swiftlang
diff --git a/‎Fixtures/Collections/Signing/Test_ec.cer
559 Bytes b/‎Fixtures/Collections/Signing/Test_ec.cer
559 Bytes
diff --git a/‎Fixtures/Collections/Signing/Test_rsa.cer
923 Bytes b/‎Fixtures/Collections/Signing/Test_rsa.cer
923 Bytes
diff --git a/‎Package.swift
Lines changed: 10 additions & 2 deletions b/‎Package.swift
Lines changed: 10 additions & 2 deletions
diff --git a/‎Sources/CMakeLists.txt
Lines changed: 2 additions & 1 deletion b/‎Sources/CMakeLists.txt
Lines changed: 2 additions & 1 deletion
diff --git a/‎Sources/PackageCollections/CMakeLists.txt
Lines changed: 0 additions & 4 deletions b/‎Sources/PackageCollections/CMakeLists.txt
Lines changed: 0 additions & 4 deletions
diff --git a/‎Sources/PackageCollectionsSigning/CMakeLists.txt
Lines changed: 42 additions & 0 deletions b/‎Sources/PackageCollectionsSigning/CMakeLists.txt
Lines changed: 42 additions & 0 deletions
diff --git a/‎Sources/PackageCollectionsSigning/Certificate/Certificate.swift
Lines changed: 145 additions & 0 deletions b/‎Sources/PackageCollectionsSigning/Certificate/Certificate.swift
Lines changed: 145 additions & 0 deletions
@@ -152,11 +152,16 @@ let package = Package(
             /** Package collections models */
             name: "PackageCollectionsModel",
             dependencies: []),
+        
+        .target(
+             /** Package collections signing */
+             name: "PackageCollectionsSigning",
+             dependencies: ["Crypto"]),
 
         .target(
             /** Data structures and support for package collections */
             name: "PackageCollections",
-            dependencies: ["SwiftToolsSupport-auto", "Basics", "PackageModel", "SourceControl", "PackageCollectionsModel", "Crypto"]),
+            dependencies: ["SwiftToolsSupport-auto", "Basics", "PackageModel", "SourceControl", "PackageCollectionsModel"]),
 
         // MARK: Package Manager Functionality
 
@@ -265,9 +270,12 @@ let package = Package(
         .testTarget(
             name: "PackageCollectionsModelTests",
             dependencies: ["PackageCollectionsModel"]),
+        .testTarget(
+            name: "PackageCollectionsSigningTests",
+            dependencies: ["PackageCollectionsSigning", "SPMTestSupport"]),
         .testTarget(
             name: "PackageCollectionsTests",
-            dependencies: ["SPMTestSupport", "PackageCollections"]),
+            dependencies: ["PackageCollections", "SPMTestSupport"]),
         .testTarget(
             name: "SourceControlTests",
             dependencies: ["SourceControl", "SPMTestSupport"]),
 
@@ -1,6 +1,6 @@
 # This source file is part of the Swift.org open source project
 #
-# Copyright (c) 2014 - 2019 Apple Inc. and the Swift project authors
+# Copyright (c) 2014 - 2021 Apple Inc. and the Swift project authors
 # Licensed under Apache License v2.0 with Runtime Library Exception
 #
 # See http://swift.org/LICENSE.txt for license information
@@ -12,6 +12,7 @@ add_subdirectory(Commands)
 add_subdirectory(LLBuildManifest)
 add_subdirectory(PackageCollections)
 add_subdirectory(PackageCollectionsModel)
+add_subdirectory(PackageCollectionsSigning)
 add_subdirectory(PackageDescription)
 add_subdirectory(PackageGraph)
 add_subdirectory(PackageLoading)
 
@@ -32,15 +32,11 @@ target_link_libraries(PackageCollections PUBLIC
   TSCBasic
   TSCUtility
   Basics
-  Crypto
-  CCryptoBoringSSL
   PackageModel
   SourceControl)
 # NOTE(compnerd) workaround for CMake not setting up include flags yet
 set_target_properties(PackageCollections PROPERTIES
   INTERFACE_INCLUDE_DIRECTORIES ${CMAKE_Swift_MODULE_DIRECTORY})
-target_link_options(PackageCollections PRIVATE
-    "$<$<PLATFORM_ID:Darwin>:SHELL:-Xlinker -framework -Xlinker Security>")
 
