Skip to content

[5.10] Revert "Update swift-certificates to 1.0.1, swift-crypto to 3.0.0 (#6949)" #6988

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Oct 11, 2023
Merged

[5.10] Revert "Update swift-certificates to 1.0.1, swift-crypto to 3.0.0 (#6949)" #6988

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions Package.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -736,10 +736,10 @@ if ProcessInfo.processInfo.environment["SWIFTCI_USE_LOCAL_DEPS"] == nil {
// dependency version changes here with those projects.
.package(url: "https://github.com/apple/swift-argument-parser.git", .upToNextMinor(from: "1.2.2")),
.package(url: "https://github.com/apple/swift-driver.git", branch: relatedDependenciesBranch),
.package(url: "https://github.com/apple/swift-crypto.git", .upToNextMinor(from: "3.0.0")),
.package(url: "https://github.com/apple/swift-crypto.git", .upToNextMinor(from: "2.5.0")),
.package(url: "https://github.com/apple/swift-system.git", .upToNextMinor(from: "1.1.1")),
.package(url: "https://github.com/apple/swift-collections.git", .upToNextMinor(from: "1.0.1")),
.package(url: "https://github.com/apple/swift-certificates.git", .upToNextMinor(from: "1.0.1")),
.package(url: "https://github.com/apple/swift-certificates.git", .upToNextMinor(from: "0.6.0")),
]
} else {
package.dependencies += [
Expand Down
36 changes: 16 additions & 20 deletions Sources/PackageCollectionsSigning/CertificatePolicy.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -402,31 +402,27 @@ struct _OCSPVerifierPolicy: VerifierPolicy {
private struct _OCSPRequester: OCSPRequester {
let httpClient: HTTPClient

func query(request: [UInt8], uri: String) async -> OCSPRequesterQueryResult {
func query(request: [UInt8], uri: String) async throws -> [UInt8] {
guard let url = URL(string: uri), let host = url.host else {
return .terminalError(SwiftOCSPRequesterError.invalidURL(uri))
throw SwiftOCSPRequesterError.invalidURL(uri)
}

do {
let response = try await self.httpClient.post(
url,
body: Data(request),
headers: [
"Content-Type": "application/ocsp-request",
"Host": host,
]
)
let response = try await self.httpClient.post(
url,
body: Data(request),
headers: [
"Content-Type": "application/ocsp-request",
"Host": host,
]
)

guard response.statusCode == 200 else {
throw SwiftOCSPRequesterError.invalidResponse(statusCode: response.statusCode)
}
guard let responseBody = response.body else {
throw SwiftOCSPRequesterError.emptyResponse
}
return .response(Array(responseBody))
} catch {
return .nonTerminalError(error)
guard response.statusCode == 200 else {
throw SwiftOCSPRequesterError.invalidResponse(statusCode: response.statusCode)
}
guard let responseBody = response.body else {
throw SwiftOCSPRequesterError.emptyResponse
}
return Array(responseBody)
}
}

Expand Down
22 changes: 21 additions & 1 deletion Sources/PackageCollectionsSigning/X509Extensions.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,9 +59,29 @@ extension DistinguishedName {
private func stringAttribute(oid: ASN1ObjectIdentifier) -> String? {
for relativeDistinguishedName in self {
for attribute in relativeDistinguishedName where attribute.type == oid {
return attribute.value.description
if let stringValue = attribute.stringValue {
return stringValue
}
}
}
return nil
}
}

extension RelativeDistinguishedName.Attribute {
fileprivate var stringValue: String? {
let asn1StringBytes: ArraySlice<UInt8>?
do {
asn1StringBytes = try ASN1PrintableString(asn1Any: self.value).bytes
} catch {
asn1StringBytes = try? ASN1UTF8String(asn1Any: self.value).bytes
}

guard let asn1StringBytes,
let stringValue = String(bytes: asn1StringBytes, encoding: .utf8)
else {
return nil
}
return stringValue
}
}
38 changes: 17 additions & 21 deletions Sources/PackageSigning/VerifierPolicies.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ extension SignatureProviderProtocol {
func buildPolicySet(configuration: VerifierConfiguration, httpClient: HTTPClient) -> some VerifierPolicy {
_CodeSigningPolicy()
_ADPCertificatePolicy()

