LegacyConfig: Remove and support plaintext for .mobileconfig

This commit is contained in:
Jason A. Donenfeld 2019-02-06 02:01:12 +01:00
parent 0407d41005
commit 30576a1fe6
3 changed files with 13 additions and 215 deletions

View File

@ -1,205 +0,0 @@
// SPDX-License-Identifier: MIT
// Copyright © 2018-2019 WireGuard LLC. All Rights Reserved.
import Foundation
import Network
import NetworkExtension
protocol LegacyModel: Decodable {
associatedtype Model
var migrated: Model { get }
}
struct LegacyDNSServer: LegacyModel {
let address: IPAddress
var migrated: DNSServer {
return DNSServer(address: address)
}
init(from decoder: Decoder) throws {
let container = try decoder.singleValueContainer()
var data = try container.decode(Data.self)
let ipAddressFromData: IPAddress? = {
switch data.count {
case 4: return IPv4Address(data)
case 16: return IPv6Address(data)
default: return nil
}
}()
guard let ipAddress = ipAddressFromData else {
throw DecodingError.invalidData
}
address = ipAddress
}
enum DecodingError: Error {
case invalidData
}
}
extension Array where Element == LegacyDNSServer {
var migrated: [DNSServer] {
return map { $0.migrated }
}
}
struct LegacyEndpoint: LegacyModel {
let host: Network.NWEndpoint.Host
let port: Network.NWEndpoint.Port
var migrated: Endpoint {
return Endpoint(host: host, port: port)
}
public init(from decoder: Decoder) throws {
let container = try decoder.singleValueContainer()
let endpointString = try container.decode(String.self)
guard !endpointString.isEmpty else { throw DecodingError.invalidData }
let startOfPort: String.Index
let hostString: String
if endpointString.first! == "[" {
// Look for IPv6-style endpoint, like [::1]:80
let startOfHost = endpointString.index(after: endpointString.startIndex)
guard let endOfHost = endpointString.dropFirst().firstIndex(of: "]") else { throw DecodingError.invalidData }
let afterEndOfHost = endpointString.index(after: endOfHost)
guard endpointString[afterEndOfHost] == ":" else { throw DecodingError.invalidData }
startOfPort = endpointString.index(after: afterEndOfHost)
hostString = String(endpointString[startOfHost ..< endOfHost])
} else {
// Look for an IPv4-style endpoint, like 127.0.0.1:80
guard let endOfHost = endpointString.firstIndex(of: ":") else { throw DecodingError.invalidData }
startOfPort = endpointString.index(after: endOfHost)
hostString = String(endpointString[endpointString.startIndex ..< endOfHost])
}
guard let endpointPort = NWEndpoint.Port(String(endpointString[startOfPort ..< endpointString.endIndex])) else { throw DecodingError.invalidData }
let invalidCharacterIndex = hostString.unicodeScalars.firstIndex { char in
return !CharacterSet.urlHostAllowed.contains(char)
}
guard invalidCharacterIndex == nil else { throw DecodingError.invalidData }
host = NWEndpoint.Host(hostString)
port = endpointPort
}
enum DecodingError: Error {
case invalidData
}
}
struct LegacyInterfaceConfiguration: LegacyModel {
let name: String
let privateKey: Data
let addresses: [LegacyIPAddressRange]
let listenPort: UInt16?
let mtu: UInt16?
let dns: [LegacyDNSServer]
var migrated: InterfaceConfiguration {
