PackagingSigning: make some of the private API more public

compnerd · compnerd · commit a57fb7197c45 · 2025-06-17T17:39:32.000-07:00
This extends the visibility of some of the private implementation to the
package level to allow use for testing without `@testable` imports.
diff --git a/Sources/PackageSigning/SignatureProvider.swift b/Sources/PackageSigning/SignatureProvider.swift
@@ -87,7 +87,7 @@ public struct VerifierConfiguration {
     public var certificateRevocation: CertificateRevocation
 
     // for testing
-    init(
+    package init(
         trustedRoots: [[UInt8]],
         includeDefaultTrustStore: Bool,
         certificateExpiration: CertificateExpiration,
@@ -160,7 +160,7 @@ public enum SigningKeyType {
     // RSA support is internal/testing only, thus not included
 }
 
-enum SignatureAlgorithm {
+package enum SignatureAlgorithm {
     case ecdsaP256
     case rsa
 
@@ -198,19 +198,19 @@ protocol SignatureProviderProtocol {
 
 // MARK: - CMS signature provider
 
-struct CMSSignatureProvider: SignatureProviderProtocol {
+package struct CMSSignatureProvider: SignatureProviderProtocol {
     let signatureAlgorithm: SignatureAlgorithm
     let httpClient: HTTPClient
 
-    init(
+    package init(
         signatureAlgorithm: SignatureAlgorithm,
         customHTTPClient: HTTPClient? = .none
     ) {
         self.signatureAlgorithm = signatureAlgorithm
         self.httpClient = customHTTPClient ?? HTTPClient()
     }
 
-    func sign(
+    package func sign(
         content: [UInt8],
         identity: SigningIdentity,
         intermediateCertificates: [[UInt8]],
@@ -264,7 +264,7 @@ struct CMSSignatureProvider: SignatureProviderProtocol {
         }
     }
 
-    func status(
+    package func status(
         signature: [UInt8],
         content: [UInt8],
         verifierConfiguration: VerifierConfiguration,
diff --git a/Sources/PackageSigning/SigningEntity/FilePackageSigningEntityStorage.swift b/Sources/PackageSigning/SigningEntity/FilePackageSigningEntityStorage.swift
@@ -20,7 +20,7 @@ import struct TSCUtility.Version
 
 public struct FilePackageSigningEntityStorage: PackageSigningEntityStorage {
     let fileSystem: FileSystem
-    let directoryPath: Basics.AbsolutePath
+    package let directoryPath: Basics.AbsolutePath
 
     private let encoder: JSONEncoder
     private let decoder: JSONDecoder
@@ -231,7 +231,7 @@ private enum StorageModel {
 }
 
 extension PackageIdentity {
-    var signedVersionsFilename: String {
+    package var signedVersionsFilename: String {
         "\(self.description).json"
     }
 }
diff --git a/Sources/PackageSigning/SigningEntity/SigningEntity.swift b/Sources/PackageSigning/SigningEntity/SigningEntity.swift
@@ -24,7 +24,7 @@ public enum SigningEntity: Hashable, Codable, CustomStringConvertible, Sendable
     case recognized(type: SigningEntityType, name: String, organizationalUnit: String, organization: String)
     case unrecognized(name: String?, organizationalUnit: String?, organization: String?)
 
-    static func from(certificate: Certificate) -> SigningEntity {
+    package static func from(certificate: Certificate) -> SigningEntity {
         let name = certificate.subject.commonName
         let organizationalUnit = certificate.subject.organizationalUnitName
         let organization = certificate.subject.organizationName
diff --git a/Sources/PackageSigning/SigningIdentity.swift b/Sources/PackageSigning/SigningIdentity.swift
@@ -40,11 +40,11 @@ extension SecIdentity: SigningIdentity {}
 // MARK: - SwiftSigningIdentity is created using raw private key and certificate bytes
 
 public struct SwiftSigningIdentity: SigningIdentity {
-    let certificate: Certificate
+    package let certificate: Certificate
     let privateKey: Certificate.PrivateKey
 
     // for testing
-    init(certificate: Certificate, privateKey: Certificate.PrivateKey) {
+    package init(certificate: Certificate, privateKey: Certificate.PrivateKey) {
         self.certificate = certificate
         self.privateKey = privateKey
     }
diff --git a/Sources/PackageSigning/X509Extensions.swift b/Sources/PackageSigning/X509Extensions.swift
@@ -38,7 +38,7 @@ extension Certificate {
         self = try Certificate(Array(data))
     }
 
