Support multi PEM parsing and speed up PEM parsing in general #39
Conversation
| var pemString = pemString.utf8[...] | ||
| var pemDocuments = [PEMDocument]() | ||
| while true { | ||
| guard let lazyPEMDocument = try pemString.readNextPEMDocument() else { |
There was a problem hiding this comment.
This tends to read better as while let.
| guard let data = Data(base64Encoded: base64EncodedDERString, options: .ignoreUnknownCharacters) else { | ||
| throw ASN1Error.invalidPEMDocument(reason: "PEMDocument not correctly base64 encoded") | ||
| } | ||
| guard data.isEmpty == false else { |
There was a problem hiding this comment.
Prefer if to guard == false.
| guard data.isEmpty == false else { | ||
| throw ASN1Error.invalidPEMDocument(reason: "PEMDocument has an empty body") | ||
| } | ||
| guard let type = String(discriminator) else { |
There was a problem hiding this comment.
Where is this failable initializer coming from?
There was a problem hiding this comment.
| /// First find the BEGIN marker: `-----BEGIN <SOME DISCRIMINATOR>----- | ||
| guard | ||
| let beginDiscriminatorPrefix = self.firstRange(of: "-----BEGIN ".utf8[...]), | ||
| let beginDiscriminatorSuffix = self[beginDiscriminatorPrefix.upperBound...].firstRange( |
There was a problem hiding this comment.
Can we encapsulate this pattern in a helper function? We do it twice.
There was a problem hiding this comment.
Also this function could provide a few ranges, instead of the two we have here, so we can do more semantic named range lookups later in the function.
There was a problem hiding this comment.
have refactored it into this method:
extension Substring.UTF8View {
func firstRangesOf(
`prefix`: Substring,
suffix: Substring
) -> (
prefix: Range<Index>,
infix: Range<Index>,
suffix: Range<Index>
)?
}| /// -----END <SOME DISCRIMINATOR>----- | ||
| /// ``` | ||
| /// This function attempts find the BEGIN and END marker. | ||
| /// It then tries to extract the discriminator and the base64 encoded. |
| private func checkLineLengthsOfBase64EncodedString() throws { | ||
| var message = self | ||
| let lastIndex = message.index(before: message.endIndex) | ||
| while message.isEmpty == false { |
There was a problem hiding this comment.
Avoid explicit comparison to false, prefer !message.isEmpty.
|
Address all comments in this commit . |
Motivation
Trust roots on Ubuntu and other linux distributions are stored in a single PEM file that contains multiple certificates. We want to support loading these in the future and therefore need to be able to parse multiple certificates from a single PEM file.
Modificaitons
PEMDocument.parseMultiple(pemString:)that returns an array ofPEMDocumentsPEMDocument(pemString:)as well to speed up parsing and reduce allocations significantlyResult
TL;DR: Parsing & decoding a PEM document is now ~5x faster and mallocs ~12x less. This allows us to parse the WebPKI trust roots from its PEM string representation to the Swift type
Certificatefromswift-certificatesin under 5ms.I have run a couple benchmarks (Swift 5.8.1 on arm64 (M1 Max) in docker) that parses 130 certificates (100 times in a loop) found at
/etc/ssl/certson Ubuntu.The first test just parse the PEM
Stringto aPEMDocument:The second test parse the PEM
Stringto aPEMDocumentand subsequently as aCertificate:I also run a benchmark that uses the new
PEMDocument.parseMultiple(pemString:)method:which is roughly the same as parsing each PEM individually:
Note that macOS is even faster, likely because of the different base64 decode implementation: