: Parser
+where
+P.Input == SourceSpecification,
+P.Output == [ExpressibleAsCodeBlockItem]
+{
+
+ private let parsers: [P]
+
+ init(_ parsers: [P]) {
+ self.parsers = parsers
+ }
+
+ public func parse(_ input: inout SourceSpecification) throws -> [ExpressibleAsCodeBlockItem] {
+ try parsers.flatMap { parser in
+ try parser.parse(&input)
+ }
+ }
+}
+
+extension ParserBuilder {
+
+ static func buildBlock(_ parsers: P...) -> ExpressibleAsCodeBlockItemFlatMap
{
+ .init(parsers)
+ }
+}
+
+extension OneOfBuilder {
+
+ static func buildBlock
(_ parsers: P...) -> Parsers.OneOfMany
+ where
+ P.Input == Substring,
+ P.Output == SourceSpecification.ObfuscationStep.Technique {
+ .init(parsers)
+ }
+}
diff --git a/Sources/ConfidentialCore/Parsing/ConvenienceTypealiases.swift b/Sources/ConfidentialCore/Parsing/ConvenienceTypealiases.swift
new file mode 100644
index 0000000..4f1880c
--- /dev/null
+++ b/Sources/ConfidentialCore/Parsing/ConvenienceTypealiases.swift
@@ -0,0 +1,3 @@
+import Parsing
+
+public typealias Parsers = Parsing.Parsers
diff --git a/Sources/ConfidentialCore/Parsing/Parsers/CodeGeneration/DeobfuscateDataFunctionDeclParser.swift b/Sources/ConfidentialCore/Parsing/Parsers/CodeGeneration/DeobfuscateDataFunctionDeclParser.swift
new file mode 100644
index 0000000..ce21ca3
--- /dev/null
+++ b/Sources/ConfidentialCore/Parsing/Parsers/CodeGeneration/DeobfuscateDataFunctionDeclParser.swift
@@ -0,0 +1,130 @@
+import Parsing
+import SwiftSyntaxBuilder
+
+struct DeobfuscateDataFunctionDeclParser: Parser {
+
+ typealias Algorithm = SourceSpecification.Algorithm
+
+ private let functionNestingLevel: UInt8
+
+ init(functionNestingLevel: UInt8) {
+ self.functionNestingLevel = functionNestingLevel
+ }
+
+ func parse(_ input: inout Algorithm) throws -> ExpressibleAsMemberDeclListItem {
+ var obfuscationStepsCount = input.count
+ guard obfuscationStepsCount > .zero else {
+ throw ParsingError.assertionFailed(
+ description: "Obfuscation algorithm must consist of at least one obfuscation step."
+ )
+ }
+
+ let reversedAlgorithm = input.reversed()
+ let innerMostObfuscationStep = try obfuscationStepExpr(
+ for: reversedAlgorithm[reversedAlgorithm.startIndex],
+ indentWidthMultiplier: obfuscationStepsCount
+ )
+ let bodyExpr = try reversedAlgorithm
+ .dropFirst()
+ .reduce(innerMostObfuscationStep) { innerExpr, step in
+ obfuscationStepsCount -= 1
+ return try obfuscationStepExpr(
+ for: step,
+ withInnerExpr: innerExpr,
+ indentWidthMultiplier: obfuscationStepsCount
+ )
+ }
+
+ input.removeAll()
+
+ return DeobfuscateDataFunctionDecl(
+ declNestingLevel: functionNestingLevel,
+ body: bodyExpr
+ )
+ }
+}
+
+private extension DeobfuscateDataFunctionDeclParser {
+
+ typealias ObfuscationStep = SourceSpecification.ObfuscationStep
+
+ func obfuscationStepExpr(
+ for obfuscationStep: ObfuscationStep,
+ indentWidthMultiplier: Int
+ ) throws -> ExpressibleAsExprBuildable {
+ let tryIndentWidth = try exprIndentWidth(with: indentWidthMultiplier)
+ let calledExprIndentWidth = tryIndentWidth + C.Code.Format.indentWidth
+ return TryExpr(
+ tryKeyword: .try.withLeadingTrivia(.spaces(tryIndentWidth)),
+ expression: FunctionCallExpr(
+ calledExpression: deobfuscateFunctionAccessExpr(
+ for: obfuscationStep.technique,
+ indentWidth: calledExprIndentWidth),
+ leftParen: .leftParen,
+ rightParen: .rightParen,
+ argumentListBuilder: {
+ TupleExprElement(
+ expression: IdentifierExpr(C.Code.Generation.deobfuscateDataFuncParamName)
+ )
+ }
+ )
+ )
+ }
+
+ func obfuscationStepExpr(
+ for obfuscationStep: ObfuscationStep,
+ withInnerExpr innerExpr: ExpressibleAsExprBuildable,
+ indentWidthMultiplier: Int
+ ) throws -> ExpressibleAsExprBuildable {
+ let tryIndentWidth = try exprIndentWidth(with: indentWidthMultiplier)
+ let calledExprIndentWidth = tryIndentWidth + C.Code.Format.indentWidth
+ return TryExpr(
+ tryKeyword: .try.withLeadingTrivia(.spaces(tryIndentWidth)),
+ expression: FunctionCallExpr(
+ calledExpression: deobfuscateFunctionAccessExpr(
+ for: obfuscationStep.technique,
+ indentWidth: calledExprIndentWidth
+ ),
+ leftParen: .leftParen.withTrailingTrivia(.newlines(1)),
+ rightParen: .rightParen(
+ leadingNewlines: 1,
+ followedByLeadingSpaces: calledExprIndentWidth
+ ),
+ argumentListBuilder: {
+ TupleExprElement(expression: innerExpr)
+ }
+ )
+ )
+ }
+
+ func deobfuscateFunctionAccessExpr(
+ for technique: ObfuscationStep.Technique,
+ indentWidth: Int
+ ) -> ExpressibleAsExprBuildable {
+ let initCallExpr: ExpressibleAsExprBuildable
+ switch technique {
+ case let .compression(algorithm):
+ initCallExpr = DataCompressorInitializerCallExpr(compressionAlgorithm: algorithm)
+ case let .encryption(algorithm):
+ initCallExpr = DataCrypterInitializerCallExpr(encryptionAlgorithm: algorithm)
+ case let .randomization(nonce):
+ initCallExpr = DataShufflerInitializerCallExpr(nonce: nonce)
+ }
+
+ return DeobfuscateFunctionAccessExpr(initCallExpr, dotIndentWidth: indentWidth)
+ }
+}
+
+private extension DeobfuscateDataFunctionDeclParser {
+
+ func exprIndentWidth(with indentWidthMultiplier: Int) throws -> Int {
+ guard indentWidthMultiplier > .zero else {
+ throw ParsingError.assertionFailed(
+ description: "Indent width multiplier must be greater than zero."
+ )
+ }
+ let multiplier = 1 + Int(functionNestingLevel) + (indentWidthMultiplier - 1) * 2
+
+ return multiplier * C.Code.Format.indentWidth
+ }
+}
diff --git a/Sources/ConfidentialCore/Parsing/Parsers/CodeGeneration/NamespaceDeclParser.swift b/Sources/ConfidentialCore/Parsing/Parsers/CodeGeneration/NamespaceDeclParser.swift
new file mode 100644
index 0000000..ea04659
--- /dev/null
+++ b/Sources/ConfidentialCore/Parsing/Parsers/CodeGeneration/NamespaceDeclParser.swift
@@ -0,0 +1,60 @@
+import Parsing
+import SwiftSyntaxBuilder
+
+struct NamespaceDeclParser: Parser
+where
+MembersParser.Input == ArraySlice,
+MembersParser.Output == [ExpressibleAsMemberDeclListItem],
+DeobfuscateDataFunctionDeclParser.Input == SourceSpecification.Algorithm,
+DeobfuscateDataFunctionDeclParser.Output == ExpressibleAsMemberDeclListItem
+{
+
+ private let membersParser: MembersParser
+ private let deobfuscateDataFunctionDeclParser: DeobfuscateDataFunctionDeclParser
+
+ init(
+ membersParser: MembersParser,
+ deobfuscateDataFunctionDeclParser: DeobfuscateDataFunctionDeclParser
+ ) {
+ self.membersParser = membersParser
+ self.deobfuscateDataFunctionDeclParser = deobfuscateDataFunctionDeclParser
+ }
+
+ func parse(_ input: inout SourceSpecification) throws -> [ExpressibleAsCodeBlockItem] {
+ let deobfuscateDataFunctionDecl = try deobfuscateDataFunctionDeclParser.parse(&input.algorithm)
+ let codeBlocks = try input.secrets.namespaces
+ .map { namespace -> ExpressibleAsCodeBlockItem in
+ guard var secrets = input.secrets[namespace] else {
+ fatalError("Unexpected source specification integrity violation")
+ }
+
+ var declarations = try membersParser.parse(&secrets)
+ declarations.append(deobfuscateDataFunctionDecl)
+ let members = MemberDeclBlock(
+ leftBrace: .leftBrace.withLeadingTrivia(.spaces(1)),
+ members: MemberDeclList(declarations)
+ )
+ let decl: ExpressibleAsCodeBlockItem
+ switch namespace {
+ case let .create(identifier):
+ decl = EnumDecl(
+ enumKeyword: .enum.withLeadingTrivia(.newlines(1)),
+ identifier: identifier,
+ members: members
+ )
+ case let .extend(identifier, _):
+ decl = ExtensionDecl(
+ modifiers: .none,
+ extensionKeyword: .extension.withLeadingTrivia(.newlines(1)),
+ extendedType: SimpleTypeIdentifier(identifier),
+ members: members
+ )
+ }
+ input.secrets[namespace] = secrets.isEmpty ? nil : secrets
+
+ return decl
+ }
+
+ return codeBlocks
+ }
+}
diff --git a/Sources/ConfidentialCore/Parsing/Parsers/CodeGeneration/NamespaceMembersParser.swift b/Sources/ConfidentialCore/Parsing/Parsers/CodeGeneration/NamespaceMembersParser.swift
new file mode 100644
index 0000000..e035426
--- /dev/null
+++ b/Sources/ConfidentialCore/Parsing/Parsers/CodeGeneration/NamespaceMembersParser.swift
@@ -0,0 +1,34 @@
+import Parsing
+import SwiftSyntaxBuilder
+
+struct NamespaceMembersParser: Parser
+where
+SecretDeclParser.Input == SourceSpecification.Secret,
+SecretDeclParser.Output == ExpressibleAsSecretDecl
+{
+
+ private let secretDeclParser: SecretDeclParser
+
+ init(secretDeclParser: SecretDeclParser) {
+ self.secretDeclParser = secretDeclParser
+ }
+
+ func parse(_ input: inout ArraySlice) throws -> [ExpressibleAsMemberDeclListItem] {
+ var parsedSecretsCount: Int = .zero
+ let declarations: [SecretDecl]
+ do {
+ declarations = try input.map { secret in
+ let decl = try secretDeclParser.parse(secret).createSecretDecl()
+ parsedSecretsCount += 1
+
+ return decl
+ }
+ input.removeFirst(parsedSecretsCount)
+ } catch let error {
+ input.removeFirst(parsedSecretsCount)
+ throw error
+ }
+
+ return declarations
+ }
+}
diff --git a/Sources/ConfidentialCore/Parsing/Parsers/CodeGeneration/Parsers+CodeGeneration.swift b/Sources/ConfidentialCore/Parsing/Parsers/CodeGeneration/Parsers+CodeGeneration.swift
new file mode 100644
index 0000000..f8b66df
--- /dev/null
+++ b/Sources/ConfidentialCore/Parsing/Parsers/CodeGeneration/Parsers+CodeGeneration.swift
@@ -0,0 +1,4 @@
+public extension Parsers {
+
+ enum CodeGeneration {}
+}
diff --git a/Sources/ConfidentialCore/Parsing/Parsers/CodeGeneration/SecretDeclParser.swift b/Sources/ConfidentialCore/Parsing/Parsers/CodeGeneration/SecretDeclParser.swift
new file mode 100644
index 0000000..b0b5347
--- /dev/null
+++ b/Sources/ConfidentialCore/Parsing/Parsers/CodeGeneration/SecretDeclParser.swift
@@ -0,0 +1,47 @@
+import Parsing
+import SwiftSyntaxBuilder
+
+struct SecretDeclParser: Parser {
+
+ typealias Secret = SourceSpecification.Secret
+
+ func parse(_ input: inout Secret) throws -> ExpressibleAsSecretDecl {
+ let valueHexComponents = input.data.hexEncodedStringComponents(options: .numericLiteral)
+ let dataArgumentElements = valueHexComponents
+ .enumerated()
+ .map { idx, component in
+ ArrayElement(
+ expression: IntegerLiteralExpr(digits: component),
+ trailingComma: idx < valueHexComponents.endIndex - 1 ? .comma : .none
+ )
+ }
+
+ return SecretDecl(
+ name: input.name,
+ dataArgumentExpression: ArrayExpr(elements: ArrayElementList(dataArgumentElements)),
+ dataAccessWrapper: dataAccessWrapper(with: input.dataAccessWrapperInfo)
+ )
+ }
+}
+
+private extension SecretDeclParser {
+
+ func dataAccessWrapper(with wrapperInfo: Secret.DataAccessWrapperInfo) -> ExpressibleAsCustomAttribute {
+ CustomAttribute(
+ atSignToken: .atSign(leadingNewlines: 1),
+ attributeName: SimpleTypeIdentifier(wrapperInfo.typeInfo.fullyQualifiedName),
+ leftParen: .leftParen,
+ argumentList: TupleExprElementList(
+ wrapperInfo.arguments
+ .map { argument in
+ TupleExprElement(
+ label: argument.label.map { .identifier($0) },
+ colon: argument.label.map { _ in .colon },
+ expression: IdentifierExpr(argument.value)
+ )
+ }
+ ),
+ rightParen: .rightParen
+ )
+ }
+}
diff --git a/Sources/ConfidentialCore/Parsing/Parsers/CodeGeneration/SourceFileParser.swift b/Sources/ConfidentialCore/Parsing/Parsers/CodeGeneration/SourceFileParser.swift
new file mode 100644
index 0000000..b48bbb8
--- /dev/null
+++ b/Sources/ConfidentialCore/Parsing/Parsers/CodeGeneration/SourceFileParser.swift
@@ -0,0 +1,66 @@
+import ConfidentialKit
+import Foundation
+import Parsing
+import SwiftSyntaxBuilder
+
+public struct SourceFileParser: Parser
+where
+CodeBlockParsers.Input == SourceSpecification,
+CodeBlockParsers.Output == [ExpressibleAsCodeBlockItem]
+{
+
+ private let codeBlockParsers: CodeBlockParsers
+
+ init(@ParserBuilder with build: () -> CodeBlockParsers) {
+ self.codeBlockParsers = build()
+ }
+
+ public func parse(_ input: inout SourceSpecification) throws -> SourceFileText {
+ var statements = Self.makeModuleImportList(from: input.secrets.namespaces)
+ .enumerated()
+ .map { idx, moduleName -> ExpressibleAsCodeBlockItem in
+ ImportDecl(
+ path: AccessPath([AccessPathComponent(name: .identifier(moduleName))])
+ )
+ }
+ statements.append(
+ contentsOf: try codeBlockParsers.parse(&input)
+ )
+
+ return .init(from: SourceFile(
+ statements: CodeBlockItemList(statements),
+ eofToken: .eof
+ ))
+ }
+}
+
+private extension SourceFileParser {
+
+ static func makeModuleImportList(from namespaces: Namespaces) -> [String]
+ where
+ Namespaces.Element == SourceSpecification.Secret.Namespace
+ {
+ let confidentialKitModuleName = TypeInfo(of: Obfuscation.self).moduleName
+ let foundationModuleName = TypeInfo(of: Data.self).moduleName
+ let defaultModuleNames = [confidentialKitModuleName, foundationModuleName]
+ let moduleNames = defaultModuleNames + namespaces
+ .compactMap { namespace -> String? in
+ guard
+ case let .extend(_, moduleName) = namespace,
+ let moduleName = moduleName,
+ !defaultModuleNames.contains(moduleName)
+ else {
+ return nil
+ }
+
+ return moduleName
+ }
+
+ return moduleNames.sorted()
+ }
+}
+
+public extension Parsers.CodeGeneration {
+
+ typealias SourceFile = SourceFileParser
+}
diff --git a/Sources/ConfidentialCore/Parsing/Parsers/ModelTransform/AlgorithmParser.swift b/Sources/ConfidentialCore/Parsing/Parsers/ModelTransform/AlgorithmParser.swift
new file mode 100644
index 0000000..5b78041
--- /dev/null
+++ b/Sources/ConfidentialCore/Parsing/Parsers/ModelTransform/AlgorithmParser.swift
@@ -0,0 +1,34 @@
+import Parsing
+
+struct AlgorithmParser: Parser
+where
+ObfuscationStepParser.Input == Substring,
+ObfuscationStepParser.Output == SourceSpecification.ObfuscationStep
+{
+ typealias Algorithm = SourceSpecification.Algorithm
+
+ private let obfuscationStepParser: ObfuscationStepParser
+
+ init(obfuscationStepParser: ObfuscationStepParser) {
+ self.obfuscationStepParser = obfuscationStepParser
+ }
+
+ func parse(_ input: inout Configuration) throws -> Algorithm {
+ var parsedObfuscationStepsCount: Int = .zero
+ let output: [ObfuscationStepParser.Output]
+ do {
+ output = try input.algorithm.reduce(into: .init(), { steps, step in
+ let obfuscationStep = try obfuscationStepParser.parse(step)
+ parsedObfuscationStepsCount += 1
+
+ steps.append(obfuscationStep)
+ })
+ input.algorithm.removeFirst(parsedObfuscationStepsCount)
+ } catch let error {
+ input.algorithm.removeFirst(parsedObfuscationStepsCount)
+ throw error
+ }
+
+ return output[...]
+ }
+}
diff --git a/Sources/ConfidentialCore/Parsing/Parsers/ModelTransform/CompressionTechniqueParser.swift b/Sources/ConfidentialCore/Parsing/Parsers/ModelTransform/CompressionTechniqueParser.swift
new file mode 100644
index 0000000..c8dc0b6
--- /dev/null
+++ b/Sources/ConfidentialCore/Parsing/Parsers/ModelTransform/CompressionTechniqueParser.swift
@@ -0,0 +1,29 @@
+import ConfidentialKit
+import Parsing
+
+struct CompressionTechniqueParser: Parser {
+
+ typealias Technique = SourceSpecification.ObfuscationStep.Technique
+
+ private typealias Algorithm = Obfuscation.Compression.CompressionAlgorithm
+
+ func parse(_ input: inout Substring) throws -> Technique {
+ try Parse {
+ Parse {
+ Whitespace()
+ C.Parsing.Keywords.compress
+ Whitespace(1...)
+ C.Parsing.Keywords.using
+ Whitespace(1...)
+ }
+ OneOf {
+ for algorithm in Algorithm.allCases {
+ algorithm.description.map { algorithm }
+ }
+ }
+ End()
+ }.map {
+ .compression(algorithm: $0)
+ }.parse(&input)
+ }
+}
diff --git a/Sources/ConfidentialCore/Parsing/Parsers/ModelTransform/EncryptionTechniqueParser.swift b/Sources/ConfidentialCore/Parsing/Parsers/ModelTransform/EncryptionTechniqueParser.swift
new file mode 100644
index 0000000..03207a1
--- /dev/null
+++ b/Sources/ConfidentialCore/Parsing/Parsers/ModelTransform/EncryptionTechniqueParser.swift
@@ -0,0 +1,29 @@
+import ConfidentialKit
+import Parsing
+
+struct EncryptionTechniqueParser: Parser {
+
+ typealias Technique = SourceSpecification.ObfuscationStep.Technique
+
+ private typealias Algorithm = Obfuscation.Encryption.SymmetricEncryptionAlgorithm
+
+ func parse(_ input: inout Substring) throws -> Technique {
+ try Parse {
+ Parse {
+ Whitespace()
+ C.Parsing.Keywords.encrypt
+ Whitespace(1...)
+ C.Parsing.Keywords.using
+ Whitespace(1...)
+ }
+ OneOf {
+ for algorithm in Algorithm.allCases {
+ algorithm.description.map { algorithm }
+ }
+ }
+ End()
+ }.map {
+ .encryption(algorithm: $0)
+ }.parse(&input)
+ }
+}
diff --git a/Sources/ConfidentialCore/Parsing/Parsers/ModelTransform/ObfuscationStepParser.swift b/Sources/ConfidentialCore/Parsing/Parsers/ModelTransform/ObfuscationStepParser.swift
new file mode 100644
index 0000000..6a34ecf
--- /dev/null
+++ b/Sources/ConfidentialCore/Parsing/Parsers/ModelTransform/ObfuscationStepParser.swift
@@ -0,0 +1,21 @@
+import Parsing
+
+struct ObfuscationStepParser: Parser
+where
+TechniqueParsers.Input == Substring,
+TechniqueParsers.Output == SourceSpecification.ObfuscationStep.Technique
+{
+ typealias ObfuscationStep = SourceSpecification.ObfuscationStep
+
+ private let techniqueParsers: TechniqueParsers
+
+ init(@OneOfBuilder with build: () -> TechniqueParsers) {
+ self.techniqueParsers = build()
+ }
+
+ func parse(_ input: inout Substring) throws -> ObfuscationStep {
+ try techniqueParsers
+ .map(ObfuscationStep.init(technique:))
+ .parse(&input)
+ }
+}
diff --git a/Sources/ConfidentialCore/Parsing/Parsers/ModelTransform/Parsers+ModelTransform.swift b/Sources/ConfidentialCore/Parsing/Parsers/ModelTransform/Parsers+ModelTransform.swift
new file mode 100644
index 0000000..084692e
--- /dev/null
+++ b/Sources/ConfidentialCore/Parsing/Parsers/ModelTransform/Parsers+ModelTransform.swift
@@ -0,0 +1,4 @@
+public extension Parsers {
+
+ enum ModelTransform {}
+}
diff --git a/Sources/ConfidentialCore/Parsing/Parsers/ModelTransform/RandomizationTechniqueParser.swift b/Sources/ConfidentialCore/Parsing/Parsers/ModelTransform/RandomizationTechniqueParser.swift
new file mode 100644
index 0000000..09bad12
--- /dev/null
+++ b/Sources/ConfidentialCore/Parsing/Parsers/ModelTransform/RandomizationTechniqueParser.swift
@@ -0,0 +1,23 @@
+import Parsing
+
+struct RandomizationTechniqueParser: Parser {
+
+ typealias GenerateNonce = () throws -> UInt64
+ typealias Technique = SourceSpecification.ObfuscationStep.Technique
+
+ private let generateNonce: GenerateNonce
+
+ init(generateNonce: @escaping GenerateNonce = { try UInt64.secureRandom() }) {
+ self.generateNonce = generateNonce
+ }
+
+ func parse(_ input: inout Substring) throws -> Technique {
+ try Parse {
+ Whitespace()
+ C.Parsing.Keywords.shuffle
+ End()
+ }.parse(&input)
+
+ return .randomization(nonce: try generateNonce())
+ }
+}
diff --git a/Sources/ConfidentialCore/Parsing/Parsers/ModelTransform/SecretNamespaceParser.swift b/Sources/ConfidentialCore/Parsing/Parsers/ModelTransform/SecretNamespaceParser.swift
new file mode 100644
index 0000000..aa8af09
--- /dev/null
+++ b/Sources/ConfidentialCore/Parsing/Parsers/ModelTransform/SecretNamespaceParser.swift
@@ -0,0 +1,50 @@
+import ConfidentialKit
+import Parsing
+
+struct SecretNamespaceParser: Parser {
+
+ typealias Namespace = SourceSpecification.Secret.Namespace
+
+ private enum NamespaceKind: Equatable {
+ case create
+ case extend
+ }
+
+ func parse(_ input: inout Substring) throws -> Namespace {
+ guard !input.isEmpty else {
+ let defaultNamespaceInfo = TypeInfo(of: Obfuscation.Secret.self)
+ return .extend(
+ identifier: defaultNamespaceInfo.fullyQualifiedName,
+ moduleName: defaultNamespaceInfo.moduleName
+ )
+ }
+
+ return try Parse {
+ Whitespace()
+ OneOf {
+ C.Parsing.Keywords.create.map { NamespaceKind.create }
+ C.Parsing.Keywords.extend.map { NamespaceKind.extend }
+ }
+ }.flatMap { namespaceKind in
+ Always(namespaceKind)
+ Whitespace()
+ Prefix(1...) { !$0.isWhitespace }
+ if case .extend = namespaceKind {
+ Optionally {
+ Whitespace()
+ C.Parsing.Keywords.from
+ Whitespace()
+ Prefix(1...) { !$0.isWhitespace }
+ }
+ }
+ End()
+ }.map { namespaceKind, identifier, moduleName -> Namespace in
+ switch namespaceKind {
+ case .create:
+ return .create(identifier: .init(identifier))
+ case .extend:
+ return .extend(identifier: .init(identifier), moduleName: moduleName?.map(String.init))
+ }
+ }.parse(&input)
+ }
+}
diff --git a/Sources/ConfidentialCore/Parsing/Parsers/ModelTransform/SecretsParser.swift b/Sources/ConfidentialCore/Parsing/Parsers/ModelTransform/SecretsParser.swift
new file mode 100644
index 0000000..c3ef27b
--- /dev/null
+++ b/Sources/ConfidentialCore/Parsing/Parsers/ModelTransform/SecretsParser.swift
@@ -0,0 +1,79 @@
+import ConfidentialKit
+import Foundation
+import Parsing
+
+struct SecretsParser: Parser
+where
+NamespaceParser.Input == Substring,
+NamespaceParser.Output == SourceSpecification.Secret.Namespace
+{
+ typealias Secrets = SourceSpecification.Secrets
+
+ private let namespaceParser: NamespaceParser
+ private let secretValueEncoder: DataEncoder
+
+ init(
+ namespaceParser: NamespaceParser,
+ secretValueEncoder: DataEncoder = JSONEncoder()
+ ) {
+ self.namespaceParser = namespaceParser
+ self.secretValueEncoder = secretValueEncoder
+ }
+
+ func parse(_ input: inout Configuration) throws -> Secrets {
+ guard !input.secrets.isEmpty else {
+ throw ParsingError.assertionFailed(description: "`secrets` list must not be empty.")
+ }
+
+ var parsedSecretsCount: Int = .zero
+ let output: Secrets
+ do {
+ output = try input.secrets.reduce(into: .init(), { secrets, secret in
+ let namespace = try namespaceParser.parse(
+ secret.namespace ?? input.defaultNamespace ?? ""
+ )
+ let secret = SourceSpecification.Secret(
+ name: secret.name,
+ data: try secretValueEncoder.encode(secret.value.underlyingValue),
+ dataAccessWrapperInfo: dataAccessWrapperInfo(for: secret.value)
+ )
+ parsedSecretsCount += 1
+
+ switch secrets[namespace]?.append(secret) {
+ case .none:
+ secrets[namespace] = [secret]
+ case .some:
+ return
+ }
+ })
+ input.secrets.removeFirst(parsedSecretsCount)
+ } catch let error {
+ input.secrets.removeFirst(parsedSecretsCount)
+ throw error
+ }
+
+ return output
+ }
+}
+
+private extension SecretsParser {
+
+ func dataAccessWrapperInfo(for value: Configuration.Secret.Value) -> SourceSpecification.Secret.DataAccessWrapperInfo {
+ typealias DataTypes = Configuration.Secret.Value.DataTypes
+
+ let typeInfo: TypeInfo
+ switch value {
+ case .array:
+ typeInfo = .init(of: Obfuscated.self)
+ case .singleValue:
+ typeInfo = .init(of: Obfuscated.self)
+ }
+
+ return .init(
+ typeInfo: typeInfo,
+ arguments: [
+ (label: .none, value: C.Code.Generation.deobfuscateDataFuncName)
+ ]
+ )
+ }
+}
diff --git a/Sources/ConfidentialCore/Parsing/Parsers/ModelTransform/SourceSpecificationParser.swift b/Sources/ConfidentialCore/Parsing/Parsers/ModelTransform/SourceSpecificationParser.swift
new file mode 100644
index 0000000..0c25339
--- /dev/null
+++ b/Sources/ConfidentialCore/Parsing/Parsers/ModelTransform/SourceSpecificationParser.swift
@@ -0,0 +1,33 @@
+import Parsing
+
+public struct SourceSpecificationParser: Parser
+where
+AlgorithmParser.Input == Configuration,
+AlgorithmParser.Output == SourceSpecification.Algorithm,
+SecretsParser.Input == Configuration,
+SecretsParser.Output == SourceSpecification.Secrets
+{
+
+ private let algorithmParser: AlgorithmParser
+ private let secretsParser: SecretsParser
+
+ init(algorithmParser: AlgorithmParser, secretsParser: SecretsParser) {
+ self.algorithmParser = algorithmParser
+ self.secretsParser = secretsParser
+ }
+
+ public func parse(_ input: inout Configuration) throws -> SourceSpecification {
+ let spec = SourceSpecification(
+ algorithm: try algorithmParser.parse(&input),
+ secrets: try secretsParser.parse(&input)
+ )
+ input.defaultNamespace = nil
+
+ return spec
+ }
+}
+
+public extension Parsers.ModelTransform {
+
+ typealias SourceSpecification = SourceSpecificationParser
+}
diff --git a/Sources/ConfidentialCore/Parsing/Parsers/ParsingError.swift b/Sources/ConfidentialCore/Parsing/Parsers/ParsingError.swift
new file mode 100644
index 0000000..ee1f742
--- /dev/null
+++ b/Sources/ConfidentialCore/Parsing/Parsers/ParsingError.swift
@@ -0,0 +1,13 @@
+enum ParsingError: Error {
+ case assertionFailed(description: String)
+}
+
+extension ParsingError: CustomStringConvertible {
+
+ var description: String {
+ switch self {
+ case let .assertionFailed(description):
+ return description
+ }
+ }
+}
diff --git a/Sources/ConfidentialCore/Parsing/ParsersConvenienceInitializers.swift b/Sources/ConfidentialCore/Parsing/ParsersConvenienceInitializers.swift
new file mode 100644
index 0000000..3b94747
--- /dev/null
+++ b/Sources/ConfidentialCore/Parsing/ParsersConvenienceInitializers.swift
@@ -0,0 +1,46 @@
+import Parsing
+import SwiftSyntaxBuilder
+
+public typealias AnyAlgorithmParser = AnyParser
+public typealias AnySecretsParser = AnyParser
+
+public extension Parsers.ModelTransform.SourceSpecification
+where
+AlgorithmParser == AnyAlgorithmParser,
+SecretsParser == AnySecretsParser {
+
+ private typealias OneOfManyTechniques = Parsers.OneOfMany>
+
+ init() {
+ self.init(
+ algorithmParser: ConfidentialCore.AlgorithmParser(
+ obfuscationStepParser: ObfuscationStepParser {
+ CompressionTechniqueParser().eraseToAnyParser()
+ EncryptionTechniqueParser().eraseToAnyParser()
+ RandomizationTechniqueParser().eraseToAnyParser()
+ }
+ ).eraseToAnyParser(),
+ secretsParser: ConfidentialCore.SecretsParser(
+ namespaceParser: SecretNamespaceParser()
+ ).eraseToAnyParser()
+ )
+ }
+}
+
+public typealias AnyCodeBlockParser = AnyParser
+
+public extension Parsers.CodeGeneration.SourceFile
+where
+CodeBlockParsers == AnyCodeBlockParser {
+
+ init() {
+ self.init {
+ NamespaceDeclParser(
+ membersParser: NamespaceMembersParser(
+ secretDeclParser: SecretDeclParser()
+ ),
+ deobfuscateDataFunctionDeclParser: DeobfuscateDataFunctionDeclParser(functionNestingLevel: 1)
+ ).eraseToAnyParser()
+ }
+ }
+}
diff --git a/Sources/ConfidentialCore/SyntaxBuilders/Declarations/DeobfuscateDataFunctionDecl.swift b/Sources/ConfidentialCore/SyntaxBuilders/Declarations/DeobfuscateDataFunctionDecl.swift
new file mode 100644
index 0000000..99b316e
--- /dev/null
+++ b/Sources/ConfidentialCore/SyntaxBuilders/Declarations/DeobfuscateDataFunctionDecl.swift
@@ -0,0 +1,59 @@
+import Foundation
+import SwiftSyntax
+import SwiftSyntaxBuilder
+
+struct DeobfuscateDataFunctionDecl: DeclBuildable {
+
+ private let declNestingLevel: UInt8
+ private let body: ExpressibleAsSyntaxBuildable
+
+ init(declNestingLevel: UInt8 = .zero, body: ExpressibleAsSyntaxBuildable) {
+ self.declNestingLevel = declNestingLevel
+ self.body = body
+ }
+
+ func buildDecl(format: Format, leadingTrivia: Trivia?) -> DeclSyntax {
+ makeUnderlyingDecl().buildDecl(format: format, leadingTrivia: leadingTrivia)
+ }
+}
+
+private extension DeobfuscateDataFunctionDecl {
+
+ func makeUnderlyingDecl() -> DeclBuildable {
+ let dataTypeInfo = TypeInfo(of: Data.self)
+ let indentation = Int(declNestingLevel) * C.Code.Format.indentWidth
+ return FunctionDecl(
+ identifier: .identifier(C.Code.Generation.deobfuscateDataFuncName),
+ signature: FunctionSignature(
+ input: ParameterClause {
+ FunctionParameter(
+ attributes: .none,
+ firstName: .wildcard,
+ secondName: .identifier(C.Code.Generation.deobfuscateDataFuncParamName),
+ colon: .colon,
+ type: SimpleTypeIdentifier(dataTypeInfo.fullyQualifiedName)
+ )
+ },
+ throwsOrRethrowsKeyword: .throws.withLeadingTrivia(.spaces(1)),
+ output: ReturnClause(
+ returnType: SimpleTypeIdentifier(dataTypeInfo.fullyQualifiedName)
+ )
+ ),
+ body: CodeBlock(
+ leftBrace: .leftBrace.withLeadingTrivia(.spaces(1)),
+ rightBrace: .rightBrace.withLeadingTrivia(.spaces(indentation))
+ ) {
+ CodeBlockItem(item: body)
+ },
+ attributesBuilder: {
+ InlineAlwaysAttribute(
+ leadingTrivia: .newlines(1).appending(.spaces(indentation))
+ )
+ },
+ modifiersBuilder: {
+ DeclModifier(name: .private(leadingNewlines: 1, followedByLeadingSpaces: indentation))
+ DeclModifier(name: .static)
+ }
+ )
+ }
+}
diff --git a/Sources/ConfidentialCore/SyntaxBuilders/Declarations/SecretDecl.swift b/Sources/ConfidentialCore/SyntaxBuilders/Declarations/SecretDecl.swift
new file mode 100644
index 0000000..b72e8a6
--- /dev/null
+++ b/Sources/ConfidentialCore/SyntaxBuilders/Declarations/SecretDecl.swift
@@ -0,0 +1,67 @@
+import ConfidentialKit
+import SwiftSyntax
+import SwiftSyntaxBuilder
+
+struct SecretDecl: DeclBuildable {
+
+ private let name: TokenSyntax
+ private let dataArgumentExpression: ExpressibleAsArrayExpr
+ private let dataAccessWrapper: ExpressibleAsCustomAttribute
+
+ init(
+ name: String,
+ dataArgumentExpression: ExpressibleAsArrayExpr,
+ dataAccessWrapper: ExpressibleAsCustomAttribute
+ ) {
+ self.name = .identifier(name)
+ self.dataArgumentExpression = dataArgumentExpression
+ self.dataAccessWrapper = dataAccessWrapper
+ }
+
+ func buildDecl(format: Format, leadingTrivia: Trivia?) -> DeclSyntax {
+ makeUnderlyingDecl().buildDecl(format: format, leadingTrivia: leadingTrivia)
+ }
+}
+
+private extension SecretDecl {
+
+ static let dataArgumentName: String = "data"
+
+ func makeUnderlyingDecl() -> DeclBuildable {
+ VariableDecl(
