You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

544 lines
15 KiB

Better logging (#6038) (#6095) * Panic don't fatal on create new logger Fixes #5854 Signed-off-by: Andrew Thornton <art27@cantab.net> * partial broken * Update the logging infrastrcture Signed-off-by: Andrew Thornton <art27@cantab.net> * Reset the skip levels for Fatal and Error Signed-off-by: Andrew Thornton <art27@cantab.net> * broken ncsa * More log.Error fixes Signed-off-by: Andrew Thornton <art27@cantab.net> * Remove nal * set log-levels to lowercase * Make console_test test all levels * switch to lowercased levels * OK now working * Fix vetting issues * Fix lint * Fix tests * change default logging to match current gitea * Improve log testing Signed-off-by: Andrew Thornton <art27@cantab.net> * reset error skip levels to 0 * Update documentation and access logger configuration * Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE * Fix broken level caching * Refactor the router log * Add Router logger * Add colorizing options * Adjust router colors * Only create logger if they will be used * update app.ini.sample * rename Attribute ColorAttribute * Change from white to green for function * Set fatal/error levels * Restore initial trace logger * Fix Trace arguments in modules/auth/auth.go * Properly handle XORMLogger * Improve admin/config page * fix fmt * Add auto-compression of old logs * Update error log levels * Remove the unnecessary skip argument from Error, Fatal and Critical * Add stacktrace support * Fix tests * Remove x/sync from vendors? * Add stderr option to console logger * Use filepath.ToSlash to protect against Windows in tests * Remove prefixed underscores from names in colors.go * Remove not implemented database logger This was removed from Gogs on 4 Mar 2016 but left in the configuration since then. * Ensure that log paths are relative to ROOT_PATH * use path.Join * rename jsonConfig to logConfig * Rename "config" to "jsonConfig" to make it clearer * Requested changes * Requested changes: XormLogger * Try to color the windows terminal If successful default to colorizing the console logs * fixup * Colorize initially too * update vendor * Colorize logs on default and remove if this is not a colorizing logger * Fix documentation * fix test * Use go-isatty to detect if on windows we are on msys or cygwin * Fix spelling mistake * Add missing vendors * More changes * Rationalise the ANSI writer protection * Adjust colors on advice from @0x5c * Make Flags a comma separated list * Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING * Ensure matching is done on the non-colored message - to simpify EXPRESSION
5 years ago
Better logging (#6038) (#6095) * Panic don't fatal on create new logger Fixes #5854 Signed-off-by: Andrew Thornton <art27@cantab.net> * partial broken * Update the logging infrastrcture Signed-off-by: Andrew Thornton <art27@cantab.net> * Reset the skip levels for Fatal and Error Signed-off-by: Andrew Thornton <art27@cantab.net> * broken ncsa * More log.Error fixes Signed-off-by: Andrew Thornton <art27@cantab.net> * Remove nal * set log-levels to lowercase * Make console_test test all levels * switch to lowercased levels * OK now working * Fix vetting issues * Fix lint * Fix tests * change default logging to match current gitea * Improve log testing Signed-off-by: Andrew Thornton <art27@cantab.net> * reset error skip levels to 0 * Update documentation and access logger configuration * Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE * Fix broken level caching * Refactor the router log * Add Router logger * Add colorizing options * Adjust router colors * Only create logger if they will be used * update app.ini.sample * rename Attribute ColorAttribute * Change from white to green for function * Set fatal/error levels * Restore initial trace logger * Fix Trace arguments in modules/auth/auth.go * Properly handle XORMLogger * Improve admin/config page * fix fmt * Add auto-compression of old logs * Update error log levels * Remove the unnecessary skip argument from Error, Fatal and Critical * Add stacktrace support * Fix tests * Remove x/sync from vendors? * Add stderr option to console logger * Use filepath.ToSlash to protect against Windows in tests * Remove prefixed underscores from names in colors.go * Remove not implemented database logger This was removed from Gogs on 4 Mar 2016 but left in the configuration since then. * Ensure that log paths are relative to ROOT_PATH * use path.Join * rename jsonConfig to logConfig * Rename "config" to "jsonConfig" to make it clearer * Requested changes * Requested changes: XormLogger * Try to color the windows terminal If successful default to colorizing the console logs * fixup * Colorize initially too * update vendor * Colorize logs on default and remove if this is not a colorizing logger * Fix documentation * fix test * Use go-isatty to detect if on windows we are on msys or cygwin * Fix spelling mistake * Add missing vendors * More changes * Rationalise the ANSI writer protection * Adjust colors on advice from @0x5c * Make Flags a comma separated list * Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING * Ensure matching is done on the non-colored message - to simpify EXPRESSION
5 years ago
Better logging (#6038) (#6095) * Panic don't fatal on create new logger Fixes #5854 Signed-off-by: Andrew Thornton <art27@cantab.net> * partial broken * Update the logging infrastrcture Signed-off-by: Andrew Thornton <art27@cantab.net> * Reset the skip levels for Fatal and Error Signed-off-by: Andrew Thornton <art27@cantab.net> * broken ncsa * More log.Error fixes Signed-off-by: Andrew Thornton <art27@cantab.net> * Remove nal * set log-levels to lowercase * Make console_test test all levels * switch to lowercased levels * OK now working * Fix vetting issues * Fix lint * Fix tests * change default logging to match current gitea * Improve log testing Signed-off-by: Andrew Thornton <art27@cantab.net> * reset error skip levels to 0 * Update documentation and access logger configuration * Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE * Fix broken level caching * Refactor the router log * Add Router logger * Add colorizing options * Adjust router colors * Only create logger if they will be used * update app.ini.sample * rename Attribute ColorAttribute * Change from white to green for function * Set fatal/error levels * Restore initial trace logger * Fix Trace arguments in modules/auth/auth.go * Properly handle XORMLogger * Improve admin/config page * fix fmt * Add auto-compression of old logs * Update error log levels * Remove the unnecessary skip argument from Error, Fatal and Critical * Add stacktrace support * Fix tests * Remove x/sync from vendors? * Add stderr option to console logger * Use filepath.ToSlash to protect against Windows in tests * Remove prefixed underscores from names in colors.go * Remove not implemented database logger This was removed from Gogs on 4 Mar 2016 but left in the configuration since then. * Ensure that log paths are relative to ROOT_PATH * use path.Join * rename jsonConfig to logConfig * Rename "config" to "jsonConfig" to make it clearer * Requested changes * Requested changes: XormLogger * Try to color the windows terminal If successful default to colorizing the console logs * fixup * Colorize initially too * update vendor * Colorize logs on default and remove if this is not a colorizing logger * Fix documentation * fix test * Use go-isatty to detect if on windows we are on msys or cygwin * Fix spelling mistake * Add missing vendors * More changes * Rationalise the ANSI writer protection * Adjust colors on advice from @0x5c * Make Flags a comma separated list * Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING * Ensure matching is done on the non-colored message - to simpify EXPRESSION
5 years ago
Better logging (#6038) (#6095) * Panic don't fatal on create new logger Fixes #5854 Signed-off-by: Andrew Thornton <art27@cantab.net> * partial broken * Update the logging infrastrcture Signed-off-by: Andrew Thornton <art27@cantab.net> * Reset the skip levels for Fatal and Error Signed-off-by: Andrew Thornton <art27@cantab.net> * broken ncsa * More log.Error fixes Signed-off-by: Andrew Thornton <art27@cantab.net> * Remove nal * set log-levels to lowercase * Make console_test test all levels * switch to lowercased levels * OK now working * Fix vetting issues * Fix lint * Fix tests * change default logging to match current gitea * Improve log testing Signed-off-by: Andrew Thornton <art27@cantab.net> * reset error skip levels to 0 * Update