Allow clients to programmatically accept an identity change

This will allow clients to take the information from specific registry error cases and programmatically accept them as valid. This can be useful if a client wants to offer a way for users to accept an allowed identity change.

Author: neonichu

Sources/PackageRegistry/RegistryClient.swift

@@ -126,6 +126,26 @@ public final class RegistryClient: Cancellable {
         try self.httpClient.cancel(deadline: deadline)
     }
 
+    public func changeSigningEntityFromVersion(
+        package: PackageIdentity,
+        version: Version,
+        signingEntity: SigningEntity,
+        origin: SigningEntity.Origin,
+        observabilityScope: ObservabilityScope,
+        callbackQueue: DispatchQueue,
+        completion: @escaping (Result<Void, Error>) -> Void
+    ) {
+        self.signingEntityStorage?.changeSigningEntityFromVersion(
+            package: package,
+            version: version,
+            signingEntity: signingEntity,
+            origin: origin,
+            observabilityScope: observabilityScope,
+            callbackQueue: callbackQueue,
+            callback: completion
+        )
+    }
+
     public func getPackageMetadata(
         package: PackageIdentity,
         timeout: DispatchTimeInterval? = .none,
@@ -1430,7 +1450,7 @@ public enum RegistryError: Error, CustomStringConvertible {
     case unknownSignatureFormat(String)
     case invalidSignature(reason: String)
     case invalidSigningCertificate(reason: String)
-    case signerNotTrusted(SigningEntity)
+    case signerNotTrusted(PackageIdentity, SigningEntity)
     case failedToValidateSignature(Error)
     case signingEntityForReleaseChanged(
         registry: Registry,
@@ -1536,7 +1556,7 @@ public enum RegistryError: Error, CustomStringConvertible {
             return "signature is invalid: \(reason)"
         case .invalidSigningCertificate(let reason):
             return "the signing certificate is invalid: \(reason)"
-        case .signerNotTrusted(let signingEntity):
+        case .signerNotTrusted(_, let signingEntity):
             return "the signer \(signingEntity) is not trusted"
         case .failedToValidateSignature(let error):
             return "failed to validate signature: \(error)"

Sources/PackageRegistry/SignatureValidation.swift

@@ -209,6 +209,7 @@ struct SignatureValidation {
         Task {
             do {
                 let signatureStatus = try await SignatureProvider.status(
+                    package: package,
                     signature: Array(signature),
                     content: Array(content),
                     format: signatureFormat,
@@ -227,7 +228,7 @@ struct SignatureValidation {
                     completion(.failure(RegistryError.invalidSignature(reason: reason)))
                 case .certificateInvalid(let reason):
                     completion(.failure(RegistryError.invalidSigningCertificate(reason: reason)))
-                case .certificateNotTrusted(let signingEntity):
+                case .certificateNotTrusted(let package, let signingEntity):
                     observabilityScope
                         .emit(
                             info: "\(package) \(version) from \(registry) signing entity '\(signingEntity)' is untrusted"
@@ -239,7 +240,7 @@ struct SignatureValidation {
                         ))
                     }
 
-                    let signerNotTrustedError = RegistryError.signerNotTrusted(signingEntity)
+                    let signerNotTrustedError = RegistryError.signerNotTrusted(package.underlying, signingEntity)
 
                     switch onUntrusted {
                     case .prompt:

Sources/PackageSigning/SignatureProvider.swift

@@ -18,6 +18,7 @@ import struct Foundation.Date
 #endif
 
 import Basics
+import PackageModel
 @_implementationOnly import SwiftASN1
 @_implementationOnly @_spi(CMS) import X509
 