+ letOrVarKeyword: .var,
+ attributesBuilder: {
+ dataAccessWrapper.createCustomAttribute()
+ },
+ modifiersBuilder: {
+ DeclModifier(name: .static(leadingNewlines: 1))
+ },
+ bindingsBuilder: {
+ PatternBinding(
+ pattern: IdentifierPattern(identifier: name),
+ typeAnnotation: TypeAnnotation(
+ TypeInfo(of: Obfuscation.Secret.self).fullyQualifiedName
+ ),
+ initializer: InitializerClause(
+ value: InitializerCallExpr {
+ TupleExprElement(
+ label: .identifier(Self.dataArgumentName),
+ colon: .colon,
+ expression: dataArgumentExpression.createArrayExpr()
+ )
+ }
+ )
+ )
+ }
+ )
+ }
+}
+
+protocol ExpressibleAsSecretDecl {
+ func createSecretDecl() -> SecretDecl
+}
+
+extension SecretDecl: ExpressibleAsSecretDecl {
+
+ func createSecretDecl() -> SecretDecl { self }
+}
diff --git a/Sources/ConfidentialCore/SyntaxBuilders/Expressions/DataCompressorInitializerCallExpr.swift b/Sources/ConfidentialCore/SyntaxBuilders/Expressions/DataCompressorInitializerCallExpr.swift
new file mode 100644
index 0000000..a7f4dcd
--- /dev/null
+++ b/Sources/ConfidentialCore/SyntaxBuilders/Expressions/DataCompressorInitializerCallExpr.swift
@@ -0,0 +1,43 @@
+import ConfidentialKit
+import SwiftSyntax
+import SwiftSyntaxBuilder
+
+struct DataCompressorInitializerCallExpr: ExprBuildable {
+
+ typealias Algorithm = Obfuscation.Compression.CompressionAlgorithm
+
+ private let compressionAlgorithm: Algorithm
+
+ init(compressionAlgorithm: Algorithm) {
+ self.compressionAlgorithm = compressionAlgorithm
+ }
+
+ func buildExpr(format: Format, leadingTrivia: Trivia?) -> ExprSyntax {
+ makeUnderlyingExpr().buildExpr(format: format, leadingTrivia: leadingTrivia)
+ }
+}
+
+private extension DataCompressorInitializerCallExpr {
+
+ static let algorithmArgumentName: String = "algorithm"
+
+ func makeUnderlyingExpr() -> ExprBuildable {
+ FunctionCallExpr(
+ IdentifierExpr(
+ TypeInfo(of: Obfuscation.Compression.DataCompressor.self).fullyQualifiedName
+ ),
+ leftParen: .leftParen,
+ rightParen: .rightParen,
+ argumentListBuilder: {
+ TupleExprElement(
+ label: .identifier(Self.algorithmArgumentName),
+ colon: .colon,
+ expression: MemberAccessExpr(
+ dot: .prefixPeriod,
+ name: .identifier(compressionAlgorithm.name)
+ )
+ )
+ }
+ )
+ }
+}
diff --git a/Sources/ConfidentialCore/SyntaxBuilders/Expressions/DataCrypterInitializerCallExpr.swift b/Sources/ConfidentialCore/SyntaxBuilders/Expressions/DataCrypterInitializerCallExpr.swift
new file mode 100644
index 0000000..096323e
--- /dev/null
+++ b/Sources/ConfidentialCore/SyntaxBuilders/Expressions/DataCrypterInitializerCallExpr.swift
@@ -0,0 +1,43 @@
+import ConfidentialKit
+import SwiftSyntax
+import SwiftSyntaxBuilder
+
+struct DataCrypterInitializerCallExpr: ExprBuildable {
+
+ typealias Algorithm = Obfuscation.Encryption.SymmetricEncryptionAlgorithm
+
+ private let encryptionAlgorithm: Algorithm
+
+ init(encryptionAlgorithm: Algorithm) {
+ self.encryptionAlgorithm = encryptionAlgorithm
+ }
+
+ func buildExpr(format: Format, leadingTrivia: Trivia?) -> ExprSyntax {
+ makeUnderlyingExpr().buildExpr(format: format, leadingTrivia: leadingTrivia)
+ }
+}
+
+private extension DataCrypterInitializerCallExpr {
+
+ static let algorithmArgumentName: String = "algorithm"
+
+ func makeUnderlyingExpr() -> ExprBuildable {
+ FunctionCallExpr(
+ IdentifierExpr(
+ TypeInfo(of: Obfuscation.Encryption.DataCrypter.self).fullyQualifiedName
+ ),
+ leftParen: .leftParen,
+ rightParen: .rightParen,
+ argumentListBuilder: {
+ TupleExprElement(
+ label: .identifier(Self.algorithmArgumentName),
+ colon: .colon,
+ expression: MemberAccessExpr(
+ dot: .prefixPeriod,
+ name: .identifier(encryptionAlgorithm.name)
+ )
+ )
+ }
+ )
+ }
+}
diff --git a/Sources/ConfidentialCore/SyntaxBuilders/Expressions/DataShufflerInitializerCallExpr.swift b/Sources/ConfidentialCore/SyntaxBuilders/Expressions/DataShufflerInitializerCallExpr.swift
new file mode 100644
index 0000000..beb683d
--- /dev/null
+++ b/Sources/ConfidentialCore/SyntaxBuilders/Expressions/DataShufflerInitializerCallExpr.swift
@@ -0,0 +1,38 @@
+import ConfidentialKit
+import SwiftSyntax
+import SwiftSyntaxBuilder
+
+struct DataShufflerInitializerCallExpr: ExprBuildable {
+
+ private let nonce: UInt64
+
+ init(nonce: UInt64) {
+ self.nonce = nonce
+ }
+
+ func buildExpr(format: Format, leadingTrivia: Trivia?) -> ExprSyntax {
+ makeUnderlyingExpr().buildExpr(format: format, leadingTrivia: leadingTrivia)
+ }
+}
+
+private extension DataShufflerInitializerCallExpr {
+
+ static let nonceArgumentName: String = "nonce"
+
+ func makeUnderlyingExpr() -> ExprBuildable {
+ FunctionCallExpr(
+ IdentifierExpr(
+ TypeInfo(of: Obfuscation.Randomization.DataShuffler.self).fullyQualifiedName
+ ),
+ leftParen: .leftParen,
+ rightParen: .rightParen,
+ argumentListBuilder: {
+ TupleExprElement(
+ label: .identifier(Self.nonceArgumentName),
+ colon: .colon,
+ expression: IntegerLiteralExpr(digits: "\(nonce)")
+ )
+ }
+ )
+ }
+}
diff --git a/Sources/ConfidentialCore/SyntaxBuilders/Expressions/DeobfuscateFunctionAccessExpr.swift b/Sources/ConfidentialCore/SyntaxBuilders/Expressions/DeobfuscateFunctionAccessExpr.swift
new file mode 100644
index 0000000..11d8495
--- /dev/null
+++ b/Sources/ConfidentialCore/SyntaxBuilders/Expressions/DeobfuscateFunctionAccessExpr.swift
@@ -0,0 +1,34 @@
+import ConfidentialKit
+import SwiftSyntax
+import SwiftSyntaxBuilder
+
+struct DeobfuscateFunctionAccessExpr: ExprBuildable {
+
+ private let deobfuscationStepInitializerExpr: ExpressibleAsExprBuildable
+ private let dotIndentWidth: Int
+
+ init(_ deobfuscationStepInitializerExpr: ExpressibleAsExprBuildable, dotIndentWidth: Int) {
+ self.deobfuscationStepInitializerExpr = deobfuscationStepInitializerExpr
+ self.dotIndentWidth = dotIndentWidth
+ }
+
+ func buildExpr(format: Format, leadingTrivia: Trivia?) -> ExprSyntax {
+ makeUnderlyingExpr().buildExpr(format: format, leadingTrivia: leadingTrivia)
+ }
+}
+
+private extension DeobfuscateFunctionAccessExpr {
+
+ static let deobfuscateFuncName: String = "deobfuscate"
+
+ func makeUnderlyingExpr() -> ExprBuildable {
+ MemberAccessExpr(
+ base: deobfuscationStepInitializerExpr,
+ dot: .period(
+ leadingNewlines: 1,
+ followedByLeadingSpaces: dotIndentWidth
+ ),
+ name: .identifier(Self.deobfuscateFuncName)
+ )
+ }
+}
diff --git a/Sources/ConfidentialCore/SyntaxBuilders/Expressions/InitializerCallExpr.swift b/Sources/ConfidentialCore/SyntaxBuilders/Expressions/InitializerCallExpr.swift
new file mode 100644
index 0000000..b74882b
--- /dev/null
+++ b/Sources/ConfidentialCore/SyntaxBuilders/Expressions/InitializerCallExpr.swift
@@ -0,0 +1,31 @@
+import SwiftSyntax
+import SwiftSyntaxBuilder
+
+struct InitializerCallExpr: ExprBuildable {
+
+ private let argumentList: ExpressibleAsTupleExprElementList
+
+ init(
+ @TupleExprElementListBuilder argumentListBuilder: () -> ExpressibleAsTupleExprElementList = {
+ TupleExprElementList.empty
+ }
+ ) {
+ self.argumentList = argumentListBuilder()
+ }
+
+ func buildExpr(format: Format, leadingTrivia: Trivia?) -> ExprSyntax {
+ makeUnderlyingExpr().buildExpr(format: format, leadingTrivia: leadingTrivia)
+ }
+}
+
+private extension InitializerCallExpr {
+
+ func makeUnderlyingExpr() -> ExprBuildable {
+ FunctionCallExpr(
+ calledExpression: MemberAccessExpr(dot: .period, name: .`init`.withoutTrivia()),
+ leftParen: .leftParen,
+ argumentList: argumentList,
+ rightParen: .rightParen
+ )
+ }
+}
diff --git a/Sources/ConfidentialCore/SyntaxBuilders/InlineAlwaysAttribute.swift b/Sources/ConfidentialCore/SyntaxBuilders/InlineAlwaysAttribute.swift
new file mode 100644
index 0000000..2e0c279
--- /dev/null
+++ b/Sources/ConfidentialCore/SyntaxBuilders/InlineAlwaysAttribute.swift
@@ -0,0 +1,29 @@
+import SwiftSyntax
+import SwiftSyntaxBuilder
+
+struct InlineAlwaysAttribute: SyntaxBuildable {
+
+ private let leadingTrivia: Trivia?
+
+ init(leadingTrivia: Trivia? = .none) {
+ self.leadingTrivia = leadingTrivia
+ }
+
+ func buildSyntax(format: Format, leadingTrivia: Trivia?) -> Syntax {
+ makeUnderlyingSyntax().buildSyntax(format: format, leadingTrivia: leadingTrivia)
+ }
+}
+
+private extension InlineAlwaysAttribute {
+
+ func makeUnderlyingSyntax() -> SyntaxBuildable {
+ Attribute(
+ atSignToken: .atSign.withLeadingTrivia(leadingTrivia ?? .zero),
+ attributeName: .identifier("inline"),
+ leftParen: .leftParen,
+ argument: IdentifierExpr("__always"),
+ rightParen: .rightParen,
+ tokenList: .none
+ )
+ }
+}
diff --git a/Sources/ConfidentialCore/SyntaxText/SourceFileText.swift b/Sources/ConfidentialCore/SyntaxText/SourceFileText.swift
new file mode 100644
index 0000000..eae8782
--- /dev/null
+++ b/Sources/ConfidentialCore/SyntaxText/SourceFileText.swift
@@ -0,0 +1,28 @@
+import Foundation
+import SwiftSyntax
+import SwiftSyntaxBuilder
+
+public struct SourceFileText: Equatable {
+
+ private let syntax: Syntax
+
+ init(from sourceFile: ExpressibleAsSourceFile) {
+ self.syntax = sourceFile
+ .createSourceFile()
+ .buildSyntax(format: .init(indentWidth: .zero))
+ }
+
+ public func write(to url: URL, encoding: String.Encoding = .utf8) throws {
+ var text = ""
+ syntax.write(to: &text)
+
+ try text
+ .trimmingCharacters(in: .newlines)
+ .write(to: url, atomically: true, encoding: encoding)
+ }
+}
+
+extension SourceFileText: CustomStringConvertible {
+
+ public var description: String { syntax.description }
+}
diff --git a/Sources/ConfidentialCore/Utils/TypeInfo.swift b/Sources/ConfidentialCore/Utils/TypeInfo.swift
new file mode 100644
index 0000000..da72fca
--- /dev/null
+++ b/Sources/ConfidentialCore/Utils/TypeInfo.swift
@@ -0,0 +1,40 @@
+struct TypeInfo {
+
+ private let type: Any.Type
+
+ init(of type: Any.Type) {
+ self.type = type
+ }
+}
+
+extension TypeInfo {
+
+ var fullyQualifiedName: String {
+ let name = String(reflecting: type)
+ guard let typeLocationEndIndex = name.lastIndex(of: ":") else {
+ return name
+ }
+
+ return .init(name.suffix(from: typeLocationEndIndex).dropFirst())
+ }
+
+ var moduleName: String {
+ .init(fullyQualifiedName.prefix { $0 != "." })
+ }
+
+ var fullName: String {
+ let fullyQualifiedName = fullyQualifiedName
+ guard
+ let index = fullyQualifiedName.firstIndex(of: "."),
+ fullyQualifiedName.distance(from: index, to: fullyQualifiedName.endIndex) > 1
+ else {
+ fatalError("Unexpected metatype string representation")
+ }
+
+ return .init(fullyQualifiedName.suffix(from: index).dropFirst())
+ }
+
+ var name: String {
+ .init(describing: type)
+ }
+}
diff --git a/Sources/ConfidentialKit/Coding/DataDecoder.swift b/Sources/ConfidentialKit/Coding/DataDecoder.swift
new file mode 100644
index 0000000..8026c62
--- /dev/null
+++ b/Sources/ConfidentialKit/Coding/DataDecoder.swift
@@ -0,0 +1,8 @@
+import Foundation
+
+@usableFromInline
+protocol DataDecoder {
+ func decode(_ type: D.Type, from data: Data) throws -> D
+}
+
+extension JSONDecoder: DataDecoder {}
diff --git a/Sources/ConfidentialKit/Extensions/CryptoKit/SymmetricKeySize/SymmetricKeySize+ByteCount.swift b/Sources/ConfidentialKit/Extensions/CryptoKit/SymmetricKeySize/SymmetricKeySize+ByteCount.swift
new file mode 100644
index 0000000..c0e8218
--- /dev/null
+++ b/Sources/ConfidentialKit/Extensions/CryptoKit/SymmetricKeySize/SymmetricKeySize+ByteCount.swift
@@ -0,0 +1,13 @@
+import CryptoKit
+
+extension SymmetricKeySize {
+
+ /// The number of bytes in the key.
+ ///
+ /// The returned value is not rounded up, since ``init(bitCount:)`` only accepts
+ /// positive integers that are a multiple of 8.
+ @usableFromInline
+ var byteCount: Int {
+ bitCount / 8
+ }
+}
diff --git a/Sources/ConfidentialKit/Extensions/Swift/BinaryInteger/BinaryInteger+Bytes.swift b/Sources/ConfidentialKit/Extensions/Swift/BinaryInteger/BinaryInteger+Bytes.swift
new file mode 100644
index 0000000..73b83bd
--- /dev/null
+++ b/Sources/ConfidentialKit/Extensions/Swift/BinaryInteger/BinaryInteger+Bytes.swift
@@ -0,0 +1,23 @@
+public extension BinaryInteger {
+
+ /// This value's binary representation, as a sequence of contiguous bytes.
+ @inlinable
+ @inline(__always)
+ var bytes: [UInt8] { withUnsafeBytes(of: self, [UInt8].init) }
+
+ /// Creates a new instance from the given binary representation.
+ ///
+ /// - Parameter bytes: A collection containing the bytes of this valueโs binary representation,
+ /// in order from the least significant to most significant.
+ @inlinable
+ @inline(__always)
+ init(bytes: Bytes) where Bytes.Element == UInt8 {
+ var bytes = Array(bytes)
+ let size = MemoryLayout.stride
+ if bytes.count < size {
+ bytes.append(contentsOf: (bytes.count.. Data
+}
diff --git a/Sources/ConfidentialKit/Obfuscation/Obfuscation+Secret.swift b/Sources/ConfidentialKit/Obfuscation/Obfuscation+Secret.swift
new file mode 100644
index 0000000..39a260e
--- /dev/null
+++ b/Sources/ConfidentialKit/Obfuscation/Obfuscation+Secret.swift
@@ -0,0 +1,17 @@
+public extension Obfuscation {
+
+ /// A model representing an obfuscated secret.
+ struct Secret: Equatable {
+
+ /// The obfuscated secret's bytes.
+ public let data: [UInt8]
+
+ /// Creates a new instance of a sequence containing obfuscated secret's bytes.
+ ///
+ /// - Parameter data: The sequence of obfuscated secret's bytes.
+ @inlinable
+ public init(data: Data) where Data.Element == UInt8 {
+ self.data = .init(data)
+ }
+ }
+}
diff --git a/Sources/ConfidentialKit/Obfuscation/Obfuscation+SupportedDataTypes.swift b/Sources/ConfidentialKit/Obfuscation/Obfuscation+SupportedDataTypes.swift
new file mode 100644
index 0000000..7f0d7ed
--- /dev/null
+++ b/Sources/ConfidentialKit/Obfuscation/Obfuscation+SupportedDataTypes.swift
@@ -0,0 +1,11 @@
+public extension Obfuscation {
+
+ /// A namespace for the plain data types supported by ``Obfuscation`` API.
+ enum SupportedDataTypes {
+ /// A type that represents a sequence of values.
+ public typealias Array = [String]
+
+ /// A type that represents a single value.
+ public typealias SingleValue = String
+ }
+}
diff --git a/Sources/ConfidentialKit/Obfuscation/Obfuscation.swift b/Sources/ConfidentialKit/Obfuscation/Obfuscation.swift
new file mode 100644
index 0000000..87ca0c5
--- /dev/null
+++ b/Sources/ConfidentialKit/Obfuscation/Obfuscation.swift
@@ -0,0 +1,19 @@
+/// A namespace for types associated with obfuscation-related tasks, which all together
+/// constitute an API for (de)obfuscating secret data.
+///
+/// The various implementations of obfuscation techniques are defined within their own
+/// namespaces defined as extensions on ``Obfuscation``.
+///
+/// Your choice of technique determines the strategy used for data obfuscation:
+/// - The ``Obfuscation/Compression`` namespace encapsulates
+/// implementations of technique involving data compression/decompression.
