SideStore/AltStore/Operations/VerifyAppOperation.swift

//
//  VerifyAppOperation.swift
//  AltStore
//
//  Created by Riley Testut on 5/2/20.
//  Copyright © 2020 Riley Testut. All rights reserved.
//

import Foundation

import AltSign
import AltKit

import Roxas

enum VerificationError: ALTLocalizedError
{
    case privateEntitlements(ALTApplication, entitlements: [String: Any])
    case mismatchedBundleIdentifiers(ALTApplication, sourceBundleID: String)
    
    var app: ALTApplication {
        switch self
        {
        case .privateEntitlements(let app, _): return app
        case .mismatchedBundleIdentifiers(let app, _): return app
        }
    }
    
    var errorFailure: String? {
        return String(format: NSLocalizedString("“%@” could not be installed.", comment: ""), app.name)
    }
    
    var failureReason: String? {
        switch self
        {
        case .privateEntitlements(let app, _):
            return String(format: NSLocalizedString("“%@” requires private permissions.", comment: ""), app.name)
            
        case .mismatchedBundleIdentifiers(let app, let sourceBundleID):
            return String(format: NSLocalizedString("The bundle ID “%@” does not match the one specified by the source (“%@”).", comment: ""), app.bundleIdentifier, sourceBundleID)
        }
    }
}

@objc(VerifyAppOperation)
class VerifyAppOperation: ResultOperation<Void>
{
    let context: AppOperationContext
    var verificationHandler: ((VerificationError) -> Bool)?
    
    init(context: AppOperationContext)
    {
        self.context = context
        
        super.init()
    }
    
    override func main()
    {
        super.main()
        
        do
        {
            if let error = self.context.error
            {
                throw error
            }
            
            guard let app = self.context.app else { throw OperationError.invalidParameters }
            
            guard app.bundleIdentifier == self.context.bundleIdentifier else {
                throw VerificationError.mismatchedBundleIdentifiers(app, sourceBundleID: self.context.bundleIdentifier)
            }
                        
            // Make sure this goes last, since once user responds to alert we don't do any more app verification.
            if let commentStart = app.entitlementsString.range(of: "<!---><!-->"), let commentEnd = app.entitlementsString.range(of: "<!-- -->")
            {
                // Psychic Paper private entitlements.
                
                let entitlementsStart = app.entitlementsString.index(after: commentStart.upperBound)
                let rawEntitlements = String(app.entitlementsString[entitlementsStart ..< commentEnd.lowerBound])
                
                let plistTemplate = """
                    <?xml version="1.0" encoding="UTF-8"?>
                    <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
                    <plist version="1.0">
                        <dict>
                        %@
                        </dict>
                    </plist>
                    """
                let entitlementsPlist = String(format: plistTemplate, rawEntitlements)
                let entitlements = try PropertyListSerialization.propertyList(from: entitlementsPlist.data(using: .utf8)!, options: [], format: nil) as! [String: Any]
                
                let error = VerificationError.privateEntitlements(app, entitlements: entitlements)
                self.process(error) { (result) in
                    self.finish(result.mapError { $0 as Error })
                }
                
                return
            }
            
            self.finish(.success(()))
        }
        catch
        {
            self.finish(.failure(error))
        }
    }
}

private extension VerifyAppOperation
{
    func process(_ error: VerificationError, completion: @escaping (Result<Void, VerificationError>) -> Void)
    {
        guard let presentingViewController = self.context.presentingViewController else { return completion(.failure(error)) }
        
        DispatchQueue.main.async {
            switch error
            {
            case .privateEntitlements(_, let entitlements):
                let permissions = entitlements.keys.sorted().joined(separator: "\n")
                let message = String(format: NSLocalizedString("""
                    You must allow access to these private permissions before continuing:

                    %@

                    Private permissions allow apps to do more than normally allowed by iOS, including potentially accessing sensitive private data. Make sure to only install apps from sources you trust.
                    """, comment: ""), permissions)
                
                let alertController = UIAlertController(title: error.failureReason ?? error.localizedDescription, message: message, preferredStyle: .alert)
                alertController.addAction(UIAlertAction(title: NSLocalizedString("Allow Access", comment: ""), style: .destructive) { (action) in
                    completion(.success(()))
                })
                alertController.addAction(UIAlertAction(title: NSLocalizedString("Deny Access", comment: ""), style: .default, handler: { (action) in
                    completion(.failure(error))
                }))
                presentingViewController.present(alertController, animated: true, completion: nil)
                
            case .mismatchedBundleIdentifiers: return completion(.failure(error))
            }
        }
    }
}