Use packaged public key for signature validation

Modules/CommonsLib/Sources/CommonsLib/Constants.swift

@@ -109,7 +109,6 @@ public struct Constants {
 
     public struct Configuration {
         public static let CachedConfigJson = "active-config.json"
-        public static let CachedConfigEcPub = "active-config.ecpub"
         public static let CachedConfigEcc = "active-config.ecc"
         public static let CacheConfigFolder = "config"
 

Modules/ConfigLib/Sources/ConfigLib/Configuration/Cache/ConfigurationCache.swift

@@ -34,7 +34,6 @@ actor ConfigurationCache: ConfigurationCacheProtocol, Loggable {
 
     public func cacheConfigurationFiles(
         confData: String,
-        publicKey: String,
         signature: String,
         configDir: URL
     ) async throws {
@@ -48,16 +47,6 @@ actor ConfigurationCache: ConfigurationCacheProtocol, Loggable {
             configDir: configDir
         )
 
-        guard let publicKeyBytes = publicKey.data(using: .utf8) else {
-            throw ConfigurationCacheError.invalidData("Invalid UTF-8 encoding for publicKey")
-        }
-
-        try await cacheFile(
-            fileName: CommonsLib.Constants.Configuration.CachedConfigEcPub,
-            data: publicKeyBytes,
-            configDir: configDir
-        )
-
         guard let signatureBytes = signature.data(using: .utf8) else {
             throw ConfigurationCacheError.invalidData("Invalid UTF-8 encoding for signature")
         }

Modules/ConfigLib/Sources/ConfigLib/Configuration/Cache/ConfigurationCacheProtocol.swift

@@ -24,7 +24,6 @@ import CommonsLib
 public protocol ConfigurationCacheProtocol: Sendable {
     func cacheConfigurationFiles(
         confData: String,
-        publicKey: String,
         signature: String,
         configDir: URL
     ) async throws

Modules/ConfigLib/Sources/ConfigLib/Configuration/Loader/ConfigurationLoader.swift

@@ -111,28 +111,34 @@ public actor ConfigurationLoader: ConfigurationLoaderProtocol, Loggable {
         let confFile = configDir.appending(
             path: CommonsLib.Constants.Configuration.CachedConfigJson
         )
-        let publicKeyFile = configDir.appending(
-            path: CommonsLib.Constants.Configuration.CachedConfigEcPub
-        )
+
+        guard
+            let publicKeyURL = bundle.url(
+                forResource: CommonsLib.Constants.Configuration.DefaultConfigEcPub,
+                withExtension: nil
+            ),
+            let publicKey = try? String(contentsOf: publicKeyURL)
+        else {
+            throw ConfigurationLoaderError.publicKeyNotFound
+        }
+
         let signatureFile = configDir.appending(
             path: CommonsLib.Constants.Configuration.CachedConfigEcc
         )
 
         let configFilesExist =
             fileManager.fileExists(atPath: confFile.resolvedPath) &&
-            fileManager.fileExists(atPath: publicKeyFile.resolvedPath) &&
             fileManager.fileExists(atPath: signatureFile.resolvedPath)
 
         if configFilesExist {
             ConfigurationLoader.logger().debug("Initializing cached configuration")
 
             let confFileContents = try String(contentsOf: confFile, encoding: .utf8)
-            let publicKeyContents = try String(contentsOf: publicKeyFile, encoding: .utf8)
             let signatureContents = try String(contentsOf: signatureFile, encoding: .utf8)
 
             try configurationSignatureVerifier.verifyConfigurationSignature(
                 config: confFileContents,
-                publicKey: publicKeyContents,
+                publicKey: publicKey,
                 signature: signatureContents
             )
 
@@ -147,7 +153,6 @@ public actor ConfigurationLoader: ConfigurationLoaderProtocol, Loggable {
 
             try await configurationCache.cacheConfigurationFiles(
                 confData: confFileContents,
-                publicKey: publicKeyContents,
                 signature: signatureContents,
                 configDir: configDir
             )
@@ -230,7 +235,6 @@ public actor ConfigurationLoader: ConfigurationLoaderProtocol, Loggable {
 
         try await configurationCache.cacheConfigurationFiles(
             confData: confData,
-            publicKey: publicKey,
             signature: signatureText,
             configDir: configDir
         )
@@ -286,9 +290,6 @@ public actor ConfigurationLoader: ConfigurationLoaderProtocol, Loggable {
             let centralConfig = try await centralConfigurationRepository.fetchConfiguration(
                 proxyInfo: proxyInfo
             )
-            let centralPublicKey = try await centralConfigurationRepository.fetchPublicKey(
-                proxyInfo: proxyInfo
-            )
 
             let centralConfigurationProvider = try JSONDecoder().decode(
                 ConfigurationProvider.self, from: Data(centralConfig.utf8)
@@ -297,10 +298,20 @@ public actor ConfigurationLoader: ConfigurationLoaderProtocol, Loggable {
                 "Initializing configuration version \(centralConfigurationProvider.metaInf.serial)"
             )
 
