afan
/
gitea
Seguir 1
Destacar 0
Cuchillo 0
Código Incidencias 0 Peticiones pull 0 Lanzamientos 0 Wiki Activity
gitea源码
3 Commits
2 Ramas
Rama: master
Ramas Etiquetas
${ item.name }
Crear rama ${ searchTerm }
desde 'master'
${ noResults }
gitea/services/asymkey/sign.go

sign.go 13KB
Enlace permanente Histórico Original

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448 
  1. // Copyright 2021 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package asymkey

  5. 

  6. import (

  7. 	"context"

  8. 	"fmt"

  9. 	"os"

  10. 	"strings"

  11. 

  12. 	asymkey_model "code.gitea.io/gitea/models/asymkey"

  13. 	"code.gitea.io/gitea/models/auth"

  14. 	"code.gitea.io/gitea/models/db"

  15. 	git_model "code.gitea.io/gitea/models/git"

  16. 	issues_model "code.gitea.io/gitea/models/issues"

  17. 	repo_model "code.gitea.io/gitea/models/repo"

  18. 	user_model "code.gitea.io/gitea/models/user"

  19. 	"code.gitea.io/gitea/modules/git"

  20. 	"code.gitea.io/gitea/modules/git/gitcmd"

  21. 	"code.gitea.io/gitea/modules/gitrepo"

  22. 	"code.gitea.io/gitea/modules/log"

  23. 	"code.gitea.io/gitea/modules/process"

  24. 	"code.gitea.io/gitea/modules/setting"

  25. )

  26. 

  27. type signingMode string

  28. 

  29. const (

  30. 	never         signingMode = "never"

  31. 	always        signingMode = "always"

  32. 	pubkey        signingMode = "pubkey"

  33. 	twofa         signingMode = "twofa"

  34. 	parentSigned  signingMode = "parentsigned"

  35. 	baseSigned    signingMode = "basesigned"

  36. 	headSigned    signingMode = "headsigned"

  37. 	commitsSigned signingMode = "commitssigned"

  38. 	approved      signingMode = "approved"

  39. 	noKey         signingMode = "nokey"

  40. )

  41. 

  42. func signingModeFromStrings(modeStrings []string) []signingMode {

  43. 	returnable := make([]signingMode, 0, len(modeStrings))

  44. 	for _, mode := range modeStrings {

  45. 		signMode := signingMode(strings.ToLower(strings.TrimSpace(mode)))

  46. 		switch signMode {

  47. 		case never:

  48. 			return []signingMode{never}

  49. 		case always:

  50. 			return []signingMode{always}

  51. 		case pubkey:

  52. 			fallthrough

  53. 		case twofa:

  54. 			fallthrough

  55. 		case parentSigned:

  56. 			fallthrough

  57. 		case baseSigned:

  58. 			fallthrough

  59. 		case headSigned:

  60. 			fallthrough

  61. 		case approved:

  62. 			fallthrough

  63. 		case commitsSigned:

  64. 			returnable = append(returnable, signMode)

  65. 		}

  66. 	}

  67. 	if len(returnable) == 0 {

  68. 		return []signingMode{never}

  69. 	}

  70. 	return returnable

  71. }

  72. 

  73. func userHasPubkeysGPG(ctx context.Context, userID int64) (bool, error) {

  74. 	return db.Exist[asymkey_model.GPGKey](ctx, asymkey_model.FindGPGKeyOptions{

  75. 		OwnerID:        userID,

  76. 		IncludeSubKeys: true,

  77. 	}.ToConds())

  78. }

  79. 

  80. func userHasPubkeysSSH(ctx context.Context, userID int64) (bool, error) {

  81. 	return db.Exist[asymkey_model.PublicKey](ctx, asymkey_model.FindPublicKeyOptions{

  82. 		OwnerID:    userID,

  83. 		NotKeytype: asymkey_model.KeyTypePrincipal,

  84. 	}.ToConds())

  85. }

  86. 

  87. // userHasPubkeys checks if a user has any public keys (GPG or SSH)

  88. func userHasPubkeys(ctx context.Context, userID int64) (bool, error) {

  89. 	has, err := userHasPubkeysGPG(ctx, userID)

  90. 	if has || err != nil {

  91. 		return has, err

  92. 	}

  93. 	return userHasPubkeysSSH(ctx, userID)

  94. }

  95. 

