Skip to content

Commit 2a39b3b

Browse files
committed
Move collectionSigningPrivateKey to EnvironmentClient
1 parent 205f15d commit 2a39b3b

File tree

7 files changed

+23
-21
lines changed

7 files changed

+23
-21
lines changed

Sources/App/Core/AppEnvironment.swift

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,6 @@ import FoundationNetworking
2323

2424

2525
struct AppEnvironment: Sendable {
26-
var collectionSigningPrivateKey: @Sendable () -> Data?
2726
var currentReferenceCache: @Sendable () -> CurrentReferenceCache?
2827
var dbId: @Sendable () -> String?
2928
var fetchDocumentation: @Sendable (_ client: Client, _ url: URI) async throws -> ClientResponse
@@ -88,10 +87,6 @@ extension AppEnvironment {
8887
nonisolated(unsafe) static var logger: Logger!
8988

9089
static let live = AppEnvironment(
91-
collectionSigningPrivateKey: {
92-
Environment.get("COLLECTION_SIGNING_PRIVATE_KEY")
93-
.map { Data($0.utf8) }
94-
},
9590
currentReferenceCache: { .live },
9691
dbId: { Environment.get("DATABASE_ID") },
9792
fetchDocumentation: { client, url in try await client.get(url) },

Sources/App/Core/Dependencies/EnvironmentClient.swift

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,7 @@ struct EnvironmentClient {
3737
var buildTriggerDownscaling: @Sendable () -> Double = { XCTFail("buildTriggerDownscaling"); return 1 }
3838
var buildTriggerLatestSwiftVersionDownscaling: @Sendable () -> Double = { XCTFail("buildTriggerLatestSwiftVersionDownscaling"); return 1 }
3939
var collectionSigningCertificateChain: @Sendable () -> [URL] = { XCTFail("collectionSigningCertificateChain"); return [] }
40+
var collectionSigningPrivateKey: @Sendable () -> Data?
4041
var current: @Sendable () -> Environment = { XCTFail("current"); return .development }
4142
var mastodonCredentials: @Sendable () -> Mastodon.Credentials?
4243
var mastodonPost: @Sendable (_ client: Client, _ post: String) async throws -> Void
@@ -86,6 +87,9 @@ extension EnvironmentClient: DependencyKey {
8687
"AppleIncRootCertificate.cer",
8788
].map { SignedCollection.certsDir.appendingPathComponent($0) }
8889
},
90+
collectionSigningPrivateKey: {
91+
Environment.get("COLLECTION_SIGNING_PRIVATE_KEY").map { Data($0.utf8) }
92+
},
8993
current: { (try? Environment.detect()) ?? .development },
9094
mastodonCredentials: {
9195
Environment.get("MASTODON_ACCESS_TOKEN")

Sources/App/Core/PackageCollection+signing.swift

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -43,12 +43,12 @@ extension SignedCollection {
4343
}
4444

4545
static func sign(collection: PackageCollection) async throws -> SignedCollection {
46-
guard let privateKey = Current.collectionSigningPrivateKey() else {
46+
@Dependency(\.environment) var environment
47+
48+
guard let privateKey = environment.collectionSigningPrivateKey() else {
4749
throw AppError.envVariableNotSet("COLLECTION_SIGNING_PRIVATE_KEY")
4850
}
4951

50-
@Dependency(\.environment) var environment
51-
5252
return try await signer.sign(collection: collection,
5353
certChainPaths: environment.collectionSigningCertificateChain(),
5454
privateKeyPEM: privateKey)

Tests/AppTests/ApiTests.swift

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -827,11 +827,12 @@ class ApiTests: AppTestCase {
827827
}
828828

829829
func test_package_collections_owner() async throws {
830-
try XCTSkipIf(!isRunningInCI && Current.collectionSigningPrivateKey() == nil, "Skip test for local user due to unset COLLECTION_SIGNING_PRIVATE_KEY env variable")
830+
try XCTSkipIf(!isRunningInCI && EnvironmentClient.liveValue.collectionSigningPrivateKey() == nil, "Skip test for local user due to unset COLLECTION_SIGNING_PRIVATE_KEY env variable")
831831
try await withDependencies {
832832
$0.date.now = .t0
833833
$0.environment.apiSigningKey = { "secret" }
834834
$0.environment.collectionSigningCertificateChain = EnvironmentClient.liveValue.collectionSigningCertificateChain
835+
$0.environment.collectionSigningPrivateKey = EnvironmentClient.liveValue.collectionSigningPrivateKey
835836
} operation: {
836837
// setup
837838
let p1 = Package(id: .id1, url: "1")
@@ -895,12 +896,13 @@ class ApiTests: AppTestCase {
895896
}
896897

897898
func test_package_collections_packageURLs() async throws {
898-
try XCTSkipIf(!isRunningInCI && Current.collectionSigningPrivateKey() == nil, "Skip test for local user due to unset COLLECTION_SIGNING_PRIVATE_KEY env variable")
899+
try XCTSkipIf(!isRunningInCI && EnvironmentClient.liveValue.collectionSigningPrivateKey() == nil, "Skip test for local user due to unset COLLECTION_SIGNING_PRIVATE_KEY env variable")
899900
let refDate = Date(timeIntervalSince1970: 0)
900901
try await withDependencies {
901902
$0.date.now = refDate
902903
$0.environment.apiSigningKey = { "secret" }
903904
$0.environment.collectionSigningCertificateChain = EnvironmentClient.liveValue.collectionSigningCertificateChain
905+
$0.environment.collectionSigningPrivateKey = EnvironmentClient.liveValue.collectionSigningPrivateKey
904906
} operation: {
905907
// setup
906908
let p1 = Package(id: UUID(uuidString: "442cf59f-0135-4d08-be00-bc9a7cebabd3")!,

