Skip to content

Commit cf540dd

Browse files
tomerdtomerd
authored
refactor signature handling validations (#6680)
motivation: code cleanup changes: * extract signature validation to a seperate function * use guards to improve readability
1 parent 99bab1c commit cf540dd

File tree

1 file changed

+57
-48
lines changed

1 file changed

+57
-48
lines changed

Sources/Workspace/Workspace.swift

Lines changed: 57 additions & 48 deletions
Original file line numberDiff line numberDiff line change
@@ -1130,58 +1130,14 @@ extension Workspace {
11301130
observabilityScope: observabilityScope
11311131
)
11321132

1133-
try expectedSigningEntities.forEach { identity, expectedSigningEntity in
1134-
if let package = packageGraph.packages.first(where: { $0.identity == identity }) {
1135-
if let actualSigningEntity = package.registryMetadata?.signature?.signedBy {
1136-
if actualSigningEntity != expectedSigningEntity {
1137-
throw SigningError.mismatchedSigningEntity(
1138-
package: identity,
1139-
expected: expectedSigningEntity,
1140-
actual: actualSigningEntity
1141-
)
1142-
}
1143-
} else {
1144-
throw SigningError.unsigned(package: identity, expected: expectedSigningEntity)
1145-
}
1146-
} else {
1147-
if let mirror = self.mirrors.mirror(for: identity.description) {
1148-
let mirroredIdentity = PackageIdentity.plain(mirror)
1149-
if mirroredIdentity.isRegistry {
1150-
if let package = packageGraph.packages.first(where: { $0.identity == mirroredIdentity }) {
1151-
if let actualSigningEntity = package.registryMetadata?.signature?.signedBy {
1152-
if actualSigningEntity != expectedSigningEntity {
1153-
throw SigningError.mismatchedSigningEntity(
1154-
package: identity,
1155-
expected: expectedSigningEntity,
1156-
actual: actualSigningEntity
1157-
)
1158-
}
1159-
} else {
1160-
throw SigningError.unsigned(package: identity, expected: expectedSigningEntity)
1161-
}
1162-
} else {
1163-
// Unsure if this case is reachable in practice.
1164-
throw SigningError.expectedIdentityNotFound(package: identity)
1165-
}
1166-
} else {
1167-
throw SigningError.expectedSignedMirroredToSourceControl(package: identity, expected: expectedSigningEntity)
1168-
}
1169-
} else {
1170-
throw SigningError.expectedIdentityNotFound(package: identity)
1171-
}
1172-
}
1173-
}
1133+
try self.validateSignatures(
1134+
packageGraph: packageGraph,
1135+
expectedSigningEntities: expectedSigningEntities
1136+
)
11741137

11751138
return packageGraph
11761139
}
11771140

1178-
public enum SigningError: Swift.Error {
1179-
case expectedIdentityNotFound(package: PackageIdentity)
1180-
case expectedSignedMirroredToSourceControl(package: PackageIdentity, expected: RegistryReleaseMetadata.SigningEntity)
1181-
case mismatchedSigningEntity(package: PackageIdentity, expected: RegistryReleaseMetadata.SigningEntity, actual: RegistryReleaseMetadata.SigningEntity)
1182-
case unsigned(package: PackageIdentity, expected: RegistryReleaseMetadata.SigningEntity)
1183-
}
1184-
11851141
@discardableResult
11861142
public func loadPackageGraph(
11871143
rootPath: AbsolutePath,
@@ -3552,6 +3508,59 @@ extension Workspace {
35523508
}
35533509
}
35543510

3511+
// MARK: - Signatures
3512+
3513+
extension Workspace {
3514+
private func validateSignatures(
3515+
packageGraph: PackageGraph,
3516+
expectedSigningEntities: [PackageIdentity: RegistryReleaseMetadata.SigningEntity]
3517+
) throws {
3518+
try expectedSigningEntities.forEach { identity, expectedSigningEntity in
3519+
if let package = packageGraph.packages.first(where: { $0.identity == identity }) {
3520+
guard let actualSigningEntity = package.registryMetadata?.signature?.signedBy else {
3521+
throw SigningError.unsigned(package: identity, expected: expectedSigningEntity)
3522+
}
3523+
if actualSigningEntity != expectedSigningEntity {
3524+
throw SigningError.mismatchedSigningEntity(
3525+
package: identity,
3526+
expected: expectedSigningEntity,
3527+
actual: actualSigningEntity
3528+
)
3529+
}
3530+
} else {
3531+
guard let mirror = self.mirrors.mirror(for: identity.description) else {
3532+
throw SigningError.expectedIdentityNotFound(package: identity)
3533+
}
3534+
let mirroredIdentity = PackageIdentity.plain(mirror)
3535+
guard mirroredIdentity.isRegistry else {
3536+
throw SigningError.expectedSignedMirroredToSourceControl(package: identity, expected: expectedSigningEntity)
3537+
}
3538+
guard let package = packageGraph.packages.first(where: { $0.identity == mirroredIdentity }) else {
3539+
// Unsure if this case is reachable in practice.
3540+
throw SigningError.expectedIdentityNotFound(package: identity)
3541+
}
3542+
guard let actualSigningEntity = package.registryMetadata?.signature?.signedBy else {
3543+
throw SigningError.unsigned(package: identity, expected: expectedSigningEntity)
3544+
}
3545+
if actualSigningEntity != expectedSigningEntity {
3546+
throw SigningError.mismatchedSigningEntity(
3547+
package: identity,
3548+
expected: expectedSigningEntity,
3549+
actual: actualSigningEntity
3550+
)
3551+
}
3552+
}
3553+
}
3554+
}
3555+
3556+
public enum SigningError: Swift.Error {
3557+
case expectedIdentityNotFound(package: PackageIdentity)
3558+
case expectedSignedMirroredToSourceControl(package: PackageIdentity, expected: RegistryReleaseMetadata.SigningEntity)
3559+
case mismatchedSigningEntity(package: PackageIdentity, expected: RegistryReleaseMetadata.SigningEntity, actual: RegistryReleaseMetadata.SigningEntity)
3560+
case unsigned(package: PackageIdentity, expected: RegistryReleaseMetadata.SigningEntity)
3561+
}
3562+
}
3563+
35553564
// MARK: - Utility extensions
35563565

35573566
fileprivate extension Workspace.ManagedArtifact {

0 commit comments

Comments
 (0)