diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e261dea..60afc98 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -14,7 +14,6 @@ jobs: name: Unit tests uses: apple/swift-nio/.github/workflows/unit_tests.yml@main with: - linux_5_10_arguments_override: "--explicit-target-dependency-import-check error" linux_6_0_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error -Xswiftc -require-explicit-sendable" linux_6_1_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error -Xswiftc -require-explicit-sendable" linux_6_2_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error -Xswiftc -require-explicit-sendable" diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 66d0822..f7fe453 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -18,7 +18,6 @@ jobs: name: Unit tests uses: apple/swift-nio/.github/workflows/unit_tests.yml@main with: - linux_5_10_arguments_override: "--explicit-target-dependency-import-check error" linux_6_0_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error -Xswiftc -require-explicit-sendable" linux_6_1_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error -Xswiftc -require-explicit-sendable" linux_6_2_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error -Xswiftc -require-explicit-sendable" diff --git a/Benchmarks/Benchmarks/CertificatesBenchmark/VerifierBenchmark.swift b/Benchmarks/Benchmarks/CertificatesBenchmark/VerifierBenchmark.swift index 0fa7b9e..824f80d 100644 --- a/Benchmarks/Benchmarks/CertificatesBenchmark/VerifierBenchmark.swift +++ b/Benchmarks/Benchmarks/CertificatesBenchmark/VerifierBenchmark.swift @@ -13,7 +13,7 @@ //===----------------------------------------------------------------------===// import Benchmark -import X509 +@_spi(FixedExpiryValidationTime) import X509 import Foundation import Crypto import SwiftASN1 @@ -50,7 +50,7 @@ func testTrivialChainBuilding() async -> Int { let roots = CertificateStore([TestCertificate.ca1]) var verifier = Verifier(rootCertificates: roots) { - RFC5280Policy(validationTime: TestCertificate.referenceTime) + RFC5280Policy(fixedExpiryValidationTime: TestCertificate.referenceTime) } let result = await verifier.validate( leaf: TestCertificate.localhostLeaf, @@ -67,7 +67,9 @@ func testTrivialChainBuilding() async -> Int { func testExtraRootsAreIgnored() async -> Int { let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + var verifier = Verifier(rootCertificates: roots) { + RFC5280Policy(fixedExpiryValidationTime: TestCertificate.referenceTime) + } let result = await verifier.validate( leaf: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1]) @@ -83,7 +85,9 @@ func testExtraRootsAreIgnored() async -> Int { func testPuttingRootsInTheIntermediariesIsntAProblem() async -> Int { let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + var verifier = Verifier(rootCertificates: roots) { + RFC5280Policy(fixedExpiryValidationTime: TestCertificate.referenceTime) + } let result = await verifier.validate( leaf: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca1, TestCertificate.ca2]) @@ -99,7 +103,9 @@ func testPuttingRootsInTheIntermediariesIsntAProblem() async -> Int { func testSupportsCrossSignedRootWithoutTrouble() async -> Int { let roots = CertificateStore([TestCertificate.ca2]) - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + var verifier = Verifier(rootCertificates: roots) { + RFC5280Policy(fixedExpiryValidationTime: TestCertificate.referenceTime) + } let result = await verifier.validate( leaf: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca1CrossSignedByCA2]) @@ -115,7 +121,9 @@ func testSupportsCrossSignedRootWithoutTrouble() async -> Int { func testBuildsTheShorterPathInTheCaseOfCrossSignedRoots() async -> Int { let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + var verifier = Verifier(rootCertificates: roots) { + RFC5280Policy(fixedExpiryValidationTime: TestCertificate.referenceTime) + } let result = await verifier.validate( leaf: TestCertificate.localhostLeaf, intermediates: CertificateStore([ @@ -133,7 +141,9 @@ func testBuildsTheShorterPathInTheCaseOfCrossSignedRoots() async -> Int { func testPrefersToUseIntermediatesWithSKIThatMatches() async -> Int { let roots = CertificateStore([TestCertificate.ca1]) - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + var verifier = Verifier(rootCertificates: roots) { + RFC5280Policy(fixedExpiryValidationTime: TestCertificate.referenceTime) + } let result = await verifier.validate( leaf: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.intermediate1WithoutSKIAKI]) @@ -149,7 +159,9 @@ func testPrefersToUseIntermediatesWithSKIThatMatches() async -> Int { func testPrefersNoSKIToNonMatchingSKI() async -> Int { let roots = CertificateStore([TestCertificate.ca1]) - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + var verifier = Verifier(rootCertificates: roots) { + RFC5280Policy(fixedExpiryValidationTime: TestCertificate.referenceTime) + } let result = await verifier.validate( leaf: TestCertificate.localhostLeaf, intermediates: CertificateStore([ @@ -167,7 +179,9 @@ func testPrefersNoSKIToNonMatchingSKI() async -> Int { func testRejectsRootsThatDidNotSignTheCertBeforeThem() async -> Int { let roots = CertificateStore([TestCertificate.ca1WithAlternativePrivateKey, TestCertificate.ca2]) - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + var verifier = Verifier(rootCertificates: roots) { + RFC5280Policy(fixedExpiryValidationTime: TestCertificate.referenceTime) + } let result = await verifier.validate( leaf: TestCertificate.localhostLeaf, intermediates: CertificateStore([ @@ -186,7 +200,7 @@ func testPolicyFailuresCanFindLongerPaths() async -> Int { var verifier = Verifier(rootCertificates: roots) { FailIfCertInChainPolicy(forbiddenCert: TestCertificate.ca1) - RFC5280Policy(validationTime: TestCertificate.referenceTime) + RFC5280Policy(fixedExpiryValidationTime: TestCertificate.referenceTime) } let result = await verifier.validate( leaf: TestCertificate.localhostLeaf, @@ -205,7 +219,9 @@ func testPolicyFailuresCanFindLongerPaths() async -> Int { func testSelfSignedCertsAreTrustedWhenInTrustStore() async -> Int { let roots = CertificateStore([TestCertificate.ca1, TestCertificate.isolatedSelfSignedCert]) - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + var verifier = Verifier(rootCertificates: roots) { + RFC5280Policy(fixedExpiryValidationTime: TestCertificate.referenceTime) + } let result = await verifier.validate( leaf: TestCertificate.isolatedSelfSignedCert, intermediates: CertificateStore([TestCertificate.intermediate1]) @@ -246,7 +262,9 @@ func testTrustRootsCanBeNonSelfSignedLeaves() async -> Int { func testTrustRootsCanBeNonSelfSignedIntermediates() async -> Int { let roots = CertificateStore([TestCertificate.intermediate1]) - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + var verifier = Verifier(rootCertificates: roots) { + RFC5280Policy(fixedExpiryValidationTime: TestCertificate.referenceTime) + } let result = await verifier.validate( leaf: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1]) @@ -275,7 +293,9 @@ func testWePoliceCriticalExtensionsOnLeafCerts() async -> Int { TestCertificate.ca1, TestCertificate.isolatedSelfSignedCertWithWeirdCriticalExtension, ]) - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + var verifier = Verifier(rootCertificates: roots) { + RFC5280Policy(fixedExpiryValidationTime: TestCertificate.referenceTime) + } let result = await verifier.validate( leaf: TestCertificate.isolatedSelfSignedCertWithWeirdCriticalExtension, intermediates: CertificateStore([TestCertificate.intermediate1]) @@ -291,7 +311,9 @@ func testWePoliceCriticalExtensionsOnLeafCerts() async -> Int { func testMissingIntermediateFailsToBuild() async -> Int { let roots = CertificateStore([TestCertificate.ca1]) - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + var verifier = Verifier(rootCertificates: roots) { + RFC5280Policy(fixedExpiryValidationTime: TestCertificate.referenceTime) + } let result = await verifier.validate( leaf: TestCertificate.localhostLeaf, intermediates: CertificateStore([]) @@ -307,7 +329,9 @@ func testMissingIntermediateFailsToBuild() async -> Int { func testSelfSignedCertsAreRejectedWhenNotInTheTrustStore() async -> Int { let roots = CertificateStore([TestCertificate.ca1]) - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + var verifier = Verifier(rootCertificates: roots) { + RFC5280Policy(fixedExpiryValidationTime: TestCertificate.referenceTime) + } let result = await verifier.validate( leaf: TestCertificate.isolatedSelfSignedCert, intermediates: CertificateStore([TestCertificate.intermediate1]) @@ -322,7 +346,9 @@ func testSelfSignedCertsAreRejectedWhenNotInTheTrustStore() async -> Int { func testMissingRootFailsToBuild() async -> Int { let roots = CertificateStore([]) - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + var verifier = Verifier(rootCertificates: roots) { + RFC5280Policy(fixedExpiryValidationTime: TestCertificate.referenceTime) + } let result = await verifier.validate( leaf: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1]) diff --git a/Benchmarks/Package.swift b/Benchmarks/Package.swift index c7856b4..4803421 100644 --- a/Benchmarks/Package.swift +++ b/Benchmarks/Package.swift @@ -1,4 +1,4 @@ -// swift-tools-version:5.10 +// swift-tools-version:6.0 //===----------------------------------------------------------------------===// // // This source file is part of the SwiftCertificates open source project diff --git a/Benchmarks/Thresholds/5.10/CertificatesBenchmark.Parse_WebPKI_Roots_from_DER.p90.json b/Benchmarks/Thresholds/5.10/CertificatesBenchmark.Parse_WebPKI_Roots_from_DER.p90.json deleted file mode 100644 index bed4124..0000000 --- a/Benchmarks/Thresholds/5.10/CertificatesBenchmark.Parse_WebPKI_Roots_from_DER.p90.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "mallocCountTotal" : 5728000 -} \ No newline at end of file diff --git a/Benchmarks/Thresholds/5.10/CertificatesBenchmark.Parse_WebPKI_Roots_from_PEM_files.p90.json b/Benchmarks/Thresholds/5.10/CertificatesBenchmark.Parse_WebPKI_Roots_from_PEM_files.p90.json deleted file mode 100644 index 4e53927..0000000 --- a/Benchmarks/Thresholds/5.10/CertificatesBenchmark.Parse_WebPKI_Roots_from_PEM_files.p90.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "mallocCountTotal" : 6687000 -} \ No newline at end of file diff --git a/Benchmarks/Thresholds/5.10/CertificatesBenchmark.Parse_WebPKI_Roots_from_multi_PEM_file.p90.json b/Benchmarks/Thresholds/5.10/CertificatesBenchmark.Parse_WebPKI_Roots_from_multi_PEM_file.p90.json deleted file mode 100644 index 90ff73d..0000000 --- a/Benchmarks/Thresholds/5.10/CertificatesBenchmark.Parse_WebPKI_Roots_from_multi_PEM_file.p90.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "mallocCountTotal" : 6695000 -} \ No newline at end of file diff --git a/Benchmarks/Thresholds/5.10/CertificatesBenchmark.TinyArray.append.p90.json b/Benchmarks/Thresholds/5.10/CertificatesBenchmark.TinyArray.append.p90.json deleted file mode 100644 index a739874..0000000 --- a/Benchmarks/Thresholds/5.10/CertificatesBenchmark.TinyArray.append.p90.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "mallocCountTotal" : 10000 -} \ No newline at end of file diff --git a/Benchmarks/Thresholds/5.10/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json b/Benchmarks/Thresholds/5.10/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json deleted file mode 100644 index 9f9de44..0000000 --- a/Benchmarks/Thresholds/5.10/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "mallocCountTotal" : 0 -} \ No newline at end of file diff --git a/Benchmarks/Thresholds/5.10/CertificatesBenchmark.Verifier.p90.json b/Benchmarks/Thresholds/5.10/CertificatesBenchmark.Verifier.p90.json deleted file mode 100644 index 36d6c87..0000000 --- a/Benchmarks/Thresholds/5.10/CertificatesBenchmark.Verifier.p90.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "mallocCountTotal" : 918010 -} diff --git a/Package.swift b/Package.swift index a9a0186..e80a2be 100644 --- a/Package.swift +++ b/Package.swift @@ -1,4 +1,4 @@ -// swift-tools-version:5.10 +// swift-tools-version:6.0 //===----------------------------------------------------------------------===// // // This source file is part of the SwiftCertificates open source project @@ -85,12 +85,6 @@ if ProcessInfo.processInfo.environment["SWIFTCI_USE_LOCAL_DEPS"] == nil { ] } -for target in package.targets { - var settings = target.swiftSettings ?? [] - settings.append(.enableExperimentalFeature("StrictConcurrency=complete")) - target.swiftSettings = settings -} - // --- STANDARD CROSS-REPO SETTINGS DO NOT EDIT --- // for target in package.targets { switch target.type { diff --git a/Tests/X509Tests/PEMTests.swift b/Tests/X509Tests/PEMTests.swift index 2e37c9d..1bb2f88 100644 --- a/Tests/X509Tests/PEMTests.swift +++ b/Tests/X509Tests/PEMTests.swift @@ -122,7 +122,8 @@ final class PEMTests: XCTestCase { func testRSAPrivateKey() throws { // generated with "openssl genpkey -algorithm rsa" let rsaKey = try String( - contentsOf: XCTUnwrap(Bundle.module.url(forResource: "PEMTestRSACertificate", withExtension: "pem")) + contentsOf: XCTUnwrap(Bundle.module.url(forResource: "PEMTestRSACertificate", withExtension: "pem")), + encoding: .ascii ) let privateKey = try Certificate.PrivateKey(pemEncoded: rsaKey) guard case .rsa = privateKey.backing else {