documentation and access logger configuration * Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE * Fix broken level caching * Refactor the router log * Add Router logger * Add colorizing options * Adjust router colors * Only create logger if they will be used * update app.ini.sample * rename Attribute ColorAttribute * Change from white to green for function * Set fatal/error levels * Restore initial trace logger * Fix Trace arguments in modules/auth/auth.go * Properly handle XORMLogger * Improve admin/config page * fix fmt * Add auto-compression of old logs * Update error log levels * Remove the unnecessary skip argument from Error, Fatal and Critical * Add stacktrace support * Fix tests * Remove x/sync from vendors? * Add stderr option to console logger * Use filepath.ToSlash to protect against Windows in tests * Remove prefixed underscores from names in colors.go * Remove not implemented database logger This was removed from Gogs on 4 Mar 2016 but left in the configuration since then. * Ensure that log paths are relative to ROOT_PATH * use path.Join * rename jsonConfig to logConfig * Rename "config" to "jsonConfig" to make it clearer * Requested changes * Requested changes: XormLogger * Try to color the windows terminal If successful default to colorizing the console logs * fixup * Colorize initially too * update vendor * Colorize logs on default and remove if this is not a colorizing logger * Fix documentation * fix test * Use go-isatty to detect if on windows we are on msys or cygwin * Fix spelling mistake * Add missing vendors * More changes * Rationalise the ANSI writer protection * Adjust colors on advice from @0x5c * Make Flags a comma separated list * Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING * Ensure matching is done on the non-colored message - to simpify EXPRESSION
5 years ago
Better logging (#6038) (#6095) * Panic don't fatal on create new logger Fixes #5854 Signed-off-by: Andrew Thornton <art27@cantab.net> * partial broken * Update the logging infrastrcture Signed-off-by: Andrew Thornton <art27@cantab.net> * Reset the skip levels for Fatal and Error Signed-off-by: Andrew Thornton <art27@cantab.net> * broken ncsa * More log.Error fixes Signed-off-by: Andrew Thornton <art27@cantab.net> * Remove nal * set log-levels to lowercase * Make console_test test all levels * switch to lowercased levels * OK now working * Fix vetting issues * Fix lint * Fix tests * change default logging to match current gitea * Improve log testing Signed-off-by: Andrew Thornton <art27@cantab.net> * reset error skip levels to 0 * Update documentation and access logger configuration * Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE * Fix broken level caching * Refactor the router log * Add Router logger * Add colorizing options * Adjust router colors * Only create logger if they will be used * update app.ini.sample * rename Attribute ColorAttribute * Change from white to green for function * Set fatal/error levels * Restore initial trace logger * Fix Trace arguments in modules/auth/auth.go * Properly handle XORMLogger * Improve admin/config page * fix fmt * Add auto-compression of old logs * Update error log levels * Remove the unnecessary skip argument from Error, Fatal and Critical * Add stacktrace support * Fix tests * Remove x/sync from vendors? * Add stderr option to console logger * Use filepath.ToSlash to protect against Windows in tests * Remove prefixed underscores from names in colors.go * Remove not implemented database logger This was removed from Gogs on 4 Mar 2016 but left in the configuration since then. * Ensure that log paths are relative to ROOT_PATH * use path.Join * rename jsonConfig to logConfig * Rename "config" to "jsonConfig" to make it clearer * Requested changes * Requested changes: XormLogger * Try to color the windows terminal If successful default to colorizing the console logs * fixup * Colorize initially too * update vendor * Colorize logs on default and remove if this is not a colorizing logger * Fix documentation * fix test * Use go-isatty to detect if on windows we are on msys or cygwin * Fix spelling mistake * Add missing vendors * More changes * Rationalise the ANSI writer protection * Adjust colors on advice from @0x5c * Make Flags a comma separated list * Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING * Ensure matching is done on the non-colored message - to simpify EXPRESSION
