mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
13272 Commits
17 Branches
Tree: fd7d83ace6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'fd7d83ace6'
${ noResults }
gitea/models/asymkey/gpg_key_add.go

gpg_key_add.go 4.3KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168 
  1. // Copyright 2021 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package asymkey

  6. 

  7. import (

  8. 	"context"

  9. 	"strings"

  10. 

  11. 	"code.gitea.io/gitea/models/db"

  12. 	"code.gitea.io/gitea/modules/log"

  13. 

  14. 	"github.com/keybase/go-crypto/openpgp"

  15. )

  16. 

  17. //   __________________  ________   ____  __.

  18. //  /  _____/\______   \/  _____/  |    |/ _|____ ___.__.

  19. // /   \  ___ |     ___/   \  ___  |      <_/ __ <   |  |

  20. // \    \_\  \|    |   \    \_\  \ |    |  \  ___/\___  |

  21. //  \______  /|____|    \______  / |____|__ \___  > ____|

  22. //         \/                  \/          \/   \/\/

  23. //    _____       .___  .___

  24. //   /  _  \    __| _/__| _/

  25. //	/  /_\  \  / __ |/ __ |

  26. // /    |    \/ /_/ / /_/ |

  27. // \____|__  /\____ \____ |

  28. //         \/      \/    \/

  29. 

  30. // This file contains functions relating to adding GPG Keys

  31. 

  32. // addGPGKey add key, import and subkeys to database

  33. func addGPGKey(ctx context.Context, key *GPGKey, content string) (err error) {

  34. 	// Add GPGKeyImport

  35. 	if err = db.Insert(ctx, &GPGKeyImport{

  36. 		KeyID:   key.KeyID,

  37. 		Content: content,

  38. 	}); err != nil {

  39. 		return err

  40. 	}

  41. 	// Save GPG primary key.

  42. 	if err = db.Insert(ctx, key); err != nil {

  43. 		return err

  44. 	}

  45. 	// Save GPG subs key.

  46. 	for _, subkey := range key.SubsKey {

  47. 		if err := addGPGSubKey(ctx, subkey); err != nil {

  48. 			return err

  49. 		}

  50. 	}

  51. 	return nil

  52. }

  53. 

  54. // addGPGSubKey add subkeys to database

  55. func addGPGSubKey(ctx context.Context, key *GPGKey) (err error) {

  56. 	// Save GPG primary key.

  57. 	if err = db.Insert(ctx, key); err != nil {

  58. 		return err

  59. 	}

  60. 	// Save GPG subs key.

  61. 	for _, subkey := range key.SubsKey {

  62. 		if err := addGPGSubKey(ctx, subkey); err != nil {

  63. 			return err

  64. 		}

  65. 	}

  66. 	return nil

  67. }

  68. 

  69. // AddGPGKey adds new public key to database.

  70. func AddGPGKey(ownerID int64, content, token, signature string) ([]*GPGKey, error) {

  71. 	ekeys, err := checkArmoredGPGKeyString(content)

  72. 	if err != nil {

  73. 		return nil, err

  74. 	}

  75. 

  76. 	ctx, committer, err := db.TxContext()

  77. 	if err != nil {

  78. 		return nil, err

  79. 	}

  80. 	defer committer.Close()

  81. 

  82. 	keys := make([]*GPGKey, 0, len(ekeys))

  83. 

  84. 	verified := false

  85. 	// Handle provided signature

  86. 	if signature != "" {

  87. 		signer, err := openpgp.CheckArmoredDetachedSignature(ekeys, strings.NewReader(token), strings.NewReader(signature))

  88. 		if err != nil {

  89. 			signer, err = openpgp.CheckArmoredDetachedSignature(ekeys, strings.NewReader(token+"\n"), strings.NewReader(signature))

  90. 		}

  91. 		if err != nil {

  92. 			signer, err = openpgp.CheckArmoredDetachedSignature(ekeys, strings.NewReader(token+"\r\n"), strings.NewReader(signature))

  93. 		}

  94. 		if err != nil {

  95. 			log.Error("Unable to validate token signature. Error: %v", err)

  96. 			return nil, ErrGPGInvalidTokenSignature{

  97. 				ID:      ekeys[0].PrimaryKey.KeyIdString(),

  98. 				Wrapped: err,

  99. 			}

  100. 		}

  101. 		ekeys = []*openpgp.Entity{signer}

  102. 		verified = true

  103. 	}

  104. 

  105. 	if len(ekeys) > 1 {

  106. 		id2key := map[string]*openpgp.Entity{}

  107. 		newEKeys := make([]*openpgp.Entity, 0, len(ekeys))

  108. 		for _, ekey := range ekeys {

  109. 			id := ekey.PrimaryKey.KeyIdString()

  110. 			if original, has := id2key[id]; has {

  111. 				// Coalesce this with the other one

  112. 				for _, subkey := range ekey.Subkeys {

  113. 					if subkey.PublicKey == nil {

  114. 						continue

  115. 					}

  116. 					found := false

  117. 

  118. 					for _, originalSubkey := range original.Subkeys {

  119. 						if originalSubkey.PublicKey == nil {

  120. 							continue

  121. 						}

  122. 						if originalSubkey.PublicKey.KeyId == subkey.PublicKey.KeyId {

  123. 							found = true

  124. 							break

  125. 						}

  126. 					}

  127. 					if !found {

  128. 						original.Subkeys = append(original.Subkeys, subkey)

  129. 					}

  130. 				}

  131. 				for name, identity := range ekey.Identities {

  132. 					if _, has := original.Identities[name]; has {

  133. 						continue

  134. 					}

  135. 					original.Identities[name] = identity

  136. 				}

  137. 				continue

  138. 			}

  139. 			id2key[id] = ekey

  140. 			newEKeys = append(newEKeys, ekey)

  141. 		}

  142. 		ekeys = newEKeys

  143. 	}

  144. 

  145. 	for _, ekey := range ekeys {

  146. 		// Key ID cannot be duplicated.

  147. 		has, err := db.GetEngine(ctx).Where("key_id=?", ekey.PrimaryKey.KeyIdString()).

  148. 			Get(new(GPGKey))

  149. 		if err != nil {

  150. 			return nil, err

  151. 		} else if has {

  152. 			return nil, ErrGPGKeyIDAlreadyUsed{ekey.PrimaryKey.KeyIdString()}

  153. 		}

  154. 

  155. 		// Get DB session

  156. 

  157. 		key, err := parseGPGKey(ownerID, ekey, verified)

  158. 		if err != nil {

  159. 			return nil, err

  160. 		}

  161. 

  162. 		if err = addGPGKey(ctx, key, content); err != nil {

  163. 			return nil, err

  164. 		}

  165. 		keys = append(keys, key)

  166. 	}

  167. 	return keys, committer.Commit()

  168. }