-    init(secIdentity: SecIdentity) throws {
+    package init(secIdentity: SecIdentity) throws {
         var secCertificate: SecCertificate?
         let status = SecIdentityCopyCertificate(secIdentity, &secCertificate)
         guard status == errSecSuccess, let secCertificate else {
@@ -56,15 +56,15 @@ extension Certificate {
 }
 
 extension DistinguishedName {
-    var commonName: String? {
+    package var commonName: String? {
         self.stringAttribute(oid: ASN1ObjectIdentifier.NameAttributes.commonName)
     }
 
-    var organizationalUnitName: String? {
+    package var organizationalUnitName: String? {
         self.stringAttribute(oid: ASN1ObjectIdentifier.NameAttributes.organizationalUnitName)
     }
 
-    var organizationName: String? {
+    package var organizationName: String? {
         self.stringAttribute(oid: ASN1ObjectIdentifier.NameAttributes.organizationName)
     }
 
@@ -83,7 +83,7 @@ extension DistinguishedName {
 extension Certificate {
     private static let cache = ThreadSafeKeyValueStore<[UInt8], Certificate>()
 
-    init(_ bytes: [UInt8]) throws {
+    package init(_ bytes: [UInt8]) throws {
         if let cached = Self.cache[bytes] {
             self = cached
         } else {

Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@ import struct TSCUtility.Version`
`20`	`20`
`21`	`21`	`public struct FilePackageSigningEntityStorage: PackageSigningEntityStorage {`
`22`	`22`	`let fileSystem: FileSystem`
`23`		`- let directoryPath: Basics.AbsolutePath`
	`23`	`+ package let directoryPath: Basics.AbsolutePath`
`24`	`24`
`25`	`25`	`private let encoder: JSONEncoder`
`26`	`26`	`private let decoder: JSONDecoder`
`@@ -231,7 +231,7 @@ private enum StorageModel {`
`231`	`231`	`}`
`232`	`232`
`233`	`233`	`extension PackageIdentity {`
`234`		`- var signedVersionsFilename: String {`
	`234`	`+ package var signedVersionsFilename: String {`
`235`	`235`	`"\(self.description).json"`
`236`	`236`	`}`
`237`	`237`	`}`
Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,7 @@ extension Certificate {`
`38`	`38`	`self = try Certificate(Array(data))`
`39`	`39`	`}`
`40`	`40`
`41`		`- init(secIdentity: SecIdentity) throws {`
	`41`	`+ package init(secIdentity: SecIdentity) throws {`
`42`	`42`	`var secCertificate: SecCertificate?`
`43`	`43`	`let status = SecIdentityCopyCertificate(secIdentity, &secCertificate)`
`44`	`44`	`guard status == errSecSuccess, let secCertificate else {`
`@@ -56,15 +56,15 @@ extension Certificate {`
`56`	`56`	`}`
`57`	`57`
`58`	`58`	`extension DistinguishedName {`
`59`		`- var commonName: String? {`
	`59`	`+ package var commonName: String? {`
`60`	`60`	`self.stringAttribute(oid: ASN1ObjectIdentifier.NameAttributes.commonName)`
`61`	`61`	`}`
`62`	`62`
`63`		`- var organizationalUnitName: String? {`
	`63`	`+ package var organizationalUnitName: String? {`
`64`	`64`	`self.stringAttribute(oid: ASN1ObjectIdentifier.NameAttributes.organizationalUnitName)`
`65`	`65`	`}`
`66`	`66`
`67`		`- var organizationName: String? {`
	`67`	`+ package var organizationName: String? {`
`68`	`68`	`self.stringAttribute(oid: ASN1ObjectIdentifier.NameAttributes.organizationName)`
`69`	`69`	`}`
`70`	`70`
`@@ -83,7 +83,7 @@ extension DistinguishedName {`
`83`	`83`	`extension Certificate {`
`84`	`84`	`private static let cache = ThreadSafeKeyValueStore<[UInt8], Certificate>()`
`85`	`85`
`86`		`- init(_ bytes: [UInt8]) throws {`
	`86`	`+ package init(_ bytes: [UInt8]) throws {`
`87`	`87`	`if let cached = Self.cache[bytes] {`
`88`	`88`	`self = cached`
`89`	`89`	`} else {`