  96. // ErrWontSign explains the first reason why a commit would not be signed

  97. // There may be other reasons - this is just the first reason found

  98. type ErrWontSign struct {

  99. 	Reason signingMode

  100. }

  101. 

  102. func (e *ErrWontSign) Error() string {

  103. 	return fmt.Sprintf("wont sign: %s", e.Reason)

  104. }

  105. 

  106. // IsErrWontSign checks if an error is a ErrWontSign

  107. func IsErrWontSign(err error) bool {

  108. 	_, ok := err.(*ErrWontSign)

  109. 	return ok

  110. }

  111. 

  112. // SigningKey returns the KeyID and git Signature for the repo

  113. func SigningKey(ctx context.Context, repoPath string) (*git.SigningKey, *git.Signature) {

  114. 	if setting.Repository.Signing.SigningKey == "none" {

  115. 		return nil, nil

  116. 	}

  117. 

  118. 	if setting.Repository.Signing.SigningKey == "default" || setting.Repository.Signing.SigningKey == "" {

  119. 		// Can ignore the error here as it means that commit.gpgsign is not set

  120. 		value, _, _ := gitcmd.NewCommand("config", "--get", "commit.gpgsign").RunStdString(ctx, &gitcmd.RunOpts{Dir: repoPath})

  121. 		sign, valid := git.ParseBool(strings.TrimSpace(value))

  122. 		if !sign || !valid {

  123. 			return nil, nil

  124. 		}

  125. 

  126. 		format, _, _ := gitcmd.NewCommand("config", "--default", git.SigningKeyFormatOpenPGP, "--get", "gpg.format").RunStdString(ctx, &gitcmd.RunOpts{Dir: repoPath})

  127. 		signingKey, _, _ := gitcmd.NewCommand("config", "--get", "user.signingkey").RunStdString(ctx, &gitcmd.RunOpts{Dir: repoPath})

  128. 		signingName, _, _ := gitcmd.NewCommand("config", "--get", "user.name").RunStdString(ctx, &gitcmd.RunOpts{Dir: repoPath})

  129. 		signingEmail, _, _ := gitcmd.NewCommand("config", "--get", "user.email").RunStdString(ctx, &gitcmd.RunOpts{Dir: repoPath})

  130. 

  131. 		if strings.TrimSpace(signingKey) == "" {

  132. 			return nil, nil

  133. 		}

  134. 

  135. 		return &git.SigningKey{

  136. 				KeyID:  strings.TrimSpace(signingKey),

  137. 				Format: strings.TrimSpace(format),

  138. 			}, &git.Signature{

  139. 				Name:  strings.TrimSpace(signingName),

  140. 				Email: strings.TrimSpace(signingEmail),

  141. 			}

  142. 	}

  143. 

  144. 	if setting.Repository.Signing.SigningKey == "" {

  145. 		return nil, nil

  146. 	}

  147. 

  148. 	return &git.SigningKey{

  149. 			KeyID:  setting.Repository.Signing.SigningKey,

  150. 			Format: setting.Repository.Signing.SigningFormat,

  151. 		}, &git.Signature{

  152. 			Name:  setting.Repository.Signing.SigningName,

  153. 			Email: setting.Repository.Signing.SigningEmail,

  154. 		}

  155. }

  156. 

  157. // PublicSigningKey gets the public signing key within a provided repository directory

  158. func PublicSigningKey(ctx context.Context, repoPath string) (content, format string, err error) {

  159. 	signingKey, _ := SigningKey(ctx, repoPath)

  160. 	if signingKey == nil {

  161. 		return "", "", nil

  162. 	}

  163. 	if signingKey.Format == git.SigningKeyFormatSSH {

  164. 		content, err := os.ReadFile(signingKey.KeyID)

  165. 		if err != nil {

  166. 			log.Error("Unable to read SSH public key file in %s: %s, %v", repoPath, signingKey, err)

  167. 			return "", signingKey.Format, err

  168. 		}

  169. 		return string(content), signingKey.Format, nil

  170. 	}

  171. 

