Allow signing from key provided as Data in addition to URL (#3831)

finestructure · web-flow · commit 50620803b7f5 · 2021-11-02T13:15:53.000-07:00
Allow signing from key Data in addition to URL
diff --git a/Sources/PackageCollectionsSigning/PackageCollectionSigning.swift b/Sources/PackageCollectionsSigning/PackageCollectionSigning.swift
@@ -22,16 +22,44 @@ public protocol PackageCollectionSigner {
     ///   - collection: The package collection to be signed
     ///   - certChainPaths: Paths to all DER-encoded certificates in the chain. The certificate used for signing
     ///                     must be the first in the array.
-    ///   - certPrivateKeyPath: Path to the private key (*.pem) of the certificate
+    ///   - privateKeyPEM: Data of the private key (*.pem) of the certificate
     ///   - certPolicyKey: The key of the `CertificatePolicy` to use for validating certificates
     ///   - callback: The callback to invoke when the signed collection is available.
     func sign(collection: PackageCollectionModel.V1.Collection,
               certChainPaths: [URL],
-              certPrivateKeyPath: URL,
+              privateKeyPEM: Data,
               certPolicyKey: CertificatePolicyKey,
               callback: @escaping (Result<PackageCollectionModel.V1.SignedCollection, Error>) -> Void)
 }
 
+extension PackageCollectionSigner {
+    /// Signs package collection using the given certificate and key.
+    ///
+    /// - Parameters:
+    ///   - collection: The package collection to be signed
+    ///   - certChainPaths: Paths to all DER-encoded certificates in the chain. The certificate used for signing
+    ///                     must be the first in the array.
+    ///   - certPrivateKeyPath: Path to the private key (*.pem) of the certificate
+    ///   - certPolicyKey: The key of the `CertificatePolicy` to use for validating certificates
+    ///   - callback: The callback to invoke when the signed collection is available.
+    public func sign(collection: PackageCollectionModel.V1.Collection,
+                     certChainPaths: [URL],
+                     certPrivateKeyPath: URL,
+                     certPolicyKey: CertificatePolicyKey = .default,
+                     callback: @escaping (Result<PackageCollectionModel.V1.SignedCollection, Error>) -> Void) {
+        do {
+            let privateKey = try Data(contentsOf: certPrivateKeyPath)
+            self.sign(collection: collection,
+                      certChainPaths: certChainPaths,
+                      privateKeyPEM: privateKey,
+                      certPolicyKey: certPolicyKey,
+                      callback: callback)
+        } catch {
+            callback(.failure(error))
+        }
+    }
+}
+
 public protocol PackageCollectionSignatureValidator {
     /// Validates a signed package collection.
     ///
@@ -126,7 +154,7 @@ public struct PackageCollectionSigning: PackageCollectionSigner, PackageCollecti
 
     public func sign(collection: Model.Collection,
                      certChainPaths: [URL],
-                     certPrivateKeyPath: URL,
+                     privateKeyPEM: Data,
                      certPolicyKey: CertificatePolicyKey = .default,
                      callback: @escaping (Result<Model.SignedCollection, Error>) -> Void) {
         do {
@@ -148,9 +176,6 @@ public struct PackageCollectionSigning: PackageCollectionSigner, PackageCollecti
                             certChain: certChainData.map { $0.base64EncodedString() }
                         )
 
-                        // Key for signing
-                        let privateKeyPEM = try Data(contentsOf: certPrivateKeyPath)
-
                         let privateKey: PrivateKey
                         switch keyType {
                         case .RSA:
