Meshtastic-Apple/Meshtastic/Views/Settings/Config/SecurityConfig.swift

//
//  Security.swift
//  Meshtastic
//
// Copyright(c) Garth Vander Houwen 8/7/24.
//

import Foundation
import SwiftUI
import CoreData
import MeshtasticProtobufs
import OSLog

struct SecurityConfig: View {

	private var idiom: UIUserInterfaceIdiom { UIDevice.current.userInterfaceIdiom }
	@Environment(\.managedObjectContext) var context
	@EnvironmentObject var bleManager: BLEManager
	@Environment(\.dismiss) private var goBack

	var node: NodeInfoEntity?

	@State var hasChanges = false
	@State var publicKey = ""
	@State var hasValidPublicKey: Bool = false
	@State var privateKey = ""
	@State var hasValidPrivateKey: Bool = false
	@State var adminKey = ""
	@State var hasValidAdminKey: Bool = true
	@State var isManaged = false
	@State var serialEnabled = false
	@State var debugLogApiEnabled = false
	@State var adminChannelEnabled = false

	var body: some View {
		VStack {
			Form {
				ConfigHeader(title: "Security", config: \.securityConfig, node: node, onAppear: setSecurityValues)
				Text("Security Config Settings require a firmware version 2.5+")
					.font(.title3)
				Section(header: Text("Admin & Direct Message Keys")) {
					VStack(alignment: .leading) {
						Label("Public Key", systemImage: "key")
						SecureInput("Public Key", text: $publicKey, isValid: $hasValidPublicKey)
							.background(
								RoundedRectangle(cornerRadius: 10.0)
									.stroke(hasValidPublicKey ?	Color.clear : Color.red, lineWidth: 2.0)
							)
						Text("Sent out to other nodes on the mesh to allow them to compute a shared secret key.")
							.foregroundStyle(.secondary)
							.font(idiom == .phone ? .caption : .callout)
					}
					VStack(alignment: .leading) {
						Label("Private Key", systemImage: "key.fill")
						SecureInput("Private Key", text: $privateKey, isValid: $hasValidPrivateKey)
							.background(
								RoundedRectangle(cornerRadius: 10.0)
									.stroke(hasValidPrivateKey ? Color.clear : Color.red, lineWidth: 2.0)
							)
						Text("Used to create a shared key with a remote device.")
							.foregroundStyle(.secondary)
							.font(idiom == .phone ? .caption : .callout)
					}
					VStack(alignment: .leading) {
						Label("Admin Key", systemImage: "key.viewfinder")
						SecureInput("Admin Key", text: $adminKey, isValid: $hasValidAdminKey)
						Text("The public key authorized to send admin messages to this node.")
							.foregroundStyle(.secondary)
							.font(idiom == .phone ? .caption : .callout)
					}
				}
				Section(header: Text("Logs")) {
					Toggle(isOn: $serialEnabled) {
						Label("Serial Console", systemImage: "terminal")
						Text("Serial Console over the Stream API.")
					}
					.toggleStyle(SwitchToggleStyle(tint: .accentColor))
					Toggle(isOn: $debugLogApiEnabled) {
						Label("Debug Logs", systemImage: "ant.fill")
						Text("Output live debug logging over serial, view and export position-redacted device logs over Bluetooth.")
					}
					.toggleStyle(SwitchToggleStyle(tint: .accentColor))
				}
				Section(header: Text("Administration")) {
					if adminKey.length > 0 || adminChannelEnabled {
						Toggle(isOn: $isManaged) {
							Label("Managed Device", systemImage: "gearshape.arrow.triangle.2.circlepath")
							Text("Device is managed by a mesh administrator, the user is unable to access any of the device settings.")
						}
						.toggleStyle(SwitchToggleStyle(tint: .accentColor))
					}
					Toggle(isOn: $adminChannelEnabled) {
						Label("Legacy Administration", systemImage: "lock.slash")
						Text("Allow incoming device control over the insecure legacy admin channel.")
					}
					.toggleStyle(SwitchToggleStyle(tint: .accentColor))
				}
			}
		}
		.scrollDismissesKeyboard(.immediately)
		.navigationTitle("Security Config")
		.navigationBarItems(trailing: ZStack {
			ConnectedDevice(
				bluetoothOn: bleManager.isSwitchedOn,
				deviceConnected: bleManager.connectedPeripheral != nil,
				name: "\(bleManager.connectedPeripheral?.shortName ?? "?")"
			)
		})
		.onChange(of: isManaged) {
			if $0 != node?.securityConfig?.isManaged { hasChanges = true }
		}
		.onChange(of: serialEnabled) {
			if $0 != node?.securityConfig?.serialEnabled { hasChanges = true }
		}
		.onChange(of: debugLogApiEnabled) {
			if $0 != node?.securityConfig?.debugLogApiEnabled { hasChanges = true }
		}
		.onChange(of: adminChannelEnabled) {
			if $0 != node?.securityConfig?.adminChannelEnabled { hasChanges = true }
		}
		.onChange(of: publicKey) {
			let tempKey = Data(base64Encoded: publicKey) ?? Data()
			if tempKey.count == 32 {
				hasValidPublicKey = true
			} else {
				hasValidPublicKey = false
			}
			hasChanges = true
		}
		.onChange(of: privateKey) {
			let tempKey = Data(base64Encoded: privateKey) ?? Data()
			if tempKey.count == 32 {
				hasValidPrivateKey = true
			} else {
				hasValidPrivateKey = false
			}
			hasChanges = true
		}
		.onChange(of: adminKey) { _, key in
			let tempKey = Data(base64Encoded: key) ?? Data()
			if key.isEmpty {
				hasValidAdminKey = true
			} else if tempKey.count == 32 {
				hasValidAdminKey = true
			} else {
				hasValidAdminKey = false
			}
			hasChanges = true
		}
		.onFirstAppear {
			// Need to request a DeviceConfig from the remote node before allowing changes
			if let connectedPeripheral = bleManager.connectedPeripheral, let node {
				Logger.mesh.info("empty security config")
				let connectedNode = getNodeInfo(id: connectedPeripheral.num, context: context)
				if let connectedNode {
					if node.num != connectedNode.num {
						if UserDefaults.enableAdministration {
							/// 2.5 Administration with session passkey
							let expiration = node.sessionExpiration ?? Date()
							if expiration < Date() || node.securityConfig == nil {
								_ = bleManager.requestSecurityConfig(fromUser: connectedNode.user!, toUser: node.user!, adminIndex: connectedNode.myInfo?.adminIndex ?? 0)
							}
						} else {
							if node.deviceConfig == nil {
								/// Legacy Administration
								_ = bleManager.requestSecurityConfig(fromUser: connectedNode.user!, toUser: node.user!, adminIndex: connectedNode.myInfo?.adminIndex ?? 0)
							}
						}
					}
				}
			}
		}

		SaveConfigButton(node: node, hasChanges: $hasChanges) {

			if !hasValidPublicKey || !hasValidPrivateKey || !hasValidAdminKey {
				return
			}

			guard let connectedNode = getNodeInfo(id: bleManager.connectedPeripheral.num, context: context),
				  let fromUser = connectedNode.user,
				  let toUser = node?.user else {
				return
			}

			var config = Config.SecurityConfig()
			config.publicKey = Data(base64Encoded: publicKey) ?? Data()
			config.privateKey = Data(base64Encoded: privateKey) ?? Data()
			config.adminKey = [Data(base64Encoded: adminKey) ?? Data()]
			config.isManaged = isManaged
			config.serialEnabled = serialEnabled
			config.debugLogApiEnabled = debugLogApiEnabled
			config.adminChannelEnabled = adminChannelEnabled