  172. 	content, stderr, err := process.GetManager().ExecDir(ctx, -1, repoPath,

  173. 		"gpg --export -a", "gpg", "--export", "-a", signingKey.KeyID)

  174. 	if err != nil {

  175. 		log.Error("Unable to get default signing key in %s: %s, %s, %v", repoPath, signingKey, stderr, err)

  176. 		return "", signingKey.Format, err

  177. 	}

  178. 	return content, signingKey.Format, nil

  179. }

  180. 

  181. // SignInitialCommit determines if we should sign the initial commit to this repository

  182. func SignInitialCommit(ctx context.Context, repoPath string, u *user_model.User) (bool, *git.SigningKey, *git.Signature, error) {

  183. 	rules := signingModeFromStrings(setting.Repository.Signing.InitialCommit)

  184. 	signingKey, sig := SigningKey(ctx, repoPath)

  185. 	if signingKey == nil {

  186. 		return false, nil, nil, &ErrWontSign{noKey}

  187. 	}

  188. 

  189. Loop:

  190. 	for _, rule := range rules {

  191. 		switch rule {

  192. 		case never:

  193. 			return false, nil, nil, &ErrWontSign{never}

  194. 		case always:

  195. 			break Loop

  196. 		case pubkey:

  197. 			hasKeys, err := userHasPubkeys(ctx, u.ID)

  198. 			if err != nil {

  199. 				return false, nil, nil, err

  200. 			}

  201. 			if !hasKeys {

  202. 				return false, nil, nil, &ErrWontSign{pubkey}

  203. 			}

  204. 		case twofa:

  205. 			twofaModel, err := auth.GetTwoFactorByUID(ctx, u.ID)

  206. 			if err != nil && !auth.IsErrTwoFactorNotEnrolled(err) {

  207. 				return false, nil, nil, err

  208. 			}

  209. 			if twofaModel == nil {

  210. 				return false, nil, nil, &ErrWontSign{twofa}

  211. 			}

  212. 		}

  213. 	}

  214. 	return true, signingKey, sig, nil

  215. }

  216. 

  217. // SignWikiCommit determines if we should sign the commits to this repository wiki

  218. func SignWikiCommit(ctx context.Context, repo *repo_model.Repository, u *user_model.User) (bool, *git.SigningKey, *git.Signature, error) {

  219. 	repoWikiPath := repo.WikiPath()

  220. 	rules := signingModeFromStrings(setting.Repository.Signing.Wiki)

  221. 	signingKey, sig := SigningKey(ctx, repoWikiPath)

  222. 	if signingKey == nil {

  223. 		return false, nil, nil, &ErrWontSign{noKey}

  224. 	}

  225. 

  226. Loop:

  227. 	for _, rule := range rules {

  228. 		switch rule {

  229. 		case never:

  230. 			return false, nil, nil, &ErrWontSign{never}

  231. 		case always:

  232. 			break Loop

  233. 		case pubkey:

  234. 			hasKeys, err := userHasPubkeys(ctx, u.ID)

  235. 			if err != nil {

  236. 				return false, nil, nil, err

  237. 			}

  238. 			if !hasKeys {

  239. 				return false, nil, nil, &ErrWontSign{pubkey}

  240. 			}

  241. 		case twofa:

  242. 			twofaModel, err := auth.GetTwoFactorByUID(ctx, u.ID)

  243. 			if err != nil && !auth.IsErrTwoFactorNotEnrolled(err) {

  244. 				return false, nil, nil, err

  245. 			}

  246. 			if twofaModel == nil {

  247. 				return false, nil, nil, &ErrWontSign{twofa}

  248. 			}

  249. 		case parentSigned:

  250. 			gitRepo, err := gitrepo.OpenRepository(ctx, repo.WikiStorageRepo())

  251. 			if err != nil {

  252. 				return false, nil, nil, err

  253. 			}

  254. 			defer gitRepo.Close()

  255. 			commit, err := gitRepo.GetCommit("HEAD")

  256. 			if err != nil {

  257. 				return false, nil, nil, err

  258. 			}

  259. 			if commit.Signature == nil {

  260. 				return false, nil, nil, &ErrWontSign{parentSigned}

  261. 			}

  262. 			verification := ParseCommitWithSignature(ctx, commit)

  263. 			if !verification.Verified {

  264. 				return false, nil, nil, &ErrWontSign{parentSigned}

  265. 			}

  266. 		}

  267. 	}

  268. 	return true, signingKey, sig, nil

  269. }

  270. 

