Skip to content

Commit a5d1e8d

Browse files
yim-leeyim-lee
authored
Minor code cleanup in PackageSigning (#6462)
- Remove macOS 11 check since macOS 12 is required now - Add test
1 parent 38a7d0e commit a5d1e8d

File tree

2 files changed

+64
-9
lines changed

2 files changed

+64
-9
lines changed

Sources/PackageSigning/SigningIdentity.swift

Lines changed: 1 addition & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -52,15 +52,7 @@ public struct SwiftSigningIdentity: SigningIdentity {
5252
do {
5353
switch privateKeyType {
5454
case .p256:
55-
#if canImport(Security)
56-
if #available(macOS 11.0, iOS 14.0, watchOS 7.0, tvOS 14.0, *) {
57-
self.privateKey = try Certificate.PrivateKey(P256.Signing.PrivateKey(derRepresentation: privateKey))
58-
} else {
59-
throw StringError("Unsupported platform")
60-
}
61-
#else
6255
self.privateKey = try Certificate.PrivateKey(P256.Signing.PrivateKey(derRepresentation: privateKey))
63-
#endif
6456
}
6557
} catch let error as StringError {
6658
throw error
@@ -104,7 +96,7 @@ public struct SigningIdentityStore {
10496
return certificates.compactMap { secCertificate in
10597
var identity: SecIdentity?
10698
let status = SecIdentityCreateWithCertificate(nil, secCertificate, &identity)
107-
guard status == errSecSuccess, let identity = identity else {
99+
guard status == errSecSuccess, let identity else {
108100
self.observabilityScope
109101
.emit(
110102
warning: "Failed to create SecIdentity from SecCertificate[\(secCertificate)]: status \(status)"

Tests/PackageSigningTests/SigningTests.swift

Lines changed: 63 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -648,6 +648,69 @@ final class SigningTests: XCTestCase {
648648
}
649649
}
650650

651+
func testCMSEndToEndWithECKeyADPCertificate() async throws {
652+
#if ENABLE_REAL_SIGNING_IDENTITY_TEST
653+
#else
654+
try XCTSkipIf(true)
655+
#endif
656+
657+
let keyAndCertChain = try tsc_await { ecADPKeyAndCertChain(callback: $0) }
658+
let signingIdentity = SwiftSigningIdentity(
659+
certificate: try Certificate(keyAndCertChain.leafCertificate),
660+
privateKey: try Certificate
661+
.PrivateKey(P256.Signing.PrivateKey(derRepresentation: keyAndCertChain.privateKey))
662+
)
663+
let content = Array("per aspera ad astra".utf8)
664+
665+
let cmsProvider = CMSSignatureProvider(signatureAlgorithm: .ecdsaP256)
666+
let signature = try cmsProvider.sign(
667+
content: content,
668+
identity: signingIdentity,
669+
intermediateCertificates: keyAndCertChain.intermediateCertificates,
670+
observabilityScope: ObservabilitySystem.NOOP
671+
)
672+
673+
let verifierConfiguration = VerifierConfiguration(
674+
trustedRoots: [keyAndCertChain.rootCertificate],
675+
includeDefaultTrustStore: true,
676+
certificateExpiration: .enabled(validationTime: nil),
677+
certificateRevocation: .strict(validationTime: nil)
678+
)
679+
680+
let status = try await cmsProvider.status(
681+
signature: signature,
682+
content: content,
683+
verifierConfiguration: verifierConfiguration,
684+
observabilityScope: ObservabilitySystem.NOOP
685+
)
686+
687+
guard case .valid = status else {
688+
return XCTFail("Expected signature status to be .valid but got \(status)")
689+
}
690+
691+
func ecADPKeyAndCertChain(callback: (Result<KeyAndCertChain, Error>) -> Void) {
692+
do {
693+
try fixture(name: "Signing", createGitRepo: false) { fixturePath in
694+
let privateKey = try readFileContents(
695+
in: fixturePath,
696+
pathComponents: "Certificates", "swift_package_key.p8"
697+
)
698+
let certificate = try readFileContents(
699+
in: fixturePath,
700+
pathComponents: "Certificates", "swift_package.cer"
701+
)
702+
703+
callback(.success(KeyAndCertChain(
704+
privateKey: privateKey,
705+
certificateChain: [certificate]
706+
)))
707+
}
708+
} catch {
709+
callback(.failure(error))
710+
}
711+
}
712+
}
713+
651714
#if os(macOS)
652715
func testCMS1_0_0EndToEndWithADPSigningIdentityFromKeychain() async throws {
653716
#if ENABLE_REAL_SIGNING_IDENTITY_TEST

0 commit comments

Comments
 (0)