 if(USE_CMAKE_INSTALL)
 install(TARGETS PackageCollections
 
@@ -0,0 +1,42 @@
+# This source file is part of the Swift.org open source project
+#
+# Copyright (c) 2021 Apple Inc. and the Swift project authors
+# Licensed under Apache License v2.0 with Runtime Library Exception
+#
+# See http://swift.org/LICENSE.txt for license information
+# See http://swift.org/CONTRIBUTORS.txt for Swift project authors
+
+add_library(PackageCollectionsSigning
+  Certificate/Certificate.swift
+  Key/ASN1/ASN1.swift
+  Key/ASN1/ASN1Error.swift
+  Key/ASN1/PEMDocument.swift
+  Key/ASN1/SEC1PrivateKey.swift
+  Key/ASN1/SubjectPublicKeyInfo.swift
+  Key/ASN1/Types/ASN1BitString.swift
+  Key/ASN1/Types/ASN1Identifier.swift
+  Key/ASN1/Types/ASN1Integer.swift
+  Key/ASN1/Types/ASN1ObjectIdentifier.swift
+  Key/ASN1/Types/ASN1OctetString.swift
+  Key/Key.swift
+  Key/Key+EC.swift
+  Key/Key+RSA.swift
+  Utilities/Utilities.swift)
+target_link_libraries(PackageCollectionsSigning PUBLIC
+   $<$<NOT:$<PLATFORM_ID:Darwin>>:dispatch>
+   $<$<NOT:$<PLATFORM_ID:Darwin>>:Foundation>)
+target_link_libraries(PackageCollectionsSigning PRIVATE
+  Crypto)
+# NOTE(compnerd) workaround for CMake not setting up include flags yet
+set_target_properties(PackageCollectionsSigning PROPERTIES
+  INTERFACE_INCLUDE_DIRECTORIES ${CMAKE_Swift_MODULE_DIRECTORY})
+target_link_options(PackageCollectionsSigning PRIVATE
+    "$<$<PLATFORM_ID:Darwin>:SHELL:-Xlinker -framework -Xlinker Security>")
+
+if(USE_CMAKE_INSTALL)
+install(TARGETS PackageCollectionsSigning
+  ARCHIVE DESTINATION lib
+  LIBRARY DESTINATION lib
+  RUNTIME DESTINATION bin)
+endif()
+set_property(GLOBAL APPEND PROPERTY SwiftPM_EXPORTS PackageCollectionsSigning)
@@ -0,0 +1,145 @@
+/*
+ This source file is part of the Swift.org open source project
+
+ Copyright (c) 2021 Apple Inc. and the Swift project authors
+ Licensed under Apache License v2.0 with Runtime Library Exception
+
+ See http://swift.org/LICENSE.txt for license information
+ See http://swift.org/CONTRIBUTORS.txt for Swift project authors
+ */
+
+import struct Foundation.Data
+
+#if canImport(Security)
+import Security
+#endif
+
+#if canImport(Security)
+typealias Certificate = CoreCertificate
+#else
+typealias Certificate = BoringSSLCertificate
+#endif
+
+// MARK: - Certificate implementation using the Security framework
+
+#if canImport(Security)
+struct CoreCertificate {
+    let underlying: SecCertificate
+
+    init(derEncoded data: Data) throws {
+        guard let certificate = SecCertificateCreateWithData(nil, data as CFData) else {
+            throw CertificateError.initializationFailure
+        }
+        self.underlying = certificate
+    }
+
+    func subject() throws -> CertificateName {
+        try self.extractName(kSecOIDX509V1SubjectName)
+    }
+
+    func issuer() throws -> CertificateName {
+        try self.extractName(kSecOIDX509V1IssuerName)
+    }
+
+    private func extractName(_ name: CFString) throws -> CertificateName {
+        guard let dict = SecCertificateCopyValues(self.underlying, [name] as CFArray, nil) as? [CFString: Any],
+            let nameDict = dict[name] as? [CFString: Any],
+            let propValueList = nameDict[kSecPropertyKeyValue] as? [[String: Any]] else {
+            throw CertificateError.nameExtractionFailure
+        }
+
+        let props = propValueList.reduce(into: [String: String]()) { result, item in
+            if let label = item["label"] as? String, let value = item["value"] as? String {
+                result[label] = value
+            }
+        }
+
+        return CertificateName(
+            userID: props["0.9.2342.19200300.100.1.1"], // FIXME: don't hardcode?
+            commonName: props[kSecOIDCommonName as String],
+            organization: props[kSecOIDOrganizationName as String],
+            organizationalUnit: props[kSecOIDOrganizationalUnitName as String]
+        )
+    }
+
+    func publicKey() throws -> PublicKey {
+        guard let key = SecCertificateCopyKey(self.underlying) else {
+            throw CertificateError.keyExtractionFailure
+        }
+
+        var error: Unmanaged<CFError>?
+        guard let data = SecKeyCopyExternalRepresentation(key, &error) as Data? else {
+            throw error.map { $0.takeRetainedValue() as Error } ?? CertificateError.keyExtractionFailure
+        }
+
+        switch try self.keyType(of: key) {
+        case .RSA:
+            return try CoreRSAPublicKey(data: data)
+        case .EC:
+            return try ECPublicKey(data: data)
+        }
+    }
+
+    func keyType() throws -> KeyType {
+        guard let key = SecCertificateCopyKey(self.underlying) else {
+            throw CertificateError.keyExtractionFailure
+        }
+        return try self.keyType(of: key)
+    }
+
+    private func keyType(of key: SecKey) throws -> KeyType {
+        guard let attributes = SecKeyCopyAttributes(key) as? [CFString: Any],
+            let keyType = attributes[kSecAttrKeyType] as? String else {
+            throw CertificateError.indeterminateKeyType
+        }
+
+        if keyType == (kSecAttrKeyTypeRSA as String) {
+            return .RSA
+        } else if keyType == (kSecAttrKeyTypeEC as String) {
+            return .EC
+        } else {
+            throw CertificateError.unsupportedKeyType
+        }
+    }
+}
+
+// MARK: - Certificate implementation using BoringSSL
+
+#else
+final class BoringSSLCertificate {
+    init(derEncoded data: Data) throws {
+        fatalError("Not implemented: \(#function)")
+    }
+
+    func subject() throws -> CertificateName {
+        fatalError("Not implemented: \(#function)")
+    }
+
+    func issuer() throws -> CertificateName {
+        fatalError("Not implemented: \(#function)")
+    }
+
+    func publicKey() throws -> PublicKey {
+        fatalError("Not implemented: \(#function)")
+    }
+
+    func keyType() throws -> KeyType {
+        fatalError("Not implemented: \(#function)")
+    }
+}
+#endif
+
+struct CertificateName {
+    let userID: String?
+    let commonName: String?
+    let organization: String?
+    let organizationalUnit: String?
+}
+
+enum CertificateError: Error {
+    case initializationFailure
+    case nameExtractionFailure
+    case keyExtractionFailure
+    case indeterminateKeyType
+    case unsupportedKeyType
+}