Skip to content

Commit

Permalink
[5.10] Revert "Update swift-certificates to 1.0.1, swift-crypto to 3.…
Browse files Browse the repository at this point in the history 
…0.0 (swiftlang#6949)" (swiftlang#6988)
  • Loading branch information
@yim-lee
yim-lee authored Oct 11, 2023
1 parent f71e373 commit 51b248d
Show file tree
Hide file tree
Showing 6 changed files with 81 additions and 49 deletions.
4 changes: 2 additions & 2 deletions Package.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -736,10 +736,10 @@ if ProcessInfo.processInfo.environment["SWIFTCI_USE_LOCAL_DEPS"] == nil {
// dependency version changes here with those projects.
.package(url: "https://github.com/apple/swift-argument-parser.git", .upToNextMinor(from: "1.2.2")),
.package(url: "https://github.com/apple/swift-driver.git", branch: relatedDependenciesBranch),
.package(url: "https://github.com/apple/swift-crypto.git", .upToNextMinor(from: "3.0.0")),
.package(url: "https://github.com/apple/swift-crypto.git", .upToNextMinor(from: "2.5.0")),
.package(url: "https://github.com/apple/swift-system.git", .upToNextMinor(from: "1.1.1")),
.package(url: "https://github.com/apple/swift-collections.git", .upToNextMinor(from: "1.0.1")),
.package(url: "https://github.com/apple/swift-certificates.git", .upToNextMinor(from: "1.0.1")),
.package(url: "https://github.com/apple/swift-certificates.git", .upToNextMinor(from: "0.6.0")),
]
} else {
package.dependencies += [
Expand Down
36 changes: 16 additions & 20 deletions Sources/PackageCollectionsSigning/CertificatePolicy.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -402,31 +402,27 @@ struct _OCSPVerifierPolicy: VerifierPolicy {
private struct _OCSPRequester: OCSPRequester {
let httpClient: HTTPClient

func query(request: [UInt8], uri: String) async -> OCSPRequesterQueryResult {
func query(request: [UInt8], uri: String) async throws -> [UInt8] {
guard let url = URL(string: uri), let host = url.host else {
return .terminalError(SwiftOCSPRequesterError.invalidURL(uri))
throw SwiftOCSPRequesterError.invalidURL(uri)
}

do {
let response = try await self.httpClient.post(
url,
body: Data(request),
headers: [
"Content-Type": "application/ocsp-request",
"Host": host,
]
)
let response = try await self.httpClient.post(
url,
body: Data(request),
headers: [
"Content-Type": "application/ocsp-request",
"Host": host,
]
)

guard response.statusCode == 200 else {
throw SwiftOCSPRequesterError.invalidResponse(statusCode: response.statusCode)
}
guard let responseBody = response.body else {
throw SwiftOCSPRequesterError.emptyResponse
}
return .response(Array(responseBody))
} catch {
return .nonTerminalError(error)
guard response.statusCode == 200 else {
throw SwiftOCSPRequesterError.invalidResponse(statusCode: response.statusCode)
}
guard let responseBody = response.body else {
throw SwiftOCSPRequesterError.emptyResponse
}
return Array(responseBody)
}
}

Expand Down
22 changes: 21 additions & 1 deletion Sources/PackageCollectionsSigning/X509Extensions.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,9 +59,29 @@ extension DistinguishedName {
private func stringAttribute(oid: ASN1ObjectIdentifier) -> String? {
for relativeDistinguishedName in self {
for attribute in relativeDistinguishedName where attribute.type == oid {
return attribute.value.description
if let stringValue = attribute.stringValue {
return stringValue
}
}
}
return nil
}
}

extension RelativeDistinguishedName.Attribute {
fileprivate var stringValue: String? {
let asn1StringBytes: ArraySlice<UInt8>?
do {
asn1StringBytes = try ASN1PrintableString(asn1Any: self.value).bytes
} catch {
asn1StringBytes = try? ASN1UTF8String(asn1Any: self.value).bytes
}

guard let asn1StringBytes,
let stringValue = String(bytes: asn1StringBytes, encoding: .utf8)
else {
return nil
}
return stringValue
}
}
38 changes: 17 additions & 21 deletions Sources/PackageSigning/VerifierPolicies.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ extension SignatureProviderProtocol {
func buildPolicySet(configuration: VerifierConfiguration, httpClient: HTTPClient) -> some VerifierPolicy {
_CodeSigningPolicy()
_ADPCertificatePolicy()

