From ed8dc516dc5aa5b47afec780a69f4a8176e57500 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 6 Feb 2019 02:01:12 +0100 Subject: [PATCH] LegacyConfig: Remove and support plaintext for .mobileconfig Signed-off-by: Jason A. Donenfeld --- .../Shared/Model/LegacyConfigMigration.swift | 205 ------------------ .../NETunnelProviderProtocol+Extension.swift | 13 ++ WireGuard/WireGuard.xcodeproj/project.pbxproj | 10 - 3 files changed, 13 insertions(+), 215 deletions(-) delete mode 100644 WireGuard/Shared/Model/LegacyConfigMigration.swift diff --git a/WireGuard/Shared/Model/LegacyConfigMigration.swift b/WireGuard/Shared/Model/LegacyConfigMigration.swift deleted file mode 100644 index 583e914..0000000 --- a/WireGuard/Shared/Model/LegacyConfigMigration.swift +++ /dev/null @@ -1,205 +0,0 @@ -// SPDX-License-Identifier: MIT -// Copyright © 2018-2019 WireGuard LLC. All Rights Reserved. - -import Foundation -import Network -import NetworkExtension - -protocol LegacyModel: Decodable { - associatedtype Model - - var migrated: Model { get } -} - -struct LegacyDNSServer: LegacyModel { - let address: IPAddress - - var migrated: DNSServer { - return DNSServer(address: address) - } - - init(from decoder: Decoder) throws { - let container = try decoder.singleValueContainer() - var data = try container.decode(Data.self) - let ipAddressFromData: IPAddress? = { - switch data.count { - case 4: return IPv4Address(data) - case 16: return IPv6Address(data) - default: return nil - } - }() - guard let ipAddress = ipAddressFromData else { - throw DecodingError.invalidData - } - address = ipAddress - } - - enum DecodingError: Error { - case invalidData - } -} - -extension Array where Element == LegacyDNSServer { - var migrated: [DNSServer] { - return map { $0.migrated } - } -} - -struct LegacyEndpoint: LegacyModel { - let host: Network.NWEndpoint.Host - let port: Network.NWEndpoint.Port - - var migrated: Endpoint { - return Endpoint(host: host, port: port) - } - - public init(from decoder: Decoder) throws { - let container = try decoder.singleValueContainer() - let endpointString = try container.decode(String.self) - guard !endpointString.isEmpty else { throw DecodingError.invalidData } - let startOfPort: String.Index - let hostString: String - if endpointString.first! == "[" { - // Look for IPv6-style endpoint, like [::1]:80 - let startOfHost = endpointString.index(after: endpointString.startIndex) - guard let endOfHost = endpointString.dropFirst().firstIndex(of: "]") else { throw DecodingError.invalidData } - let afterEndOfHost = endpointString.index(after: endOfHost) - guard endpointString[afterEndOfHost] == ":" else { throw DecodingError.invalidData } - startOfPort = endpointString.index(after: afterEndOfHost) - hostString = String(endpointString[startOfHost ..< endOfHost]) - } else { - // Look for an IPv4-style endpoint, like 127.0.0.1:80 - guard let endOfHost = endpointString.firstIndex(of: ":") else { throw DecodingError.invalidData } - startOfPort = endpointString.index(after: endOfHost) - hostString = String(endpointString[endpointString.startIndex ..< endOfHost]) - } - guard let endpointPort = NWEndpoint.Port(String(endpointString[startOfPort ..< endpointString.endIndex])) else { throw DecodingError.invalidData } - let invalidCharacterIndex = hostString.unicodeScalars.firstIndex { char in - return !CharacterSet.urlHostAllowed.contains(char) - } - guard invalidCharacterIndex == nil else { throw DecodingError.invalidData } - host = NWEndpoint.Host(hostString) - port = endpointPort - } - - enum DecodingError: Error { - case invalidData - } -} - -struct LegacyInterfaceConfiguration: LegacyModel { - let name: String - let privateKey: Data - let addresses: [LegacyIPAddressRange] - let listenPort: UInt16? - let mtu: UInt16? - let dns: [LegacyDNSServer] - - var migrated: InterfaceConfiguration { - var interface = InterfaceConfiguration(privateKey: privateKey) - interface.addresses = addresses.migrated - interface.listenPort = listenPort - interface.mtu = mtu - interface.dns = dns.migrated - return interface - } -} - -struct LegacyIPAddressRange: LegacyModel { - let address: IPAddress - let networkPrefixLength: UInt8 - - var migrated: IPAddressRange { - return IPAddressRange(address: address, networkPrefixLength: networkPrefixLength) - } - - public init(from decoder: Decoder) throws { - let container = try decoder.singleValueContainer() - var data = try container.decode(Data.self) - networkPrefixLength = data.removeLast() - let ipAddressFromData: IPAddress? = { - switch data.count { - case 4: return IPv4Address(data) - case 16: return IPv6Address(data) - default: return nil - } - }() - guard let ipAddress = ipAddressFromData else { throw DecodingError.invalidData } - address = ipAddress - } - - enum DecodingError: Error { - case invalidData - } -} - -extension Array where Element == LegacyIPAddressRange { - var migrated: [IPAddressRange] { - return map { $0.migrated } - } -} - -struct LegacyPeerConfiguration: LegacyModel { - let publicKey: Data - let preSharedKey: Data? - let allowedIPs: [LegacyIPAddressRange] - let endpoint: LegacyEndpoint? - let persistentKeepAlive: UInt16? - - var migrated: PeerConfiguration { - var configuration = PeerConfiguration(publicKey: publicKey) - configuration.preSharedKey = preSharedKey - configuration.allowedIPs = allowedIPs.migrated - configuration.endpoint = endpoint?.migrated - configuration.persistentKeepAlive = persistentKeepAlive - return configuration - } -} - -extension Array where Element == LegacyPeerConfiguration { - var migrated: [PeerConfiguration] { - return map { $0.migrated } - } -} - -final class LegacyTunnelConfiguration: LegacyModel { - let interface: LegacyInterfaceConfiguration - let peers: [LegacyPeerConfiguration] - - var migrated: TunnelConfiguration { - return TunnelConfiguration(name: interface.name, interface: interface.migrated, peers: peers.migrated) - } -} - -extension NETunnelProviderProtocol { - - @discardableResult - func migrateConfigurationIfNeeded(called name: String) -> Bool { - var ret = false - if migrateFromConfigurationV1() { - ret = true - } - if migrateFromConfigurationV2(called: name) { - ret = true - } - return ret - } - - private func migrateFromConfigurationV1() -> Bool { - guard let configurationVersion = providerConfiguration?["tunnelConfigurationVersion"] as? Int else { return false } - guard configurationVersion == 1 else { return false } - guard let serializedTunnelConfiguration = providerConfiguration?["tunnelConfiguration"] as? Data else { return false } - guard let configuration = try? JSONDecoder().decode(LegacyTunnelConfiguration.self, from: serializedTunnelConfiguration) else { return false } - providerConfiguration = ["WgQuickConfig": configuration.migrated.asWgQuickConfig()] - return true - } - - private func migrateFromConfigurationV2(called name: String) -> Bool { - guard let oldConfig = providerConfiguration?["WgQuickConfig"] as? String else { return false } - providerConfiguration = nil - guard passwordReference == nil else { return true } - passwordReference = Keychain.makeReference(containing: oldConfig, called: name) - return true - } - -} diff --git a/WireGuard/Shared/Model/NETunnelProviderProtocol+Extension.swift b/WireGuard/Shared/Model/NETunnelProviderProtocol+Extension.swift index 3b7cd1e..bdc17ac 100644 --- a/WireGuard/Shared/Model/NETunnelProviderProtocol+Extension.swift +++ b/WireGuard/Shared/Model/NETunnelProviderProtocol+Extension.swift @@ -56,4 +56,17 @@ extension NETunnelProviderProtocol { guard let ref = passwordReference else { return nil } return Keychain.verifyReference(called: ref) ? ref : nil } + + @discardableResult + func migrateConfigurationIfNeeded(called name: String) -> Bool { + /* This is how we did things before we switched to putting items + * in the keychain. But it's still useful to keep the migration + * around so that .mobileconfig files are easier. + */ + guard let oldConfig = providerConfiguration?["WgQuickConfig"] as? String else { return false } + providerConfiguration = nil + guard passwordReference == nil else { return true } + passwordReference = Keychain.makeReference(containing: oldConfig, called: name) + return true + } } diff --git a/WireGuard/WireGuard.xcodeproj/project.pbxproj b/WireGuard/WireGuard.xcodeproj/project.pbxproj index 7ef5dd0..0f2b31b 100644 --- a/WireGuard/WireGuard.xcodeproj/project.pbxproj +++ b/WireGuard/WireGuard.xcodeproj/project.pbxproj @@ -21,8 +21,6 @@ 5F52D0BD21E3785C00283CEA /* ConfTextStorage.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5F52D0BC21E3785C00283CEA /* ConfTextStorage.swift */; }; 5F52D0BF21E3788900283CEA /* NSColor+Hex.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5F52D0BE21E3788900283CEA /* NSColor+Hex.swift */; }; 5F52D0C221E378C000283CEA /* highlighter.c in Sources */ = {isa = PBXBuildFile; fileRef = 5F52D0C121E378C000283CEA /* highlighter.c */; }; - 5F9696AA21CD6AE6008063FE /* LegacyConfigMigration.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5F9696A921CD6AE6008063FE /* LegacyConfigMigration.swift */; }; - 5F9696AB21CD6AE6008063FE /* LegacyConfigMigration.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5F9696A921CD6AE6008063FE /* LegacyConfigMigration.swift */; }; 5F9696AE21CD6F72008063FE /* String+ArrayConversion.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5F4541B121CBFAEE00994C13 /* String+ArrayConversion.swift */; }; 5F9696B021CD7128008063FE /* TunnelConfiguration+WgQuickConfig.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5F9696AF21CD7128008063FE /* TunnelConfiguration+WgQuickConfig.swift */; }; 5F9696B121CD7128008063FE /* TunnelConfiguration+WgQuickConfig.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5F9696AF21CD7128008063FE /* TunnelConfiguration+WgQuickConfig.swift */; }; @@ -78,7 +76,6 @@ 6FB1BDA521D4F53300A991BF /* TunnelConfiguration+WgQuickConfig.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5F9696AF21CD7128008063FE /* TunnelConfiguration+WgQuickConfig.swift */; }; 6FB1BDA621D4F53300A991BF /* NETunnelProviderProtocol+Extension.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6FFA5D942194454A0001E2F7 /* NETunnelProviderProtocol+Extension.swift */; }; 6FB1BDA721D4F53300A991BF /* String+ArrayConversion.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5F4541B121CBFAEE00994C13 /* String+ArrayConversion.swift */; }; - 6FB1BDA821D4F53300A991BF /* LegacyConfigMigration.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5F9696A921CD6AE6008063FE /* LegacyConfigMigration.swift */; }; 6FB1BDA921D4F53300A991BF /* TunnelConfiguration.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6F7774E72172020C006A79B3 /* TunnelConfiguration.swift */; }; 6FB1BDAA21D4F53300A991BF /* IPAddressRange.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6F7774E9217229DB006A79B3 /* IPAddressRange.swift */; }; 6FB1BDAB21D4F53300A991BF /* Endpoint.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6F693A552179E556008551C1 /* Endpoint.swift */; }; @@ -98,7 +95,6 @@ 6FB1BDBF21D50F0200A991BF /* TunnelConfiguration+WgQuickConfig.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5F9696AF21CD7128008063FE /* TunnelConfiguration+WgQuickConfig.swift */; }; 6FB1BDC021D50F0200A991BF /* NETunnelProviderProtocol+Extension.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6FFA5D942194454A0001E2F7 /* NETunnelProviderProtocol+Extension.swift */; }; 6FB1BDC121D50F0200A991BF /* String+ArrayConversion.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5F4541B121CBFAEE00994C13 /* String+ArrayConversion.swift */; }; - 6FB1BDC221D50F0300A991BF /* LegacyConfigMigration.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5F9696A921CD6AE6008063FE /* LegacyConfigMigration.swift */; }; 6FB1BDC321D50F0300A991BF /* TunnelConfiguration.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6F7774E72172020C006A79B3 /* TunnelConfiguration.swift */; }; 6FB1BDC421D50F0300A991BF /* IPAddressRange.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6F7774E9217229DB006A79B3 /* IPAddressRange.swift */; }; 6FB1BDC521D50F0300A991BF /* Endpoint.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6F693A552179E556008551C1 /* Endpoint.swift */; }; @@ -238,7 +234,6 @@ 5F52D0BE21E3788900283CEA /* NSColor+Hex.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "NSColor+Hex.swift"; sourceTree = ""; }; 5F52D0C021E378C000283CEA /* highlighter.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = highlighter.h; sourceTree = ""; }; 5F52D0C121E378C000283CEA /* highlighter.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = highlighter.c; sourceTree = ""; }; - 5F9696A921CD6AE6008063FE /* LegacyConfigMigration.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = LegacyConfigMigration.swift; sourceTree = ""; }; 5F9696AF21CD7128008063FE /* TunnelConfiguration+WgQuickConfig.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "TunnelConfiguration+WgQuickConfig.swift"; sourceTree = ""; }; 5FF7B96121CC95DE00A7DD74 /* InterfaceConfiguration.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = InterfaceConfiguration.swift; sourceTree = ""; }; 5FF7B96421CC95FA00A7DD74 /* PeerConfiguration.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PeerConfiguration.swift; sourceTree = ""; }; @@ -481,7 +476,6 @@ 5F9696AF21CD7128008063FE /* TunnelConfiguration+WgQuickConfig.swift */, 6FFA5D942194454A0001E2F7 /* NETunnelProviderProtocol+Extension.swift */, 5F4541B121CBFAEE00994C13 /* String+ArrayConversion.swift */, - 5F9696A921CD6AE6008063FE /* LegacyConfigMigration.swift */, 6F7774E72172020C006A79B3 /* TunnelConfiguration.swift */, 6F7774E9217229DB006A79B3 /* IPAddressRange.swift */, 6F693A552179E556008551C1 /* Endpoint.swift */, @@ -1091,7 +1085,6 @@ 5FF7B96321CC95DE00A7DD74 /* InterfaceConfiguration.swift in Sources */, 6FFA5D9321943BC90001E2F7 /* DNSResolver.swift in Sources */, 6FFA5D912194370D0001E2F7 /* DNSServer.swift in Sources */, - 5F9696AB21CD6AE6008063FE /* LegacyConfigMigration.swift in Sources */, 6FFA5D8921942F320001E2F7 /* PacketTunnelSettingsGenerator.swift in Sources */, 6F5D0C1D218352EF000F85AD /* PacketTunnelProvider.swift in Sources */, ); @@ -1146,7 +1139,6 @@ 6F613D9B21DE33B8004B217A /* KeyValueRow.swift in Sources */, 6FB1BDC121D50F0200A991BF /* String+ArrayConversion.swift in Sources */, 5F52D0BB21E3781B00283CEA /* ConfTextView.swift in Sources */, - 6FB1BDC221D50F0300A991BF /* LegacyConfigMigration.swift in Sources */, 6FBA104021D6B7040051C35F /* ErrorPresenterProtocol.swift in Sources */, 6FCD99AA21E0E14700BA4C82 /* NoTunnelsDetailViewController.swift in Sources */, 6FB1BDC321D50F0300A991BF /* TunnelConfiguration.swift in Sources */, @@ -1175,7 +1167,6 @@ 6FB1BDA521D4F53300A991BF /* TunnelConfiguration+WgQuickConfig.swift in Sources */, 6FB1BDA621D4F53300A991BF /* NETunnelProviderProtocol+Extension.swift in Sources */, 6FB1BDA721D4F53300A991BF /* String+ArrayConversion.swift in Sources */, - 6FB1BDA821D4F53300A991BF /* LegacyConfigMigration.swift in Sources */, 6FB1BDA921D4F53300A991BF /* TunnelConfiguration.swift in Sources */, 6FB1BDAA21D4F53300A991BF /* IPAddressRange.swift in Sources */, 6FB1BDAB21D4F53300A991BF /* Endpoint.swift in Sources */, @@ -1216,7 +1207,6 @@ 5F45419821C2D60500994C13 /* KeyValueCell.swift in Sources */, 6FBA103E21D6B6D70051C35F /* TunnelImporter.swift in Sources */, 6F919EC3218A2AE90023B400 /* ErrorPresenter.swift in Sources */, - 5F9696AA21CD6AE6008063FE /* LegacyConfigMigration.swift in Sources */, 6F5A2B4821AFF49A0081EDD8 /* FileManager+Extension.swift in Sources */, 5F45418C21C2D48200994C13 /* TunnelEditKeyValueCell.swift in Sources */, 6FE254FB219C10800028284D /* ZipImporter.swift in Sources */,