5 years ago
Better logging (#6038) (#6095) * Panic don't fatal on create new logger Fixes #5854 Signed-off-by: Andrew Thornton <art27@cantab.net> * partial broken * Update the logging infrastrcture Signed-off-by: Andrew Thornton <art27@cantab.net> * Reset the skip levels for Fatal and Error Signed-off-by: Andrew Thornton <art27@cantab.net> * broken ncsa * More log.Error fixes Signed-off-by: Andrew Thornton <art27@cantab.net> * Remove nal * set log-levels to lowercase * Make console_test test all levels * switch to lowercased levels * OK now working * Fix vetting issues * Fix lint * Fix tests * change default logging to match current gitea * Improve log testing Signed-off-by: Andrew Thornton <art27@cantab.net> * reset error skip levels to 0 * Update documentation and access logger configuration * Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE * Fix broken level caching * Refactor the router log * Add Router logger * Add colorizing options * Adjust router colors * Only create logger if they will be used * update app.ini.sample * rename Attribute ColorAttribute * Change from white to green for function * Set fatal/error levels * Restore initial trace logger * Fix Trace arguments in modules/auth/auth.go * Properly handle XORMLogger * Improve admin/config page * fix fmt * Add auto-compression of old logs * Update error log levels * Remove the unnecessary skip argument from Error, Fatal and Critical * Add stacktrace support * Fix tests * Remove x/sync from vendors? * Add stderr option to console logger * Use filepath.ToSlash to protect against Windows in tests * Remove prefixed underscores from names in colors.go * Remove not implemented database logger This was removed from Gogs on 4 Mar 2016 but left in the configuration since then. * Ensure that log paths are relative to ROOT_PATH * use path.Join * rename jsonConfig to logConfig * Rename "config" to "jsonConfig" to make it clearer * Requested changes * Requested changes: XormLogger * Try to color the windows terminal If successful default to colorizing the console logs * fixup * Colorize initially too * update vendor * Colorize logs on default and remove if this is not a colorizing logger * Fix documentation * fix test * Use go-isatty to detect if on windows we are on msys or cygwin * Fix spelling mistake * Add missing vendors * More changes * Rationalise the ANSI writer protection * Adjust colors on advice from @0x5c * Make Flags a comma separated list * Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING * Ensure matching is done on the non-colored message - to simpify EXPRESSION
5 years ago
  1. // Copyright 2017 The Gitea Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package models
  5. import (
  6. "bytes"
  7. "container/list"
  8. "crypto"
  9. "encoding/base64"
  10. "fmt"
  11. "hash"
  12. "io"
  13. "strings"
  14. "time"
  15. "code.gitea.io/gitea/modules/git"
  16. "code.gitea.io/gitea/modules/log"
  17. "code.gitea.io/gitea/modules/util"
  18. "github.com/go-xorm/xorm"
  19. "github.com/keybase/go-crypto/openpgp"
  20. "github.com/keybase/go-crypto/openpgp/armor"
  21. "github.com/keybase/go-crypto/openpgp/packet"
  22. )
  23. // GPGKey represents a GPG key.
  24. type GPGKey struct {
  25. ID int64 `xorm:"pk autoincr"`
  26. OwnerID int64 `xorm:"INDEX NOT NULL"`
  27. KeyID string `xorm:"INDEX CHAR(16) NOT NULL"`
  28. PrimaryKeyID string `xorm:"CHAR(16)"`
  29. Content string `xorm:"TEXT NOT NULL"`
  30. CreatedUnix util.TimeStamp `xorm:"created"`
  31. ExpiredUnix util.TimeStamp
  32. AddedUnix util.TimeStamp
  33. SubsKey []*GPGKey `xorm:"-"`
  34. Emails []*EmailAddress
  35. CanSign bool
  36. CanEncryptComms bool
  37. CanEncryptStorage bool
  38. CanCertify bool
  39. }
  40. //GPGKeyImport the original import of key
  41. type GPGKeyImport struct {
  42. KeyID string `xorm:"pk CHAR(16) NOT NULL"`
  43. Content string `xorm:"TEXT NOT NULL"`
  44. }
  45. // BeforeInsert will be invoked by XORM before inserting a record
  46. func (key *GPGKey) BeforeInsert() {
  47. key.AddedUnix = util.TimeStampNow()
  48. }
  49. // AfterLoad is invoked from XORM after setting the values of all fields of this object.
