[Collections] Tighten import conditions

yim-lee · yim-lee · commit 3f48bb8808dc · 2021-02-24T16:52:46.000-08:00
Some `Security` framework APIs are available on macOS only
diff --git a/Sources/PackageCollectionsSigning/Certificate/Certificate.swift b/Sources/PackageCollectionsSigning/Certificate/Certificate.swift
@@ -10,19 +10,19 @@
 
 import struct Foundation.Data
 
-#if canImport(Security)
+#if os(macOS)
 import Security
 #endif
 
-#if canImport(Security)
+#if os(macOS)
 typealias Certificate = CoreCertificate
 #else
 typealias Certificate = BoringSSLCertificate
 #endif
 
 // MARK: - Certificate implementation using the Security framework
 
-#if canImport(Security)
+#if os(macOS)
 struct CoreCertificate {
     let underlying: SecCertificate
 
diff --git a/Sources/PackageCollectionsSigning/Certificate/CertificatePolicy.swift b/Sources/PackageCollectionsSigning/Certificate/CertificatePolicy.swift
@@ -16,7 +16,7 @@ import struct Foundation.URL
 
 import TSCBasic
 
-#if canImport(Security)
+#if os(macOS)
 import Security
 #endif
 
@@ -53,7 +53,7 @@ extension CertificatePolicy {
             return wrappedCallback(.failure(CertificatePolicyError.emptyCertChain))
         }
 
-        #if canImport(Security)
+        #if os(macOS)
         let policy = SecPolicyCreateBasicX509()
         let revocationPolicy = SecPolicyCreateRevocation(kSecRevocationOCSPMethod)
 
@@ -99,7 +99,7 @@ extension CertificatePolicy {
 
 extension CertificatePolicy {
     func hasExtension(oid: String, in certificate: Certificate) throws -> Bool {
-        #if canImport(Security)
+        #if os(macOS)
         guard let dict = SecCertificateCopyValues(certificate.underlying, [oid as CFString] as CFArray, nil) as? [CFString: Any] else {
             throw CertificatePolicyError.extensionFailure
         }
@@ -110,7 +110,7 @@ extension CertificatePolicy {
     }
 
     func hasExtendedKeyUsage(_ usage: CertificateExtendedKeyUsage, in certificate: Certificate) throws -> Bool {
-        #if canImport(Security)
+        #if os(macOS)
         guard let dict = SecCertificateCopyValues(certificate.underlying, [kSecOIDExtendedKeyUsage] as CFArray, nil) as? [CFString: Any] else {
             throw CertificatePolicyError.extensionFailure
         }
@@ -127,7 +127,7 @@ extension CertificatePolicy {
     /// Checks that the certificate supports OCSP. This **must** be done before calling `verify` to ensure
     /// the necessary properties are in place to trigger revocation check.
     func supportsOCSP(certificate: Certificate) throws -> Bool {
-        #if canImport(Security)
+        #if os(macOS)
         // Check that certificate has "Certificate Authority Information Access" extension and includes OCSP as access method.
         // The actual revocation check will be done by the Security framework in `verify`.
         guard let dict = SecCertificateCopyValues(certificate.underlying, [kSecOIDAuthorityInfoAccess] as CFArray, nil) as? [CFString: Any] else { // ignore error
@@ -147,7 +147,7 @@ extension CertificatePolicy {
 enum CertificateExtendedKeyUsage {
     case codeSigning
 
-    #if canImport(Security)
+    #if os(macOS)
     var data: Data {
         switch self {
         case .codeSigning:
diff --git a/Sources/PackageCollectionsSigning/Key/Key+EC.swift b/Sources/PackageCollectionsSigning/Key/Key+EC.swift
@@ -21,7 +21,7 @@ struct ECPrivateKey: PrivateKey {
     init<Data>(pem data: Data) throws where Data: DataProtocol {
         let pem = String(decoding: data, as: UTF8.self)
         #if os(macOS) || os(iOS) || os(watchOS) || os(tvOS)
-        if #available(macOS 11, *) {
+        if #available(macOS 11.0, iOS 14.0, watchOS 7.0, tvOS 14.0, *) {
             self.underlying = try CryptoECPrivateKey(pemRepresentation: pem)
         } else {
             let pemDocument = try ASN1.PEMDocument(pemString: pem)
@@ -45,7 +45,7 @@ struct ECPublicKey: PublicKey {
     init<Data>(pem data: Data) throws where Data: DataProtocol {
         let pem = String(decoding: data, as: UTF8.self)
         #if os(macOS) || os(iOS) || os(watchOS) || os(tvOS)
-        if #available(macOS 11, *) {
+        if #available(macOS 11.0, iOS 14.0, watchOS 7.0, tvOS 14.0, *) {
             self.underlying = try CryptoECPublicKey(pemRepresentation: pem)
         } else {
             let pemDocument = try ASN1.PEMDocument(pemString: pem)
diff --git a/Sources/PackageCollectionsSigning/Key/Key+RSA.swift b/Sources/PackageCollectionsSigning/Key/Key+RSA.swift
@@ -10,11 +10,11 @@
 