var interface = InterfaceConfiguration(privateKey: privateKey)
interface.addresses = addresses.migrated
interface.listenPort = listenPort
interface.mtu = mtu
interface.dns = dns.migrated
return interface
}
}
struct LegacyIPAddressRange: LegacyModel {
let address: IPAddress
let networkPrefixLength: UInt8
var migrated: IPAddressRange {
return IPAddressRange(address: address, networkPrefixLength: networkPrefixLength)
}
public init(from decoder: Decoder) throws {
let container = try decoder.singleValueContainer()
var data = try container.decode(Data.self)
networkPrefixLength = data.removeLast()
let ipAddressFromData: IPAddress? = {
switch data.count {
case 4: return IPv4Address(data)
case 16: return IPv6Address(data)
default: return nil
}
}()
guard let ipAddress = ipAddressFromData else { throw DecodingError.invalidData }
address = ipAddress
}
enum DecodingError: Error {
case invalidData
}
}
extension Array where Element == LegacyIPAddressRange {
var migrated: [IPAddressRange] {
return map { $0.migrated }
}
}
struct LegacyPeerConfiguration: LegacyModel {
let publicKey: Data
let preSharedKey: Data?
let allowedIPs: [LegacyIPAddressRange]
let endpoint: LegacyEndpoint?
let persistentKeepAlive: UInt16?
var migrated: PeerConfiguration {
var configuration = PeerConfiguration(publicKey: publicKey)
configuration.preSharedKey = preSharedKey
configuration.allowedIPs = allowedIPs.migrated
configuration.endpoint = endpoint?.migrated
configuration.persistentKeepAlive = persistentKeepAlive
return configuration
}
}
extension Array where Element == LegacyPeerConfiguration {
var migrated: [PeerConfiguration] {
return map { $0.migrated }
}
}
final class LegacyTunnelConfiguration: LegacyModel {
let interface: LegacyInterfaceConfiguration
let peers: [LegacyPeerConfiguration]
var migrated: TunnelConfiguration {
return TunnelConfiguration(name: interface.name, interface: interface.migrated, peers: peers.migrated)
}
}
extension NETunnelProviderProtocol {
@discardableResult
func migrateConfigurationIfNeeded(called name: String) -> Bool {
var ret = false
if migrateFromConfigurationV1() {
ret = true
}
if migrateFromConfigurationV2(called: name) {
ret = true
}
return ret
}
private func migrateFromConfigurationV1() -> Bool {
guard let configurationVersion = providerConfiguration?["tunnelConfigurationVersion"] as? Int else { return false }
guard configurationVersion == 1 else { return false }
guard let serializedTunnelConfiguration = providerConfiguration?["tunnelConfiguration"] as? Data else { return false }
guard let configuration = try? JSONDecoder().decode(LegacyTunnelConfiguration.self, from: serializedTunnelConfiguration) else { return false }
providerConfiguration = ["WgQuickConfig": configuration.migrated.asWgQuickConfig()]
return true
}
private func migrateFromConfigurationV2(called name: String) -> Bool {
guard let oldConfig = providerConfiguration?["WgQuickConfig"] as? String else { return false }
providerConfiguration = nil
guard passwordReference == nil else { return true }
passwordReference = Keychain.makeReference(containing: oldConfig, called: name)
return true
}
}

