mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
13272 Commits
17 Branches
Tree: fd7d83ace6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'fd7d83ace6'
${ noResults }
gitea/models/asymkey/gpg_key.go

gpg_key.go 7.9KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269 
  1. // Copyright 2017 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package asymkey

  6. 

  7. import (

  8. 	"context"

  9. 	"fmt"

  10. 	"strings"

  11. 	"time"

  12. 

  13. 	"code.gitea.io/gitea/models/db"

  14. 	user_model "code.gitea.io/gitea/models/user"

  15. 	"code.gitea.io/gitea/modules/log"

  16. 	"code.gitea.io/gitea/modules/timeutil"

  17. 

  18. 	"github.com/keybase/go-crypto/openpgp"

  19. 	"github.com/keybase/go-crypto/openpgp/packet"

  20. 	"xorm.io/xorm"

  21. )

  22. 

  23. //   __________________  ________   ____  __.

  24. //  /  _____/\______   \/  _____/  |    |/ _|____ ___.__.

  25. // /   \  ___ |     ___/   \  ___  |      <_/ __ <   |  |

  26. // \    \_\  \|    |   \    \_\  \ |    |  \  ___/\___  |

  27. //	\______  /|____|    \______  / |____|__ \___  > ____|

  28. //				 \/                  \/          \/   \/\/

  29. 

  30. // GPGKey represents a GPG key.

  31. type GPGKey struct {

  32. 	ID                int64              `xorm:"pk autoincr"`

  33. 	OwnerID           int64              `xorm:"INDEX NOT NULL"`

  34. 	KeyID             string             `xorm:"INDEX CHAR(16) NOT NULL"`

  35. 	PrimaryKeyID      string             `xorm:"CHAR(16)"`

  36. 	Content           string             `xorm:"TEXT NOT NULL"`

  37. 	CreatedUnix       timeutil.TimeStamp `xorm:"created"`

  38. 	ExpiredUnix       timeutil.TimeStamp

  39. 	AddedUnix         timeutil.TimeStamp

  40. 	SubsKey           []*GPGKey `xorm:"-"`

  41. 	Emails            []*user_model.EmailAddress

  42. 	Verified          bool `xorm:"NOT NULL DEFAULT false"`

  43. 	CanSign           bool

  44. 	CanEncryptComms   bool

  45. 	CanEncryptStorage bool

  46. 	CanCertify        bool

  47. }

  48. 

  49. func init() {

  50. 	db.RegisterModel(new(GPGKey))

  51. }

  52. 

  53. // BeforeInsert will be invoked by XORM before inserting a record

  54. func (key *GPGKey) BeforeInsert() {

  55. 	key.AddedUnix = timeutil.TimeStampNow()

  56. }

  57. 

  58. // AfterLoad is invoked from XORM after setting the values of all fields of this object.

  59. func (key *GPGKey) AfterLoad(session *xorm.Session) {

  60. 	err := session.Where("primary_key_id=?", key.KeyID).Find(&key.SubsKey)

  61. 	if err != nil {

  62. 		log.Error("Find Sub GPGkeys[%s]: %v", key.KeyID, err)

  63. 	}

  64. }

  65. 

  66. // ListGPGKeys returns a list of public keys belongs to given user.

  67. func ListGPGKeys(ctx context.Context, uid int64, listOptions db.ListOptions) ([]*GPGKey, error) {

  68. 	sess := db.GetEngine(ctx).Table(&GPGKey{}).Where("owner_id=? AND primary_key_id=''", uid)

  69. 	if listOptions.Page != 0 {

  70. 		sess = db.SetSessionPagination(sess, &listOptions)

  71. 	}

  72. 

  73. 	keys := make([]*GPGKey, 0, 2)

  74. 	return keys, sess.Find(&keys)

  75. }

  76. 

  77. // CountUserGPGKeys return number of gpg keys a user own

  78. func CountUserGPGKeys(userID int64) (int64, error) {

  79. 	return db.GetEngine(db.DefaultContext).Where("owner_id=? AND primary_key_id=''", userID).Count(&GPGKey{})

  80. }

  81. 

  82. // GetGPGKeyByID returns public key by given ID.

  83. func GetGPGKeyByID(keyID int64) (*GPGKey, error) {

  84. 	key := new(GPGKey)

  85. 	has, err := db.GetEngine(db.DefaultContext).ID(keyID).Get(key)

  86. 	if err != nil {

  87. 		return nil, err

  88. 	} else if !has {

  89. 		return nil, ErrGPGKeyNotExist{keyID}

  90. 	}

  91. 	return key, nil

  92. }

  93. 

  94. // GetGPGKeysByKeyID returns public key by given ID.

  95. func GetGPGKeysByKeyID(keyID string) ([]*GPGKey, error) {

  96. 	keys := make([]*GPGKey, 0, 1)

  97. 	return keys, db.GetEngine(db.DefaultContext).Where("key_id=?", keyID).Find(&keys)

  98. }

  99. 

  100. // GPGKeyToEntity retrieve the imported key and the traducted entity

  101. func GPGKeyToEntity(k *GPGKey) (*openpgp.Entity, error) {

  102. 	impKey, err := GetGPGImportByKeyID(k.KeyID)

  103. 	if err != nil {

  104. 		return nil, err

  105. 	}

  106. 	keys, err := checkArmoredGPGKeyString(impKey.Content)

  107. 	if err != nil {

  108. 		return nil, err

  109. 	}

  110. 	return keys[0], err

  111. }

  112. 

  113. // parseSubGPGKey parse a sub Key

  114. func parseSubGPGKey(ownerID int64, primaryID string, pubkey *packet.PublicKey, expiry time.Time) (*GPGKey, error) {

  115. 	content, err := base64EncPubKey(pubkey)

  116. 	if err != nil {

  117. 		return nil, err

  118. 	}

  119. 	return &GPGKey{

  120. 		OwnerID:           ownerID,

  121. 		KeyID:             pubkey.KeyIdString(),

  122. 		PrimaryKeyID:      primaryID,

  123. 		Content:           content,

  124. 		CreatedUnix:       timeutil.TimeStamp(pubkey.CreationTime.Unix()),

  125. 		ExpiredUnix:       timeutil.TimeStamp(expiry.Unix()),

  126. 		CanSign:           pubkey.CanSign(),

  127. 		CanEncryptComms:   pubkey.PubKeyAlgo.CanEncrypt(),

  128. 		CanEncryptStorage: pubkey.PubKeyAlgo.CanEncrypt(),

  129. 		CanCertify:        pubkey.PubKeyAlgo.CanSign(),

  130. 	}, nil

  131. }

  132. 

  133. // parseGPGKey parse a PrimaryKey entity (primary key + subs keys + self-signature)

  134. func parseGPGKey(ownerID int64, e *openpgp.Entity, verified bool) (*GPGKey, error) {

  135. 	pubkey := e.PrimaryKey

  136. 	expiry := getExpiryTime(e)

  137. 

  138. 	// Parse Subkeys

  139. 	subkeys := make([]*GPGKey, len(e.Subkeys))

  140. 	for i, k := range e.Subkeys {

  141. 		subs, err := parseSubGPGKey(ownerID, pubkey.KeyIdString(), k.PublicKey, expiry)

  142. 		if err != nil {

  143. 			return nil, ErrGPGKeyParsing{ParseError: err}

  144. 		}

  145. 		subkeys[i] = subs

  146. 	}

  147. 

  148. 	// Check emails

  149. 	userEmails, err := user_model.GetEmailAddresses(ownerID)

  150. 	if err != nil {

  151. 		return nil, err

  152. 	}

  153. 

  154. 	emails := make([]*user_model.EmailAddress, 0, len(e.Identities))

  155. 	for _, ident := range e.Identities {

  156. 		if ident.Revocation != nil {

  157. 			continue

  158. 		}

  159. 		email := strings.ToLower(strings.TrimSpace(ident.UserId.Email))

  160. 		for _, e := range userEmails {

  161. 			if e.IsActivated && e.LowerEmail == email {

  162. 				emails = append(emails, e)

  163. 				break

  164. 			}

  165. 		}

  166. 	}

  167. 

  168. 	if !verified {

  169. 		// In the case no email as been found

  170. 		if len(emails) == 0 {

  171. 			failedEmails := make([]string, 0, len(e.Identities))

  172. 			for _, ident := range e.Identities {

  173. 				failedEmails = append(failedEmails, ident.UserId.Email)

  174. 			}

  175. 			return nil, ErrGPGNoEmailFound{failedEmails, e.PrimaryKey.KeyIdString()}

  176. 		}

  177. 	}

  178. 

  179. 	content, err := base64EncPubKey(pubkey)

  180. 	if err != nil {

  181. 		return nil, err

  182. 	}

  183. 	return &GPGKey{

  184. 		OwnerID:           ownerID,

  185. 		KeyID:             pubkey.KeyIdString(),

  186. 		PrimaryKeyID:      "",

  187. 		Content:           content,

  188. 		CreatedUnix:       timeutil.TimeStamp(pubkey.CreationTime.Unix()),

  189. 		ExpiredUnix:       timeutil.TimeStamp(expiry.Unix()),

  190. 		Emails:            emails,

  191. 		SubsKey:           subkeys,

  192. 		Verified:          verified,

  193. 		CanSign:           pubkey.CanSign(),

  194. 		CanEncryptComms:   pubkey.PubKeyAlgo.CanEncrypt(),

  195. 		CanEncryptStorage: pubkey.PubKeyAlgo.CanEncrypt(),

  196. 		CanCertify:        pubkey.PubKeyAlgo.CanSign(),

  197. 	}, nil

  198. }

  199. 

  200. // deleteGPGKey does the actual key deletion

  201. func deleteGPGKey(ctx context.Context, keyID string) (int64, error) {

  202. 	if keyID == "" {

  203. 		return 0, fmt.Errorf("empty KeyId forbidden") // Should never happen but just to be sure

  204. 	}

  205. 	// Delete imported key

  206. 	n, err := db.GetEngine(ctx).Where("key_id=?", keyID).Delete(new(GPGKeyImport))

  207. 	if err != nil {

  208. 		return n, err

  209. 	}

  210. 	return db.GetEngine(ctx).Where("key_id=?", keyID).Or("primary_key_id=?", keyID).Delete(new(GPGKey))

  211. }

  212. 

  213. // DeleteGPGKey deletes GPG key information in database.

  214. func DeleteGPGKey(doer *user_model.User, id int64) (err error) {

  215. 	key, err := GetGPGKeyByID(id)

  216. 	if err != nil {

  217. 		if IsErrGPGKeyNotExist(err) {

  218. 			return nil

  219. 		}

  220. 		return fmt.Errorf("GetPublicKeyByID: %v", err)

  221. 	}

  222. 

  223. 	// Check if user has access to delete this key.

  224. 	if !doer.IsAdmin && doer.ID != key.OwnerID {

  225. 		return ErrGPGKeyAccessDenied{doer.ID, key.ID}

  226. 	}

  227. 

  228. 	ctx, committer, err := db.TxContext()

  229. 	if err != nil {

  230. 		return err

  231. 	}

  232. 	defer committer.Close()

  233. 

  234. 	if _, err = deleteGPGKey(ctx, key.KeyID); err != nil {

  235. 		return err

  236. 	}

  237. 

  238. 	return committer.Commit()

  239. }

  240. 

  241. func checkKeyEmails(email string, keys ...*GPGKey) (bool, string) {

  242. 	uid := int64(0)

  243. 	var userEmails []*user_model.EmailAddress

  244. 	var user *user_model.User

  245. 	for _, key := range keys {

  246. 		for _, e := range key.Emails {

  247. 			if e.IsActivated && (email == "" || strings.EqualFold(e.Email, email)) {

  248. 				return true, e.Email

  249. 			}

  250. 		}

  251. 		if key.Verified && key.OwnerID != 0 {

  252. 			if uid != key.OwnerID {

  253. 				userEmails, _ = user_model.GetEmailAddresses(key.OwnerID)

  254. 				uid = key.OwnerID

  255. 				user = &user_model.User{ID: uid}

  256. 				_, _ = user_model.GetUser(user)

  257. 			}

  258. 			for _, e := range userEmails {

  259. 				if e.IsActivated && (email == "" || strings.EqualFold(e.Email, email)) {

  260. 					return true, e.Email

  261. 				}

  262. 			}

  263. 			if user.KeepEmailPrivate && strings.EqualFold(email, user.GetEmail()) {

  264. 				return true, user.GetEmail()

  265. 			}

  266. 		}

  267. 	}

  268. 	return false, email

  269. }