afan
/
gitea
Tarkkaile 1
Äänestä 0
Fork 0
Koodi Ongelmat 0 Pull-pyynnöt 0 Julkaisut 0 Wiki Activity
gitea源码
3 Commitit
2 Branchit
Puu: 6d2efddf43
Branchit Tagit
${ item.name }
Create branch ${ searchTerm }
from '6d2efddf43'
${ noResults }
gitea/models/asymkey/gpg_key.go

gpg_key.go 6.8KB
Historia Raaka

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243 
  1. // Copyright 2017 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package asymkey

  5. 

  6. import (

  7. 	"context"

  8. 	"errors"

  9. 	"fmt"

  10. 	"strings"

  11. 	"time"

  12. 

  13. 	"code.gitea.io/gitea/models/db"

  14. 	user_model "code.gitea.io/gitea/models/user"

  15. 	"code.gitea.io/gitea/modules/timeutil"

  16. 

  17. 	"github.com/ProtonMail/go-crypto/openpgp"

  18. 	"github.com/ProtonMail/go-crypto/openpgp/packet"

  19. 	"xorm.io/builder"

  20. )

  21. 

  22. // GPGKey represents a GPG key.

  23. type GPGKey struct {

  24. 	ID                int64              `xorm:"pk autoincr"`

  25. 	OwnerID           int64              `xorm:"INDEX NOT NULL"`

  26. 	KeyID             string             `xorm:"INDEX CHAR(16) NOT NULL"`

  27. 	PrimaryKeyID      string             `xorm:"CHAR(16)"`

  28. 	Content           string             `xorm:"MEDIUMTEXT NOT NULL"`

  29. 	CreatedUnix       timeutil.TimeStamp `xorm:"created"`

  30. 	ExpiredUnix       timeutil.TimeStamp

  31. 	AddedUnix         timeutil.TimeStamp

  32. 	SubsKey           []*GPGKey `xorm:"-"`

  33. 	Emails            []*user_model.EmailAddress

  34. 	Verified          bool `xorm:"NOT NULL DEFAULT false"`

  35. 	CanSign           bool

  36. 	CanEncryptComms   bool

  37. 	CanEncryptStorage bool

  38. 	CanCertify        bool

  39. }

  40. 

  41. func init() {

  42. 	db.RegisterModel(new(GPGKey))

  43. }

  44. 

  45. // BeforeInsert will be invoked by XORM before inserting a record

  46. func (key *GPGKey) BeforeInsert() {

  47. 	key.AddedUnix = timeutil.TimeStampNow()

  48. }

  49. 

  50. func (key *GPGKey) LoadSubKeys(ctx context.Context) error {

  51. 	if err := db.GetEngine(ctx).Where("primary_key_id=?", key.KeyID).Find(&key.SubsKey); err != nil {

  52. 		return fmt.Errorf("find Sub GPGkeys[%s]: %v", key.KeyID, err)

  53. 	}

  54. 	return nil

  55. }

  56. 

  57. // PaddedKeyID show KeyID padded to 16 characters

  58. func (key *GPGKey) PaddedKeyID() string {

  59. 	return PaddedKeyID(key.KeyID)

  60. }

  61. 

  62. // PaddedKeyID show KeyID padded to 16 characters

  63. func PaddedKeyID(keyID string) string {

  64. 	if len(keyID) > 15 {

  65. 		return keyID

  66. 	}

  67. 	zeros := "0000000000000000"

  68. 	return zeros[0:16-len(keyID)] + keyID

  69. }

  70. 

  71. type FindGPGKeyOptions struct {

  72. 	db.ListOptions

  73. 	OwnerID        int64

  74. 	KeyID          string

  75. 	IncludeSubKeys bool

  76. }

  77. 

  78. func (opts FindGPGKeyOptions) ToConds() builder.Cond {

  79. 	cond := builder.NewCond()

  80. 	if !opts.IncludeSubKeys {

  81. 		cond = cond.And(builder.Eq{"primary_key_id": ""})

  82. 	}

  83. 