  271. // SignCRUDAction determines if we should sign a CRUD commit to this repository

  272. func SignCRUDAction(ctx context.Context, repoPath string, u *user_model.User, tmpBasePath, parentCommit string) (bool, *git.SigningKey, *git.Signature, error) {

  273. 	rules := signingModeFromStrings(setting.Repository.Signing.CRUDActions)

  274. 	signingKey, sig := SigningKey(ctx, repoPath)

  275. 	if signingKey == nil {

  276. 		return false, nil, nil, &ErrWontSign{noKey}

  277. 	}

  278. 

  279. Loop:

  280. 	for _, rule := range rules {

  281. 		switch rule {

  282. 		case never:

  283. 			return false, nil, nil, &ErrWontSign{never}

  284. 		case always:

  285. 			break Loop

  286. 		case pubkey:

  287. 			hasKeys, err := userHasPubkeys(ctx, u.ID)

  288. 			if err != nil {

  289. 				return false, nil, nil, err

  290. 			}

  291. 			if !hasKeys {

  292. 				return false, nil, nil, &ErrWontSign{pubkey}

  293. 			}

  294. 		case twofa:

  295. 			twofaModel, err := auth.GetTwoFactorByUID(ctx, u.ID)

  296. 			if err != nil && !auth.IsErrTwoFactorNotEnrolled(err) {

  297. 				return false, nil, nil, err

  298. 			}

  299. 			if twofaModel == nil {

  300. 				return false, nil, nil, &ErrWontSign{twofa}

  301. 			}

  302. 		case parentSigned:

  303. 			gitRepo, err := git.OpenRepository(ctx, tmpBasePath)

  304. 			if err != nil {

  305. 				return false, nil, nil, err

  306. 			}

  307. 			defer gitRepo.Close()

  308. 			isEmpty, err := gitRepo.IsEmpty()

  309. 			if err != nil {

  310. 				return false, nil, nil, err

  311. 			}

  312. 			if !isEmpty {

  313. 				commit, err := gitRepo.GetCommit(parentCommit)

  314. 				if err != nil {

  315. 					return false, nil, nil, err

  316. 				}

  317. 				if commit.Signature == nil {

  318. 					return false, nil, nil, &ErrWontSign{parentSigned}

  319. 				}

  320. 				verification := ParseCommitWithSignature(ctx, commit)

  321. 				if !verification.Verified {

  322. 					return false, nil, nil, &ErrWontSign{parentSigned}

  323. 				}

  324. 			}

  325. 		}

  326. 	}

  327. 	return true, signingKey, sig, nil

  328. }

  329. 

  330. // SignMerge determines if we should sign a PR merge commit to the base repository

  331. func SignMerge(ctx context.Context, pr *issues_model.PullRequest, u *user_model.User, tmpBasePath, baseCommit, headCommit string) (bool, *git.SigningKey, *git.Signature, error) {

  332. 	if err := pr.LoadBaseRepo(ctx); err != nil {

  333. 		log.Error("Unable to get Base Repo for pull request")

  334. 		return false, nil, nil, err

  335. 	}

  336. 	repo := pr.BaseRepo

  337. 

  338. 	signingKey, signer := SigningKey(ctx, repo.RepoPath())

  339. 	if signingKey == nil {

  340. 		return false, nil, nil, &ErrWontSign{noKey}

  341. 	}

  342. 	rules := signingModeFromStrings(setting.Repository.Signing.Merges)

  343. 

  344. 	var gitRepo *git.Repository

  345. 	var err error

  346. 

