swiftlang
diff --git a/‎Fixtures/Collections/JSON/good_signed.json
Lines changed: 124 additions & 0 deletions b/‎Fixtures/Collections/JSON/good_signed.json
Lines changed: 124 additions & 0 deletions
diff --git a/‎Sources/PackageCollections/Model/Collection.swift
Lines changed: 46 additions & 4 deletions b/‎Sources/PackageCollections/Model/Collection.swift
Lines changed: 46 additions & 4 deletions
diff --git a/‎Sources/PackageCollections/Providers/JSONPackageCollectionProvider.swift
Lines changed: 42 additions & 16 deletions b/‎Sources/PackageCollections/Providers/JSONPackageCollectionProvider.swift
Lines changed: 42 additions & 16 deletions
@@ -0,0 +1,124 @@
+{
+  "name": "Sample Package Collection",
+  "overview": "This is a sample package collection listing made-up packages.",
+  "keywords": ["sample package collection"],
+  "formatVersion": "1.0",
+  "revision": 3,
+  "generatedAt": "2020-10-22T06:03:52Z",
+  "generatedBy": {
+    "name": "Jane Doe"
+  },
+  "packages": [
+    {
+      "url": "https://www.example.com/repos/RepoOne.git",
+      "summary": "Package One",
+      "keywords": ["sample package"],
+      "readmeURL": "https://www.example.com/repos/RepoOne/README",
+      "license": {
+        "name": "Apache-2.0",
+        "url": "https://www.example.com/repos/RepoOne/LICENSE"
+      },
+      "versions": [
+        {
+          "version": "0.1.0",
+          "packageName": "PackageOne",
+          "targets": [
+            {
+              "name": "Foo",
+              "moduleName": "Foo"
+            }
+          ],
+          "products": [
+            {
+              "name": "Foo",
+              "type": {
+                "library": ["automatic"]
+              },
+              "targets": ["Foo"]
+            }
+          ],
+          "toolsVersion": "5.1",
+          "minimumPlatformVersions": [
+            { "name": "macOS", "version": "10.15" }
+          ],
+          "verifiedCompatibility": [
+            {
+              "platform": { "name": "macOS" },
+              "swiftVersion": "5.1"
+            },
+            {
+              "platform": { "name": "iOS" },
+              "swiftVersion": "5.1"
+            },
+            {
+              "platform": { "name": "Linux" },
+              "swiftVersion": "5.1"
+            }
+          ],
+          "license": {
+            "name": "Apache-2.0",
+            "url": "https://www.example.com/repos/RepoOne/LICENSE"
+          }
+        }
+      ]
+    },
+    {
+      "url": "https://www.example.com/repos/RepoTwo.git",
+      "summary": "Package Two",
+      "readmeURL": "https://www.example.com/repos/RepoTwo/README",
+      "versions": [
+        {
+          "version": "2.1.0",
+          "packageName": "PackageTwo",
+          "targets": [
+            {
+              "name": "Bar",
+              "moduleName": "Bar"
+            }
+          ],
+          "products": [
+            {
+              "name": "Bar",
+              "type": {
+                "library": ["automatic"]
+              },
+              "targets": ["Bar"]
+            }
+          ],
+          "toolsVersion": "5.2"
+        },
+        {
+          "version": "1.8.3",
+          "packageName": "PackageTwo",
+          "targets": [
+            {
+              "name": "Bar",
+              "moduleName": "Bar"
+            }
+          ],
+          "products": [
+            {
+              "name": "Bar",
+              "type": {
+                "library": ["automatic"]
+              },
+              "targets": ["Bar"]
+            }
+          ],
+          "toolsVersion": "5.0"
+        }
+      ]
+    }
+  ],
+  "signature": {
+    "signature": "<SIGNATURE>",
+    "certificate": {
+      "subject": {
+        "commonName": "Sample Subject"
+      },
+      "issuer": {
+        "commonName": "Sample Issuer"
+      }
+    }
+  }
+}
@@ -54,8 +54,13 @@ extension PackageCollectionsModel {
         /// When this collection was last processed locally
         public let lastProcessedAt: Date
 
+        /// The collection's signature metadata
+        public let signature: SignatureData?
+
         /// Indicates if the collection is signed
-        public let isSigned: Bool
+        public var isSigned: Bool {
+            self.signature != nil
+        }
 
