</array>

<key>com.apple.developer.system-extension.install</key>

<true/>

<key>com.apple.security.app-sandbox</key>

<true/>

<key>com.apple.security.application-groups</key>

<array>

<string>$(TeamIdentifierPrefix)com.coder.Coder-Desktop</string>

</array>

<key>com.apple.security.files.user-selected.read-only</key>

<true/>

<key>com.apple.security.network.client</key>

<true/>

</dict>

</plist>

/// An actor that handles configuring, enabling, and disabling the VPN tunnel via the

/// NetworkExtension APIs.

_=tryawaitgetTunnelManager()

neState=.disabled

serverAddress= tm.protocolConfiguration?.serverAddress

// only stores a weak reference to the delegate.

super.init()

neState=ifawaithasNetworkExtensionConfig(){

.disabled

.unconfigured

xpc.connect()

xpc.getPeerState()

func configureTunnelProviderProtocol(proto:NETunnelProviderProtocol?){

iflet proto{

serverAddress= proto.serverAddress

awaitconfigureNetworkExtension(proto: proto)

// this just configures the VPN, it doesn't enable it

tunnelState=.disabled

} label:{

Text(session.hasSession?"SignOut":"SignIn")

Text(session.hasSession?"Signout":"Signin")

}.buttonStyle(.plain)

.font(.headline)

.foregroundColor(.gray)

if session.hasSession{

.font(.body)

.foregroundColor(.gray)

}.padding([.horizontal,.top],Theme.Size.trayInset)

// Trailing stack

}.buttonStyle(.plain)

if vpn.state==.failed(.systemExtensionError(.needsUserApproval)){

} label:{

}.buttonStyle(.plain)

!session.hasSession ||

vpn.state==.connecting ||

vpn.state==.disconnecting

vpn.state==.disconnecting ||

vpn.state==.failed(.systemExtensionError(.needsUserApproval))

func openSystemExtensionSettings(){

// Sourced from:

// https://gist.github.com/rmcdongit/f66ff91e0dad78d4d6346a75ded4b751?permalink_comment_id=5261757

// We'll need to ensure this continues to work in future macOS versions

// swiftlint:disable:next line_length

NSWorkspace.shared.open(URL(string:"x-apple.systempreferences:com.apple.ExtensionsPreferences?extensionPointIdentifier=com.apple.system_extension.network_extension.extension-point")!)

#Preview{

VPNMenu<PreviewVPN,PreviewSession>().frame(width:256)

import SwiftUI

structVPNState<VPN:VPNService>:View{

structVPNState<VPN:VPNService, S:Session>:View{

switch vpn.state{

case.disabled:

switch(vpn.state, session.hasSession){

case(.failed(.systemExtensionError(.needsUserApproval)), _):

.font(.body)

.foregroundStyle(.gray)

case(_,false):

.font(.body)

.foregroundColor(.gray)

case.connecting,.disconnecting:

case(.disabled, _):

.font(.body)

.foregroundStyle(.gray)

case(.connecting, _),(.disconnecting, _):

vpn.state==.connecting?"Starting CoderVPN...":"Stopping CoderVPN..."

caselet.failed(vpnErr):

caselet(.failed(vpnErr), _):

Text("\(vpnErr.description)")

.font(.headline)

.foregroundColor(.red)

svc.onExtensionPeerUpdate(data)

// The NE has verified the dylib and knows better than Gatekeeper

func removeQuarantine(path:String, reply:@escaping(Bool)->Void){

letreply=CallbackWrapper(reply)

\(svc.serverAddress??"the Coder deployment"). The code has been\

do shell script"xattr -d com.apple.quarantine\(path)"\

with prompt"\(prompt)"\

letsuccess=awaitwithCheckedContinuation{ continuationin

guardlet script=NSAppleScript(source: source)else{

continuation.resume(returning:false)

// Run on a background thread

script.executeAndReturnError(&error)

iflet error{

self.logger.error("AppleScript error:\(error)")

continuation.resume(returning:false)

continuation.resume(returning:true)

reply(success)

lettoggle=try view.find(ViewType.Toggle.self)

#expect(toggle.isDisabled())