View File

@ -56,4 +56,17 @@ extension NETunnelProviderProtocol {
guard let ref = passwordReference else { return nil }
return Keychain.verifyReference(called: ref) ? ref : nil
}
@discardableResult
func migrateConfigurationIfNeeded(called name: String) -> Bool {
/* This is how we did things before we switched to putting items
* in the keychain. But it's still useful to keep the migration
* around so that .mobileconfig files are easier.
*/
guard let oldConfig = providerConfiguration?["WgQuickConfig"] as? String else { return false }
providerConfiguration = nil
guard passwordReference == nil else { return true }
passwordReference = Keychain.makeReference(containing: oldConfig, called: name)
return true
}
}

View File

@ -21,8 +21,6 @@
5F52D0BD21E3785C00283CEA /* ConfTextStorage.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5F52D0BC21E3785C00283CEA /* ConfTextStorage.swift */; };
5F52D0BF21E3788900283CEA /* NSColor+Hex.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5F52D0BE21E3788900283CEA /* NSColor+Hex.swift */; };
5F52D0C221E378C000283CEA /* highlighter.c in Sources */ = {isa = PBXBuildFile; fileRef = 5F52D0C121E378C000283CEA /* highlighter.c */; };
5F9696AA21CD6AE6008063FE /* LegacyConfigMigration.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5F9696A921CD6AE6008063FE /* LegacyConfigMigration.swift */; };
5F9696AB21CD6AE6008063FE /* LegacyConfigMigration.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5F9696A921CD6AE6008063FE /* LegacyConfigMigration.swift */; };
5F9696AE21CD6F72008063FE /* String+ArrayConversion.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5F4541B121CBFAEE00994C13 /* String+ArrayConversion.swift */; };
5F9696B021CD7128008063FE /* TunnelConfiguration+WgQuickConfig.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5F9696AF21CD7128008063FE /* TunnelConfiguration+WgQuickConfig.swift */; };
5F9696B121CD7128008063FE /* TunnelConfiguration+WgQuickConfig.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5F9696AF21CD7128008063FE /* TunnelConfiguration+WgQuickConfig.swift */; };
@ -78,7 +76,6 @@
6FB1BDA521D4F53300A991BF /* TunnelConfiguration+WgQuickConfig.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5F9696AF21CD7128008063FE /* TunnelConfiguration+WgQuickConfig.swift */; };
6FB1BDA621D4F53300A991BF /* NETunnelProviderProtocol+Extension.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6FFA5D942194454A0001E2F7 /* NETunnelProviderProtocol+Extension.swift */; };
6FB1BDA721D4F53300A991BF /* String+ArrayConversion.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5F4541B121CBFAEE00994C13 /* String+ArrayConversion.swift */; };
6FB1BDA821D4F53300A991BF /* LegacyConfigMigration.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5F9696A921CD6AE6008063FE /* LegacyConfigMigration.swift */; };
6FB1BDA921D4F53300A991BF /* TunnelConfiguration.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6F7774E72172020C006A79B3 /* TunnelConfiguration.swift */; };
6FB1BDAA21D4F53300A991BF /* IPAddressRange.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6F7774E9217229DB006A79B3 /* IPAddressRange.swift */; };
6FB1BDAB21D4F53300A991BF /* Endpoint.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6F693A552179E556008551C1 /* Endpoint.swift */; };
@ -98,7 +95,6 @@
6FB1BDBF21D50F0200A991BF /* TunnelConfiguration+WgQuickConfig.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5F9696AF21CD7128008063FE /* TunnelConfiguration+WgQuickConfig.swift */; };
6FB1BDC021D50F0200A991BF /* NETunnelProviderProtocol+Extension.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6FFA5D942194454A0001E2F7 /* NETunnelProviderProtocol+Extension.swift */; };
6FB1BDC121D50F0200A991BF /* String+ArrayConversion.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5F4541B121CBFAEE00994C13 /* String+ArrayConversion.swift */; };
6FB1BDC221D50F0300A991BF /* LegacyConfigMigration.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5F9696A921CD6AE6008063FE /* LegacyConfigMigration.swift */; };