@@ -41,6 +42,7 @@ public enum SignatureProvider {
     }
 
     public static func status(
+        package: PackageIdentity.RegistryIdentity,
         signature: [UInt8],
         content: [UInt8],
         format: SignatureFormat,
@@ -49,6 +51,7 @@ public enum SignatureProvider {
     ) async throws -> SignatureStatus {
         let provider = format.provider
         return try await provider.status(
+            package: package,
             signature: signature,
             content: content,
             verifierConfiguration: verifierConfiguration,
@@ -99,7 +102,7 @@ public enum SignatureStatus: Equatable {
     case valid(SigningEntity)
     case invalid(String)
     case certificateInvalid(String)
-    case certificateNotTrusted(SigningEntity)
+    case certificateNotTrusted(PackageIdentity.RegistryIdentity, SigningEntity)
 }
 
 public enum SigningError: Error {
@@ -157,6 +160,7 @@ protocol SignatureProviderProtocol {
     ) throws -> [UInt8]
 
     func status(
+        package: PackageIdentity.RegistryIdentity,
         signature: [UInt8],
         content: [UInt8],
         verifierConfiguration: VerifierConfiguration,
@@ -233,6 +237,7 @@ struct CMSSignatureProvider: SignatureProviderProtocol {
     }
 
     func status(
+        package: PackageIdentity.RegistryIdentity,
         signature: [UInt8],
         content: [UInt8],
         verifierConfiguration: VerifierConfiguration,
@@ -269,7 +274,7 @@ struct CMSSignatureProvider: SignatureProviderProtocol {
             case .failure(CMS.VerificationError.unableToValidateSigner(let failure)):
                 if failure.validationFailures.isEmpty {
                     let signingEntity = SigningEntity.from(certificate: failure.signer)
-                    return .certificateNotTrusted(signingEntity)
+                    return .certificateNotTrusted(package, signingEntity)
                 } else {
                     observabilityScope.emit(info: "cannot validate certificate chain. Validation failures: \(failure.validationFailures)")
                     return .certificateInvalid("failures: \(failure.validationFailures.map { $0.policyFailureReason })")

Sources/Workspace/Workspace.swift

@@ -3471,6 +3471,26 @@ extension Workspace {
          // remove the local copy
          try registryDownloadsManager.remove(package: dependency.packageRef.identity)
      }
+
+     public func acceptIdentityChange(
+        package: PackageIdentity,
+        version: Version,
+        signingEntity: SigningEntity,
+        origin: SigningEntity.Origin,
+        observabilityScope: ObservabilityScope,
+        callbackQueue: DispatchQueue,
+        completion: @escaping (Result<Void, Error>) -> Void
+     ) {
+         self.registryClient.changeSigningEntityFromVersion(
+            package: package,
+            version: version,
+            signingEntity: signingEntity,
+            origin: origin,
+            observabilityScope: observabilityScope,
+            callbackQueue: callbackQueue,
+            completion: completion
+         )
+     }
  }
 
 // MARK: - Utility extensions

Tests/CommandsTests/PackageRegistryToolTests.swift

@@ -470,6 +470,7 @@ final class PackageRegistryToolTests: CommandsTestCase {
             verifierConfiguration.trustedRoots = try tsc_await { self.testRoots(callback: $0) }
 
             let signatureStatus = try await SignatureProvider.status(
+                package: PackageIdentity.plain("mona.LinkedList").registry!,
                 signature: signature,
                 content: archive,
                 format: .cms_1_0_0,

Tests/PackageSigningTests/SigningTests.swift

@@ -16,6 +16,7 @@ import XCTest
 import _CryptoExtras // for RSA
 import Basics
 import Crypto
+import PackageModel
 @testable import PackageSigning
 import SPMTestSupport
 import SwiftASN1
@@ -49,6 +50,7 @@ final class SigningTests: XCTestCase {
         )
 
         let status = try await SignatureProvider.status(
+            package: PackageIdentity.plain("mona.LinkedList").registry!,
             signature: signature,
             content: content,
             format: signatureFormat,
@@ -92,6 +94,7 @@ final class SigningTests: XCTestCase {
         )
 
         let status = try await cmsProvider.status(
+            package: PackageIdentity.plain("mona.LinkedList").registry!,
             signature: signature,
             content: content,
             verifierConfiguration: verifierConfiguration,
@@ -134,6 +137,7 @@ final class SigningTests: XCTestCase {
         )
 
         let status = try await cmsProvider.status(
+            package: PackageIdentity.plain("mona.LinkedList").registry!,
             signature: signature,
             content: content,
             verifierConfiguration: verifierConfiguration,
@@ -204,6 +208,7 @@ final class SigningTests: XCTestCase {
         )
 