			let adminMessageId = bleManager.saveSecurityConfig(
				config: config,
				fromUser: fromUser,
				toUser: toUser,
				adminIndex: connectedNode.myInfo?.adminIndex ?? 0
			)
			if adminMessageId > 0 {
				// Should show a saved successfully alert once I know that to be true
				// for now just disable the button after a successful save
				hasChanges = false
				goBack()
			}
		}
	}

	func setSecurityValues() {
		self.publicKey = node?.securityConfig?.publicKey?.base64EncodedString() ?? ""
		self.privateKey = node?.securityConfig?.privateKey?.base64EncodedString() ?? ""
		self.adminKey = node?.securityConfig?.adminKey?.base64EncodedString() ?? ""
		self.isManaged = node?.securityConfig?.isManaged ?? false
		self.serialEnabled = node?.securityConfig?.serialEnabled ?? false
		self.debugLogApiEnabled = node?.securityConfig?.debugLogApiEnabled ?? false
		self.adminChannelEnabled = node?.securityConfig?.adminChannelEnabled ?? false
		self.hasChanges = false
	}
}
Initial security config setup 2024-08-07 09:43:48 -07:00			`//`
			`// Security.swift`
			`// Meshtastic`
			`//`
			`// Copyright(c) Garth Vander Houwen 8/7/24.`
			`//`

			`import Foundation`
			`import SwiftUI`
			`import CoreData`
			`import MeshtasticProtobufs`
			`import OSLog`

			`struct SecurityConfig: View {`

Security config details, scroll dismisses keyboard,font size updates for keys 2024-08-11 20:50:48 -07:00			`private var idiom: UIUserInterfaceIdiom { UIDevice.current.userInterfaceIdiom }`
Initial security config setup 2024-08-07 09:43:48 -07:00			`@Environment(\.managedObjectContext) var context`
			`@EnvironmentObject var bleManager: BLEManager`
			`@Environment(\.dismiss) private var goBack`

			`var node: NodeInfoEntity?`

			`@State var hasChanges = false`
			`@State var publicKey = ""`
Initial validation 2024-08-19 21:50:28 -07:00			`@State var hasValidPublicKey: Bool = false`
Initial security config setup 2024-08-07 09:43:48 -07:00			`@State var privateKey = ""`
Initial validation 2024-08-19 21:50:28 -07:00			`@State var hasValidPrivateKey: Bool = false`
Initial security config setup 2024-08-07 09:43:48 -07:00			`@State var adminKey = ""`
Initial validation 2024-08-19 21:50:28 -07:00			`@State var hasValidAdminKey: Bool = true`
initial security config proto mockup 2024-08-08 07:33:31 -07:00			`@State var isManaged = false`
			`@State var serialEnabled = false`
Update protos 2024-08-08 10:39:45 -07:00			`@State var debugLogApiEnabled = false`
initial security config proto mockup 2024-08-08 07:33:31 -07:00			`@State var adminChannelEnabled = false`
Initial security config setup 2024-08-07 09:43:48 -07:00
			`var body: some View {`
			`VStack {`
			`Form {`
			`ConfigHeader(title: "Security", config: \.securityConfig, node: node, onAppear: setSecurityValues)`
Add some text for the new admin channel settings, show missing ack text 2024-08-23 19:49:06 -07:00			`Text("Security Config Settings require a firmware version 2.5+")`
			`.font(.title3)`
initial security config proto mockup 2024-08-08 07:33:31 -07:00			`Section(header: Text("Admin & Direct Message Keys")) {`
			`VStack(alignment: .leading) {`
			`Label("Public Key", systemImage: "key")`
Initial validation 2024-08-19 21:50:28 -07:00			`SecureInput("Public Key", text: $publicKey, isValid: $hasValidPublicKey)`
			`.background(`
			`RoundedRectangle(cornerRadius: 10.0)`
			`.stroke(hasValidPublicKey ? Color.clear : Color.red, lineWidth: 2.0)`
			`)`
Security config details, scroll dismisses keyboard,font size updates for keys 2024-08-11 20:50:48 -07:00			`Text("Sent out to other nodes on the mesh to allow them to compute a shared secret key.")`
			`.foregroundStyle(.secondary)`
			`.font(idiom == .phone ? .caption : .callout)`
initial security config proto mockup 2024-08-08 07:33:31 -07:00			`}`
			`VStack(alignment: .leading) {`
			`Label("Private Key", systemImage: "key.fill")`
Initial validation 2024-08-19 21:50:28 -07:00			`SecureInput("Private Key", text: $privateKey, isValid: $hasValidPrivateKey)`
			`.background(`
			`RoundedRectangle(cornerRadius: 10.0)`
			`.stroke(hasValidPrivateKey ? Color.clear : Color.red, lineWidth: 2.0)`
			`)`
Security config details, scroll dismisses keyboard,font size updates for keys 2024-08-11 20:50:48 -07:00			`Text("Used to create a shared key with a remote device.")`
			`.foregroundStyle(.secondary)`
			`.font(idiom == .phone ? .caption : .callout)`
initial security config proto mockup 2024-08-08 07:33:31 -07:00			`}`
			`VStack(alignment: .leading) {`
			`Label("Admin Key", systemImage: "key.viewfinder")`
Initial validation 2024-08-19 21:50:28 -07:00			`SecureInput("Admin Key", text: $adminKey, isValid: $hasValidAdminKey)`
Security config details, scroll dismisses keyboard,font size updates for keys 2024-08-11 20:50:48 -07:00			`Text("The public key authorized to send admin messages to this node.")`
			`.foregroundStyle(.secondary)`
			`.font(idiom == .phone ? .caption : .callout)`
initial security config proto mockup 2024-08-08 07:33:31 -07:00			`}`
			`}`
			`Section(header: Text("Logs")) {`
Update several config sections to use the new pki admin structures 2024-09-04 10:06:34 -07:00			`Toggle(isOn: $serialEnabled) {`
			`Label("Serial Console", systemImage: "terminal")`
			`Text("Serial Console over the Stream API.")`
			`}`
			`.toggleStyle(SwitchToggleStyle(tint: .accentColor))`
			`Toggle(isOn: $debugLogApiEnabled) {`
			`Label("Debug Logs", systemImage: "ant.fill")`
			`Text("Output live debug logging over serial, view and export position-redacted device logs over Bluetooth.")`
initial security config proto mockup 2024-08-08 07:33:31 -07:00			`}`
			`.toggleStyle(SwitchToggleStyle(tint: .accentColor))`
			`}`
			`Section(header: Text("Administration")) {`
			`if adminKey.length > 0 \|\| adminChannelEnabled {`
			`Toggle(isOn: $isManaged) {`
			`Label("Managed Device", systemImage: "gearshape.arrow.triangle.2.circlepath")`
Log node info packet json 2024-09-05 10:39:54 -07:00			`Text("Device is managed by a mesh administrator, the user is unable to access any of the device settings.")`
initial security config proto mockup 2024-08-08 07:33:31 -07:00			`}`
			`.toggleStyle(SwitchToggleStyle(tint: .accentColor))`
			`}`
			`Toggle(isOn: $adminChannelEnabled) {`
			`Label("Legacy Administration", systemImage: "lock.slash")`
			`Text("Allow incoming device control over the insecure legacy admin channel.")`
			`}`
			`.toggleStyle(SwitchToggleStyle(tint: .accentColor))`
			`}`
Initial security config setup 2024-08-07 09:43:48 -07:00			`}`
			`}`
