Merge branch 'use-mullvad-api-for-device-checker-ios-1184-2'

3 files changed, 25 insertions, 46 deletions

diff --git a/ios/MullvadVPN/TransportMonitor/TransportMonitor.swift b/ios/MullvadVPN/TransportMonitor/TransportMonitor.swift
index 1d0472783b..234f3cedb9 100644
--- a/ios/MullvadVPN/TransportMonitor/TransportMonitor.swift
+++ b/ios/MullvadVPN/TransportMonitor/TransportMonitor.swift
@@ -37,25 +37,33 @@ final class TransportMonitor: RESTTransportProvider {
             tunnel.status == .connecting || tunnel.status == .reasserting || tunnel.status == .connected
         }
 
-        if let tunnel, shouldBypassVPN(tunnel: tunnel) {
+        if let tunnel, shouldRouteThroughTunnel(tunnel: tunnel) {
             return PacketTunnelTransport(tunnel: tunnel)
         } else {
             return transportProvider.makeTransport()
         }
     }
 
-    private func shouldBypassVPN(tunnel: any TunnelProtocol) -> Bool {
+    /// Determines whether the tunnel tunnel should be used to pipe requests,
+    ///
+    /// - Parameter tunnel: The tunnel tunnel to evaluate
+    /// - Returns: `true` if the tunnel should be used; otherwise, `false`
+    private func shouldRouteThroughTunnel(tunnel: any TunnelProtocol) -> Bool {
         switch tunnel.status {
         case .connected:
+            // Use tunnel if the tunnel is connected but the tunnel manager reports an error
             if case .error = tunnelManager.tunnelStatus.state {
                 return true
             }
+            // Also use tunnel if configuration is loaded and device is revoked
             return tunnelManager.isConfigurationLoaded && tunnelManager.deviceState == .revoked
 
         case .connecting, .reasserting:
+            // Use tunnel while it's in a transitional connecting state
             return true
 
         default:
+            // In all other cases, do not use the tunnel
             return false
         }
     }
@@ -77,27 +85,34 @@ final class APITransportMonitor: APITransportProviderProtocol {
             tunnel.status == .connecting || tunnel.status == .reasserting || tunnel.status == .connected
         }
 
-        return if let tunnel, shouldBypassVPN(tunnel: tunnel) {
+        return if let tunnel, shouldRouteThroughTunnel(tunnel: tunnel) {
             PacketTunnelAPITransport(tunnel: tunnel)
         } else {
             APITransport(requestFactory: requestFactory)
         }
     }
 
-    private func shouldBypassVPN(tunnel: any TunnelProtocol) -> Bool {
+    /// Determines whether the tunnel tunnel should be used to pipe requests,
+    ///
+    /// - Parameter tunnel: The tunnel tunnel to evaluate
+    /// - Returns: `true` if the tunnel should be used; otherwise, `false`
+    private func shouldRouteThroughTunnel(tunnel: any TunnelProtocol) -> Bool {
         switch tunnel.status {
         case .connected:
+            // Use tunnel if the tunnel is connected but the tunnel manager reports an error
             if case .error = tunnelManager.tunnelStatus.state {
-                true
-            } else {
-                tunnelManager.isConfigurationLoaded && tunnelManager.deviceState == .revoked
+                return true
             }
+            // Also use tunnel if configuration is loaded and device is revoked
+            return tunnelManager.isConfigurationLoaded && tunnelManager.deviceState == .revoked
 
         case .connecting, .reasserting:
-            true
+            // Use tunnel while it's in a transitional connecting state
+            return true
 
         default:
-            false
+            // In all other cases, do not use the tunnel
+            return false
         }
     }
 }
diff --git a/ios/MullvadVPN/TunnelManager/WgKeyRotation.swift b/ios/MullvadVPN/TunnelManager/WgKeyRotation.swift
index 65df6414c0..b568cd1616 100644
--- a/ios/MullvadVPN/TunnelManager/WgKeyRotation.swift
+++ b/ios/MullvadVPN/TunnelManager/WgKeyRotation.swift
@@ -89,7 +89,7 @@ struct WgKeyRotation: Sendable {
     /**
      Returns the date of next key rotation, as it normally occurs in the app process using the following rules:
 
-     1. Returns the date relative to key creation date + 14 days, if last rotation attempt was successful.
+     1. Returns the date relative to key creation date + 30 days, if last rotation attempt was successful.
      2. Returns the date relative to last rotation attempt date + 24 hours, if last rotation attempt was unsuccessful.
 
      If the date produced is in the past then `Date()` is returned instead.
diff --git a/ios/PacketTunnelCore/Actor/PacketTunnelActor+KeyPolicy.swift b/ios/PacketTunnelCore/Actor/PacketTunnelActor+KeyPolicy.swift
index 3c2619ca07..52ae8c54d9 100644
--- a/ios/PacketTunnelCore/Actor/PacketTunnelActor+KeyPolicy.swift
+++ b/ios/PacketTunnelCore/Actor/PacketTunnelActor+KeyPolicy.swift
@@ -40,17 +40,6 @@ extension PacketTunnelActor {
     }
 
     /**
-     Switch key policy  from `.usePrior` to `.useCurrent` policy and reconnect the tunnel.
-
-     Next reconnection attempt will read the new key from settings.
-     */
-    func switchToCurrentKey() {
-        if switchToCurrentKeyInner() {
-            eventChannel.send(.reconnect(.random))
-        }
-    }
-
-    /**
      Start a task that will wait for the new key to propagate across relays (see `PacketTunnelActorTimings.wgKeyPropagationDelay`) and then:
 
      1. Switch `keyPolicy` back to `.useCurrent`.
@@ -70,29 +59,4 @@ extension PacketTunnelActor {
 
         return AutoCancellingTask(task)
     }
-
-    /**
-     Switch key policy  from `.usePrior` to `.useCurrent` policy.
-
-     - Returns: `true` if the tunnel should reconnect, otherwise `false`.
-     */
-    private func switchToCurrentKeyInner() -> Bool {
-        let oldKeyPolicy = state.keyPolicy
-        state.mutateKeyPolicy(setCurrentKeyPolicy)
-        // Prevent tunnel from reconnecting when in blocked state.
-        guard case .error = state else { return state.keyPolicy != oldKeyPolicy }
-        return false
-    }
-
-    /**
-     Internal helper that transitions key policy from `.usePrior` to `.useCurrent`.
-
-     - Parameter keyPolicy: a reference to key policy held either in connection state or blocked state struct.
-     - Returns: `true` when the policy was modified, otherwise `false`.
-     */
-    private func setCurrentKeyPolicy(_ keyPolicy: inout State.KeyPolicy) {
-        if case .usePrior = keyPolicy {
-            keyPolicy = .useCurrent
-        }
-    }
 }