let now = Date()
switch (configuration.certificateExpiration, configuration.certificateRevocation) {
case (.enabled(let expiryValidationTime), .strict(let revocationValidationTime)):
Expand Down Expand Up @@ -158,31 +158,27 @@ struct _OCSPVerifierPolicy: VerifierPolicy {
private struct _OCSPRequester: OCSPRequester {
let httpClient: HTTPClient

func query(request: [UInt8], uri: String) async -> OCSPRequesterQueryResult {
func query(request: [UInt8], uri: String) async throws -> [UInt8] {
guard let url = URL(string: uri), let host = url.host else {
return .terminalError(SwiftOCSPRequesterError.invalidURL(uri))
throw SwiftOCSPRequesterError.invalidURL(uri)
}

do {
let response = try await self.httpClient.post(
url,
body: Data(request),
headers: [
"Content-Type": "application/ocsp-request",
"Host": host,
]
)
let response = try await self.httpClient.post(
url,
body: Data(request),
headers: [
"Content-Type": "application/ocsp-request",
"Host": host,
]
)

guard response.statusCode == 200 else {
throw SwiftOCSPRequesterError.invalidResponse(statusCode: response.statusCode)
}
guard let responseBody = response.body else {
throw SwiftOCSPRequesterError.emptyResponse
}
return .response(Array(responseBody))
} catch {
return .nonTerminalError(error)
guard response.statusCode == 200 else {
throw SwiftOCSPRequesterError.invalidResponse(statusCode: response.statusCode)
}
guard let responseBody = response.body else {
throw SwiftOCSPRequesterError.emptyResponse
}
return Array(responseBody)
}
}

Expand Down
24 changes: 22 additions & 2 deletions Sources/PackageSigning/X509Extensions.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ extension Certificate {
init(secIdentity: SecIdentity) throws {
var secCertificate: SecCertificate?
let status = SecIdentityCopyCertificate(secIdentity, &secCertificate)
guard status == errSecSuccess, let secCertificate else {
guard status == errSecSuccess, let secCertificate = secCertificate else {
throw StringError("failed to get certificate from SecIdentity: status \(status)")
}
self = try Certificate(secCertificate: secCertificate)
Expand Down Expand Up @@ -60,13 +60,33 @@ extension DistinguishedName {
private func stringAttribute(oid: ASN1ObjectIdentifier) -> String? {
for relativeDistinguishedName in self {
for attribute in relativeDistinguishedName where attribute.type == oid {
return attribute.value.description
if let stringValue = attribute.stringValue {
return stringValue
}
}
}
return nil
}
}

extension RelativeDistinguishedName.Attribute {
fileprivate var stringValue: String? {
let asn1StringBytes: ArraySlice<UInt8>?
do {
asn1StringBytes = try ASN1PrintableString(asn1Any: self.value).bytes
} catch {
asn1StringBytes = try? ASN1UTF8String(asn1Any: self.value).bytes
}

guard let asn1StringBytes,
let stringValue = String(bytes: asn1StringBytes, encoding: .utf8)
else {
return nil
}
return stringValue
}
}

// MARK: - Certificate cache

extension Certificate {
Expand Down
6 changes: 3 additions & 3 deletions Tests/PackageSigningTests/SigningTests.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -517,8 +517,8 @@ final class SigningTests: XCTestCase {
responses: [OCSPSingleResponse(
certID: singleRequest.certID,
certStatus: .unknown,
thisUpdate: try GeneralizedTime(validationTime - .days(1)),
nextUpdate: try GeneralizedTime(validationTime + .days(1))
thisUpdate: try .init(validationTime - .days(1)),
nextUpdate: try .init(validationTime + .days(1))
)],
privateKey: intermediatePrivateKey,
responseExtensions: { nonce }
Expand Down Expand Up @@ -1150,7 +1150,7 @@ enum OCSPTestHelper {
}
if isCodeSigning {
Critical(
try ExtendedKeyUsage([ExtendedKeyUsage.Usage.codeSigning])
ExtendedKeyUsage([ExtendedKeyUsage.Usage.codeSigning])
)
}
if let ocspServer {
Expand Down

0 comments on commit 51b248d

Please sign in to comment.