  50. func (key *GPGKey) AfterLoad(session *xorm.Session) {
  51. err := session.Where("primary_key_id=?", key.KeyID).Find(&key.SubsKey)
  52. if err != nil {
  53. log.Error("Find Sub GPGkeys[%s]: %v", key.KeyID, err)
  54. }
  55. }
  56. // ListGPGKeys returns a list of public keys belongs to given user.
  57. func ListGPGKeys(uid int64) ([]*GPGKey, error) {
  58. keys := make([]*GPGKey, 0, 5)
  59. return keys, x.Where("owner_id=? AND primary_key_id=''", uid).Find(&keys)
  60. }
  61. // GetGPGKeyByID returns public key by given ID.
  62. func GetGPGKeyByID(keyID int64) (*GPGKey, error) {
  63. key := new(GPGKey)
  64. has, err := x.ID(keyID).Get(key)
  65. if err != nil {
  66. return nil, err
  67. } else if !has {
  68. return nil, ErrGPGKeyNotExist{keyID}
  69. }
  70. return key, nil
  71. }
  72. // GetGPGImportByKeyID returns the import public armored key by given KeyID.
  73. func GetGPGImportByKeyID(keyID string) (*GPGKeyImport, error) {
  74. key := new(GPGKeyImport)
  75. has, err := x.ID(keyID).Get(key)
  76. if err != nil {
  77. return nil, err
  78. } else if !has {
  79. return nil, ErrGPGKeyImportNotExist{keyID}
  80. }
  81. return key, nil
  82. }
  83. // checkArmoredGPGKeyString checks if the given key string is a valid GPG armored key.
  84. // The function returns the actual public key on success
  85. func checkArmoredGPGKeyString(content string) (*openpgp.Entity, error) {
  86. list, err := openpgp.ReadArmoredKeyRing(strings.NewReader(content))
  87. if err != nil {
  88. return nil, ErrGPGKeyParsing{err}
  89. }
  90. return list[0], nil
  91. }
  92. //addGPGKey add key, import and subkeys to database
  93. func addGPGKey(e Engine, key *GPGKey, content string) (err error) {
  94. //Add GPGKeyImport
  95. if _, err = e.Insert(GPGKeyImport{
  96. KeyID: key.KeyID,
  97. Content: content,
  98. }); err != nil {
  99. return err
  100. }
  101. // Save GPG primary key.
  102. if _, err = e.Insert(key); err != nil {
  103. return err
  104. }
  105. // Save GPG subs key.
  106. for _, subkey := range key.SubsKey {
  107. if err := addGPGSubKey(e, subkey); err != nil {
  108. return err
  109. }
  110. }
  111. return nil
  112. }
  113. //addGPGSubKey add subkeys to database
  114. func addGPGSubKey(e Engine, key *GPGKey) (err error) {
  115. // Save GPG primary key.
  116. if _, err = e.Insert(key); err != nil {
  117. return err
  118. }
  119. // Save GPG subs key.
  120. for _, subkey := range key.SubsKey {
  121. if err := addGPGSubKey(e, subkey); err != nil {
  122. return err
  123. }
  124. }
  125. return nil
  126. }
  127. // AddGPGKey adds new public key to database.