+/// - The ``Obfuscation/Encryption`` namespace encapsulates
+/// implementations of technique involving data encryption/decryption.
+/// - The ``Obfuscation/Randomization`` namespace encapsulates
+/// implementations of technique involving data randomization.
+///
+/// > Important: The ``ConfidentialKit`` library was designed to be used in
+/// conjunction with `confidential` CLI tool and, as such, it only ships
+/// with a subset of API needed for deobfuscating obfuscated secret data
+/// embedded in the application code.
+public enum Obfuscation {}
diff --git a/Sources/ConfidentialKit/Obfuscation/PropertyWrappers/Obfuscated.swift b/Sources/ConfidentialKit/Obfuscation/PropertyWrappers/Obfuscated.swift
new file mode 100644
index 0000000..09479c9
--- /dev/null
+++ b/Sources/ConfidentialKit/Obfuscation/PropertyWrappers/Obfuscated.swift
@@ -0,0 +1,65 @@
+import Foundation
+
+/// A property wrapper that can deobfuscate the wrapped secret value.
+@propertyWrapper
+public struct Obfuscated {
+
+ /// A type that represents a wrapped value.
+ public typealias Value = Obfuscation.Secret
+
+ /// A type that represents a deobfuscation function.
+ public typealias DeobfuscateDataFunc = (Data) throws -> Data
+
+ @usableFromInline
+ let deobfuscateData: DeobfuscateDataFunc
+
+ @usableFromInline
+ let decoder: DataDecoder
+
+ /// The underlying secret value.
+ public let wrappedValue: Value
+
+ /// A plain secret value after transforming obfuscated secret's data with a deobfuscation function.
+ @inlinable
+ public var projectedValue: PlainValue {
+ let secretData = Data(wrappedValue.data)
+ let value: PlainValue
+
+ do {
+ let deobfuscatedData = try deobfuscateData(secretData)
+ value = try decoder.decode(PlainValue.self, from: deobfuscatedData)
+ } catch {
+ preconditionFailure("Unexpected error: \(error)")
+ }
+
+ return value
+ }
+
+ @usableFromInline
+ init(
+ wrappedValue: Value,
+ deobfuscateData: @escaping DeobfuscateDataFunc,
+ decoder: DataDecoder
+ ) {
+ self.wrappedValue = wrappedValue
+ self.deobfuscateData = deobfuscateData
+ self.decoder = decoder
+ }
+
+ /// Creates a property that can deobfuscate the wrapped secret value using the given closure.
+ ///
+ /// - Parameters:
+ /// - wrappedValue: A secret value containing obfuscated data.
+ /// - deobfuscateData: The closure to execute when calling ``projectedValue``.
+ @inlinable
+ public init(
+ wrappedValue: Value,
+ _ deobfuscateData: @escaping DeobfuscateDataFunc
+ ) {
+ self.init(
+ wrappedValue: wrappedValue,
+ deobfuscateData: deobfuscateData,
+ decoder: JSONDecoder()
+ )
+ }
+}
diff --git a/Sources/ConfidentialKit/Obfuscation/Techniques/Compression/CompressionAlgorithm.swift b/Sources/ConfidentialKit/Obfuscation/Techniques/Compression/CompressionAlgorithm.swift
new file mode 100644
index 0000000..93cfa10
--- /dev/null
+++ b/Sources/ConfidentialKit/Obfuscation/Techniques/Compression/CompressionAlgorithm.swift
@@ -0,0 +1,7 @@
+import Foundation
+
+public extension Obfuscation.Compression {
+
+ /// An algorithm that indicates how to compress or decompress data.
+ typealias CompressionAlgorithm = NSData.CompressionAlgorithm
+}
diff --git a/Sources/ConfidentialKit/Obfuscation/Techniques/Compression/DataCompressor.swift b/Sources/ConfidentialKit/Obfuscation/Techniques/Compression/DataCompressor.swift
new file mode 100644
index 0000000..e402dd3
--- /dev/null
+++ b/Sources/ConfidentialKit/Obfuscation/Techniques/Compression/DataCompressor.swift
@@ -0,0 +1,33 @@
+import Foundation
+
+public extension Obfuscation.Compression {
+
+ /// An implementation of obfuscation technique utilizing data compression.
+ ///
+ /// See ``CompressionAlgorithm`` for a list of supported compression algorithms.
+ struct DataCompressor: DataDeobfuscationStep {
+
+ /// An algorithm used to compress and decompress the data.
+ public let algorithm: CompressionAlgorithm
+
+ /// Creates a new instance with the specified compression algorithm.
+ ///
+ /// - Parameter algorithm: An algorithm used to compress and decompress the data.
+ @inlinable
+ @inline(__always)
+ public init(algorithm: CompressionAlgorithm) {
+ self.algorithm = algorithm
+ }
+
+ /// Decompresses the given data using preset ``algorithm``.
+ ///
+ /// - Parameter data: A compressed input data.
+ /// - Returns: A decompressed output data.
+ @inlinable
+ @inline(__always)
+ public func deobfuscate(_ data: Data) throws -> Data {
+ let decompressedData = try NSData(data: data).decompressed(using: algorithm)
+ return .init(referencing: decompressedData)
+ }
+ }
+}
diff --git a/Sources/ConfidentialKit/Obfuscation/Techniques/Compression/Obfuscation+Compression.swift b/Sources/ConfidentialKit/Obfuscation/Techniques/Compression/Obfuscation+Compression.swift
new file mode 100644
index 0000000..f2d6e14
--- /dev/null
+++ b/Sources/ConfidentialKit/Obfuscation/Techniques/Compression/Obfuscation+Compression.swift
@@ -0,0 +1,5 @@
+public extension Obfuscation {
+
+ /// A namespace for types that use data compression as obfuscation technique.
+ enum Compression {}
+}
diff --git a/Sources/ConfidentialKit/Obfuscation/Techniques/Encryption/DataCrypter.swift b/Sources/ConfidentialKit/Obfuscation/Techniques/Encryption/DataCrypter.swift
new file mode 100644
index 0000000..d87c572
--- /dev/null
+++ b/Sources/ConfidentialKit/Obfuscation/Techniques/Encryption/DataCrypter.swift
@@ -0,0 +1,47 @@
+import CryptoKit
+import Foundation
+
+public extension Obfuscation.Encryption {
+
+ /// An implementation of obfuscation technique utilizing data encryption.
+ ///
+ /// See ``SymmetricEncryptionAlgorithm`` for a list of supported encryption algorithms.
+ struct DataCrypter: DataDeobfuscationStep {
+
+ /// An algorithm used to encrypt and decrypt the data.
+ public let algorithm: SymmetricEncryptionAlgorithm
+
+ /// Creates a new instance with the specified symmetric encryption algorithm.
+ ///
+ /// - Parameter algorithm: An algorithm used to encrypt and decrypt the data.
+ @inlinable
+ @inline(__always)
+ public init(algorithm: SymmetricEncryptionAlgorithm) {
+ self.algorithm = algorithm
+ }
+
+ /// Decrypts the given data using preset ``algorithm``.
+ ///
+ /// - Parameter data: An encrypted input data.
+ /// - Returns: A decrypted output data.
+ @inlinable
+ @inline(__always)
+ public func deobfuscate(_ data: Data) throws -> Data {
+ var obfuscatedData = data
+ let keyData = obfuscatedData.suffix(algorithm.keySize.byteCount)
+ obfuscatedData.removeLast(algorithm.keySize.byteCount)
+
+ let deobfuscatedData: Data
+ switch algorithm {
+ case .aes128GCM, .aes192GCM, .aes256GCM:
+ let sealedBox = try AES.GCM.SealedBox(combined: obfuscatedData)
+ deobfuscatedData = try AES.GCM.open(sealedBox, using: .init(data: keyData))
+ case .chaChaPoly:
+ let sealedBox = try ChaChaPoly.SealedBox(combined: obfuscatedData)
+ deobfuscatedData = try ChaChaPoly.open(sealedBox, using: .init(data: keyData))
+ }
+
+ return deobfuscatedData
+ }
+ }
+}
diff --git a/Sources/ConfidentialKit/Obfuscation/Techniques/Encryption/Obfuscation+Encryption.swift b/Sources/ConfidentialKit/Obfuscation/Techniques/Encryption/Obfuscation+Encryption.swift
new file mode 100644
index 0000000..09155f8
--- /dev/null
+++ b/Sources/ConfidentialKit/Obfuscation/Techniques/Encryption/Obfuscation+Encryption.swift
@@ -0,0 +1,5 @@
+public extension Obfuscation {
+
+ /// A namespace for types that use data encryption as obfuscation technique.
+ enum Encryption {}
+}
diff --git a/Sources/ConfidentialKit/Obfuscation/Techniques/Encryption/SymmetricEncryptionAlgorithm.swift b/Sources/ConfidentialKit/Obfuscation/Techniques/Encryption/SymmetricEncryptionAlgorithm.swift
new file mode 100644
index 0000000..1e88571
--- /dev/null
+++ b/Sources/ConfidentialKit/Obfuscation/Techniques/Encryption/SymmetricEncryptionAlgorithm.swift
@@ -0,0 +1,39 @@
+import CryptoKit
+
+public extension Obfuscation.Encryption {
+
+ /// A symmetric algorithm that indicates how to encrypt or decrypt data.
+ enum SymmetricEncryptionAlgorithm: String {
+ /// The Advanced Encryption Standard (AES) algorithm in Galois/Counter Mode (GCM)
+ /// with 128-bit key.
+ case aes128GCM
+
+ /// The Advanced Encryption Standard (AES) algorithm in Galois/Counter Mode (GCM)
+ /// with 192-bit key.
+ case aes192GCM
+
+ /// The Advanced Encryption Standard (AES) algorithm in Galois/Counter Mode (GCM)
+ /// with 256-bit key.
+ case aes256GCM
+
+ /// The ChaCha20-Poly1305 algorithm.
+ case chaChaPoly
+ }
+}
+
+public extension Obfuscation.Encryption.SymmetricEncryptionAlgorithm {
+
+ /// The size of the symmetric cryptographic key associated with the algorithm.
+ var keySize: SymmetricKeySize {
+ switch self {
+ case .aes128GCM:
+ return .bits128
+ case .aes192GCM:
+ return .bits192
+ case .aes256GCM:
+ return .bits256
+ case .chaChaPoly:
+ return .bits256
+ }
+ }
+}
diff --git a/Sources/ConfidentialKit/Obfuscation/Techniques/Randomization/DataShuffler.swift b/Sources/ConfidentialKit/Obfuscation/Techniques/Randomization/DataShuffler.swift
new file mode 100644
index 0000000..093eecd
--- /dev/null
+++ b/Sources/ConfidentialKit/Obfuscation/Techniques/Randomization/DataShuffler.swift
@@ -0,0 +1,110 @@
+import Foundation
+
+public extension Obfuscation.Randomization {
+
+ /// An implementation of obfuscation technique utilizing data randomization.
+ ///
+ /// The ``DataShuffler`` uses a pseudorandom number generator (PRNG) to
+ /// shuffle the bytes stored in ``Data`` instance being processed, along with a
+ /// ``nonce``, which is used to obfuscate the shuffling parameters.
+ ///
+ /// > Warning: The current implementation of this technique is best suited for secrets of
+ /// which size does not exceed 256 bytes. For larger secrets, the size of the
+ /// obfuscated data will grow from 2N to 3N, where N is the input data size
+ /// in bytes, or even 5N (32-bit platform) or 9N (64-bit platform) if the size of
+ /// input data is larger than 65 536 bytes.
+ struct DataShuffler: DataDeobfuscationStep {
+
+ /// The nonce used to obfuscate the data.
+ public let nonce: UInt64
+
+ /// Creates a new instance with the specified cryptographic nonce.
+ ///
+ /// - Parameter nonce: The nonce.
+ @inlinable
+ @inline(__always)
+ public init(nonce: UInt64) {
+ self.nonce = nonce
+ }
+
+ /// Deshuffles the given data using preset ``nonce``.
+ ///
+ /// - Parameter data: A shuffled input data.
+ /// - Returns: A deshuffled output data.
+ @inlinable
+ @inline(__always)
+ public func deobfuscate(_ data: Data) throws -> Data {
+ let countByteWidth = Int.byteWidth
+ let nonceBytes = nonce.bytes
+ let count = data
+ .prefix(upTo: countByteWidth)
+ .withUnsafeBytes { $0.load(as: Int.self) } ^ .init(bytes: nonceBytes)
+ let indexByteWidthPos = countByteWidth + count
+ let indexByteWidth = data[indexByteWidthPos]
+ let indexes = Internal.deobfuscateIndexes(
+ bytes: .init(data.suffix(from: indexByteWidthPos + 1)),
+ byteWidth: indexByteWidth,
+ nonceBytes: nonceBytes
+ )
+ let shuffledBytes = data.subdata(in: countByteWidth.. [UInt8] {
+ var result: [UInt8] = .init(repeating: .zero, count: bytes.count)
+ indexes.enumerated().forEach { newIdx, oldIdx in
+ result[newIdx] = bytes[oldIdx]
+ }
+
+ return result
+ }
+
+ @usableFromInline
+ @inline(__always)
+ static func deobfuscateIndexes(bytes: [UInt8], byteWidth: UInt8, nonceBytes: [UInt8]) -> [Int] {
+ var bytes = bytes[...]
+ let byteWidth = Int(byteWidth)
+ switch byteWidth {
+ case UInt8.byteWidth:
+ return deobfuscateIndexes(bytes: &bytes, indexType: UInt8.self, nonceBytes: nonceBytes)
+ case UInt16.byteWidth:
+ return deobfuscateIndexes(bytes: &bytes, indexType: UInt16.self, nonceBytes: nonceBytes)
+ default:
+ return deobfuscateIndexes(bytes: &bytes, indexType: Int.self, nonceBytes: nonceBytes)
+ }
+ }
+
+ @usableFromInline
+ @inline(__always)
+ static func deobfuscateIndexes(
+ bytes: inout ArraySlice,
+ indexType: I.Type,
+ nonceBytes: [UInt8]
+ ) -> [Int] {
+ let byteWidth = indexType.byteWidth
+ var indexes: [Int] = []
+ while !bytes.isEmpty {
+ let index = Int(
+ bytes
+ .prefix(upTo: bytes.startIndex + byteWidth)
+ .withUnsafeBytes { $0.load(as: indexType) } ^ .init(bytes: nonceBytes)
+ )
+ indexes.append(index)
+ bytes.removeFirst(byteWidth)
+ }
+
+ return indexes
+ }
+ }
+}
diff --git a/Sources/ConfidentialKit/Obfuscation/Techniques/Randomization/Obfuscation+Randomization.swift b/Sources/ConfidentialKit/Obfuscation/Techniques/Randomization/Obfuscation+Randomization.swift
new file mode 100644
index 0000000..290bea2
--- /dev/null
+++ b/Sources/ConfidentialKit/Obfuscation/Techniques/Randomization/Obfuscation+Randomization.swift
@@ -0,0 +1,5 @@
+public extension Obfuscation {
+
+ /// A namespace for types that use data randomization as obfuscation technique.
+ enum Randomization {}
+}
diff --git a/Sources/confidential/Confidential.swift b/Sources/confidential/Confidential.swift
new file mode 100644
index 0000000..cc9bc59
--- /dev/null
+++ b/Sources/confidential/Confidential.swift
@@ -0,0 +1,14 @@
+import ArgumentParser
+
+@main
+struct Confidential: ParsableCommand {
+
+ static let configuration = CommandConfiguration(
+ commandName: "confidential",
+ abstract: "A command-line tool to obfuscate secret literals embedded in Swift project.",
+ subcommands: [
+ Obfuscate.self
+ ],
+ defaultSubcommand: Obfuscate.self
+ )
+}
diff --git a/Sources/confidential/Errors/RuntimeError.swift b/Sources/confidential/Errors/RuntimeError.swift
new file mode 100644
index 0000000..cc97866
--- /dev/null
+++ b/Sources/confidential/Errors/RuntimeError.swift
@@ -0,0 +1,3 @@
+struct RuntimeError: Error, CustomStringConvertible {
+ let description: String
+}
diff --git a/Sources/confidential/Subcommands/Obfuscate.swift b/Sources/confidential/Subcommands/Obfuscate.swift
new file mode 100644
index 0000000..9c1f1ed
--- /dev/null
+++ b/Sources/confidential/Subcommands/Obfuscate.swift
@@ -0,0 +1,58 @@
+import ArgumentParser
+import ConfidentialCore
+import Foundation
+import Yams
+
+extension Confidential {
+
+ struct Obfuscate: ParsableCommand {
+
+ static let configuration = CommandConfiguration(
+ commandName: "obfuscate",
+ abstract: "Obfuscate secret literals.",
+ discussion: """
+ The generated Swift code provides accessors for each secret literal, \
+ grouped into namespaces as defined in configuration file. \
+ The accessor allows for retrieving a deobfuscated literal at \
+ runtime.
+ """
+ )
+
+ @Option(
+ help: "The path to a Confidential configuration file.",
+ transform: URL.init(fileURLWithPath:)
+ )
+ var configuration: URL
+
+ @Option(
+ help: "The path to an output source file where the generated Swift code is to be written.",
+ transform: URL.init(fileURLWithPath:)
+ )
+ var output: URL
+
+ private var fileManager: FileManager { FileManager.default }
+
+ mutating func run() throws {
+ guard fileManager.isReadableFile(atPath: configuration.path) else {
+ throw RuntimeError(description: #"Unable to read configuration file at \#(configuration.path)"#)
+ }
+
+ let configurationYAML = try Data(contentsOf: configuration)
+ let configuration = try YAMLDecoder().decode(Configuration.self, from: configurationYAML)
+
+ guard fileManager.createFile(atPath: output.path, contents: .none) else {
+ throw RuntimeError(description: #"Failed to create output file at "\#(output.path)""#)
+ }
+
+ var sourceSpecification = try Parsers.ModelTransform.SourceSpecification()
+ .parse(configuration)
+
+ try SourceObfuscator().obfuscate(&sourceSpecification)
+
+ let sourceFileText = try Parsers.CodeGeneration.SourceFile()
+ .parse(&sourceSpecification)
+
+ try sourceFileText.write(to: output)
+ }
+ }
+}
diff --git a/Tests/ConfidentialCoreTests/Extensions/Foundation/Data/Data+HexStringTests.swift b/Tests/ConfidentialCoreTests/Extensions/Foundation/Data/Data+HexStringTests.swift
new file mode 100644
index 0000000..5f80345
--- /dev/null
+++ b/Tests/ConfidentialCoreTests/Extensions/Foundation/Data/Data+HexStringTests.swift
@@ -0,0 +1,74 @@
+@testable import ConfidentialCore
+import XCTest
+
+final class Data_HexStringTests: XCTestCase {
+
+ private let bytesStub: [UInt8] = [0xff, 0x36, 0xb4, 0xcb, 0x34, 0xff, 0x8c, 0x8f, 0xbf, 0x0f, 0x43, 0x45]
+
+ func test_givenEmptyData_whenHexEncodedStringComponents_thenReturnsEmptyArray() {
+ // given
+ let data = Data()
+
+ // when
+ let hexComponents = data.hexEncodedStringComponents()
+
+ // then
+ XCTAssertTrue(hexComponents.isEmpty)
+ }
+
+ func test_givenNonEmptyData_whenHexEncodedStringComponents_thenReturnsExpectedComponents() {
+ // given
+ let data = Data(bytesStub)
+
+ // when
+ let hexComponents = data.hexEncodedStringComponents()
+
+ // then
+ XCTAssertEqual(
+ ["ff", "36", "b4", "cb", "34", "ff", "8c", "8f", "bf", "0f", "43", "45"],
+ hexComponents
+ )
+ }
+
+ func test_givenNonEmptyData_whenHexEncodedStringComponentsOptionsUpperCase_thenReturnsExpectedComponents() {
+ // given
+ let data = Data(bytesStub)
+
+ // when
+ let hexComponents = data.hexEncodedStringComponents(options: .upperCase)
+
+ // then
+ XCTAssertEqual(
+ ["FF", "36", "B4", "CB", "34", "FF", "8C", "8F", "BF", "0F", "43", "45"],
+ hexComponents
+ )
+ }
+
+ func test_givenNonEmptyData_whenHexEncodedStringComponentsOptionsNumericLiteral_thenReturnsExpectedComponents() {
+ // given
+ let data = Data(bytesStub)
+
+ // when
+ let hexComponents = data.hexEncodedStringComponents(options: .numericLiteral)
+
+ // then
+ XCTAssertEqual(
+ ["0xff", "0x36", "0xb4", "0xcb", "0x34", "0xff", "0x8c", "0x8f", "0xbf", "0x0f", "0x43", "0x45"],
+ hexComponents
+ )
+ }
+
+ func test_givenNonEmptyData_whenHexEncodedStringComponentsOptionsUpperCaseAndNumericLiteral_thenReturnsExpectedComponents() {
+ // given
+ let data = Data(bytesStub)
+
+ // when
+ let hexComponents = data.hexEncodedStringComponents(options: [.upperCase, .numericLiteral])
+
+ // then
+ XCTAssertEqual(
+ ["0xFF", "0x36", "0xB4", "0xCB", "0x34", "0xFF", "0x8C", "0x8F", "0xBF", "0x0F", "0x43", "0x45"],
+ hexComponents
+ )
+ }
+}
diff --git a/Tests/ConfidentialCoreTests/Extensions/Swift/Encodable/Encodable+TypeErasureTests.swift b/Tests/ConfidentialCoreTests/Extensions/Swift/Encodable/Encodable+TypeErasureTests.swift
new file mode 100644
index 0000000..3d66533
--- /dev/null
+++ b/Tests/ConfidentialCoreTests/Extensions/Swift/Encodable/Encodable+TypeErasureTests.swift
@@ -0,0 +1,21 @@
+@testable import ConfidentialCore
+import XCTest
+
+final class Encodable_TypeErasureTests: XCTestCase {
+
+ func test_givenTypeErasedEncodable_whenJSONEncoded_thenNoThrowAndUnderlyingEncodableProducesExpectedResult() {
+ // given
+ let encodableValue = "Test"
+ let encodableSpy = EncodableSpy()
+ encodableSpy.encodableValue = encodableValue
+ let anyEncodable = encodableSpy.eraseToAnyEncodable()
+
+ // when & then
+ var result: Data = .init()
+ XCTAssertNoThrow(
+ result = try JSONEncoder().encode(anyEncodable)
+ )
+ XCTAssertEqual(1, encodableSpy.encodeCallCount)
+ XCTAssertEqual(#""\#(encodableValue)""#, String(data: result, encoding: .utf8))
+ }
+}
diff --git a/Tests/ConfidentialCoreTests/Extensions/Swift/FixedWidthInteger/FixedWidthInteger+SecureRandomTests.swift b/Tests/ConfidentialCoreTests/Extensions/Swift/FixedWidthInteger/FixedWidthInteger+SecureRandomTests.swift
new file mode 100644
index 0000000..a49c444
--- /dev/null
+++ b/Tests/ConfidentialCoreTests/Extensions/Swift/FixedWidthInteger/FixedWidthInteger+SecureRandomTests.swift
@@ -0,0 +1,50 @@
+@testable import ConfidentialCore
+import XCTest
+
+final class FixedWidthInteger_SecureRandomTests: XCTestCase {
+
+ func test_givenFixedWidthIntegerTypes_whenSecureRandom_thenReturnsNonZeroValues() throws {
+ // given
+ let types: [Any] = [
+ UInt8.self, UInt16.self, UInt32.self, UInt64.self,
+ Int8.self, Int16.self, Int32.self, Int64.self
+ ]
+
+ // when
+ let values = try types.map { try ($0 as! FixedWidthInteger.Type).secureRandom() }
+
+ // then
+ values.forEach {
+ XCTAssertNotEqual(.zero, $0.nonzeroBitCount)
+ }
+ }
+
+ func test_givenSecureRandomNumberSource_whenSecureRandom_thenReturnsExpectedValue() throws {
+ // given
+ let source: FixedWidthInteger.SecureRandomNumberSource = { bytes in
+ (0.. \(expectedFuncReturnTypeName) {
+ try \(dataCompressorFullyQualifiedName)(algorithm: .\(compressionAlgorithmStub.name))
+ .deobfuscate(
+ try \(dataShufflerFullyQualifiedName)(nonce: \(randomizationNonceStub))
+ .deobfuscate(
+ try \(dataCrypterFullyQualifiedName)(algorithm: .\(encryptionAlgorithmStub.name))
+ .deobfuscate(\(expectedFuncParamName))
+ )
+ )
+ }
+ """,
+ .init(describing: functionDeclSyntax)
+ )
+ XCTAssertTrue(algorithm.isEmpty)
+ }
+
+ func test_givenEmptyAlgorithm_whenParse_thenThrowsExpectedError() {
+ // given
+ var algorithm = Algorithm()
+ let parser = DeobfuscateDataFunctionDeclParser(functionNestingLevel: .zero)
+
+ // when & then
+ XCTAssertThrowsError(try parser.parse(&algorithm)) { error in
+ XCTAssertEqual(
+ "Obfuscation algorithm must consist of at least one obfuscation step.",
+ "\(error)"
+ )
+ }
+ }
+}
diff --git a/Tests/ConfidentialCoreTests/Parsing/Parsers/CodeGeneration/NamespaceDeclParserTests.swift b/Tests/ConfidentialCoreTests/Parsing/Parsers/CodeGeneration/NamespaceDeclParserTests.swift
new file mode 100644
index 0000000..d5e6b7a
--- /dev/null
+++ b/Tests/ConfidentialCoreTests/Parsing/Parsers/CodeGeneration/NamespaceDeclParserTests.swift
@@ -0,0 +1,134 @@
+@testable import ConfidentialCore
+import XCTest
+
+import SwiftSyntaxBuilder
+
+final class NamespaceDeclParserTests: XCTestCase {
+
+ private typealias MembersParserSpy = ParserSpy<
+ ArraySlice,
+ [ExpressibleAsMemberDeclListItem]
+ >
+ private typealias DeobfuscateDataFunctionDeclParserSpy = ParserSpy<
+ SourceSpecification.Algorithm,
+ ExpressibleAsMemberDeclListItem
+ >
+
+ private let memberNameStub = "tested"
+ private let memberTypeNameStub = "Bool"
+ private let deobfuscateDataFunctionNameStub = "test"
+
+ private var membersParserSpy: MembersParserSpy!
+ private var deobfuscateDataFunctionDeclParserSpy: DeobfuscateDataFunctionDeclParserSpy!
+
+ private var sut: NamespaceDeclParser!
+
+ override func setUp() {
+ super.setUp()
+ membersParserSpy = .init(result: membersStub)
+ membersParserSpy.consumeInput = { $0 = [] }
+ deobfuscateDataFunctionDeclParserSpy = .init(result: deobfuscateDataFunctionDeclStub)
+ deobfuscateDataFunctionDeclParserSpy.consumeInput = { $0 = [] }
+ sut = .init(
+ membersParser: membersParserSpy,
+ deobfuscateDataFunctionDeclParser: deobfuscateDataFunctionDeclParserSpy
+ )
+ }
+
+ override func tearDown() {
+ sut = nil
+ deobfuscateDataFunctionDeclParserSpy = nil
+ membersParserSpy = nil
+ super.tearDown()
+ }
+
+ func test_givenSourceSpecification_whenParse_thenReturnsExpectedNamespaceDeclarationsAndSourceSpecificationIsEmpty() throws {
+ // given
+ let namespaceNameStub = "Secrets"
+ let secretStub = SourceSpecification.Secret.StubFactory.makeSecret()
+ var sourceSpecification = SourceSpecification.StubFactory.makeSpecification(
+ secrets: [
+ .create(identifier: namespaceNameStub): [secretStub],
+ .extend(identifier: namespaceNameStub, moduleName: .none): [secretStub]
+ ]
+ )
+
+ // when
+ let namespaceDeclarations: [ExpressibleAsCodeBlockItem] = try sut.parse(&sourceSpecification)
+
+ // then
+ let namespaceDeclarationsSyntax = namespaceDeclarations
+ .map { $0.createCodeBlockItem() }
+ .map { $0.buildSyntax(format: .init(indentWidth: .zero)) }
+ .map { String(describing: $0) }
+ .sorted()
+
+ XCTAssertEqual(
+ [
+ """
+
+ enum \(namespaceNameStub) {
+
+ static var \(memberNameStub): \(memberTypeNameStub) = false
+
+ static func \(deobfuscateDataFunctionNameStub)() {
+ }
+ }
+ """,
+ """
+
+ extension \(namespaceNameStub) {
+
+ static var \(memberNameStub): \(memberTypeNameStub) = false
+
+ static func \(deobfuscateDataFunctionNameStub)() {
+ }
+ }
+ """
+ ],
+ namespaceDeclarationsSyntax
+ )
+ XCTAssertEqual([[secretStub], [secretStub]], membersParserSpy.parseRecordedInput)
+ XCTAssertEqual([[]], deobfuscateDataFunctionDeclParserSpy.parseRecordedInput)
+ XCTAssertTrue(sourceSpecification.algorithm.isEmpty)
+ XCTAssertTrue(sourceSpecification.secrets.isEmpty)
+ }
+}
+
+private extension NamespaceDeclParserTests {
+
+ var membersStub: [ExpressibleAsMemberDeclListItem] {
+ [
+ VariableDecl(
+ modifiers: ModifierList([
+ DeclModifier(name: .static.withLeadingTrivia(.newlines(1).appending(.spaces(4))))
+ ]),
+ letOrVarKeyword: .var,
+ bindings: PatternBindingList([
+ PatternBinding(
+ pattern: IdentifierPattern(memberNameStub),
+ typeAnnotation: TypeAnnotation(memberTypeNameStub),
+ initializer: InitializerClause(
+ value: BooleanLiteralExpr(booleanLiteral: .false.withoutTrivia())
+ )
+ )
+ ])
+ )
+ ]
+ }
+
+ var deobfuscateDataFunctionDeclStub: ExpressibleAsMemberDeclListItem {
+ FunctionDecl(
+ modifiers: ModifierList([
+ DeclModifier(name: .static.withLeadingTrivia(.newlines(1).appending(.spaces(4))))
+ ]),
+ identifier: .identifier(deobfuscateDataFunctionNameStub),
+ signature: FunctionSignature(input: ParameterClause()),
+ body: CodeBlock(
+ leftBrace: .leftBrace.withLeadingTrivia(.spaces(1)),
+ statements: CodeBlockItemList([]),
+ rightBrace: .rightBrace.withLeadingTrivia(.spaces(4))
+ )
+ )
+ }
+}
diff --git a/Tests/ConfidentialCoreTests/Parsing/Parsers/CodeGeneration/NamespaceMembersParserTests.swift b/Tests/ConfidentialCoreTests/Parsing/Parsers/CodeGeneration/NamespaceMembersParserTests.swift
new file mode 100644
index 0000000..2d3ffdc
--- /dev/null
+++ b/Tests/ConfidentialCoreTests/Parsing/Parsers/CodeGeneration/NamespaceMembersParserTests.swift
@@ -0,0 +1,91 @@
+@testable import ConfidentialCore
+import XCTest
+
+import SwiftSyntaxBuilder
+
+final class NamespaceMembersParserTests: XCTestCase {
+
+ private typealias Secret = SourceSpecification.Secret
+ private typealias SecretDeclParserSpy = ParserSpy
+
+ private let secretDeclStub = SecretDecl(
+ name: "secret",
+ dataArgumentExpression: ArrayExpr {
+ ArrayElement(expression: IntegerLiteralExpr(digits: "0x20"), trailingComma: .comma)
+ ArrayElement(expression: IntegerLiteralExpr(digits: "0x20"))
+ },
+ dataAccessWrapper: CustomAttribute(
+ attributeName: SimpleTypeIdentifier("Test"),
+ argumentList: .none
+ )
+ )
+ private let secretsStub: ArraySlice = [
+ .StubFactory.makeSecret(),
+ .StubFactory.makeSecret()
+ ]
+
+ private var secretDeclParserSpy: SecretDeclParserSpy!
+
+ private var sut: NamespaceMembersParser!
+
+ override func setUp() {
+ super.setUp()
+ secretDeclParserSpy = .init(result: secretDeclStub)
+ sut = .init(secretDeclParser: secretDeclParserSpy)
+ }
+
+ override func tearDown() {
+ sut = nil
+ secretDeclParserSpy = nil
+ super.tearDown()
+ }
+
+ func test_givenSecrets_whenParse_thenReturnsExpectedMemberDeclarationsAndSecretsIsEmpty() throws {
+ // given
+ var secrets = secretsStub
+
+ // when
+ let memberDeclarations: [ExpressibleAsMemberDeclListItem] = try sut.parse(&secrets)
+
+ // then
+ let format = Format(indentWidth: .zero)
+ let membersSourceText = memberDeclarations
+ .map { $0.createMemberDeclListItem() }
+ .map { $0.buildSyntax(format: format) }
+ .map { String(describing: $0) }
+ let expectedMembersSourceText = secretsStub
+ .map { _ in secretDeclStub.buildSyntax(format: format) }
+ .map { String(describing: $0) }
+ XCTAssertEqual(expectedMembersSourceText, membersSourceText)
+ XCTAssertEqual(secretsStub, secretDeclParserSpy.parseRecordedInput[...])
+ XCTAssertTrue(secrets.isEmpty)
+ }
+
+ func test_givenSecretDeclParserFailsOnFirstSecret_whenParse_thenThrowsErrorAndSecretsLeftIntact() {
+ // given
+ var secrets = secretsStub
+ secretDeclParserSpy.consumeInput = { _ in throw ErrorDummy() }
+
+ // when & then
+ XCTAssertThrowsError(try sut.parse(&secrets))
+ XCTAssertEqual([secretsStub.first!], secretDeclParserSpy.parseRecordedInput)
+ XCTAssertEqual(secretsStub, secrets)
+ }
+
+ func test_givenSecretDeclParserFailsOnSecondSecret_whenParse_thenThrowsErrorAndSecretsContainAll() {
+ // given
+ var secrets = secretsStub
+ var secretCount: Int = .zero
+ secretDeclParserSpy.consumeInput = { _ in
+ guard secretCount == .zero else {
+ throw ErrorDummy()
+ }
+ secretCount += 1
+ }
+
+ // when & then
+ XCTAssertThrowsError(try sut.parse(&secrets))
+ XCTAssertEqual(secretsStub, secretDeclParserSpy.parseRecordedInput[...])
+ XCTAssertEqual(secretsStub.dropFirst(), secrets)
+ }
+}
diff --git a/Tests/ConfidentialCoreTests/Parsing/Parsers/CodeGeneration/SecretDeclParserTests.swift b/Tests/ConfidentialCoreTests/Parsing/Parsers/CodeGeneration/SecretDeclParserTests.swift
new file mode 100644
index 0000000..deebb6a
--- /dev/null
+++ b/Tests/ConfidentialCoreTests/Parsing/Parsers/CodeGeneration/SecretDeclParserTests.swift
@@ -0,0 +1,41 @@
+@testable import ConfidentialCore
+import XCTest
+
+import ConfidentialKit
+
+final class SecretDeclParserTests: XCTestCase {
+
+ private typealias Secret = SourceSpecification.Secret
+
+ func test_givenSecret_whenParse_thenReturnsExpectedSecretDecl() throws {
+ // given
+ let deobfuscateArgumentName = "deobfuscate"
+ let deobfuscateDataFuncName = "deobfuscateData"
+ let secret = Secret(
+ name: "secret",
+ data: .init([0x20, 0x20]),
+ dataAccessWrapperInfo: .init(
+ typeInfo: .init(of: Obfuscated.self),
+ arguments: [(label: deobfuscateArgumentName, value: deobfuscateDataFuncName)]
+ )
+ )
+
+ // when
+ let secretDecl = try SecretDeclParser().parse(secret)
+
+ // then
+ let secretDeclSyntax = secretDecl
+ .createSecretDecl()
+ .buildSyntax(format: .init(indentWidth: .zero))
+ let expectedAttributeName = secret.dataAccessWrapperInfo.typeInfo.fullyQualifiedName
+ let expectedDeclTypeName = TypeInfo(of: Obfuscation.Secret.self).fullyQualifiedName
+ XCTAssertEqual(
+ """
+
+ @\(expectedAttributeName)(\(deobfuscateArgumentName): \(deobfuscateDataFuncName))
+ static var \(secret.name): \(expectedDeclTypeName) = .init(data: [0x20, 0x20])
+ """,
+ .init(describing: secretDeclSyntax)
+ )
+ }
+}
diff --git a/Tests/ConfidentialCoreTests/Parsing/Parsers/CodeGeneration/SourceFileParserTests.swift b/Tests/ConfidentialCoreTests/Parsing/Parsers/CodeGeneration/SourceFileParserTests.swift
new file mode 100644
index 0000000..8404419
--- /dev/null
+++ b/Tests/ConfidentialCoreTests/Parsing/Parsers/CodeGeneration/SourceFileParserTests.swift
@@ -0,0 +1,88 @@
+@testable import ConfidentialCore
+import XCTest
+
+import SwiftSyntaxBuilder
+
+final class SourceFileParserTests: XCTestCase {
+
+ private typealias CodeBlockParserSpy = ParserSpy
+
+ private let moduleNameStub = "SecretModule"
+ private let enumNameStub = "Test"
+
+ private var codeBlockParserSpy: CodeBlockParserSpy!
