|
|
|
@ -106,12 +106,12 @@ func GetGPGImportByKeyID(keyID string) (*GPGKeyImport, error) { |
|
|
|
|
|
|
|
|
|
// checkArmoredGPGKeyString checks if the given key string is a valid GPG armored key.
|
|
|
|
|
// The function returns the actual public key on success
|
|
|
|
|
func checkArmoredGPGKeyString(content string) (*openpgp.Entity, error) { |
|
|
|
|
func checkArmoredGPGKeyString(content string) (openpgp.EntityList, error) { |
|
|
|
|
list, err := openpgp.ReadArmoredKeyRing(strings.NewReader(content)) |
|
|
|
|
if err != nil { |
|
|
|
|
return nil, ErrGPGKeyParsing{err} |
|
|
|
|
} |
|
|
|
|
return list[0], nil |
|
|
|
|
return list, nil |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
//addGPGKey add key, import and subkeys to database
|
|
|
|
@ -152,14 +152,20 @@ func addGPGSubKey(e Engine, key *GPGKey) (err error) { |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// AddGPGKey adds new public key to database.
|
|
|
|
|
func AddGPGKey(ownerID int64, content string) (*GPGKey, error) { |
|
|
|
|
ekey, err := checkArmoredGPGKeyString(content) |
|
|
|
|
func AddGPGKey(ownerID int64, content string) ([]*GPGKey, error) { |
|
|
|
|
ekeys, err := checkArmoredGPGKeyString(content) |
|
|
|
|
if err != nil { |
|
|
|
|
return nil, err |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
sess := x.NewSession() |
|
|
|
|
defer sess.Close() |
|
|
|
|
if err = sess.Begin(); err != nil { |
|
|
|
|
return nil, err |
|
|
|
|
} |
|
|
|
|
keys := make([]*GPGKey, 0, len(ekeys)) |
|
|
|
|
for _, ekey := range ekeys { |
|
|
|
|
// Key ID cannot be duplicated.
|
|
|
|
|
has, err := x.Where("key_id=?", ekey.PrimaryKey.KeyIdString()). |
|
|
|
|
has, err := sess.Where("key_id=?", ekey.PrimaryKey.KeyIdString()). |
|
|
|
|
Get(new(GPGKey)) |
|
|
|
|
if err != nil { |
|
|
|
|
return nil, err |
|
|
|
@ -168,11 +174,6 @@ func AddGPGKey(ownerID int64, content string) (*GPGKey, error) { |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
//Get DB session
|
|
|
|
|
sess := x.NewSession() |
|
|
|
|
defer sess.Close() |
|
|
|
|
if err = sess.Begin(); err != nil { |
|
|
|
|
return nil, err |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
key, err := parseGPGKey(ownerID, ekey) |
|
|
|
|
if err != nil { |
|
|
|
@ -182,8 +183,9 @@ func AddGPGKey(ownerID int64, content string) (*GPGKey, error) { |
|
|
|
|
if err = addGPGKey(sess, key, content); err != nil { |
|
|
|
|
return nil, err |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
return key, sess.Commit() |
|
|
|
|
keys = append(keys, key) |
|
|
|
|
} |
|
|
|
|
return keys, sess.Commit() |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
//base64EncPubKey encode public key content to base 64
|
|
|
|
@ -221,7 +223,11 @@ func GPGKeyToEntity(k *GPGKey) (*openpgp.Entity, error) { |
|
|
|
|
if err != nil { |
|
|
|
|
return nil, err |
|
|
|
|
} |
|
|
|
|
return checkArmoredGPGKeyString(impKey.Content) |
|
|
|
|
keys, err := checkArmoredGPGKeyString(impKey.Content) |
|
|
|
|
if err != nil { |
|
|
|
|
return nil, err |
|
|
|
|
} |
|
|
|
|
return keys[0], err |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
//parseSubGPGKey parse a sub Key
|
|
|
|
@ -761,7 +767,7 @@ func verifyWithGPGSettings(gpgSettings *git.GPGSettings, sig *packet.Signature, |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// Otherwise we have to parse the key
|
|
|
|
|
ekey, err := checkArmoredGPGKeyString(gpgSettings.PublicKeyContent) |
|
|
|
|
ekeys, err := checkArmoredGPGKeyString(gpgSettings.PublicKeyContent) |
|
|
|
|
if err != nil { |
|
|
|
|
log.Error("Unable to get default signing key: %v", err) |
|
|
|
|
return &CommitVerification{ |
|
|
|
@ -770,6 +776,7 @@ func verifyWithGPGSettings(gpgSettings *git.GPGSettings, sig *packet.Signature, |
|
|
|
|
Reason: "gpg.error.generate_hash", |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
for _, ekey := range ekeys { |
|
|
|
|
pubkey := ekey.PrimaryKey |
|
|
|
|
content, err := base64EncPubKey(pubkey) |
|
|
|
|
if err != nil { |
|
|
|
@ -814,6 +821,7 @@ func verifyWithGPGSettings(gpgSettings *git.GPGSettings, sig *packet.Signature, |
|
|
|
|
Reason: BadSignature, |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
return nil |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|