  347. Loop:

  348. 	for _, rule := range rules {

  349. 		switch rule {

  350. 		case never:

  351. 			return false, nil, nil, &ErrWontSign{never}

  352. 		case always:

  353. 			break Loop

  354. 		case pubkey:

  355. 			hasKeys, err := userHasPubkeys(ctx, u.ID)

  356. 			if err != nil {

  357. 				return false, nil, nil, err

  358. 			}

  359. 			if !hasKeys {

  360. 				return false, nil, nil, &ErrWontSign{pubkey}

  361. 			}

  362. 		case twofa:

  363. 			twofaModel, err := auth.GetTwoFactorByUID(ctx, u.ID)

  364. 			if err != nil && !auth.IsErrTwoFactorNotEnrolled(err) {

  365. 				return false, nil, nil, err

  366. 			}

  367. 			if twofaModel == nil {

  368. 				return false, nil, nil, &ErrWontSign{twofa}

  369. 			}

  370. 		case approved:

  371. 			protectedBranch, err := git_model.GetFirstMatchProtectedBranchRule(ctx, repo.ID, pr.BaseBranch)

  372. 			if err != nil {

  373. 				return false, nil, nil, err

  374. 			}

  375. 			if protectedBranch == nil {

  376. 				return false, nil, nil, &ErrWontSign{approved}

  377. 			}

  378. 			if issues_model.GetGrantedApprovalsCount(ctx, protectedBranch, pr) < 1 {

  379. 				return false, nil, nil, &ErrWontSign{approved}

  380. 			}

  381. 		case baseSigned:

  382. 			if gitRepo == nil {

  383. 				gitRepo, err = git.OpenRepository(ctx, tmpBasePath)

  384. 				if err != nil {

  385. 					return false, nil, nil, err

  386. 				}

  387. 				defer gitRepo.Close()

  388. 			}

  389. 			commit, err := gitRepo.GetCommit(baseCommit)

  390. 			if err != nil {

  391. 				return false, nil, nil, err

  392. 			}

  393. 			verification := ParseCommitWithSignature(ctx, commit)

  394. 			if !verification.Verified {

  395. 				return false, nil, nil, &ErrWontSign{baseSigned}

  396. 			}

  397. 		case headSigned:

  398. 			if gitRepo == nil {

  399. 				gitRepo, err = git.OpenRepository(ctx, tmpBasePath)

  400. 				if err != nil {

  401. 					return false, nil, nil, err

  402. 				}

  403. 				defer gitRepo.Close()

  404. 			}

  405. 			commit, err := gitRepo.GetCommit(headCommit)

  406. 			if err != nil {

  407. 				return false, nil, nil, err

  408. 			}

  409. 			verification := ParseCommitWithSignature(ctx, commit)

  410. 			if !verification.Verified {

  411. 				return false, nil, nil, &ErrWontSign{headSigned}

  412. 			}

  413. 		case commitsSigned:

  414. 			if gitRepo == nil {

  415. 				gitRepo, err = git.OpenRepository(ctx, tmpBasePath)

  416. 				if err != nil {

  417. 					return false, nil, nil, err

  418. 				}

  419. 				defer gitRepo.Close()

  420. 			}

  421. 			commit, err := gitRepo.GetCommit(headCommit)

  422. 			if err != nil {

  423. 				return false, nil, nil, err

  424. 			}

  425. 			verification := ParseCommitWithSignature(ctx, commit)

  426. 			if !verification.Verified {

  427. 				return false, nil, nil, &ErrWontSign{commitsSigned}

  428. 			}

  429. 			// need to work out merge-base

  430. 			mergeBaseCommit, _, err := gitRepo.GetMergeBase("", baseCommit, headCommit)

  431. 			if err != nil {

  432. 				return false, nil, nil, err

  433. 			}

  434. 			commitList, err := commit.CommitsBeforeUntil(mergeBaseCommit)

  435. 			if err != nil {

  436. 				return false, nil, nil, err

  437. 			}

  438. 			for _, commit := range commitList {

  439. 				verification := ParseCommitWithSignature(ctx, commit)

  440. 				if !verification.Verified {

  441. 					return false, nil, nil, &ErrWontSign{commitsSigned}

  442. 				}

  443. 			}

  444. 		}

  445. 	}

  446. 	return true, signingKey, signer, nil

  447. }