+
+ private var sut: SourceFileParser!
+
+ override func setUp() {
+ super.setUp()
+ codeBlockParserSpy = .init(result: codeBlockStub)
+ codeBlockParserSpy.consumeInput = {
+ $0.algorithm = []
+ $0.secrets = [:]
+ }
+ sut = .init {
+ codeBlockParserSpy!
+ }
+ }
+
+ override func tearDown() {
+ sut = nil
+ codeBlockParserSpy = nil
+ super.tearDown()
+ }
+
+ func test_givenSourceSpecification_whenParse_thenReturnsExpectedSourceFileTextAndSourceSpecificationIsEmpty() throws {
+ // given
+ var sourceSpecification = SourceSpecification.StubFactory.makeSpecification(
+ secrets: [
+ .create(identifier: "Secrets"): [],
+ .extend(identifier: "Secret", moduleName: moduleNameStub): []
+ ]
+ )
+
+ // when
+ let sourceFileText: SourceFileText = try sut.parse(&sourceSpecification)
+
+ // then
+ XCTAssertEqual(
+ """
+
+ import ConfidentialKit
+ import Foundation
+ import \(moduleNameStub)
+
+ enum \(enumNameStub) {
+ }
+ """,
+ .init(describing: sourceFileText)
+ )
+ XCTAssertTrue(sourceSpecification.algorithm.isEmpty)
+ XCTAssertTrue(sourceSpecification.secrets.isEmpty)
+ }
+
+ func test_givenCodeBlockParserFails_whenParse_thenThrowsError() {
+ // given
+ var sourceSpecification = SourceSpecification.StubFactory.makeSpecification()
+ codeBlockParserSpy.consumeInput = { _ in throw ErrorDummy() }
+
+ // when & then
+ XCTAssertThrowsError(try sut.parse(&sourceSpecification))
+ }
+}
+
+private extension SourceFileParserTests {
+
+ var codeBlockStub: [ExpressibleAsCodeBlockItem] {
+ [
+ EnumDecl(
+ enumKeyword: .enum.withLeadingTrivia(.newlines(1)),
+ identifier: .identifier(enumNameStub),
+ members: MemberDeclBlock(
+ leftBrace: .leftBrace.withLeadingTrivia(.spaces(1)),
+ members: MemberDeclList([])
+ )
+ )
+ ]
+ }
+}
diff --git a/Tests/ConfidentialCoreTests/Parsing/Parsers/ModelTransform/AlgorithmParserTests.swift b/Tests/ConfidentialCoreTests/Parsing/Parsers/ModelTransform/AlgorithmParserTests.swift
new file mode 100644
index 0000000..f4fb743
--- /dev/null
+++ b/Tests/ConfidentialCoreTests/Parsing/Parsers/ModelTransform/AlgorithmParserTests.swift
@@ -0,0 +1,81 @@
+@testable import ConfidentialCore
+import XCTest
+
+final class AlgorithmParserTests: XCTestCase {
+
+ private typealias ObfuscationStepParserSpy = ParserSpy
+
+ private let obfuscationStepStub = "test"
+ private lazy var algorithmStub = (0..<2).map { _ in obfuscationStepStub }[...]
+
+ private var obfuscationStepParserSpy: ObfuscationStepParserSpy!
+
+ private var sut: AlgorithmParser!
+
+ override func setUp() {
+ super.setUp()
+ obfuscationStepParserSpy = .init(result: .init(technique: .compression(algorithm: .lzfse)))
+ obfuscationStepParserSpy.consumeInput = { $0 = "" }
+ sut = .init(obfuscationStepParser: obfuscationStepParserSpy)
+ }
+
+ override func tearDown() {
+ sut = nil
+ obfuscationStepParserSpy = nil
+ super.tearDown()
+ }
+
+ func test_givenConfiguration_whenParse_thenReturnsExpectedValueAndConfigurationAlgorithmIsEmpty() throws {
+ // given
+ var configuration = Configuration.StubFactory.makeConfiguration(algorithm: algorithmStub)
+
+ // when
+ let algorithm = try sut.parse(&configuration)
+
+ // then
+ XCTAssertEqual(
+ (0..
+
+ private let inputStub = "test"[...]
+
+ private var compressionTechniqueParserSpy: TechniqueParserSpy!
+ private var randomizationTechniqueParserSpy: TechniqueParserSpy!
+
+ private var sut: ObfuscationStepParser>!
+
+ override func setUp() {
+ super.setUp()
+ compressionTechniqueParserSpy = .init(result: .compression(algorithm: .lz4))
+ randomizationTechniqueParserSpy = .init(result: .randomization(nonce: 123456789))
+ sut = ObfuscationStepParser {
+ compressionTechniqueParserSpy!
+ randomizationTechniqueParserSpy!
+ }
+ }
+
+ override func tearDown() {
+ sut = nil
+ randomizationTechniqueParserSpy = nil
+ compressionTechniqueParserSpy = nil
+ super.tearDown()
+ }
+
+ func test_givenFirstTechniqueParserSucceeds_whenParse_thenReturnsExpectedValue() throws {
+ // given
+ var input = inputStub
+ compressionTechniqueParserSpy.consumeInput = { _ in }
+ randomizationTechniqueParserSpy.consumeInput = { _ in throw ErrorDummy() }
+
+ // when
+ let obfuscationStep = try sut.parse(&input)
+
+ // then
+ XCTAssertEqual(.init(technique: compressionTechniqueParserSpy.result), obfuscationStep)
+ XCTAssertEqual([inputStub], compressionTechniqueParserSpy.parseRecordedInput)
+ XCTAssertEqual([], randomizationTechniqueParserSpy.parseRecordedInput)
+ }
+
+ func test_givenSecondTechniqueParserSucceeds_whenParse_thenReturnsExpectedValue() throws {
+ // given
+ var input = inputStub
+ compressionTechniqueParserSpy.consumeInput = { _ in throw ErrorDummy() }
+ randomizationTechniqueParserSpy.consumeInput = { _ in }
+
+ // when
+ let obfuscationStep = try sut.parse(&input)
+
+ // then
+ XCTAssertEqual(.init(technique: randomizationTechniqueParserSpy.result), obfuscationStep)
+ XCTAssertEqual([inputStub], compressionTechniqueParserSpy.parseRecordedInput)
+ XCTAssertEqual([inputStub], randomizationTechniqueParserSpy.parseRecordedInput)
+ }
+
+ func test_givenBothTechniqueParsersFail_whenParse_thenThrowsError() {
+ // given
+ var input = inputStub
+ compressionTechniqueParserSpy.consumeInput = { _ in throw ErrorDummy() }
+ randomizationTechniqueParserSpy.consumeInput = { _ in throw ErrorDummy() }
+
+ // when & then
+ XCTAssertThrowsError(try sut.parse(&input))
+ XCTAssertEqual([inputStub], compressionTechniqueParserSpy.parseRecordedInput)
+ XCTAssertEqual([inputStub], randomizationTechniqueParserSpy.parseRecordedInput)
+ }
+}
diff --git a/Tests/ConfidentialCoreTests/Parsing/Parsers/ModelTransform/RandomizationTechniqueParserTests.swift b/Tests/ConfidentialCoreTests/Parsing/Parsers/ModelTransform/RandomizationTechniqueParserTests.swift
new file mode 100644
index 0000000..0fc7ae6
--- /dev/null
+++ b/Tests/ConfidentialCoreTests/Parsing/Parsers/ModelTransform/RandomizationTechniqueParserTests.swift
@@ -0,0 +1,70 @@
+@testable import ConfidentialCore
+import XCTest
+
+final class RandomizationTechniqueParserTests: XCTestCase {
+
+ private let nonceStub: UInt64 = 123456789
+
+ private var generateNonceSpy: ParameterlessClosureSpy!
+
+ private var sut: RandomizationTechniqueParser!
+
+ override func setUp() {
+ super.setUp()
+ generateNonceSpy = .init(result: nonceStub)
+ sut = .init(generateNonce: generateNonceSpy.closureWithError)
+ }
+
+ override func tearDown() {
+ sut = nil
+ generateNonceSpy = nil
+ super.tearDown()
+ }
+
+ func test_givenValidInput_whenParse_thenReturnsExpectedEnumValueAndInputIsEmpty() throws {
+ // given
+ var input = " \(C.Parsing.Keywords.shuffle)"[...]
+
+ // when
+ let technique = try sut.parse(&input)
+
+ // then
+ XCTAssertEqual(.randomization(nonce: nonceStub), technique)
+ XCTAssertEqual(1, generateNonceSpy.callCount)
+ XCTAssertTrue(input.isEmpty)
+ }
+
+ func test_givenInvalidInput_whenParse_thenThrowsErrorAndInputLeftIntact() {
+ // given
+ var input = "\(C.Parsing.Keywords.compress)"[...]
+
+ // when & then
+ XCTAssertThrowsError(try sut.parse(&input))
+ XCTAssertEqual(.zero, generateNonceSpy.callCount)
+ XCTAssertEqual("\(C.Parsing.Keywords.compress)", input)
+ }
+
+ func test_givenInputWithUnexpectedTrailingData_whenParse_thenThrowsErrorAndInputEqualsTrailingData() {
+ // given
+ var input = "\(C.Parsing.Keywords.shuffle) Test"[...]
+
+ // when & then
+ XCTAssertThrowsError(try sut.parse(&input))
+ XCTAssertEqual(.zero, generateNonceSpy.callCount)
+ XCTAssertEqual(" Test", input)
+ }
+
+ func test_givenValidInputAndGenerateNonceError_whenParse_thenThrowsExpectedErrorAndInputIsEmpty() {
+ // given
+ var input = "\(C.Parsing.Keywords.shuffle)"[...]
+ let error = ErrorDummy()
+ generateNonceSpy.error = error
+
+ // when & then
+ XCTAssertThrowsError(try sut.parse(&input)) {
+ XCTAssertEqual(error, $0 as? ErrorDummy)
+ }
+ XCTAssertEqual(1, generateNonceSpy.callCount)
+ XCTAssertTrue(input.isEmpty)
+ }
+}
diff --git a/Tests/ConfidentialCoreTests/Parsing/Parsers/ModelTransform/SecretNamespaceParserTests.swift b/Tests/ConfidentialCoreTests/Parsing/Parsers/ModelTransform/SecretNamespaceParserTests.swift
new file mode 100644
index 0000000..7dd1c01
--- /dev/null
+++ b/Tests/ConfidentialCoreTests/Parsing/Parsers/ModelTransform/SecretNamespaceParserTests.swift
@@ -0,0 +1,81 @@
+@testable import ConfidentialCore
+import XCTest
+
+final class SecretNamespaceParserTests: XCTestCase {
+
+ private typealias Namespace = SecretNamespaceParser.Namespace
+
+ private let secretsNamespaceStub = "Secrets"
+ private let secretModuleStub = "SecretModule"
+
+ private var sut: SecretNamespaceParser!
+
+ override func setUp() {
+ super.setUp()
+ sut = .init()
+ }
+
+ override func tearDown() {
+ sut = nil
+ super.tearDown()
+ }
+
+ func test_givenValidInputData_whenParse_thenReturnsExpectedEnumValuesAndInputIsEmpty() throws {
+ // given
+ var inputData = [
+ ""[...],
+ "\(C.Parsing.Keywords.create) \(secretsNamespaceStub)"[...],
+ "\(C.Parsing.Keywords.extend) \(secretsNamespaceStub)"[...],
+ "\(C.Parsing.Keywords.extend) \(secretsNamespaceStub) \(C.Parsing.Keywords.from) \(secretModuleStub)"
+ ]
+
+ // when
+ let namespaces = try inputData.indices.map {
+ try sut.parse(&inputData[$0])
+ }
+
+ // then
+ let expectedNamespaces: [Namespace] = [
+ .extend(identifier: "ConfidentialKit.Obfuscation.Secret", moduleName: "ConfidentialKit"),
+ .create(identifier: secretsNamespaceStub),
+ .extend(identifier: secretsNamespaceStub, moduleName: .none),
+ .extend(identifier: secretsNamespaceStub, moduleName: secretModuleStub)
+ ]
+ XCTAssertEqual(inputData.count, namespaces.count)
+ XCTAssertEqual(expectedNamespaces.count, namespaces.count)
+ namespaces.enumerated().forEach { idx, namespace in
+ XCTAssertEqual(expectedNamespaces[idx], namespace)
+ XCTAssertTrue(inputData[idx].isEmpty)
+ }
+ }
+
+ func test_givenValidInputWithExtraWhitespaces_whenParse_thenReturnsExpectedEnumValueAndInputIsEmpty() throws {
+ // given
+ var input = " \(C.Parsing.Keywords.extend) \(secretsNamespaceStub) \(C.Parsing.Keywords.from) \(secretModuleStub)"[...]
+
+ // when
+ let namespace = try sut.parse(&input)
+
+ // then
+ XCTAssertEqual(.extend(identifier: secretsNamespaceStub, moduleName: secretModuleStub), namespace)
+ XCTAssertTrue(input.isEmpty)
+ }
+
+ func test_givenInvalidInput_whenParse_thenThrowsErrorAndInputLeftIntact() {
+ // given
+ var input = "\(C.Parsing.Keywords.shuffle)"[...]
+
+ // when & then
+ XCTAssertThrowsError(try sut.parse(&input))
+ XCTAssertEqual("\(C.Parsing.Keywords.shuffle)", input)
+ }
+
+ func test_givenInputWithUnexpectedTrailingData_whenParse_thenThrowsErrorAndInputEqualsTrailingData() {
+ // given
+ var input = "\(C.Parsing.Keywords.create) \(secretsNamespaceStub) Test"[...]
+
+ // when & then
+ XCTAssertThrowsError(try sut.parse(&input))
+ XCTAssertEqual(" Test", input)
+ }
+}
diff --git a/Tests/ConfidentialCoreTests/Parsing/Parsers/ModelTransform/SecretsParserTests.swift b/Tests/ConfidentialCoreTests/Parsing/Parsers/ModelTransform/SecretsParserTests.swift
new file mode 100644
index 0000000..6a11a29
--- /dev/null
+++ b/Tests/ConfidentialCoreTests/Parsing/Parsers/ModelTransform/SecretsParserTests.swift
@@ -0,0 +1,103 @@
+@testable import ConfidentialCore
+import XCTest
+
+final class SecretsParserTests: XCTestCase {
+
+ private typealias Namespace = SourceSpecification.Secret.Namespace
+ private typealias NamespaceParserSpy = ParserSpy
+ private typealias Secrets = SourceSpecification.Secrets
+
+ private let secretsNamespaceStub: Namespace = .create(identifier: "Secrets")
+ private let secretsStub: ArraySlice = [
+ .init(name: "secret1", value: .singleValue("message"), namespace: .none),
+ .init(name: "secret2", value: .array(["mess", "age"]), namespace: .none)
+ ]
+
+ private var namespaceParserSpy: NamespaceParserSpy!
+ private var secretValueEncoderSpy: DataEncoderSpy!
+
+ private var sut: SecretsParser!
+
+ override func setUp() {
+ super.setUp()
+ namespaceParserSpy = .init(result: secretsNamespaceStub)
+ namespaceParserSpy.consumeInput = { $0 = "" }
+ secretValueEncoderSpy = .init(underlyingEncoder: JSONEncoder())
+ sut = .init(
+ namespaceParser: namespaceParserSpy,
+ secretValueEncoder: secretValueEncoderSpy
+ )
+ }
+
+ override func tearDown() {
+ sut = nil
+ secretValueEncoderSpy = nil
+ namespaceParserSpy = nil
+ super.tearDown()
+ }
+
+ func test_givenConfiguration_whenParse_thenReturnsExpectedValueAndConfigurationSecretsIsEmpty() throws {
+ // given
+ var configuration = Configuration.StubFactory.makeConfiguration(secrets: secretsStub)
+
+ // when
+ let secrets: Secrets = try sut.parse(&configuration)
+
+ // then
+ let expectedSecrets: SourceSpecification.Secrets = [
+ secretsNamespaceStub: try secretsStub.map {
+ try SourceSpecification.Secret.StubFactory.makeSecret(
+ from: $0,
+ using: secretValueEncoderSpy.underlyingEncoder
+ )
+ }[...]
+ ]
+ XCTAssertEqual(expectedSecrets, secrets)
+ XCTAssertEqual(
+ ["Obfuscated", "Obfuscated>"],
+ secrets[secretsNamespaceStub]?.map { $0.dataAccessWrapperInfo.typeInfo.name }
+ )
+ XCTAssertEqual((0..
+ private typealias SecretsParserSpy = ParserSpy
+
+ private let configurationStub: Configuration = {
+ var configuration = Configuration.StubFactory.makeConfiguration()
+ configuration.defaultNamespace = "Secrets"
+ return configuration
+ }()
+ private let algorithmStub: SourceSpecification.Algorithm = [
+ .init(technique: .encryption(algorithm: .chaChaPoly))
+ ]
+ private let secretsStub: SourceSpecification.Secrets = [
+ .extend(identifier: "Secrets", moduleName: "SecretModule"): [.StubFactory.makeSecret()]
+ ]
+
+ private var algorithmParserSpy: AlgorithmParserSpy!
+ private var secretsParserSpy: SecretsParserSpy!
+
+ private var sut: SourceSpecificationParser!