Security config details, scroll dismisses keyboard,font size updates for keys 2024-08-11 20:50:48 -07:00			`.scrollDismissesKeyboard(.immediately)`
initial security config proto mockup 2024-08-08 07:33:31 -07:00			`.navigationTitle("Security Config")`
Clean up save button display 2024-08-11 09:59:52 -07:00			`.navigationBarItems(trailing: ZStack {`
			`ConnectedDevice(`
			`bluetoothOn: bleManager.isSwitchedOn,`
			`deviceConnected: bleManager.connectedPeripheral != nil,`
			`name: "\(bleManager.connectedPeripheral?.shortName ?? "?")"`
			`)`
initial security config proto mockup 2024-08-08 07:33:31 -07:00			`})`
New plan 2024-08-11 10:04:17 -07:00			`.onChange(of: isManaged) {`
Simplify change events to not force unwrap values 2024-08-11 21:20:10 -07:00			`if $0 != node?.securityConfig?.isManaged { hasChanges = true }`
Clean up save button display 2024-08-11 09:59:52 -07:00			`}`
New plan 2024-08-11 10:04:17 -07:00			`.onChange(of: serialEnabled) {`
Simplify change events to not force unwrap values 2024-08-11 21:20:10 -07:00			`if $0 != node?.securityConfig?.serialEnabled { hasChanges = true }`
Clean up save button display 2024-08-11 09:59:52 -07:00			`}`
New plan 2024-08-11 10:04:17 -07:00			`.onChange(of: debugLogApiEnabled) {`
Simplify change events to not force unwrap values 2024-08-11 21:20:10 -07:00			`if $0 != node?.securityConfig?.debugLogApiEnabled { hasChanges = true }`
simplify bool onchange 2024-08-10 07:05:09 -07:00			`}`
New plan 2024-08-11 10:04:17 -07:00			`.onChange(of: adminChannelEnabled) {`
Simplify change events to not force unwrap values 2024-08-11 21:20:10 -07:00			`if $0 != node?.securityConfig?.adminChannelEnabled { hasChanges = true }`
Clean up save button display 2024-08-11 09:59:52 -07:00			`}`
Bossy linter 2024-10-05 15:50:57 -07:00			`.onChange(of: publicKey) {`
Initial validation 2024-08-19 21:50:28 -07:00			`let tempKey = Data(base64Encoded: publicKey) ?? Data()`
			`if tempKey.count == 32 {`
			`hasValidPublicKey = true`
			`} else {`
			`hasValidPublicKey = false`
			`}`
Add change events for all keys 2024-08-18 11:43:42 -07:00			`hasChanges = true`
			`}`
Bossy linter 2024-10-05 15:50:57 -07:00			`.onChange(of: privateKey) {`
Initial validation 2024-08-19 21:50:28 -07:00			`let tempKey = Data(base64Encoded: privateKey) ?? Data()`
			`if tempKey.count == 32 {`
			`hasValidPrivateKey = true`
			`} else {`
			`hasValidPrivateKey = false`
			`}`
Add change events for all keys 2024-08-18 11:43:42 -07:00			`hasChanges = true`
			`}`
Bossy linter 2024-10-05 15:50:57 -07:00			`.onChange(of: adminKey) { _, key in`
Fix weird validation bug 2024-08-20 07:33:29 -07:00			`let tempKey = Data(base64Encoded: key) ?? Data()`
			`if key.isEmpty {`
			`hasValidAdminKey = true`
			`} else if tempKey.count == 32 {`
Initial validation 2024-08-19 21:50:28 -07:00			`hasValidAdminKey = true`
			`} else {`
			`hasValidAdminKey = false`
			`}`
Clean up admin drop down 2024-08-18 10:00:15 -07:00			`hasChanges = true`
			`}`
Update admin node list sort to be less infurating 2024-08-19 00:27:26 -07:00			`.onFirstAppear {`
Update several config sections to use the new pki admin structures 2024-09-04 10:06:34 -07:00			`// Need to request a DeviceConfig from the remote node before allowing changes`
			`if let connectedPeripheral = bleManager.connectedPeripheral, let node {`
			`Logger.mesh.info("empty security config")`
			`let connectedNode = getNodeInfo(id: connectedPeripheral.num, context: context)`
			`if let connectedNode {`
Finish up the admin, make the admin dropdown a navigationlink so you can read the full long name 2024-09-05 19:31:29 -07:00			`if node.num != connectedNode.num {`
			`if UserDefaults.enableAdministration {`
			`/// 2.5 Administration with session passkey`
			`let expiration = node.sessionExpiration ?? Date()`
			`if expiration < Date() \|\| node.securityConfig == nil {`
			`_ = bleManager.requestSecurityConfig(fromUser: connectedNode.user!, toUser: node.user!, adminIndex: connectedNode.myInfo?.adminIndex ?? 0)`
			`}`
			`} else {`
			`if node.deviceConfig == nil {`
			`/// Legacy Administration`
			`_ = bleManager.requestSecurityConfig(fromUser: connectedNode.user!, toUser: node.user!, adminIndex: connectedNode.myInfo?.adminIndex ?? 0)`
			`}`
Update several config sections to use the new pki admin structures 2024-09-04 10:06:34 -07:00			`}`
			`}`
Update admin node list sort to be less infurating 2024-08-19 00:27:26 -07:00			`}`
			`}`
			`}`
Clean up save button display 2024-08-11 09:59:52 -07:00
simplify bool onchange 2024-08-10 07:05:09 -07:00			`SaveConfigButton(node: node, hasChanges: $hasChanges) {`
Initial validation 2024-08-19 21:50:28 -07:00
fix return statement 2024-08-20 07:40:20 -07:00			`if !hasValidPublicKey \|\| !hasValidPrivateKey \|\| !hasValidAdminKey {`
Initial validation 2024-08-19 21:50:28 -07:00			`return`
			`}`