#expect(throws:Never.self){try view.find(text:"Sign in to use CoderVPN")}

#expect(throws:Never.self){try view.find(button:"SignIn")}

#expect(throws:Never.self){try view.find(button:"Signin")}

vpn=MockVPNService()

sut=VPNState<MockVPNService>()

view= sut.environmentObject(vpn)

sut=VPNState<MockVPNService,MockSession>()

session=MockSession()

session.hasSession=true

view= sut.environmentObject(vpn).environmentObject(session)

throw.validation(error)

// HACK: The downloaded dylib may be quarantined, but we've validated it's signature

// so it's safe to execute. However, this SE must be sandboxed, so we defer to the app.

tryawaitremoveQuarantine(dest)

try tunnelHandle=TunnelHandle(dylibPath: dest)

logger.error("tunnel read loop failed:\(error.localizedDescription, privacy:.public)")

tryawait tunnelHandle.close()

ptp.cancelTunnelWithError(error)

ptp.cancelTunnelWithError(

makeNSError(suffix:"Manager", desc:"Tunnel read loop failed:\(error.localizedDescription)")

logger.info("tunnel read loop exited")

case serverInfo(String)

case errorResponse(msg:String)

case noTunnelFileDescriptor

case noApp

case permissionDenied

case tunnelFail(anyError)

msg

case.noTunnelFileDescriptor:

case.noApp:

case.permissionDenied:

caselet.tunnelFail(err):

"Failed to communicate with dylib over tunnel:\(err)"

letfields= log.fields.map{"\($0.name):\($0.value)"}.joined(separator:",")

logger.log(level: level,"\(log.message, privacy:.public):\(fields, privacy:.public)")

privatefunc removeQuarantine(_ dest:URL)asyncthrows(ManagerError){

letfile=NSURL(fileURLWithPath: dest.path)

try? file.getResourceValue(&flag, forKey: kCFURLQuarantinePropertiesKeyasURLResourceKey)

if flag!=nil{

guardlet conn= globalXPCListenerDelegate.connelse{

throw.noApp

// Wait for unsandboxed app to accept our file

letsuccess=awaitwithCheckedContinuation{[dest] continuationin

conn.removeQuarantine(path: dest.path){ successin

continuation.resume(returning: success)

if !success{

throw.permissionDenied

logger.info("startTunnel called")

guard manager==nilelse{

logger.error("startTunnel called with non-nil Manager")

guardlet proto= protocolConfigurationas?NETunnelProviderProtocol,

let baseAccessURL= proto.serverAddress

logger.error("startTunnel called with nil protocolConfiguration")

// HACK: We can't write to the system keychain, and the NE can't read the user keychain.

guardlet token= proto.providerConfiguration?["token"]as?Stringelse{

logger.error("startTunnel called with nil token")

logger.debug("retrieved token & access URL")

letcompletionHandler=CallbackWrapper(completionHandler)

dothrows(ManagerError){

logger.debug("creating manager")

manager=tryawaitManager(

with:self,

cfg:.init(

apiToken: token, serverUrl:.init(string: baseAccessURL)!

globalXPCListenerDelegate.vpnXPCInterface.manager= manager

logger.debug("starting vpn")

tryawait manager!.startVPN()

tryawait manager.startVPN()

logger.info("vpn started")

self.manager= manager

} catch{

logger.error("error starting manager:\(error.description, privacy:.public)")

completionHandler(errorasNSError)

makeNSError(suffix:"Manager", desc: error.description)

tryawaitsetTunnelNetworkSettings(currentSettings)

case alreadyRunning

case missingConfiguration

case missingToken

publicstructCallbackWrapper<T, U>:@uncheckedSendable{

publicinit(_ block:@escaping(T?)->U){

publicinit(_ block:@escaping(T)->U){

self.block= block

publicfunc callAsFunction(_ error:T?)->U{

publicfunc callAsFunction(_ error:T)->U{

block(error)

publicfunc makeNSError(suffix:String, code:Int=-1, desc:String)->NSError{

domain:"\(Bundle.main.bundleIdentifier!).\(suffix)",

code: code,

userInfo:[NSLocalizedDescriptionKey: desc]

// data is a serialized `Vpn_PeerUpdate`

func onPeerUpdate(_ data:Data)

func removeQuarantine(path:String, reply:@escaping(Bool)->Void)