+
+ override func setUp() {
+ super.setUp()
+ algorithmParserSpy = .init(result: algorithmStub)
+ algorithmParserSpy.consumeInput = { $0.algorithm = [] }
+ secretsParserSpy = .init(result: secretsStub)
+ secretsParserSpy.consumeInput = { $0.secrets = [] }
+ sut = .init(
+ algorithmParser: algorithmParserSpy,
+ secretsParser: secretsParserSpy
+ )
+ }
+
+ override func tearDown() {
+ sut = nil
+ secretsParserSpy = nil
+ algorithmParserSpy = nil
+ super.tearDown()
+ }
+
+ func test_givenConfiguration_whenParse_thenReturnsExpectedValueAndConfigurationDefaultNamespaceIsNil() throws {
+ // given
+ var configuration = configurationStub
+
+ // when
+ let sourceSpecification: SourceSpecification = try sut.parse(&configuration)
+
+ // then
+ XCTAssertEqual(.init(algorithm: algorithmStub, secrets: secretsStub), sourceSpecification)
+ XCTAssertEqual([configurationStub], algorithmParserSpy.parseRecordedInput)
+ XCTAssertEqual([configurationStub], secretsParserSpy.parseRecordedInput)
+ XCTAssertNil(configuration.defaultNamespace)
+ }
+
+ func test_givenAlgorithmParserFails_whenParse_thenThrowsError() {
+ // given
+ var configuration = configurationStub
+ algorithmParserSpy.consumeInput = { _ in throw ErrorDummy() }
+
+ // when & then
+ XCTAssertThrowsError(try sut.parse(&configuration))
+ }
+
+ func test_givenSecretsParserFails_whenParse_thenThrowsError() {
+ // given
+ var configuration = configurationStub
+ secretsParserSpy.consumeInput = { _ in throw ErrorDummy() }
+
+ // when & then
+ XCTAssertThrowsError(try sut.parse(&configuration))
+ }
+}
diff --git a/Tests/ConfidentialCoreTests/SyntaxText/SourceFileTextTests.swift b/Tests/ConfidentialCoreTests/SyntaxText/SourceFileTextTests.swift
new file mode 100644
index 0000000..0c5600e
--- /dev/null
+++ b/Tests/ConfidentialCoreTests/SyntaxText/SourceFileTextTests.swift
@@ -0,0 +1,68 @@
+@testable import ConfidentialCore
+import XCTest
+
+import SwiftSyntaxBuilder
+
+final class SourceFileTextTests: XCTestCase {
+
+ private var temporaryFileURL: URL!
+
+ override func setUp() {
+ super.setUp()
+ temporaryFileURL = .init(fileURLWithPath: NSTemporaryDirectory())
+ .appendingPathComponent("\(UUID().uuidString).swift")
+ }
+
+ override func tearDownWithError() throws {
+ try FileManager.default.removeItem(at: temporaryFileURL)
+ temporaryFileURL = nil
+ super.tearDown()
+ }
+
+ func test_givenSourceFileTextWithSourceFileSyntax_whenWriteToFile_thenFileContainsExpectedSyntaxText() throws {
+ // given
+ let sourceFile = SourceFile(eofToken: .eof) {
+ ImportDecl(
+ path: AccessPath([AccessPathComponent(name: .identifier("Foundation"))])
+ )
+ StructDecl(
+ structKeyword: .struct.withLeadingTrivia(.newlines(1)),
+ identifier: "Test",
+ members: MemberDeclBlock(
+ leftBrace: .leftBrace.withLeadingTrivia(.spaces(1)),
+ rightBrace: .rightBrace
+ ) {
+ VariableDecl(
+ .let.withLeadingTrivia(.spaces(2)),
+ name: IdentifierPattern("id"),
+ type: TypeAnnotation("UUID")
+ )
+ VariableDecl(
+ .var.withLeadingTrivia(.spaces(2)),
+ name: IdentifierPattern("data"),
+ type: TypeAnnotation("Data")
+ )
+ }
+ )
+ }
+ let sourceFileText = SourceFileText(from: sourceFile)
+ let encoding = String.Encoding.utf8
+
+ // when
+ try sourceFileText.write(to: temporaryFileURL, encoding: encoding)
+
+ // then
+ let fileContents = try String(contentsOf: temporaryFileURL, encoding: encoding)
+ XCTAssertEqual(
+ """
+ import Foundation
+
+ struct Test {
+ let id: UUID
+ var data: Data
+ }
+ """,
+ fileContents
+ )
+ }
+}
diff --git a/Tests/ConfidentialCoreTests/TestDoubles/Dummies/ErrorDummy.swift b/Tests/ConfidentialCoreTests/TestDoubles/Dummies/ErrorDummy.swift
new file mode 100644
index 0000000..e05305a
--- /dev/null
+++ b/Tests/ConfidentialCoreTests/TestDoubles/Dummies/ErrorDummy.swift
@@ -0,0 +1 @@
+struct ErrorDummy: Error, Equatable {}
diff --git a/Tests/ConfidentialCoreTests/TestDoubles/Spies/DataEncoderSpy.swift b/Tests/ConfidentialCoreTests/TestDoubles/Spies/DataEncoderSpy.swift
new file mode 100644
index 0000000..70671f3
--- /dev/null
+++ b/Tests/ConfidentialCoreTests/TestDoubles/Spies/DataEncoderSpy.swift
@@ -0,0 +1,18 @@
+@testable import ConfidentialCore
+import Foundation
+
+final class DataEncoderSpy: DataEncoder {
+
+ var underlyingEncoder: DataEncoder
+
+ private(set) var encodeRecordedValues: [any Encodable] = []
+
+ init(underlyingEncoder: DataEncoder) {
+ self.underlyingEncoder = underlyingEncoder
+ }
+
+ func encode(_ value: E) throws -> Data {
+ encodeRecordedValues.append(value)
+ return try underlyingEncoder.encode(value)
+ }
+}
diff --git a/Tests/ConfidentialCoreTests/TestDoubles/Spies/EncodableSpy.swift b/Tests/ConfidentialCoreTests/TestDoubles/Spies/EncodableSpy.swift
new file mode 100644
index 0000000..523b06b
--- /dev/null
+++ b/Tests/ConfidentialCoreTests/TestDoubles/Spies/EncodableSpy.swift
@@ -0,0 +1,13 @@
+final class EncodableSpy: Encodable {
+
+ var encodableValue: Value?
+
+ private(set) var encodeCallCount: Int = .zero
+
+ func encode(to encoder: Encoder) throws {
+ encodeCallCount += 1
+ guard let encodableValue = encodableValue else { return }
+ var container = encoder.singleValueContainer()
+ try container.encode(encodableValue)
+ }
+}
diff --git a/Tests/ConfidentialCoreTests/TestDoubles/Spies/ObfuscationStepResolverSpy.swift b/Tests/ConfidentialCoreTests/TestDoubles/Spies/ObfuscationStepResolverSpy.swift
new file mode 100644
index 0000000..485a7a5
--- /dev/null
+++ b/Tests/ConfidentialCoreTests/TestDoubles/Spies/ObfuscationStepResolverSpy.swift
@@ -0,0 +1,17 @@
+@testable import ConfidentialCore
+
+final class ObfuscationStepResolverSpy: DataObfuscationStepResolver {
+
+ var obfuscationStepReturnValue: any DataObfuscationStep
+
+ private(set) var recordedTechniques: [Technique] = []
+
+ init(obfuscationStepReturnValue: any DataObfuscationStep) {
+ self.obfuscationStepReturnValue = obfuscationStepReturnValue
+ }
+
+ func obfuscationStep(for technique: Technique) -> DataObfuscationStep {
+ recordedTechniques.append(technique)
+ return obfuscationStepReturnValue
+ }
+}
diff --git a/Tests/ConfidentialCoreTests/TestDoubles/Spies/ObfuscationStepSpy.swift b/Tests/ConfidentialCoreTests/TestDoubles/Spies/ObfuscationStepSpy.swift
new file mode 100644
index 0000000..acbdc0b
--- /dev/null
+++ b/Tests/ConfidentialCoreTests/TestDoubles/Spies/ObfuscationStepSpy.swift
@@ -0,0 +1,14 @@
+@testable import ConfidentialCore
+import Foundation
+
+final class ObfuscationStepSpy: DataObfuscationStep {
+
+ var obfuscateReturnValue: Data?
+
+ private(set) var recordedData: [Data] = []
+
+ func obfuscate(_ data: Data) throws -> Data {
+ recordedData.append(data)
+ return obfuscateReturnValue ?? data
+ }
+}
diff --git a/Tests/ConfidentialCoreTests/TestDoubles/Spies/ParameterlessClosureSpy.swift b/Tests/ConfidentialCoreTests/TestDoubles/Spies/ParameterlessClosureSpy.swift
new file mode 100644
index 0000000..bf62d01
--- /dev/null
+++ b/Tests/ConfidentialCoreTests/TestDoubles/Spies/ParameterlessClosureSpy.swift
@@ -0,0 +1,22 @@
+final class ParameterlessClosureSpy {
+
+ var result: Result
+ var error: Error?
+
+ private(set) var callCount: Int = .zero
+
+ init(result: Result) {
+ self.result = result
+ }
+
+ func closure() -> Result {
+ callCount += 1
+ return result
+ }
+
+ func closureWithError() throws -> Result {
+ callCount += 1
+ if let error = error { throw error }
+ return result
+ }
+}
diff --git a/Tests/ConfidentialCoreTests/TestDoubles/Spies/ParserSpy.swift b/Tests/ConfidentialCoreTests/TestDoubles/Spies/ParserSpy.swift
new file mode 100644
index 0000000..6001227
--- /dev/null
+++ b/Tests/ConfidentialCoreTests/TestDoubles/Spies/ParserSpy.swift
@@ -0,0 +1,19 @@
+import Parsing
+
+final class ParserSpy: Parser {
+
+ var result: Output
+ var consumeInput: ((inout Input) throws -> Void)?
+
+ private(set) var parseRecordedInput: [Input] = []
+
+ init(result: Output) {
+ self.result = result
+ }
+
+ func parse(_ input: inout Input) throws -> Output {
+ parseRecordedInput.append(input)
+ try consumeInput?(&input)
+ return result
+ }
+}
diff --git a/Tests/ConfidentialCoreTests/TestDoubles/Stubs/ConfigurationStubFactory.swift b/Tests/ConfidentialCoreTests/TestDoubles/Stubs/ConfigurationStubFactory.swift
new file mode 100644
index 0000000..2099b03
--- /dev/null
+++ b/Tests/ConfidentialCoreTests/TestDoubles/Stubs/ConfigurationStubFactory.swift
@@ -0,0 +1,18 @@
+@testable import ConfidentialCore
+
+extension Configuration {
+
+ enum StubFactory {
+
+ static func makeConfiguration(
+ algorithm: ArraySlice = [],
+ secrets: ArraySlice = []
+ ) -> Configuration {
+ .init(
+ algorithm: algorithm,
+ defaultNamespace: .none,
+ secrets: secrets
+ )
+ }
+ }
+}
diff --git a/Tests/ConfidentialCoreTests/TestDoubles/Stubs/SourceSpecification.SecretStubFactory.swift b/Tests/ConfidentialCoreTests/TestDoubles/Stubs/SourceSpecification.SecretStubFactory.swift
new file mode 100644
index 0000000..3b64a8c
--- /dev/null
+++ b/Tests/ConfidentialCoreTests/TestDoubles/Stubs/SourceSpecification.SecretStubFactory.swift
@@ -0,0 +1,24 @@
+@testable import ConfidentialCore
+import Foundation
+
+extension SourceSpecification.Secret {
+
+ enum StubFactory {
+
+ static func makeSecret(named name: String = "secret", with data: Data = .init()) -> SourceSpecification.Secret {
+ .init(
+ name: name,
+ data: data,
+ dataAccessWrapperInfo: .init(typeInfo: TypeInfo(of: Any.self), arguments: [])
+ )
+ }
+
+ static func makeSecret(from secret: Configuration.Secret, using encoder: DataEncoder) throws -> SourceSpecification.Secret {
+ .init(
+ name: secret.name,
+ data: try encoder.encode(secret.value.underlyingValue),
+ dataAccessWrapperInfo: .init(typeInfo: TypeInfo(of: Any.self), arguments: [])
+ )
+ }
+ }
+}
diff --git a/Tests/ConfidentialCoreTests/TestDoubles/Stubs/SourceSpecificationStubFactory.swift b/Tests/ConfidentialCoreTests/TestDoubles/Stubs/SourceSpecificationStubFactory.swift
new file mode 100644
index 0000000..e20525f
--- /dev/null
+++ b/Tests/ConfidentialCoreTests/TestDoubles/Stubs/SourceSpecificationStubFactory.swift
@@ -0,0 +1,14 @@
+@testable import ConfidentialCore
+
+extension SourceSpecification {
+
+ enum StubFactory {
+
+ static func makeSpecification(
+ algorithm: SourceSpecification.Algorithm = [],
+ secrets: SourceSpecification.Secrets = [:]
+ ) -> SourceSpecification {
+ .init(algorithm: algorithm, secrets: secrets)
+ }
+ }
+}
diff --git a/Tests/ConfidentialCoreTests/Utils/TypeInfoTests.swift b/Tests/ConfidentialCoreTests/Utils/TypeInfoTests.swift
new file mode 100644
index 0000000..0103d96
--- /dev/null
+++ b/Tests/ConfidentialCoreTests/Utils/TypeInfoTests.swift
@@ -0,0 +1,93 @@
+@testable import ConfidentialCore
+import XCTest
+
+final class TypeInfoTests: XCTestCase {
+
+ func test_givenNestedTypeInfo_whenFullyQualifiedName_thenReturnsExpectedValue() {
+ // given
+ let typeInfo = TypeInfo(of: Swift.String.Encoding.self)
+
+ // when
+ let fullyQualifiedName = typeInfo.fullyQualifiedName
+
+ // then
+ XCTAssertEqual("Swift.String.Encoding", fullyQualifiedName)
+ }
+
+ func test_givenNestedTypeInfo_whenModuleName_thenReturnsExpectedValue() {
+ // given
+ let typeInfo = TypeInfo(of: Swift.String.Encoding.self)
+
+ // when
+ let moduleName = typeInfo.moduleName
+
+ // then
+ XCTAssertEqual("Swift", moduleName)
+ }
+
+ func test_givenNestedTypeInfo_whenFullName_thenReturnsExpectedValue() {
+ // given
+ let typeInfo = TypeInfo(of: Swift.String.Encoding.self)
+
+ // when
+ let fullName = typeInfo.fullName
+
+ // then
+ XCTAssertEqual("String.Encoding", fullName)
+ }
+
+ func test_givenNestedTypeInfo_whenName_thenReturnsExpectedValue() {
+ // given
+ let typeInfo = TypeInfo(of: Swift.String.Encoding.self)
+
+ // when
+ let name = typeInfo.name
+
+ // then
+ XCTAssertEqual("Encoding", name)
+ }
+
+ func test_givenTopLevelTypeInfo_whenFullyQualifiedName_thenReturnsExpectedValue() {
+ // given
+ let typeInfo = TypeInfo(of: Foundation.Data.self)
+
+ // when
+ let fullyQualifiedName = typeInfo.fullyQualifiedName
+
+ // then
+ XCTAssertEqual("Foundation.Data", fullyQualifiedName)
+ }
+
+ func test_givenTopLevelTypeInfo_whenModuleName_thenReturnsExpectedValue() {
+ // given
+ let typeInfo = TypeInfo(of: Foundation.Data.self)
+
+ // when
+ let moduleName = typeInfo.moduleName
+
+ // then
+ XCTAssertEqual("Foundation", moduleName)
+ }
+
+ func test_givenTopLevelTypeInfo_whenFullName_thenReturnsExpectedValue() {
+ // given
+ let typeInfo = TypeInfo(of: Foundation.Data.self)
+
+ // when
+ let fullName = typeInfo.fullName
+
+ // then
+ XCTAssertEqual("Data", fullName)
+ }
+
+ func test_givenTopLevelTypeInfo_whenName_thenReturnsExpectedValue() {
+ // given
+ let typeInfo = TypeInfo(of: Foundation.Data.self)
+
+ // when
+ let name = typeInfo.name
+
+ // then
+ XCTAssertEqual("Data", name)
+ }
+}
diff --git a/Tests/ConfidentialKitTests/Extensions/CryptoKit/SymmetricKeySize/SymmetricKeySize+ByteCountTests.swift b/Tests/ConfidentialKitTests/Extensions/CryptoKit/SymmetricKeySize/SymmetricKeySize+ByteCountTests.swift
new file mode 100644
index 0000000..d5d0163
--- /dev/null
+++ b/Tests/ConfidentialKitTests/Extensions/CryptoKit/SymmetricKeySize/SymmetricKeySize+ByteCountTests.swift
@@ -0,0 +1,29 @@
+@testable import ConfidentialKit
+import XCTest
+
+import CryptoKit
+
+final class SymmetricKeySize_ByteCountTests: XCTestCase {
+
+ func test_givenStandardKeySize_whenByteCount_thenReturnsExpectedValue() {
+ // given
+ let keySize = SymmetricKeySize.bits192
+
+ // when
+ let byteCount = keySize.byteCount
+
+ // then
+ XCTAssertEqual(24, byteCount)
+ }
+
+ func test_givenNonStandardKeySize_whenByteCount_thenReturnsExpectedValue() {
+ // given
+ let keySize = SymmetricKeySize(bitCount: 72)
+
+ // when
+ let byteCount = keySize.byteCount
+
+ // then
+ XCTAssertEqual(9, byteCount)
+ }
+}
diff --git a/Tests/ConfidentialKitTests/Extensions/Swift/BinaryInteger/BinaryInteger+BytesTests.swift b/Tests/ConfidentialKitTests/Extensions/Swift/BinaryInteger/BinaryInteger+BytesTests.swift
new file mode 100644
index 0000000..5233099
--- /dev/null
+++ b/Tests/ConfidentialKitTests/Extensions/Swift/BinaryInteger/BinaryInteger+BytesTests.swift
@@ -0,0 +1,58 @@
+@testable import ConfidentialKit
+import XCTest
+
+final class BinaryInteger_BytesTests: XCTestCase {
+
+ func test_givenBinaryIntegers_whenBytes_thenReturnsExpectedValues() {
+ // given
+ let integers: [Any] = [
+ UInt8(1), UInt16(1), UInt32(1), UInt64(1),
+ Int8(1), Int16(1), Int32(1), Int64(1)
+ ]
+
+ // when
+ let bytes = integers.map { ($0 as! FixedWidthInteger).littleEndian.bytes }
+
+ // then
+ XCTAssertEqual(
+ [
+ [0x01], [0x01, 0x00], [0x01, 0x00, 0x00, 0x00], [0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00],
+ [0x01], [0x01, 0x00], [0x01, 0x00, 0x00, 0x00], [0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]
+ ],
+ bytes
+ )
+ }
+
+ func test_givenCollectionOfTwoBytes_whenUInt8InitBytes_thenReturnsUInt8WithExpectedValue() {
+ // given
+ let bytes: [UInt8] = [0x01, 0x01]
+
+ // when
+ let uInt8 = UInt8(bytes: bytes)
+
+ // then
+ XCTAssertEqual(1, uInt8)
+ }
+
+ func test_givenCollectionOfTwoBytes_whenUInt32InitBytes_thenReturnsUInt32WithExpectedValue() {
+ // given
+ let bytes: [UInt8] = [0x01, 0x01]
+
+ // when
+ let uInt32 = UInt32(bytes: bytes)
+
+ // then
+ XCTAssertEqual(257, uInt32)
+ }
+
+ func test_givenEmptyCollection_whenIntInitBytes_thenReturnsIntWithValueEqualToZero() {
+ // given
+ let bytes: [UInt8] = []
+
+ // when
+ let int = Int(bytes: bytes)
+
+ // then
+ XCTAssertEqual(.zero, int)
+ }
+}
diff --git a/Tests/ConfidentialKitTests/Extensions/Swift/FixedWidthInteger/FixedWidthInteger+ByteWidthTests.swift b/Tests/ConfidentialKitTests/Extensions/Swift/FixedWidthInteger/FixedWidthInteger+ByteWidthTests.swift
new file mode 100644
index 0000000..0509d01
--- /dev/null
+++ b/Tests/ConfidentialKitTests/Extensions/Swift/FixedWidthInteger/FixedWidthInteger+ByteWidthTests.swift
@@ -0,0 +1,25 @@
+@testable import ConfidentialKit
+import XCTest
+
+final class FixedWidthInteger_ByteWidthTests: XCTestCase {
+
+ func test_givenFixedWidthIntegerTypes_whenByteWidth_thenReturnsExpectedValues() {
+ // given
+ let types: [Any] = [
+ UInt8.self, UInt16.self, UInt32.self, UInt64.self,
+ Int8.self, Int16.self, Int32.self, Int64.self
+ ]
+
+ // when
+ let byteWidths = types.map { ($0 as! FixedWidthInteger.Type).byteWidth }
+
+ // then
+ XCTAssertEqual(
+ [
+ 1, 2, 4, 8,
+ 1, 2, 4, 8
+ ],
+ byteWidths
+ )
+ }
+}
diff --git a/Tests/ConfidentialKitTests/Obfuscation/Obfuscation+SecretTests.swift b/Tests/ConfidentialKitTests/Obfuscation/Obfuscation+SecretTests.swift
new file mode 100644
index 0000000..6fa4a81
--- /dev/null
+++ b/Tests/ConfidentialKitTests/Obfuscation/Obfuscation+SecretTests.swift
@@ -0,0 +1,28 @@
+@testable import ConfidentialKit
+import XCTest
+
+final class Obfuscation_SecretTests: XCTestCase {
+
+ func test_givenSecretWithTestBytes_whenData_thenReturnsTestBytes() {
+ // given
+ let testBytes: [UInt8] = [0x35, 0x9d, 0x82, 0x1f, 0x68, 0x81, 0x02, 0x64]
+ let secret = Obfuscation.Secret(data: testBytes)
+
+ // when
+ let data = secret.data
+
+ // then
+ XCTAssertEqual(testBytes, data)
+ }
+
+ func test_givenSecretWithEmptyByteArray_whenData_thenReturnsEmptyArray() {
+ // given
+ let secret = Obfuscation.Secret(data: [])
+
+ // when
+ let data = secret.data
+
+ // then
+ XCTAssertTrue(data.isEmpty)
+ }
+}
diff --git a/Tests/ConfidentialKitTests/Obfuscation/PropertyWrappers/ObfuscatedTests.swift b/Tests/ConfidentialKitTests/Obfuscation/PropertyWrappers/ObfuscatedTests.swift
new file mode 100644
index 0000000..d785729
--- /dev/null
+++ b/Tests/ConfidentialKitTests/Obfuscation/PropertyWrappers/ObfuscatedTests.swift
@@ -0,0 +1,65 @@
+@testable import ConfidentialKit
+import XCTest
+
+final class ObfuscatedTests: XCTestCase {
+
+ private let secretPlainValue: SingleValue = .StubFactory.makeSecretMessage()
+
+ private var secretStub: Obfuscation.Secret!