simplify bool onchange 2024-08-10 07:05:09 -07:00			`guard let connectedNode = getNodeInfo(id: bleManager.connectedPeripheral.num, context: context),`
			`let fromUser = connectedNode.user,`
			`let toUser = node?.user else {`
			`return`
			`}`

			`var config = Config.SecurityConfig()`
Pass keys around better 2024-08-18 11:39:41 -07:00			`config.publicKey = Data(base64Encoded: publicKey) ?? Data()`
			`config.privateKey = Data(base64Encoded: privateKey) ?? Data()`
Update config to use new protos 2024-09-12 11:25:51 -07:00			`config.adminKey = [Data(base64Encoded: adminKey) ?? Data()]`
simplify bool onchange 2024-08-10 07:05:09 -07:00			`config.isManaged = isManaged`
			`config.serialEnabled = serialEnabled`
			`config.debugLogApiEnabled = debugLogApiEnabled`
			`config.adminChannelEnabled = adminChannelEnabled`

			`let adminMessageId = bleManager.saveSecurityConfig(`
			`config: config,`
			`fromUser: fromUser,`
			`toUser: toUser,`
			`adminIndex: connectedNode.myInfo?.adminIndex ?? 0`
			`)`
			`if adminMessageId > 0 {`
			`// Should show a saved successfully alert once I know that to be true`
			`// for now just disable the button after a successful save`
			`hasChanges = false`
			`goBack()`
			`}`
			`}`
Initial security config setup 2024-08-07 09:43:48 -07:00			`}`
simplify bool onchange 2024-08-10 07:05:09 -07:00
Initial security config setup 2024-08-07 09:43:48 -07:00			`func setSecurityValues() {`
initial security config proto mockup 2024-08-08 07:33:31 -07:00			`self.publicKey = node?.securityConfig?.publicKey?.base64EncodedString() ?? ""`
			`self.privateKey = node?.securityConfig?.privateKey?.base64EncodedString() ?? ""`
			`self.adminKey = node?.securityConfig?.adminKey?.base64EncodedString() ?? ""`
Initial security config setup 2024-08-07 09:43:48 -07:00			`self.isManaged = node?.securityConfig?.isManaged ?? false`
			`self.serialEnabled = node?.securityConfig?.serialEnabled ?? false`
Update protos 2024-08-08 10:39:45 -07:00			`self.debugLogApiEnabled = node?.securityConfig?.debugLogApiEnabled ?? false`
Initial security config setup 2024-08-07 09:43:48 -07:00			`self.adminChannelEnabled = node?.securityConfig?.adminChannelEnabled ?? false`
			`self.hasChanges = false`
			`}`
			`}`