  128. func AddGPGKey(ownerID int64, content string) (*GPGKey, error) {
  129. ekey, err := checkArmoredGPGKeyString(content)
  130. if err != nil {
  131. return nil, err
  132. }
  133. // Key ID cannot be duplicated.
  134. has, err := x.Where("key_id=?", ekey.PrimaryKey.KeyIdString()).
  135. Get(new(GPGKey))
  136. if err != nil {
  137. return nil, err
  138. } else if has {
  139. return nil, ErrGPGKeyIDAlreadyUsed{ekey.PrimaryKey.KeyIdString()}
  140. }
  141. //Get DB session
  142. sess := x.NewSession()
  143. defer sess.Close()
  144. if err = sess.Begin(); err != nil {
  145. return nil, err
  146. }
  147. key, err := parseGPGKey(ownerID, ekey)
  148. if err != nil {
  149. return nil, err
  150. }
  151. if err = addGPGKey(sess, key, content); err != nil {
  152. return nil, err
  153. }
  154. return key, sess.Commit()
  155. }
  156. //base64EncPubKey encode public key content to base 64
  157. func base64EncPubKey(pubkey *packet.PublicKey) (string, error) {
  158. var w bytes.Buffer
  159. err := pubkey.Serialize(&w)
  160. if err != nil {
  161. return "", err
  162. }
  163. return base64.StdEncoding.EncodeToString(w.Bytes()), nil
  164. }
  165. //base64DecPubKey decode public key content from base 64
  166. func base64DecPubKey(content string) (*packet.PublicKey, error) {
  167. b, err := readerFromBase64(content)
  168. if err != nil {
  169. return nil, err
  170. }
  171. //Read key
  172. p, err := packet.Read(b)
  173. if err != nil {
  174. return nil, err
  175. }
  176. //Check type
  177. pkey, ok := p.(*packet.PublicKey)
  178. if !ok {
  179. return nil, fmt.Errorf("key is not a public key")
  180. }
  181. return pkey, nil
  182. }
  183. //GPGKeyToEntity retrieve the imported key and the traducted entity
  184. func GPGKeyToEntity(k *GPGKey) (*openpgp.Entity, error) {
  185. impKey, err := GetGPGImportByKeyID(k.KeyID)
  186. if err != nil {
  187. return nil, err
  188. }
  189. return checkArmoredGPGKeyString(impKey.Content)
  190. }
  191. //parseSubGPGKey parse a sub Key
  192. func parseSubGPGKey(ownerID int64, primaryID string, pubkey *packet.PublicKey, expiry time.Time) (*GPGKey, error) {
  193. content, err := base64EncPubKey(pubkey)
  194. if err != nil {
  195. return nil, err
  196. }
  197. return &GPGKey{
  198. OwnerID: ownerID,
  199. KeyID: pubkey.KeyIdString(),
  200. PrimaryKeyID: primaryID,
  201. Content: content,
  202. CreatedUnix: util.TimeStamp(pubkey.CreationTime.Unix()),
  203. ExpiredUnix: util.TimeStamp(expiry.Unix()),
  204. CanSign: pubkey.CanSign(),
  205. CanEncryptComms: pubkey.PubKeyAlgo.CanEncrypt(),
  206. CanEncryptStorage: pubkey.PubKeyAlgo.CanEncrypt(),
  207. CanCertify: pubkey.PubKeyAlgo.CanSign(),
  208. }, nil
  209. }
  210. //getExpiryTime extract the expire time of primary key based on sig
  211. func getExpiryTime(e *openpgp.Entity) time.Time {
  212. expiry := time.Time{}
  213. //Extract self-sign for expire date based on : https://github.com/golang/crypto/blob/master/openpgp/keys.go#L165
  214. var selfSig *packet.Signature
  215. for _, ident := range e.Identities {
  216. if selfSig == nil {