Tests/AppTests/Mocks/AppEnvironment+mock.swift

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,6 @@ import Vapor
2222
extension AppEnvironment {
2323
static func mock(eventLoop: EventLoop) -> Self {
2424
.init(
25-
collectionSigningPrivateKey: AppEnvironment.live.collectionSigningPrivateKey,
2625
currentReferenceCache: { nil },
2726
dbId: { "db-id" },
2827
fetchDocumentation: { _, _ in .init(status: .ok) },

Tests/AppTests/PackageCollectionControllerTests.swift

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -22,10 +22,11 @@ import XCTVapor
2222
class PackageCollectionControllerTests: AppTestCase {
2323

2424
func test_owner_request() async throws {
25-
try XCTSkipIf(!isRunningInCI && Current.collectionSigningPrivateKey() == nil, "Skip test for local user due to unset COLLECTION_SIGNING_PRIVATE_KEY env variable")
25+
try XCTSkipIf(!isRunningInCI && EnvironmentClient.liveValue.collectionSigningPrivateKey() == nil, "Skip test for local user due to unset COLLECTION_SIGNING_PRIVATE_KEY env variable")
2626
try await withDependencies {
2727
$0.date.now = .t0
2828
$0.environment.collectionSigningCertificateChain = EnvironmentClient.liveValue.collectionSigningCertificateChain
29+
$0.environment.collectionSigningPrivateKey = EnvironmentClient.liveValue.collectionSigningPrivateKey
2930
} operation: {
3031
let p = try await savePackage(on: app.db, "https://github.com/foo/1")
3132
do {
@@ -76,10 +77,11 @@ class PackageCollectionControllerTests: AppTestCase {
7677
}
7778

7879
func test_custom_request() async throws {
79-
try XCTSkipIf(!isRunningInCI && Current.collectionSigningPrivateKey() == nil, "Skip test for local user due to unset COLLECTION_SIGNING_PRIVATE_KEY env variable")
80+
try XCTSkipIf(!isRunningInCI && EnvironmentClient.liveValue.collectionSigningPrivateKey() == nil, "Skip test for local user due to unset COLLECTION_SIGNING_PRIVATE_KEY env variable")
8081
try await withDependencies {
8182
$0.date.now = .t0
8283
$0.environment.collectionSigningCertificateChain = EnvironmentClient.liveValue.collectionSigningCertificateChain
84+
$0.environment.collectionSigningPrivateKey = EnvironmentClient.liveValue.collectionSigningPrivateKey
8385
} operation: {
8486
let p = try await savePackage(on: app.db, "https://github.com/foo/1")
8587
do {

Tests/AppTests/PackageCollectionTests.swift

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -830,17 +830,18 @@ class PackageCollectionTests: AppTestCase {
830830
}
831831

832832
func test_sign_collection() async throws {
833-
try XCTSkipIf(!isRunningInCI && Current.collectionSigningPrivateKey() == nil, "Skip test for local user due to unset COLLECTION_SIGNING_PRIVATE_KEY env variable")
834-
833+
try XCTSkipIf(!isRunningInCI && EnvironmentClient.liveValue.collectionSigningPrivateKey() == nil, "Skip test for local user due to unset COLLECTION_SIGNING_PRIVATE_KEY env variable")
834+
835835
try await withDependencies {
836836
$0.environment.collectionSigningCertificateChain = EnvironmentClient.liveValue.collectionSigningCertificateChain
837+
$0.environment.collectionSigningPrivateKey = EnvironmentClient.liveValue.collectionSigningPrivateKey
837838
} operation: {
838839
// setup
839840
let collection: PackageCollection = .mock
840-
841+
841842
// MUT
842843
let signedCollection = try await SignedCollection.sign(collection: collection)
843-
844+
844845
// validate signed collection content
845846
XCTAssertFalse(signedCollection.signature.signature.isEmpty)
846847
#if compiler(<6)
@@ -850,7 +851,7 @@ class PackageCollectionTests: AppTestCase {
850851
#else
851852
assertSnapshot(of: signedCollection, as: .json(encoder))
852853
#endif
853-
854+
854855
// validate signature
855856
let validated = try await SignedCollection.validate(signedCollection: signedCollection)
856857
XCTAssertTrue(validated)
@@ -878,11 +879,10 @@ class PackageCollectionTests: AppTestCase {
878879
SignedCollection.certsDir.appendingPathComponent("AppleIncRootCertificate.cer")
879880
]
880881
}
882+
$0.environment.collectionSigningPrivateKey = { revokedKey }
881883
} operation: {
882-
Current.collectionSigningPrivateKey = { revokedKey }
883-
884-
// MUT
885884
do {
885+
// MUT
886886
let signedCollection = try await SignedCollection.sign(collection: collection)
887887
// NB: signing _can_ succeed in case of reachability issues to verify the cert
888888
// in this case we need to check the signature

0 commit comments

Comments
 (0)