mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14191 Commits
17 Branches
Tree: e81ccc406b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e81ccc406b'
${ noResults }
gitea/models/asymkey/gpg_key_add.go

gpg_key_add.go 4.2KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167 
  1. // Copyright 2021 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package asymkey

  5. 

  6. import (

  7. 	"context"

  8. 	"strings"

  9. 

  10. 	"code.gitea.io/gitea/models/db"

  11. 	"code.gitea.io/gitea/modules/log"

  12. 

  13. 	"github.com/keybase/go-crypto/openpgp"

  14. )

  15. 

  16. //   __________________  ________   ____  __.

  17. //  /  _____/\______   \/  _____/  |    |/ _|____ ___.__.

  18. // /   \  ___ |     ___/   \  ___  |      <_/ __ <   |  |

  19. // \    \_\  \|    |   \    \_\  \ |    |  \  ___/\___  |

  20. //  \______  /|____|    \______  / |____|__ \___  > ____|

  21. //         \/                  \/          \/   \/\/

  22. //    _____       .___  .___

  23. //   /  _  \    __| _/__| _/

  24. //	/  /_\  \  / __ |/ __ |

  25. // /    |    \/ /_/ / /_/ |

  26. // \____|__  /\____ \____ |

  27. //         \/      \/    \/

  28. 

  29. // This file contains functions relating to adding GPG Keys

  30. 

  31. // addGPGKey add key, import and subkeys to database

  32. func addGPGKey(ctx context.Context, key *GPGKey, content string) (err error) {

  33. 	// Add GPGKeyImport

  34. 	if err = db.Insert(ctx, &GPGKeyImport{

  35. 		KeyID:   key.KeyID,

  36. 		Content: content,

  37. 	}); err != nil {

  38. 		return err

  39. 	}

  40. 	// Save GPG primary key.

  41. 	if err = db.Insert(ctx, key); err != nil {

  42. 		return err

  43. 	}

  44. 	// Save GPG subs key.

  45. 	for _, subkey := range key.SubsKey {

  46. 		if err := addGPGSubKey(ctx, subkey); err != nil {

  47. 			return err

  48. 		}

  49. 	}

  50. 	return nil

  51. }

  52. 

  53. // addGPGSubKey add subkeys to database

  54. func addGPGSubKey(ctx context.Context, key *GPGKey) (err error) {

  55. 	// Save GPG primary key.

  56. 	if err = db.Insert(ctx, key); err != nil {

  57. 		return err

  58. 	}

  59. 	// Save GPG subs key.

  60. 	for _, subkey := range key.SubsKey {

  61. 		if err := addGPGSubKey(ctx, subkey); err != nil {

  62. 			return err

  63. 		}

  64. 	}

  65. 	return nil

  66. }

  67. 

  68. // AddGPGKey adds new public key to database.

  69. func AddGPGKey(ownerID int64, content, token, signature string) ([]*GPGKey, error) {

  70. 	ekeys, err := checkArmoredGPGKeyString(content)

  71. 	if err != nil {

  72. 		return nil, err

  73. 	}

  74. 

  75. 	ctx, committer, err := db.TxContext(db.DefaultContext)

  76. 	if err != nil {

  77. 		return nil, err

  78. 	}

  79. 	defer committer.Close()

  80. 

  81. 	keys := make([]*GPGKey, 0, len(ekeys))

  82. 

  83. 	verified := false

  84. 	// Handle provided signature

  85. 	if signature != "" {

  86. 		signer, err := openpgp.CheckArmoredDetachedSignature(ekeys, strings.NewReader(token), strings.NewReader(signature))

  87. 		if err != nil {

  88. 			signer, err = openpgp.CheckArmoredDetachedSignature(ekeys, strings.NewReader(token+"\n"), strings.NewReader(signature))

  89. 		}

  90. 		if err != nil {

  91. 			signer, err = openpgp.CheckArmoredDetachedSignature(ekeys, strings.NewReader(token+"\r\n"), strings.NewReader(signature))

  92. 		}

  93. 		if err != nil {

  94. 			log.Error("Unable to validate token signature. Error: %v", err)

  95. 			return nil, ErrGPGInvalidTokenSignature{

  96. 				ID:      ekeys[0].PrimaryKey.KeyIdString(),

  97. 				Wrapped: err,

  98. 			}

  99. 		}

  100. 		ekeys = []*openpgp.Entity{signer}

  101. 		verified = true

  102. 	}

  103. 

  104. 	if len(ekeys) > 1 {

  105. 		id2key := map[string]*openpgp.Entity{}

  106. 		newEKeys := make([]*openpgp.Entity, 0, len(ekeys))

  107. 		for _, ekey := range ekeys {

  108. 			id := ekey.PrimaryKey.KeyIdString()

  109. 			if original, has := id2key[id]; has {

  110. 				// Coalesce this with the other one

  111. 				for _, subkey := range ekey.Subkeys {

  112. 					if subkey.PublicKey == nil {

  113. 						continue

  114. 					}

  115. 					found := false

  116. 

  117. 					for _, originalSubkey := range original.Subkeys {

  118. 						if originalSubkey.PublicKey == nil {

  119. 							continue

  120. 						}

  121. 						if originalSubkey.PublicKey.KeyId == subkey.PublicKey.KeyId {

  122. 							found = true

  123. 							break

  124. 						}

  125. 					}

  126. 					if !found {

  127. 						original.Subkeys = append(original.Subkeys, subkey)

  128. 					}

  129. 				}

  130. 				for name, identity := range ekey.Identities {

  131. 					if _, has := original.Identities[name]; has {

  132. 						continue

  133. 					}

  134. 					original.Identities[name] = identity

  135. 				}

  136. 				continue

  137. 			}

  138. 			id2key[id] = ekey

  139. 			newEKeys = append(newEKeys, ekey)

  140. 		}

  141. 		ekeys = newEKeys

  142. 	}

  143. 

  144. 	for _, ekey := range ekeys {

  145. 		// Key ID cannot be duplicated.

  146. 		has, err := db.GetEngine(ctx).Where("key_id=?", ekey.PrimaryKey.KeyIdString()).

  147. 			Get(new(GPGKey))

  148. 		if err != nil {

  149. 			return nil, err

  150. 		} else if has {

  151. 			return nil, ErrGPGKeyIDAlreadyUsed{ekey.PrimaryKey.KeyIdString()}

  152. 		}

  153. 

  154. 		// Get DB session

  155. 

  156. 		key, err := parseGPGKey(ownerID, ekey, verified)

  157. 		if err != nil {

  158. 			return nil, err

  159. 		}

  160. 

  161. 		if err = addGPGKey(ctx, key, content); err != nil {

  162. 			return nil, err

  163. 		}

  164. 		keys = append(keys, key)

  165. 	}

  166. 	return keys, committer.Commit()

  167. }