Skip to content

Commit

Permalink
Cleanup key generation in tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@kdubb
kdubb committed Oct 16, 2023
1 parent 6ea3dfe commit dcf114a
Show file tree
Hide file tree
Showing 6 changed files with 100 additions and 115 deletions.
6 changes: 3 additions & 3 deletions Sources/ShieldSecurity/SecCertificate.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -228,7 +228,7 @@ public extension SecCertificate {
let query: [String: Any] = [
kSecReturnAttributes as String: true,
kSecValueRef as String: self,
kSecUseDataProtectionKeychain as String: true
kSecUseDataProtectionKeychain as String: true,
]

var data: CFTypeRef?
Expand All @@ -248,7 +248,7 @@ public extension SecCertificate {
kSecAttrLabel as String: UUID().uuidString,
kSecValueRef as String: self,
kSecAttrAccessible as String: accessibility.attr,
kSecUseDataProtectionKeychain as String: true
kSecUseDataProtectionKeychain as String: true,
]

var data: CFTypeRef?
Expand All @@ -267,7 +267,7 @@ public extension SecCertificate {
let query: [String: Any] = [
kSecClass as String: kSecClassCertificate,
kSecValueRef as String: self,
kSecUseDataProtectionKeychain as String: true
kSecUseDataProtectionKeychain as String: true,
]

let status = SecItemDelete(query as CFDictionary)
Expand Down
2 changes: 1 addition & 1 deletion Sources/ShieldSecurity/SecKeyPair.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,8 +141,8 @@ public struct SecKeyPair {
kSecAttrKeyType as String: type.systemValue,
kSecAttrKeySizeInBits as String: keySize,
kSecAttrIsPermanent as String: isPermanent,
kSecAttrAccessible as String: accessibility.attr,
kSecUseDataProtectionKeychain as String: true,
kSecAttrAccessible as String: accessibility.attr
]

if let label = label {
Expand Down
62 changes: 29 additions & 33 deletions Tests/CertificateBuilderECTests.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,19 +15,15 @@ import XCTest

class CertificateBuilderECTests: XCTestCase {

let outputEnabled = false
static var keyPair: SecKeyPair!

override class func setUp() {
// Keys are comparatively slow to generate... so we do it once
guard let keyPair = try? SecKeyPair.Builder(type: .ec, keySize: 256).generate(label: "Test") else {
return XCTFail("Key pair generation failed")
}
Self.keyPair = keyPair
static let outputEnabled = false
var keyPair: SecKeyPair!

override func setUpWithError() throws {
keyPair = try SecKeyPair.Builder(type: .ec, keySize: 256).generate(label: "Test")
}

override class func tearDown() {
try? keyPair.delete()
override func tearDownWithError() throws {
try? keyPair?.delete()
}

func testBuildVer1() throws {
Expand All @@ -38,10 +34,10 @@ class CertificateBuilderECTests: XCTestCase {
let cert =
try Certificate.Builder()
.subject(name: subject)
.publicKey(keyPair: Self.keyPair)
.publicKey(keyPair: keyPair)
.issuer(name: issuer)
.valid(for: 86400 * 365)
.build(signingKey: Self.keyPair.privateKey, digestAlgorithm: .sha256)
.build(signingKey: keyPair.privateKey, digestAlgorithm: .sha256)

output(cert)

Expand All @@ -59,10 +55,10 @@ class CertificateBuilderECTests: XCTestCase {
let cert =
try Certificate.Builder()
.subject(name: subject, uniqueID: subjectID)
.publicKey(keyPair: Self.keyPair)
.publicKey(keyPair: keyPair)
.issuer(name: issuer)
.valid(for: 86400 * 365)
.build(signingKey: Self.keyPair.privateKey, digestAlgorithm: .sha256)
.build(signingKey: keyPair.privateKey, digestAlgorithm: .sha256)

output(cert)

Expand All @@ -81,10 +77,10 @@ class CertificateBuilderECTests: XCTestCase {
let cert =
try Certificate.Builder()
.subject(name: subject)
.publicKey(keyPair: Self.keyPair)
.publicKey(keyPair: keyPair)
.issuer(name: issuer, uniqueID: issuerID)
.valid(for: 86400 * 365)
.build(signingKey: Self.keyPair.privateKey, digestAlgorithm: .sha256)
.build(signingKey: keyPair.privateKey, digestAlgorithm: .sha256)

output(cert)

Expand All @@ -104,10 +100,10 @@ class CertificateBuilderECTests: XCTestCase {
let cert =
try Certificate.Builder()
.subject(name: subject, uniqueID: subjectID)
.publicKey(keyPair: Self.keyPair)
.publicKey(keyPair: keyPair)
.issuer(name: issuer, uniqueID: issuerID)
.valid(for: 86400 * 365)
.build(signingKey: Self.keyPair.privateKey, digestAlgorithm: .sha256)
.build(signingKey: keyPair.privateKey, digestAlgorithm: .sha256)

output(cert)

