Allow clients to programmatically accept an identity change (#6248)

This will allow clients to take the information from specific registry error cases and programmatically accept them as valid. This can be useful if a client wants to offer a way for users to accept an allowed identity change.

Author: neonichu

Sources/PackageRegistry/RegistryClient.swift

@@ -126,6 +126,26 @@ public final class RegistryClient: Cancellable {
         try self.httpClient.cancel(deadline: deadline)
     }
 
+    public func changeSigningEntityFromVersion(
+        package: PackageIdentity,
+        version: Version,
+        signingEntity: SigningEntity,
+        origin: SigningEntity.Origin,
+        observabilityScope: ObservabilityScope,
+        callbackQueue: DispatchQueue,
+        completion: @escaping (Result<Void, Error>) -> Void
+    ) {
+        self.signingEntityStorage?.changeSigningEntityFromVersion(
+            package: package,
+            version: version,
+            signingEntity: signingEntity,
+            origin: origin,
+            observabilityScope: observabilityScope,
+            callbackQueue: callbackQueue,
+            callback: completion
+        )
+    }
+
     public func getPackageMetadata(
         package: PackageIdentity,
         timeout: DispatchTimeInterval? = .none,
@@ -1586,7 +1606,7 @@ public enum RegistryError: Error, CustomStringConvertible {
     case unknownSignatureFormat(String)
     case invalidSignature(reason: String)
     case invalidSigningCertificate(reason: String)
-    case signerNotTrusted(SigningEntity)
+    case signerNotTrusted(PackageIdentity, SigningEntity)
     case failedToValidateSignature(Error)
     case signingEntityForReleaseChanged(
         registry: Registry,
@@ -1694,7 +1714,7 @@ public enum RegistryError: Error, CustomStringConvertible {
             return "signature is invalid: \(reason)"
         case .invalidSigningCertificate(let reason):
             return "the signing certificate is invalid: \(reason)"
-        case .signerNotTrusted(let signingEntity):
+        case .signerNotTrusted(_, let signingEntity):
             return "the signer \(signingEntity) is not trusted"
         case .failedToValidateSignature(let error):
             return "failed to validate signature: \(error)"

Sources/PackageRegistry/SignatureValidation.swift

@@ -375,7 +375,7 @@ struct SignatureValidation {
                         ))
                     }
 
-                    let signerNotTrustedError = RegistryError.signerNotTrusted(signingEntity)
+                    let signerNotTrustedError = RegistryError.signerNotTrusted(package.underlying, signingEntity)
 
                     switch onUntrusted {
                     case .prompt:

Sources/Workspace/Workspace.swift

@@ -3468,6 +3468,26 @@ extension Workspace {
          // remove the local copy
          try registryDownloadsManager.remove(package: dependency.packageRef.identity)
      }
+
+     public func acceptIdentityChange(
+        package: PackageIdentity,
+        version: Version,
+        signingEntity: SigningEntity,
+        origin: SigningEntity.Origin,
+        observabilityScope: ObservabilityScope,
+        callbackQueue: DispatchQueue,
+        completion: @escaping (Result<Void, Error>) -> Void
+     ) {
+         self.registryClient.changeSigningEntityFromVersion(
+            package: package,
+            version: version,
+            signingEntity: signingEntity,
+            origin: origin,
+            observabilityScope: observabilityScope,
+            callbackQueue: callbackQueue,
+            completion: completion
+         )
+     }
  }
 
 // MARK: - Utility extensions