         /// Initializes a `Collection`
         init(
@@ -66,8 +71,8 @@ extension PackageCollectionsModel {
             packages: [Package],
             createdAt: Date,
             createdBy: Author?,
-            lastProcessedAt: Date = Date(),
-            isSigned: Bool
+            signature: SignatureData?,
+            lastProcessedAt: Date = Date()
         ) {
             self.identifier = .init(from: source)
             self.source = source
@@ -77,8 +82,8 @@ extension PackageCollectionsModel {
             self.packages = packages
             self.createdAt = createdAt
             self.createdBy = createdBy
+            self.signature = signature
             self.lastProcessedAt = lastProcessedAt
-            self.isSigned = isSigned
         }
     }
 }
@@ -180,3 +185,40 @@ extension PackageCollectionsModel.Collection {
         public let name: String
     }
 }
+
+extension PackageCollectionsModel {
+    /// Package collection signature metadata
+    public struct SignatureData: Equatable, Codable {
+        /// Details about the certificate used to generate the signature
+        public let certificate: Certificate
+
+        public init(certificate: Certificate) {
+            self.certificate = certificate
+        }
+
+        public struct Certificate: Equatable, Codable {
+            /// Subject of the certificate
+            public let subject: Name
+
+            /// Issuer of the certificate
+            public let issuer: Name
+
+            /// Creates a `Certificate`
+            public init(subject: Name, issuer: Name) {
+                self.subject = subject
+                self.issuer = issuer
+            }
+
+            /// Generic certificate name (e.g., subject, issuer)
+            public struct Name: Equatable, Codable {
+                /// Common name
+                public let commonName: String
+
+                /// Creates a `Name`
+                public init(commonName: String) {
+                    self.commonName = commonName
+                }
+            }
+        }
+    }
+}
@@ -54,7 +54,7 @@ struct JSONPackageCollectionProvider: PackageCollectionProvider {
                         throw Errors.invalidJSON(error)
                     }
                 }
-                return callback(self.makeCollection(from: collection, source: source))
+                return callback(self.makeCollection(from: collection, source: source, signature: nil))
             } catch {
                 return callback(.failure(error))
             }
@@ -90,14 +90,28 @@ struct JSONPackageCollectionProvider: PackageCollectionProvider {
                         guard contentLength < self.configuration.maximumSizeInBytes else {
                             return callback(.failure(Errors.responseTooLarge(contentLength)))
                         }
+                        guard let body = response.body else {
+                            return callback(.failure(Errors.invalidResponse("Body is empty")))
+                        }
 
                         do {
-                            // parse json
-                            guard let collection = try response.decodeBody(JSONModel.Collection.self, using: self.decoder) else {
-                                return callback(.failure(Errors.invalidResponse("Invalid body")))
+                            // parse json and construct result
+                            do {
+                                // This fails if "signature" is missing
+                                let signature = try JSONModel.SignedCollection.signature(from: body, using: self.decoder)
+                                // TODO: Check collection's signature
+                                // If signature is
+                                //      a. valid: process the collection; set isSigned=true
+                                //      b. invalid: includes expired cert, untrusted cert, signature-payload mismatch => return error
+                                let collection = try JSONModel.SignedCollection.collection(from: body, using: self.decoder)
+                                callback(self.makeCollection(from: collection, source: source, signature: Model.SignatureData(from: signature)))
+                            } catch {
+                                // Collection is not signed
+                                guard let collection = try response.decodeBody(JSONModel.Collection.self, using: self.decoder) else {
+                                    return callback(.failure(Errors.invalidResponse("Invalid body")))
+                                }
+                                callback(self.makeCollection(from: collection, source: source, signature: nil))
                             }
-                            // construct result
-                            callback(self.makeCollection(from: collection, source: source))
                         } catch {
                             callback(.failure(Errors.invalidJSON(error)))
                         }
@@ -107,14 +121,7 @@ struct JSONPackageCollectionProvider: PackageCollectionProvider {
         }
     }
 
-    private func makeCollection(from collection: JSONModel.Collection, source: Model.CollectionSource) -> Result<Model.Collection, Error> {
-        // TODO: Check collection's signature
-        // 1. If signed and signature is
-        //      a. valid: process the collection; set isSigned=true
-        //      b. invalid: includes expired cert, untrusted cert, signature-payload mismatch => return error
-        // 2. If unsigned, process the collection; set isSigned=false.
-        let isSigned = true
-
+    private func makeCollection(from collection: JSONModel.Collection, source: Model.CollectionSource, signature: Model.SignatureData?) -> Result<Model.Collection, Error> {
         var serializationOkay = true
         let packages = collection.packages.map { package -> Model.Package in
             let versions = package.versions.compactMap { version -> Model.Package.Version? in
@@ -177,8 +184,8 @@ struct JSONPackageCollectionProvider: PackageCollectionProvider {
                               packages: packages,
                               createdAt: collection.generatedAt,
                               createdBy: collection.generatedBy.flatMap { Model.Collection.Author(name: $0.name) },
-                              lastProcessedAt: Date(),
-                              isSigned: isSigned))
+                              signature: signature,
+                              lastProcessedAt: Date()))
     }
 
     private func makeRequestOptions(validResponseCodes: [Int]) -> HTTPClientRequest.Options {
@@ -309,3 +316,22 @@ extension Model.License {
         self.init(type: Model.LicenseType(string: from.name), url: from.url)
     }
 }
+
+extension Model.SignatureData {
+    fileprivate init(from: JSONModel.Signature) {
+        self.certificate = .init(from: from.certificate)
+    }
+}
+
+extension Model.SignatureData.Certificate {
+    fileprivate init(from: JSONModel.Signature.Certificate) {
+        self.subject = .init(from: from.subject)
+        self.issuer = .init(from: from.issuer)
+    }
+}
+
+extension Model.SignatureData.Certificate.Name {
+    fileprivate init(from: JSONModel.Signature.Certificate.Name) {
+        self.commonName = from.commonName
+    }
+}