Expand All @@ -129,14 +125,14 @@ class CertificateBuilderECTests: XCTestCase {
try Certificate.Builder()
.subject(name: subject, uniqueID: subjectID)
.addSubjectAlternativeNames(names: .dnsName("github.com/outfoxx/Shield"))
.publicKey(keyPair: Self.keyPair)
.publicKey(keyPair: keyPair)
.extendedKeyUsage(
keyPurposes: [iso.org.dod.internet.security.mechanisms.pkix.kp.serverAuth.oid],
isCritical: false
)
.issuer(name: issuer, uniqueID: issuerID)
.valid(for: 86400 * 365)
.build(signingKey: Self.keyPair.privateKey, digestAlgorithm: .sha256)
.build(signingKey: keyPair.privateKey, digestAlgorithm: .sha256)

output(cert)

Expand All @@ -156,10 +152,10 @@ class CertificateBuilderECTests: XCTestCase {
try Certificate.Builder()
.subject(name: subject)
.addSubjectAlternativeNames(names: .dnsName("github.com/outfoxx/Shield"))
.publicKey(keyPair: Self.keyPair)
.publicKey(keyPair: keyPair)
.issuer(name: issuer)
.valid(for: 86400 * 365)
.build(signingKey: Self.keyPair.privateKey, digestAlgorithm: .sha256)
.build(signingKey: keyPair.privateKey, digestAlgorithm: .sha256)

output(cert)

Expand All @@ -179,18 +175,18 @@ class CertificateBuilderECTests: XCTestCase {
try Certificate.Builder()
.subject(name: subject, uniqueID: subjectID)
.addSubjectAlternativeNames(names: .dnsName("github.com/outfoxx/Shield"))
.publicKey(keyPair: Self.keyPair)
.publicKey(keyPair: keyPair)
.issuer(name: issuer, uniqueID: issuerID)
.addIssuerAlternativeNames(names: .dnsName("github.com/outfoxx/Shield/CA"))
.basicConstraints(ca: true)
.authorityKeyIdentifier(
Digester.digest(Self.keyPair.encodedPublicKey(), using: .sha1),
Digester.digest(keyPair.encodedPublicKey(), using: .sha1),
certIssuer: [.dnsName("github.com/outfoxx/Shield/CA")],
certSerialNumber: Certificate.Builder.randomSerialNumber()
)
.computeSubjectKeyIdentifier()
.valid(for: 86400 * 365)
.build(signingKey: Self.keyPair.privateKey, digestAlgorithm: .sha256)
.build(signingKey: keyPair.privateKey, digestAlgorithm: .sha256)

output(cert)

Expand All @@ -208,8 +204,8 @@ class CertificateBuilderECTests: XCTestCase {
let csrData =
try CertificationRequest.Builder()
.subject(name: NameBuilder().add("Shield Subject", forTypeName: "CN").name)
.publicKey(keyPair: Self.keyPair)
.build(signingKey: Self.keyPair.privateKey, digestAlgorithm: .sha256)
.publicKey(keyPair: keyPair)
.build(signingKey: keyPair.privateKey, digestAlgorithm: .sha256)
.encoded()

let csr = try ASN1Decoder.decode(CertificationRequest.self, from: csrData)
Expand All @@ -222,7 +218,7 @@ class CertificateBuilderECTests: XCTestCase {
.request(csr)
.issuer(name: csr.certificationRequestInfo.subject)
.valid(for: 86400 * 365)
.build(signingKey: Self.keyPair.privateKey, digestAlgorithm: .sha256)
.build(signingKey: keyPair.privateKey, digestAlgorithm: .sha256)

output(cert)

Expand All @@ -237,12 +233,12 @@ class CertificateBuilderECTests: XCTestCase {
try CertificationRequest.Builder()
.subject(name: NameBuilder().add("Shield Subject", forTypeName: "CN").name)
.addAlternativeNames(names: altNames)
.publicKey(keyPair: Self.keyPair, usage: [.dataEncipherment])
.publicKey(keyPair: keyPair, usage: [.dataEncipherment])
.extendedKeyUsage(
keyPurposes: [iso.org.dod.internet.security.mechanisms.pkix.kp.serverAuth.oid],
isCritical: false
)
.build(signingKey: Self.keyPair.privateKey, digestAlgorithm: .sha256)
.build(signingKey: keyPair.privateKey, digestAlgorithm: .sha256)
.encoded()

let csr = try ASN1Decoder.decode(CertificationRequest.self, from: csrData)
Expand All @@ -255,7 +251,7 @@ class CertificateBuilderECTests: XCTestCase {
.request(csr)
.issuer(name: csr.certificationRequestInfo.subject)
.valid(for: 86400 * 365)
.build(signingKey: Self.keyPair.privateKey, digestAlgorithm: .sha256)
.build(signingKey: keyPair.privateKey, digestAlgorithm: .sha256)

output(cert)

Expand All @@ -264,7 +260,7 @@ class CertificateBuilderECTests: XCTestCase {
}

func output(_ value: Encodable & SchemaSpecified) {
guard outputEnabled else { return }
guard Self.outputEnabled else { return }
guard let data = try? value.encoded().base64EncodedString() else { return }
print(data)
}
Expand Down
Loading

0 comments on commit dcf114a

Please sign in to comment.