mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14191 Commits
17 Branches
Tree: e81ccc406b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e81ccc406b'
${ noResults }
gitea/models/asymkey/gpg_key_verify.go

gpg_key_verify.go 2.9KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114 
  1. // Copyright 2021 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package asymkey

  5. 

  6. import (

  7. 	"strconv"

  8. 	"time"

  9. 

  10. 	"code.gitea.io/gitea/models/db"

  11. 	user_model "code.gitea.io/gitea/models/user"

  12. 	"code.gitea.io/gitea/modules/base"

  13. 	"code.gitea.io/gitea/modules/log"

  14. )

  15. 

  16. //   __________________  ________   ____  __.

  17. //  /  _____/\______   \/  _____/  |    |/ _|____ ___.__.

  18. // /   \  ___ |     ___/   \  ___  |      <_/ __ <   |  |

  19. // \    \_\  \|    |   \    \_\  \ |    |  \  ___/\___  |

  20. //  \______  /|____|    \______  / |____|__ \___  > ____|

  21. //         \/                  \/          \/   \/\/

  22. // ____   ____           .__  _____

  23. // \   \ /   /___________|__|/ ____\__.__.

  24. //  \   Y   // __ \_  __ \  \   __<   |  |

  25. //   \     /\  ___/|  | \/  ||  |  \___  |

  26. //    \___/  \___  >__|  |__||__|  / ____|

  27. //               \/                \/

  28. 

  29. // This file provides functions relating verifying gpg keys

  30. 

  31. // VerifyGPGKey marks a GPG key as verified

  32. func VerifyGPGKey(ownerID int64, keyID, token, signature string) (string, error) {

  33. 	ctx, committer, err := db.TxContext(db.DefaultContext)

  34. 	if err != nil {

  35. 		return "", err

  36. 	}

  37. 	defer committer.Close()

  38. 

  39. 	key := new(GPGKey)

  40. 

  41. 	has, err := db.GetEngine(ctx).Where("owner_id = ? AND key_id = ?", ownerID, keyID).Get(key)

  42. 	if err != nil {

  43. 		return "", err

  44. 	} else if !has {

  45. 		return "", ErrGPGKeyNotExist{}

  46. 	}

  47. 

  48. 	sig, err := extractSignature(signature)

  49. 	if err != nil {

  50. 		return "", ErrGPGInvalidTokenSignature{

  51. 			ID:      key.KeyID,

  52. 			Wrapped: err,

  53. 		}

  54. 	}

  55. 

  56. 	signer, err := hashAndVerifyWithSubKeys(sig, token, key)

  57. 	if err != nil {

  58. 		return "", ErrGPGInvalidTokenSignature{

  59. 			ID:      key.KeyID,

  60. 			Wrapped: err,

  61. 		}

  62. 	}

  63. 	if signer == nil {

  64. 		signer, err = hashAndVerifyWithSubKeys(sig, token+"\n", key)

  65. 

  66. 		if err != nil {

  67. 			return "", ErrGPGInvalidTokenSignature{

  68. 				ID:      key.KeyID,

  69. 				Wrapped: err,

  70. 			}

  71. 		}

  72. 	}

  73. 	if signer == nil {

  74. 		signer, err = hashAndVerifyWithSubKeys(sig, token+"\n\n", key)

  75. 		if err != nil {

  76. 			return "", ErrGPGInvalidTokenSignature{

  77. 				ID:      key.KeyID,

  78. 				Wrapped: err,

  79. 			}

  80. 		}

  81. 	}

  82. 

  83. 	if signer == nil {

  84. 		log.Error("Unable to validate token signature. Error: %v", err)

  85. 		return "", ErrGPGInvalidTokenSignature{

  86. 			ID: key.KeyID,

  87. 		}

  88. 	}

  89. 

  90. 	if signer.PrimaryKeyID != key.KeyID && signer.KeyID != key.KeyID {

  91. 		return "", ErrGPGKeyNotExist{}

  92. 	}

  93. 

  94. 	key.Verified = true

  95. 	if _, err := db.GetEngine(ctx).ID(key.ID).SetExpr("verified", true).Update(new(GPGKey)); err != nil {

  96. 		return "", err

  97. 	}

  98. 

  99. 	if err := committer.Commit(); err != nil {

  100. 		return "", err

  101. 	}

  102. 

  103. 	return key.KeyID, nil

  104. }

  105. 

  106. // VerificationToken returns token for the user that will be valid in minutes (time)

  107. func VerificationToken(user *user_model.User, minutes int) string {

  108. 	return base.EncodeSha256(

  109. 		time.Now().Truncate(1*time.Minute).Add(time.Duration(minutes)*time.Minute).Format(time.RFC1123Z) + ":" +

  110. 			user.CreatedUnix.FormatLong() + ":" +

  111. 			user.Name + ":" +

  112. 			user.Email + ":" +

  113. 			strconv.FormatInt(user.ID, 10))

  114. }