule)
|
|
}
|
|
rules.append(NEOnDemandRuleConnect())
|
|
|
|
return NetworkExtensionVPNConfiguration(protocolConfiguration: protocolConfiguration, onDemandRules: rules)
|
|
}
|
|
|
|
private func policyRule() -> NEOnDemandRule {
|
|
switch preferences.trustPolicy {
|
|
case .ignore:
|
|
return NEOnDemandRuleIgnore()
|
|
|
|
case .disconnect:
|
|
return NEOnDemandRuleDisconnect()
|
|
}
|
|
}
|
|
|
|
var vpnLog: String {
|
|
return tunnelConfiguration.existingLog(in: appGroup) ?? ""
|
|
}
|
|
|
|
var vpnLastError: TunnelKitProvider.ProviderError? {
|
|
guard let key = tunnelConfiguration.lastErrorKey else {
|
|
return nil
|
|
}
|
|
guard let rawValue = defaults.string(forKey: key) else {
|
|
return nil
|
|
}
|
|
return TunnelKitProvider.ProviderError(rawValue: rawValue)
|
|
}
|
|
|
|
func clearVpnLastError() {
|
|
guard let key = tunnelConfiguration.lastErrorKey else {
|
|
return
|
|
}
|
|
defaults.removeObject(forKey: key)
|
|
}
|
|
|
|
// func eraseVpnLog() {
|
|
// defaults.removeObject(forKey: Keys.vpnLog)
|
|
// }
|
|
}
|