+ private var deobfuscateDataSpy: DeobfuscateDataFuncSpy!
+ private var dataDecoderSpy: DataDecoderSpy!
+
+ private var sut: Obfuscated!
+
+ override func setUp() {
+ super.setUp()
+ secretStub = .StubFactory.makeJSONEncodedSecret(with: secretPlainValue)
+ deobfuscateDataSpy = .init()
+ dataDecoderSpy = .init(underlyingDecoder: JSONDecoder())
+ sut = .init(
+ wrappedValue: secretStub,
+ deobfuscateData: deobfuscateDataSpy.deobfuscateData,
+ decoder: dataDecoderSpy
+ )
+ }
+
+ override func tearDown() {
+ sut = nil
+ dataDecoderSpy = nil
+ deobfuscateDataSpy = nil
+ secretStub = nil
+ super.tearDown()
+ }
+
+ func test_whenWrappedValue_thenReturnsExpectedSecretStub() {
+ // when
+ let wrappedValue = sut.wrappedValue
+
+ // then
+ XCTAssertEqual(secretStub, wrappedValue)
+ }
+
+ func test_whenProjectedValue_thenReturnsExpectedPlainValue() {
+ // when
+ let projectedValue = sut.projectedValue
+
+ // then
+ XCTAssertEqual(secretPlainValue, projectedValue)
+ }
+
+ func test_whenProjectedValue_thenDeobfuscateDataFuncCalledOnce() {
+ // when
+ _ = sut.projectedValue
+
+ // then
+ XCTAssertEqual([.init(secretStub.data)], deobfuscateDataSpy.recordedData)
+ }
+
+ func test_whenProjectedValue_thenDataDecoderCalledOnce() {
+ // when
+ _ = sut.projectedValue
+
+ // then
+ XCTAssertEqual([.init(secretStub.data)], dataDecoderSpy.decodeRecordedData)
+ }
+}
diff --git a/Tests/ConfidentialKitTests/Obfuscation/Techniques/Compression/DataCompressorTests.swift b/Tests/ConfidentialKitTests/Obfuscation/Techniques/Compression/DataCompressorTests.swift
new file mode 100644
index 0000000..cc49af1
--- /dev/null
+++ b/Tests/ConfidentialKitTests/Obfuscation/Techniques/Compression/DataCompressorTests.swift
@@ -0,0 +1,33 @@
+@testable import ConfidentialKit
+import XCTest
+
+final class DataCompressorTests: XCTestCase {
+
+ private typealias Algorithm = Obfuscation.Compression.CompressionAlgorithm
+ private typealias DataCompressor = Obfuscation.Compression.DataCompressor
+
+ private let plainData: Data = SingleValue.StubFactory.makeSecretMessageData()
+ private let compressionAlgorithms: [Algorithm] = [
+ .lzfse, .lz4, .lzma, .zlib
+ ]
+
+ func test_givenCompressedData_whenDeobfuscate_thenReturnsDecompressedData() throws {
+ // given
+ let compressedData = compressionAlgorithms
+ .map { algorithm in
+ (
+ algorithm,
+ Data(referencing: try! NSData(data: plainData).compressed(using: algorithm))
+ )
+ }
+
+ // when
+ let decompressedData = try compressedData
+ .map { algorithm, data in
+ try DataCompressor(algorithm: algorithm).deobfuscate(data)
+ }
+
+ // then
+ decompressedData.forEach { XCTAssertEqual(plainData, $0) }
+ }
+}
diff --git a/Tests/ConfidentialKitTests/Obfuscation/Techniques/Encryption/DataCrypterTests.swift b/Tests/ConfidentialKitTests/Obfuscation/Techniques/Encryption/DataCrypterTests.swift
new file mode 100644
index 0000000..4a85252
--- /dev/null
+++ b/Tests/ConfidentialKitTests/Obfuscation/Techniques/Encryption/DataCrypterTests.swift
@@ -0,0 +1,50 @@
+@testable import ConfidentialKit
+import XCTest
+
+import CryptoKit
+
+final class DataCrypterTests: XCTestCase {
+
+ private typealias Algorithm = Obfuscation.Encryption.SymmetricEncryptionAlgorithm
+ private typealias DataCrypter = Obfuscation.Encryption.DataCrypter
+
+ private let plainData: Data = SingleValue.StubFactory.makeSecretMessageData()
+ private let encryptionAlgorithms: [Algorithm] = [
+ .aes128GCM, .aes192GCM, .aes256GCM, .chaChaPoly
+ ]
+
+ func test_givenEncryptedData_whenDeobfuscate_thenReturnsDecryptedData() throws {
+ // given
+ let encryptedData = encryptionAlgorithms
+ .map(makeEncryptedData(using:))
+
+ // when
+ let decryptedData = try encryptedData
+ .map { algorithm, data in
+ try DataCrypter(algorithm: algorithm).deobfuscate(data)
+ }
+
+ // then
+ decryptedData.forEach { XCTAssertEqual(plainData, $0) }
+ }
+}
+
+extension DataCrypterTests {
+
+ private func makeEncryptedData(using algorithm: Algorithm) -> (Algorithm, Data) {
+ let key = SymmetricKey(size: algorithm.keySize)
+
+ var encryptedData: Data
+ switch algorithm {
+ case .aes128GCM, .aes192GCM, .aes256GCM:
+ encryptedData = try! AES.GCM.seal(plainData, using: key, nonce: .init()).combined!
+ case .chaChaPoly:
+ encryptedData = try! ChaChaPoly.seal(plainData, using: key, nonce: .init()).combined
+ }
+
+ let keyData = key.withUnsafeBytes(Data.init(_:))
+ encryptedData.append(keyData)
+
+ return (algorithm, encryptedData)
+ }
+}
diff --git a/Tests/ConfidentialKitTests/Obfuscation/Techniques/Encryption/SymmetricEncryptionAlgorithmTests.swift b/Tests/ConfidentialKitTests/Obfuscation/Techniques/Encryption/SymmetricEncryptionAlgorithmTests.swift
new file mode 100644
index 0000000..5c889da
--- /dev/null
+++ b/Tests/ConfidentialKitTests/Obfuscation/Techniques/Encryption/SymmetricEncryptionAlgorithmTests.swift
@@ -0,0 +1,14 @@
+@testable import ConfidentialKit
+import XCTest
+
+final class SymmetricEncryptionAlgorithmTests: XCTestCase {
+
+ private typealias Algorithm = Obfuscation.Encryption.SymmetricEncryptionAlgorithm
+
+ func test_whenKeySizeBitCount_thenReturnsExpectedNumberOfBits() {
+ XCTAssertEqual(Algorithm.aes128GCM.keySize.bitCount, 128)
+ XCTAssertEqual(Algorithm.aes192GCM.keySize.bitCount, 192)
+ XCTAssertEqual(Algorithm.aes256GCM.keySize.bitCount, 256)
+ XCTAssertEqual(Algorithm.chaChaPoly.keySize.bitCount, 256)
+ }
+}
diff --git a/Tests/ConfidentialKitTests/Obfuscation/Techniques/Randomization/DataShufflerTests.swift b/Tests/ConfidentialKitTests/Obfuscation/Techniques/Randomization/DataShufflerTests.swift
new file mode 100644
index 0000000..620abf4
--- /dev/null
+++ b/Tests/ConfidentialKitTests/Obfuscation/Techniques/Randomization/DataShufflerTests.swift
@@ -0,0 +1,77 @@
+@testable import ConfidentialKit
+import XCTest
+
+final class DataShufflerTests: XCTestCase {
+
+ private typealias DataShuffler = Obfuscation.Randomization.DataShuffler
+
+ private let nonce: UInt64 = 4213634601671549038
+
+ private var sut: DataShuffler!
+
+ override func setUp() {
+ super.setUp()
+ sut = .init(nonce: nonce)
+ }
+
+ override func tearDown() {
+ sut = nil
+ super.tearDown()
+ }
+
+ func test_givenShuffledData_whenDeobfuscate_thenReturnsDeshuffledData() throws {
+ // given
+ let plainData: [Data] = [
+ .init([0x5d, 0x9b, 0xe7, 0xde]),
+ .init([0xe4, 0xe3, 0x34, 0xd8]),
+ .init([0x55, 0x2a, 0x49, 0x30])
+ ]
+ let count = Int(4 ^ nonce)
+ let shuffledIndexes = [3,0,2,1]
+ let shuffledData = plainData.enumerated().map { idx, data -> Data in
+ let dataBytes = reorderBytes(.init(data), given: shuffledIndexes)
+ let indexesByteWidth = UInt8(1 << idx)
+ let obfuscatedIndexes = obfuscateIndexes(
+ shuffledIndexes,
+ byteWidth: indexesByteWidth
+ )
+ return Data(
+ count.bytes + dataBytes + [indexesByteWidth] + obfuscatedIndexes
+ )
+ }
+
+ // when
+ let deshuffledData = try shuffledData.map { try sut.deobfuscate($0) }
+
+ // then
+ XCTAssertEqual(plainData, deshuffledData)
+ }
+}
+
+private extension DataShufflerTests {
+
+ func reorderBytes(_ bytes: [UInt8], given indexes: [Int]) -> [UInt8] {
+ var result: [UInt8] = .init(repeating: .zero, count: bytes.count)
+ indexes.enumerated().forEach { oldIdx, newIdx in
+ result[newIdx] = bytes[oldIdx]
+ }
+
+ return result
+ }
+
+ func obfuscateIndexes(_ indexes: [Int], byteWidth: UInt8) -> [UInt8] {
+ switch Int(byteWidth) {
+ case UInt8.byteWidth:
+ return indexes
+ .map(UInt8.init)
+ .map { $0 ^ .init(bytes: nonce.bytes) }
+ case UInt16.byteWidth:
+ return indexes
+ .map(UInt16.init)
+ .flatMap { withUnsafeBytes(of: $0 ^ .init(bytes: nonce.bytes), [UInt8].init) }
+ default:
+ return indexes
+ .flatMap { withUnsafeBytes(of: $0 ^ .init(bytes: nonce.bytes), [UInt8].init) }
+ }
+ }
+}
diff --git a/Tests/ConfidentialKitTests/TestDoubles/Spies/DataDecoderSpy.swift b/Tests/ConfidentialKitTests/TestDoubles/Spies/DataDecoderSpy.swift
new file mode 100644
index 0000000..49c9ba3
--- /dev/null
+++ b/Tests/ConfidentialKitTests/TestDoubles/Spies/DataDecoderSpy.swift
@@ -0,0 +1,18 @@
+@testable import ConfidentialKit
+import Foundation
+
+final class DataDecoderSpy: DataDecoder {
+
+ var underlyingDecoder: DataDecoder
+
+ private(set) var decodeRecordedData: [Data] = []
+
+ init(underlyingDecoder: DataDecoder) {
+ self.underlyingDecoder = underlyingDecoder
+ }
+
+ func decode(_ type: D.Type, from data: Data) throws -> D {
+ decodeRecordedData.append(data)
+ return try underlyingDecoder.decode(type, from: data)
+ }
+}
diff --git a/Tests/ConfidentialKitTests/TestDoubles/Spies/DeobfuscateDataFuncSpy.swift b/Tests/ConfidentialKitTests/TestDoubles/Spies/DeobfuscateDataFuncSpy.swift
new file mode 100644
index 0000000..cae0763
--- /dev/null
+++ b/Tests/ConfidentialKitTests/TestDoubles/Spies/DeobfuscateDataFuncSpy.swift
@@ -0,0 +1,11 @@
+import Foundation
+
+final class DeobfuscateDataFuncSpy {
+
+ private(set) var recordedData: [Data] = []
+
+ func deobfuscateData(_ data: Data) -> Data {
+ recordedData.append(data)
+ return data
+ }
+}
diff --git a/Tests/ConfidentialKitTests/TestDoubles/Stubs/SecretStubFactory.swift b/Tests/ConfidentialKitTests/TestDoubles/Stubs/SecretStubFactory.swift
new file mode 100644
index 0000000..521495e
--- /dev/null
+++ b/Tests/ConfidentialKitTests/TestDoubles/Stubs/SecretStubFactory.swift
@@ -0,0 +1,12 @@
+import ConfidentialKit
+import Foundation
+
+extension Obfuscation.Secret {
+
+ enum StubFactory {
+
+ static func makeJSONEncodedSecret(with singleValue: SingleValue) -> Obfuscation.Secret {
+ .init(data: try! JSONEncoder().encode(singleValue).map { $0 })
+ }
+ }
+}
diff --git a/Tests/ConfidentialKitTests/TestDoubles/Stubs/SingleValueStubFactory.swift b/Tests/ConfidentialKitTests/TestDoubles/Stubs/SingleValueStubFactory.swift
new file mode 100644
index 0000000..cb34404
--- /dev/null
+++ b/Tests/ConfidentialKitTests/TestDoubles/Stubs/SingleValueStubFactory.swift
@@ -0,0 +1,18 @@
+import ConfidentialKit
+import Foundation
+
+typealias SingleValue = Obfuscation.SupportedDataTypes.SingleValue
+
+extension SingleValue {
+
+ enum StubFactory {
+
+ static func makeSecretMessage() -> SingleValue {
+ "Secret message ๐"
+ }
+
+ static func makeSecretMessageData() -> Data {
+ makeSecretMessage().data(using: .utf8)!
+ }
+ }
+}
diff --git a/codecov.yml b/codecov.yml
new file mode 100644
index 0000000..d5ed7ff
--- /dev/null
+++ b/codecov.yml
@@ -0,0 +1,9 @@
+coverage:
+ status:
+ project:
+ default:
+ target: 90%
+ threshold: 0.25%
+ patch:
+ default:
+ informational: true
\ No newline at end of file
+ A sneak peek at the __TEXT.__cstring section in a sample Mach-O file reveals a lot of interesting information about the app.
+