let now = Date()
switch (configuration.certificateExpiration, configuration.certificateRevocation) {
case (.enabled(let expiryValidationTime), .strict(let revocationValidationTime)):
Expand Down Expand Up @@ -158,31 +158,27 @@ struct _OCSPVerifierPolicy: VerifierPolicy {
private struct _OCSPRequester: OCSPRequester {
let httpClient: HTTPClient

func query(request: [UInt8], uri: String) async -> OCSPRequesterQueryResult {
func query(request: [UInt8], uri: String) async throws -> [UInt8] {
guard let url = URL(string: uri), let host = url.host else {
return .terminalError(SwiftOCSPRequesterError.invalidURL(uri))
throw SwiftOCSPRequesterError.invalidURL(uri)
}

do {
let response = try await self.httpClient.post(
url,
body: Data(request),
headers: [
"Content-Type": "application/ocsp-request",
"Host": host,
]
)
let response = try await self.httpClient.post(
url,
body: Data(request),
headers: [
"Content-Type": "application/ocsp-request",
"Host": host,
]
)

guard response.statusCode == 200 else {
throw SwiftOCSPRequesterError.invalidResponse(statusCode: response.statusCode)
}
guard let responseBody = response.body else {
throw SwiftOCSPRequesterError.emptyResponse
}
return .response(Array(responseBody))
} catch {
return .nonTerminalError(error)
guard response.statusCode == 200 else {
throw SwiftOCSPRequesterError.invalidResponse(statusCode: response.statusCode)
}
guard let responseBody = response.body else {
throw SwiftOCSPRequesterError.emptyResponse
}
return Array(responseBody)
}
}

Expand Down
24 changes: 22 additions & 2 deletions Sources/PackageSigning/X509Extensions.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ extension Certificate {
init(secIdentity: SecIdentity) throws {
var secCertificate: SecCertificate?
let status = SecIdentityCopyCertificate(secIdentity, &secCertificate)
guard status == errSecSuccess, let secCertificate else {
guard status == errSecSuccess, let secCertificate = secCertificate else {
throw StringError("failed to get certificate from SecIdentity: status \(status)")
}
self = try Certificate(secCertificate: secCertificate)
Expand Down Expand Up @@ -60,13 +60,33 @@ extension DistinguishedName {
private func stringAttribute(oid: ASN1ObjectIdentifier) -> String? {
for relativeDistinguishedName in self {
for attribute in relativeDistinguishedName where attribute.type == oid {
return attribute.value.description
if let stringValue = attribute.stringValue {
return stringValue
}
}
}
return nil
}
}

extension RelativeDistinguishedName.Attribute {
fileprivate var stringValue: String? {
let asn1StringBytes: ArraySlice<UInt8>?
do {
asn1StringBytes = try ASN1PrintableString(asn1Any: self.value).bytes
} catch {
asn1StringBytes = try? ASN1UTF8String(asn1Any: self.value).bytes
}

guard let asn1StringBytes,
let stringValue = String(bytes: asn1StringBytes, encoding: .utf8)
else {
return nil
}
return stringValue
}
}

// MARK: - Certificate cache

extension Certificate {
Expand Down
6 changes: 3 additions & 3 deletions Tests/PackageSigningTests/SigningTests.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -517,8 +517,8 @@ final class SigningTests: XCTestCase {
responses: [OCSPSingleResponse(
certID: singleRequest.certID,
certStatus: .unknown,
thisUpdate: try GeneralizedTime(validationTime - .days(1)),
nextUpdate: try GeneralizedTime(validationTime + .days(1))
thisUpdate: try .init(validationTime - .days(1)),
nextUpdate: try .init(validationTime + .days(1))
)],
privateKey: intermediatePrivateKey,
responseExtensions: { nonce }
Expand Down Expand Up @@ -1150,7 +1150,7 @@ enum OCSPTestHelper {
}
if isCodeSigning {
Critical(
try ExtendedKeyUsage([ExtendedKeyUsage.Usage.codeSigning])
ExtendedKeyUsage([ExtendedKeyUsage.Usage.codeSigning])
)
}
if let ocspServer {
Expand Down