6FB1BDC321D50F0300A991BF /* TunnelConfiguration.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6F7774E72172020C006A79B3 /* TunnelConfiguration.swift */; };
6FB1BDC421D50F0300A991BF /* IPAddressRange.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6F7774E9217229DB006A79B3 /* IPAddressRange.swift */; };
6FB1BDC521D50F0300A991BF /* Endpoint.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6F693A552179E556008551C1 /* Endpoint.swift */; };
@ -238,7 +234,6 @@
5F52D0BE21E3788900283CEA /* NSColor+Hex.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "NSColor+Hex.swift"; sourceTree = "<group>"; };
5F52D0C021E378C000283CEA /* highlighter.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = highlighter.h; sourceTree = "<group>"; };
5F52D0C121E378C000283CEA /* highlighter.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = highlighter.c; sourceTree = "<group>"; };
5F9696A921CD6AE6008063FE /* LegacyConfigMigration.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = LegacyConfigMigration.swift; sourceTree = "<group>"; };
5F9696AF21CD7128008063FE /* TunnelConfiguration+WgQuickConfig.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "TunnelConfiguration+WgQuickConfig.swift"; sourceTree = "<group>"; };
5FF7B96121CC95DE00A7DD74 /* InterfaceConfiguration.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = InterfaceConfiguration.swift; sourceTree = "<group>"; };
5FF7B96421CC95FA00A7DD74 /* PeerConfiguration.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PeerConfiguration.swift; sourceTree = "<group>"; };
@ -481,7 +476,6 @@
5F9696AF21CD7128008063FE /* TunnelConfiguration+WgQuickConfig.swift */,
6FFA5D942194454A0001E2F7 /* NETunnelProviderProtocol+Extension.swift */,
5F4541B121CBFAEE00994C13 /* String+ArrayConversion.swift */,
5F9696A921CD6AE6008063FE /* LegacyConfigMigration.swift */,
6F7774E72172020C006A79B3 /* TunnelConfiguration.swift */,
6F7774E9217229DB006A79B3 /* IPAddressRange.swift */,
6F693A552179E556008551C1 /* Endpoint.swift */,
@ -1091,7 +1085,6 @@
5FF7B96321CC95DE00A7DD74 /* InterfaceConfiguration.swift in Sources */,
6FFA5D9321943BC90001E2F7 /* DNSResolver.swift in Sources */,
6FFA5D912194370D0001E2F7 /* DNSServer.swift in Sources */,
5F9696AB21CD6AE6008063FE /* LegacyConfigMigration.swift in Sources */,
6FFA5D8921942F320001E2F7 /* PacketTunnelSettingsGenerator.swift in Sources */,
6F5D0C1D218352EF000F85AD /* PacketTunnelProvider.swift in Sources */,
);
@ -1146,7 +1139,6 @@
6F613D9B21DE33B8004B217A /* KeyValueRow.swift in Sources */,
6FB1BDC121D50F0200A991BF /* String+ArrayConversion.swift in Sources */,
5F52D0BB21E3781B00283CEA /* ConfTextView.swift in Sources */,
6FB1BDC221D50F0300A991BF /* LegacyConfigMigration.swift in Sources */,
6FBA104021D6B7040051C35F /* ErrorPresenterProtocol.swift in Sources */,
6FCD99AA21E0E14700BA4C82 /* NoTunnelsDetailViewController.swift in Sources */,
6FB1BDC321D50F0300A991BF /* TunnelConfiguration.swift in Sources */,
@ -1175,7 +1167,6 @@
6FB1BDA521D4F53300A991BF /* TunnelConfiguration+WgQuickConfig.swift in Sources */,
6FB1BDA621D4F53300A991BF /* NETunnelProviderProtocol+Extension.swift in Sources */,
6FB1BDA721D4F53300A991BF /* String+ArrayConversion.swift in Sources */,
6FB1BDA821D4F53300A991BF /* LegacyConfigMigration.swift in Sources */,
6FB1BDA921D4F53300A991BF /* TunnelConfiguration.swift in Sources */,
6FB1BDAA21D4F53300A991BF /* IPAddressRange.swift in Sources */,
6FB1BDAB21D4F53300A991BF /* Endpoint.swift in Sources */,
@ -1216,7 +1207,6 @@
5F45419821C2D60500994C13 /* KeyValueCell.swift in Sources */,
6FBA103E21D6B6D70051C35F /* TunnelImporter.swift in Sources */,
6F919EC3218A2AE90023B400 /* ErrorPresenter.swift in Sources */,
5F9696AA21CD6AE6008063FE /* LegacyConfigMigration.swift in Sources */,
6F5A2B4821AFF49A0081EDD8 /* FileManager+Extension.swift in Sources */,
5F45418C21C2D48200994C13 /* TunnelEditKeyValueCell.swift in Sources */,
6FE254FB219C10800028284D /* ZipImporter.swift in Sources */,