  217. selfSig = ident.SelfSignature
  218. } else if ident.SelfSignature.IsPrimaryId != nil && *ident.SelfSignature.IsPrimaryId {
  219. selfSig = ident.SelfSignature
  220. break
  221. }
  222. }
  223. if selfSig.KeyLifetimeSecs != nil {
  224. expiry = e.PrimaryKey.CreationTime.Add(time.Duration(*selfSig.KeyLifetimeSecs) * time.Second)
  225. }
  226. return expiry
  227. }
  228. //parseGPGKey parse a PrimaryKey entity (primary key + subs keys + self-signature)
  229. func parseGPGKey(ownerID int64, e *openpgp.Entity) (*GPGKey, error) {
  230. pubkey := e.PrimaryKey
  231. expiry := getExpiryTime(e)
  232. //Parse Subkeys
  233. subkeys := make([]*GPGKey, len(e.Subkeys))
  234. for i, k := range e.Subkeys {
  235. subs, err := parseSubGPGKey(ownerID, pubkey.KeyIdString(), k.PublicKey, expiry)
  236. if err != nil {
  237. return nil, err
  238. }
  239. subkeys[i] = subs
  240. }
  241. //Check emails
  242. userEmails, err := GetEmailAddresses(ownerID)
  243. if err != nil {
  244. return nil, err
  245. }
  246. emails := make([]*EmailAddress, 0, len(e.Identities))
  247. for _, ident := range e.Identities {
  248. email := strings.ToLower(strings.TrimSpace(ident.UserId.Email))
  249. for _, e := range userEmails {
  250. if e.Email == email {
  251. emails = append(emails, e)
  252. break
  253. }
  254. }
  255. }
  256. //In the case no email as been found
  257. if len(emails) == 0 {
  258. failedEmails := make([]string, 0, len(e.Identities))
  259. for _, ident := range e.Identities {
  260. failedEmails = append(failedEmails, ident.UserId.Email)
  261. }
  262. return nil, ErrGPGNoEmailFound{failedEmails}
  263. }
  264. content, err := base64EncPubKey(pubkey)
  265. if err != nil {
  266. return nil, err
  267. }
  268. return &GPGKey{
  269. OwnerID: ownerID,
  270. KeyID: pubkey.KeyIdString(),
  271. PrimaryKeyID: "",
  272. Content: content,
  273. CreatedUnix: util.TimeStamp(pubkey.CreationTime.Unix()),
  274. ExpiredUnix: util.TimeStamp(expiry.Unix()),
  275. Emails: emails,
  276. SubsKey: subkeys,
  277. CanSign: pubkey.CanSign(),
  278. CanEncryptComms: pubkey.PubKeyAlgo.CanEncrypt(),
  279. CanEncryptStorage: pubkey.PubKeyAlgo.CanEncrypt(),
  280. CanCertify: pubkey.PubKeyAlgo.CanSign(),
  281. }, nil
  282. }
  283. // deleteGPGKey does the actual key deletion
  284. func deleteGPGKey(e *xorm.Session, keyID string) (int64, error) {
  285. if keyID == "" {
  286. return 0, fmt.Errorf("empty KeyId forbidden") //Should never happen but just to be sure
  287. }
  288. //Delete imported key
  289. n, err := e.Where("key_id=?", keyID).Delete(new(GPGKeyImport))
  290. if err != nil {
  291. return n, err
  292. }
  293. return e.Where("key_id=?", keyID).Or("primary_key_id=?", keyID).Delete(new(GPGKey))
  294. }
  295. // DeleteGPGKey deletes GPG key information in database.
  296. func DeleteGPGKey(doer *User, id int64) (err error) {
  297. key, err := GetGPGKeyByID(id)
  298. if err != nil {
  299. if IsErrGPGKeyNotExist(err) {
  300. return nil
  301. }
  302. return fmt.Errorf("GetPublicKeyByID: %v", err)
  303. }
  304. // Check if user has access to delete this key.