+            guard
+                let publicKeyURL = bundle.url(
+                    forResource: CommonsLib.Constants.Configuration.DefaultConfigEcPub,
+                    withExtension: nil
+                ),
+                let publicKey = try? String(contentsOf: publicKeyURL)
+            else {
+                throw ConfigurationLoaderError.publicKeyNotFound
+            }
+
             do {
                 try configurationSignatureVerifier.verifyConfigurationSignature(
                     config: centralConfig,
-                    publicKey: centralPublicKey,
+                    publicKey: publicKey,
                     signature: centralSignature
                 )
             } catch {
@@ -313,7 +324,6 @@ public actor ConfigurationLoader: ConfigurationLoaderProtocol, Loggable {
             ) {
                 try await configurationCache.cacheConfigurationFiles(
                     confData: centralConfig,
-                    publicKey: centralPublicKey,
                     signature: centralSignature,
                     configDir: configDir
                 )

Modules/ConfigLib/Sources/ConfigLib/Configuration/Repository/CentralConfigurationRepository.swift

@@ -34,12 +34,6 @@ public struct CentralConfigurationRepository: CentralConfigurationRepositoryProt
         )
     }
 
-    public func fetchPublicKey(proxyInfo: ProxyInfo) async throws -> String {
-        return try await centralConfigurationService.fetchPublicKey(
-            proxyInfo: proxyInfo
-        )
-    }
-
     public func fetchSignature(proxyInfo: ProxyInfo) async throws -> String {
         return try await centralConfigurationService.fetchSignature(
             proxyInfo: proxyInfo

Modules/ConfigLib/Sources/ConfigLib/Configuration/Repository/CentralConfigurationRepositoryProtocol.swift

@@ -23,6 +23,5 @@ import Foundation
 /// @mockable
 public protocol CentralConfigurationRepositoryProtocol: Sendable {
     func fetchConfiguration(proxyInfo: ProxyInfo) async throws -> String
-    func fetchPublicKey(proxyInfo: ProxyInfo) async throws -> String
     func fetchSignature(proxyInfo: ProxyInfo) async throws -> String
 }

Modules/ConfigLib/Sources/ConfigLib/Configuration/Service/CentralConfigurationService.swift

@@ -60,30 +60,6 @@ public actor CentralConfigurationService: CentralConfigurationServiceProtocol, L
         }
     }
 
-    public func fetchPublicKey(
-        proxyInfo: ProxyInfo
-    ) async throws -> String {
-        let session = self.session ?? constructHttpClient(
-            defaultTimeout: CommonsLib.Constants.Configuration.DefaultTimeout,
-            proxyInfo: proxyInfo
-        )
-
-        let url = "\(await configurationProperty.centralConfigurationServiceUrl)/config.ecpub"
-
-        do {
-            let response: String = try await session.request(url)
-                .validate()
-                .serializingString()
-                .value
-
-            return response
-        } catch {
-            CentralConfigurationService.logger()
-                .error("Unable to fetch central configuration public key: \(error)")
-            throw URLError(.resourceUnavailable)
-        }
-    }
-
     public func fetchSignature(
         proxyInfo: ProxyInfo
     ) async throws -> String {

Modules/ConfigLib/Sources/ConfigLib/Configuration/Service/CentralConfigurationServiceProtocol.swift

@@ -24,6 +24,5 @@ import Foundation
 /// @mockable
 public protocol CentralConfigurationServiceProtocol: Sendable {
     func fetchConfiguration(proxyInfo: ProxyInfo) async throws -> String
-    func fetchPublicKey(proxyInfo: ProxyInfo) async throws -> String
     func fetchSignature(proxyInfo: ProxyInfo) async throws -> String
 }

Modules/ConfigLib/Tests/ConfigLibTests/Configuration/Cache/ConfigurationCacheTests.swift

@@ -52,12 +52,10 @@ struct ConfigurationCacheTests {
             "ConfigurationCacheTests-\(UUID().uuidString)"
         )
         let confFile = configDir.appending(path: CommonsLib.Constants.Configuration.CachedConfigJson)
-        let pubFile = configDir.appending(path: CommonsLib.Constants.Configuration.CachedConfigEcPub)
         let sigFile = configDir.appending(path: CommonsLib.Constants.Configuration.CachedConfigEcc)
 
         try await configurationCache.cacheConfigurationFiles(
             confData: validConfData,
-            publicKey: validPublicKey,
             signature: validSignature,
             configDir: configDir
         )
@@ -67,18 +65,12 @@ struct ConfigurationCacheTests {
             configDir: configDir
         )
 
-        let cachedPublicKey = try await configurationCache.getCachedFile(
-            fileName: CommonsLib.Constants.Configuration.CachedConfigEcPub,
-            configDir: configDir
-        )
-
         let cachedSignature = try await configurationCache.getCachedFile(
             fileName: CommonsLib.Constants.Configuration.CachedConfigEcc,
             configDir: configDir
         )
 
         #expect(cachedConfiguration == confFile)
-        #expect(cachedPublicKey == pubFile)
         #expect(cachedSignature == sigFile)
     }
 
@@ -96,7 +88,6 @@ struct ConfigurationCacheTests {
         ) {
             try await configurationCache.cacheConfigurationFiles(
                 confData: validConfData,
-                publicKey: validPublicKey,
                 signature: validSignature,
                 configDir: nonExistentDirectory
             )