  84. 	if opts.OwnerID > 0 {

  85. 		cond = cond.And(builder.Eq{"owner_id": opts.OwnerID})

  86. 	}

  87. 	if opts.KeyID != "" {

  88. 		cond = cond.And(builder.Eq{"key_id": opts.KeyID})

  89. 	}

  90. 	return cond

  91. }

  92. 

  93. func GetGPGKeyForUserByID(ctx context.Context, ownerID, keyID int64) (*GPGKey, error) {

  94. 	key := new(GPGKey)

  95. 	has, err := db.GetEngine(ctx).Where("id=? AND owner_id=?", keyID, ownerID).Get(key)

  96. 	if err != nil {

  97. 		return nil, err

  98. 	} else if !has {

  99. 		return nil, ErrGPGKeyNotExist{keyID}

  100. 	}

  101. 	return key, nil

  102. }

  103. 

  104. // GPGKeyToEntity retrieve the imported key and the traducted entity

  105. func GPGKeyToEntity(ctx context.Context, k *GPGKey) (*openpgp.Entity, error) {

  106. 	impKey, err := GetGPGImportByKeyID(ctx, k.KeyID)

  107. 	if err != nil {

  108. 		return nil, err

  109. 	}

  110. 	keys, err := CheckArmoredGPGKeyString(impKey.Content)

  111. 	if err != nil {

  112. 		return nil, err

  113. 	}

  114. 	return keys[0], err

  115. }

  116. 

  117. // parseSubGPGKey parse a sub Key

  118. func parseSubGPGKey(ownerID int64, primaryID string, pubkey *packet.PublicKey, expiry time.Time) (*GPGKey, error) {

  119. 	content, err := Base64EncPubKey(pubkey)

  120. 	if err != nil {

  121. 		return nil, err

  122. 	}

  123. 	return &GPGKey{

  124. 		OwnerID:           ownerID,

  125. 		KeyID:             pubkey.KeyIdString(),

  126. 		PrimaryKeyID:      primaryID,

  127. 		Content:           content,

  128. 		CreatedUnix:       timeutil.TimeStamp(pubkey.CreationTime.Unix()),

  129. 		ExpiredUnix:       timeutil.TimeStamp(expiry.Unix()),

  130. 		CanSign:           pubkey.CanSign(),

  131. 		CanEncryptComms:   pubkey.PubKeyAlgo.CanEncrypt(),

  132. 		CanEncryptStorage: pubkey.PubKeyAlgo.CanEncrypt(),

  133. 		CanCertify:        pubkey.PubKeyAlgo.CanSign(),

  134. 	}, nil

  135. }

  136. 

  137. // parseGPGKey parse a PrimaryKey entity (primary key + subs keys + self-signature)

  138. func parseGPGKey(ctx context.Context, ownerID int64, e *openpgp.Entity, verified bool) (*GPGKey, error) {

  139. 	pubkey := e.PrimaryKey

  140. 	expiry := getExpiryTime(e)

  141. 

  142. 	// Parse Subkeys

  143. 	subkeys := make([]*GPGKey, len(e.Subkeys))

  144. 	for i, k := range e.Subkeys {

  145. 		subkeyExpiry := expiry

  146. 		if k.Sig.KeyLifetimeSecs != nil {

  147. 			subkeyExpiry = k.PublicKey.CreationTime.Add(time.Duration(*k.Sig.KeyLifetimeSecs) * time.Second)

  148. 		}

  149. 		subs, err := parseSubGPGKey(ownerID, pubkey.KeyIdString(), k.PublicKey, subkeyExpiry)

  150. 		if err != nil {

  151. 			return nil, ErrGPGKeyParsing{ParseError: err}

  152. 		}

  153. 		subkeys[i] = subs

  154. 	}

  155. 

  156. 	// Check emails

  157. 	userEmails, err := user_model.GetEmailAddresses(ctx, ownerID)

  158. 	if err != nil {

  159. 		return nil, err

  160. 	}

  161. 