 import Foundation
 
-#if canImport(Security)
+#if os(macOS)
 import Security
 #endif
 
-#if canImport(Security)
+#if os(macOS)
 typealias RSAPublicKey = CoreRSAPublicKey
 typealias RSAPrivateKey = CoreRSAPrivateKey
 #else
@@ -24,7 +24,7 @@ typealias RSAPrivateKey = BoringSSLRSAPrivateKey
 
 // MARK: - RSA key implementations using the Security framework
 
-#if canImport(Security)
+#if os(macOS)
 struct CoreRSAPrivateKey: PrivateKey {
     let underlying: SecKey
 
diff --git a/Sources/PackageCollectionsSigning/Signing/Signing+RSAKey.swift b/Sources/PackageCollectionsSigning/Signing/Signing+RSAKey.swift
@@ -10,13 +10,13 @@
 
 import struct Foundation.Data
 
-#if canImport(Security)
+#if os(macOS)
 import Security
 #endif
 
 // MARK: - MessageSigner and MessageValidator conformance using the Security framework
 
-#if canImport(Security)
+#if os(macOS)
 extension CoreRSAPrivateKey {
     func sign(message: Data) throws -> Data {
         var error: Unmanaged<CFError>?
diff --git a/Tests/PackageCollectionsSigningTests/KeyTests+EC.swift b/Tests/PackageCollectionsSigningTests/KeyTests+EC.swift
@@ -31,10 +31,18 @@ class ECKeyTests: XCTestCase {
     }
 
     func testPublicKeyFromPEM() throws {
+        if !isSupportedPlatform {
+            try XCTSkipIf(true)
+        }
+
         XCTAssertNoThrow(try ECPublicKey(pem: ecPublicKey.bytes))
     }
 
     func testPrivateKeyFromPEM() throws {
+        if !isSupportedPlatform {
+            try XCTSkipIf(true)
+        }
+
         XCTAssertNoThrow(try ECPrivateKey(pem: ecPrivateKey.bytes))
     }
 }
diff --git a/Tests/PackageCollectionsSigningTests/SigningTests+ECKey.swift b/Tests/PackageCollectionsSigningTests/SigningTests+ECKey.swift
@@ -15,6 +15,10 @@ import XCTest
 
 class ECKeySigningTests: XCTestCase {
     func test_signAndValidate_happyCase() throws {
+        if !isSupportedPlatform {
+            try XCTSkipIf(true)
+        }
+
         let privateKey = try ECPrivateKey(pem: ecPrivateKey.bytes)
         let publicKey = try ECPublicKey(pem: ecPublicKey.bytes)
 
@@ -24,6 +28,10 @@ class ECKeySigningTests: XCTestCase {
     }
 
     func test_signAndValidate_mismatch() throws {
+        if !isSupportedPlatform {
+            try XCTSkipIf(true)
+        }
+
         let privateKey = try ECPrivateKey(pem: ecPrivateKey.bytes)
         let publicKey = try ECPublicKey(pem: ecPublicKey.bytes)
 
diff --git a/Tests/PackageCollectionsSigningTests/Utilities.swift b/Tests/PackageCollectionsSigningTests/Utilities.swift
@@ -14,7 +14,7 @@ import Foundation
 @testable import PackageCollectionsSigning
 import TSCBasic
 
-#if canImport(Security)
+#if os(macOS)
 let isSupportedPlatform = true
 #else
 let isSupportedPlatform = false

Original file line number	Diff line number	Diff line change
`@@ -31,10 +31,18 @@ class ECKeyTests: XCTestCase {`
`31`	`31`	`}`
`32`	`32`
`33`	`33`	`func testPublicKeyFromPEM() throws {`
	`34`	`+ if !isSupportedPlatform {`
	`35`	`+ try XCTSkipIf(true)`
	`36`	`+ }`
	`37`	`+`
`34`	`38`	`XCTAssertNoThrow(try ECPublicKey(pem: ecPublicKey.bytes))`
`35`	`39`	`}`
`36`	`40`
`37`	`41`	`func testPrivateKeyFromPEM() throws {`
	`42`	`+ if !isSupportedPlatform {`
	`43`	`+ try XCTSkipIf(true)`
	`44`	`+ }`
	`45`	`+`
`38`	`46`	`XCTAssertNoThrow(try ECPrivateKey(pem: ecPrivateKey.bytes))`
`39`	`47`	`}`
`40`	`48`	`}`