         let status = try await SignatureProvider.status(
+            package: PackageIdentity.plain("mona.LinkedList").registry!,
             signature: signature,
             content: content,
             format: signatureFormat,
@@ -247,6 +252,7 @@ final class SigningTests: XCTestCase {
         )
 
         let status = try await cmsProvider.status(
+            package: PackageIdentity.plain("mona.LinkedList").registry!,
             signature: signature,
             content: content,
             verifierConfiguration: verifierConfiguration,
@@ -289,6 +295,7 @@ final class SigningTests: XCTestCase {
         )
 
         let status = try await cmsProvider.status(
+            package: PackageIdentity.plain("mona.LinkedList").registry!,
             signature: signature,
             content: content,
             verifierConfiguration: verifierConfiguration,
@@ -312,6 +319,7 @@ final class SigningTests: XCTestCase {
 
         let cmsProvider = CMSSignatureProvider(signatureAlgorithm: .ecdsaP256)
         let status = try await cmsProvider.status(
+            package: PackageIdentity.plain("mona.LinkedList").registry!,
             signature: signature,
             content: content,
             verifierConfiguration: .init(),
@@ -349,6 +357,7 @@ final class SigningTests: XCTestCase {
         )
 
         let status = try await cmsProvider.status(
+            package: PackageIdentity.plain("mona.LinkedList").registry!,
             signature: signature,
             content: otherContent,
             verifierConfiguration: verifierConfiguration,
@@ -385,6 +394,7 @@ final class SigningTests: XCTestCase {
         )
 
         let status = try await cmsProvider.status(
+            package: PackageIdentity.plain("mona.LinkedList").registry!,
             signature: signature,
             content: content,
             verifierConfiguration: verifierConfiguration,
@@ -425,6 +435,7 @@ final class SigningTests: XCTestCase {
             )
 
             let status = try await cmsProvider.status(
+                package: PackageIdentity.plain("mona.LinkedList").registry!,
                 signature: signature,
                 content: content,
                 verifierConfiguration: verifierConfiguration,
@@ -449,6 +460,7 @@ final class SigningTests: XCTestCase {
             )
 
             let status = try await cmsProvider.status(
+                package: PackageIdentity.plain("mona.LinkedList").registry!,
                 signature: signature,
                 content: content,
                 verifierConfiguration: verifierConfiguration,
@@ -514,6 +526,7 @@ final class SigningTests: XCTestCase {
             )
 
             let status = try await cmsProvider.status(
+                package: PackageIdentity.plain("mona.LinkedList").registry!,
                 signature: signature,
                 content: content,
                 verifierConfiguration: verifierConfiguration,
@@ -535,6 +548,7 @@ final class SigningTests: XCTestCase {
             )
 
             let status = try await cmsProvider.status(
+                package: PackageIdentity.plain("mona.LinkedList").registry!,
                 signature: signature,
                 content: content,
                 verifierConfiguration: verifierConfiguration,
@@ -576,6 +590,7 @@ final class SigningTests: XCTestCase {
         )
 
         let status = try await cmsProvider.status(
+            package: PackageIdentity.plain("mona.LinkedList").registry!,
             signature: signature,
             content: content,
             verifierConfiguration: verifierConfiguration,
@@ -644,6 +659,7 @@ final class SigningTests: XCTestCase {
         )
 
         let status = try await SignatureProvider.status(
+            package: PackageIdentity.plain("mona.LinkedList").registry!,
             signature: signature,
             content: content,
             format: signatureFormat,
@@ -701,6 +717,7 @@ final class SigningTests: XCTestCase {
         )
 
         let status = try await cmsProvider.status(
+            package: PackageIdentity.plain("mona.LinkedList").registry!,
             signature: signature,
             content: content,
             verifierConfiguration: verifierConfiguration,
@@ -757,6 +774,7 @@ final class SigningTests: XCTestCase {
         )
 
         let status = try await cmsProvider.status(
+            package: PackageIdentity.plain("mona.LinkedList").registry!,
             signature: signature,
             content: content,
             verifierConfiguration: verifierConfiguration,