  162. 	emails := make([]*user_model.EmailAddress, 0, len(e.Identities))

  163. 	for _, ident := range e.Identities {

  164. 		if ident.Revoked(time.Now()) {

  165. 			continue

  166. 		}

  167. 		email := strings.ToLower(strings.TrimSpace(ident.UserId.Email))

  168. 		for _, e := range userEmails {

  169. 			if e.IsActivated && e.LowerEmail == email {

  170. 				emails = append(emails, e)

  171. 				break

  172. 			}

  173. 		}

  174. 	}

  175. 

  176. 	if !verified {

  177. 		// In the case no email as been found

  178. 		if len(emails) == 0 {

  179. 			failedEmails := make([]string, 0, len(e.Identities))

  180. 			for _, ident := range e.Identities {

  181. 				failedEmails = append(failedEmails, ident.UserId.Email)

  182. 			}

  183. 			return nil, ErrGPGNoEmailFound{failedEmails, e.PrimaryKey.KeyIdString()}

  184. 		}

  185. 	}

  186. 

  187. 	content, err := Base64EncPubKey(pubkey)

  188. 	if err != nil {

  189. 		return nil, err

  190. 	}

  191. 	return &GPGKey{

  192. 		OwnerID:           ownerID,

  193. 		KeyID:             pubkey.KeyIdString(),

  194. 		PrimaryKeyID:      "",

  195. 		Content:           content,

  196. 		CreatedUnix:       timeutil.TimeStamp(pubkey.CreationTime.Unix()),

  197. 		ExpiredUnix:       timeutil.TimeStamp(expiry.Unix()),

  198. 		Emails:            emails,

  199. 		SubsKey:           subkeys,

  200. 		Verified:          verified,

  201. 		CanSign:           pubkey.CanSign(),

  202. 		CanEncryptComms:   pubkey.PubKeyAlgo.CanEncrypt(),

  203. 		CanEncryptStorage: pubkey.PubKeyAlgo.CanEncrypt(),

  204. 		CanCertify:        pubkey.PubKeyAlgo.CanSign(),

  205. 	}, nil

  206. }

  207. 

  208. // deleteGPGKey does the actual key deletion

  209. func deleteGPGKey(ctx context.Context, keyID string) (int64, error) {

  210. 	if keyID == "" {

  211. 		return 0, errors.New("empty KeyId forbidden") // Should never happen but just to be sure

  212. 	}

  213. 	// Delete imported key

  214. 	n, err := db.GetEngine(ctx).Where("key_id=?", keyID).Delete(new(GPGKeyImport))

  215. 	if err != nil {

  216. 		return n, err

  217. 	}

  218. 	return db.GetEngine(ctx).Where("key_id=?", keyID).Or("primary_key_id=?", keyID).Delete(new(GPGKey))

  219. }

  220. 

  221. // DeleteGPGKey deletes GPG key information in database.

  222. func DeleteGPGKey(ctx context.Context, doer *user_model.User, id int64) (err error) {

  223. 	key, err := GetGPGKeyForUserByID(ctx, doer.ID, id)

  224. 	if err != nil {

  225. 		if IsErrGPGKeyNotExist(err) {

  226. 			return nil

  227. 		}

  228. 		return fmt.Errorf("GetPublicKeyByID: %w", err)

  229. 	}

  230. 

  231. 	return db.WithTx(ctx, func(ctx context.Context) error {

  232. 		_, err = deleteGPGKey(ctx, key.KeyID)

  233. 		return err

  234. 	})

  235. }

  236. 

  237. func FindGPGKeyWithSubKeys(ctx context.Context, keyID string) ([]*GPGKey, error) {

  238. 	return db.Find[GPGKey](ctx, FindGPGKeyOptions{

  239. 		KeyID:          keyID,

  240. 		IncludeSubKeys: true,

  241. 	})

  242. }