  305. if !doer.IsAdmin && doer.ID != key.OwnerID {
  306. return ErrGPGKeyAccessDenied{doer.ID, key.ID}
  307. }
  308. sess := x.NewSession()
  309. defer sess.Close()
  310. if err = sess.Begin(); err != nil {
  311. return err
  312. }
  313. if _, err = deleteGPGKey(sess, key.KeyID); err != nil {
  314. return err
  315. }
  316. return sess.Commit()
  317. }
  318. // CommitVerification represents a commit validation of signature
  319. type CommitVerification struct {
  320. Verified bool
  321. Reason string
  322. SigningUser *User
  323. SigningKey *GPGKey
  324. }
  325. // SignCommit represents a commit with validation of signature.
  326. type SignCommit struct {
  327. Verification *CommitVerification
  328. *UserCommit
  329. }
  330. func readerFromBase64(s string) (io.Reader, error) {
  331. bs, err := base64.StdEncoding.DecodeString(s)
  332. if err != nil {
  333. return nil, err
  334. }
  335. return bytes.NewBuffer(bs), nil
  336. }
  337. func populateHash(hashFunc crypto.Hash, msg []byte) (hash.Hash, error) {
  338. h := hashFunc.New()
  339. if _, err := h.Write(msg); err != nil {
  340. return nil, err
  341. }
  342. return h, nil
  343. }
  344. // readArmoredSign read an armored signature block with the given type. https://sourcegraph.com/github.com/golang/crypto/-/blob/openpgp/read.go#L24:6-24:17
  345. func readArmoredSign(r io.Reader) (body io.Reader, err error) {
  346. block, err := armor.Decode(r)
  347. if err != nil {
  348. return
  349. }
  350. if block.Type != openpgp.SignatureType {
  351. return nil, fmt.Errorf("expected '" + openpgp.SignatureType + "', got: " + block.Type)
  352. }
  353. return block.Body, nil
  354. }
  355. func extractSignature(s string) (*packet.Signature, error) {
  356. r, err := readArmoredSign(strings.NewReader(s))
  357. if err != nil {
  358. return nil, fmt.Errorf("Failed to read signature armor")
  359. }
  360. p, err := packet.Read(r)
  361. if err != nil {
  362. return nil, fmt.Errorf("Failed to read signature packet")
  363. }
  364. sig, ok := p.(*packet.Signature)
  365. if !ok {
  366. return nil, fmt.Errorf("Packet is not a signature")
  367. }
  368. return sig, nil
  369. }
  370. func verifySign(s *packet.Signature, h hash.Hash, k *GPGKey) error {
  371. //Check if key can sign
  372. if !k.CanSign {
  373. return fmt.Errorf("key can not sign")
  374. }
  375. //Decode key
  376. pkey, err := base64DecPubKey(k.Content)
  377. if err != nil {
  378. return err
  379. }
  380. return pkey.VerifySignature(h, s)
  381. }
  382. // ParseCommitWithSignature check if signature is good against keystore.
  383. func ParseCommitWithSignature(c *git.Commit) *CommitVerification {
  384. if c.Signature != nil && c.Committer != nil {
  385. //Parsing signature
  386. sig, err := extractSignature(c.Signature.Signature)
  387. if err != nil { //Skipping failed to extract sign
  388. log.Error("SignatureRead err: %v", err)
  389. return &CommitVerification{
  390. Verified: false,
  391. Reason: "gpg.error.extract_sign",
  392. }
  393. }
  394. //Find Committer account
  395. committer, err := GetUserByEmail(c.Committer.Email) //This find the user by primary email or activated email so commit will not be valid if email is not
  396. if err != nil { //Skipping not user for commiter
  397. // We can expect this to often be an ErrUserNotExist. in the case
  398. // it is not, however, it is important to log it.
  399. if !IsErrUserNotExist(err) {
  400. log.Error("GetUserByEmail: %v", err)
  401. }
  402. return &CommitVerification{
  403. Verified: false,
  404. Reason: "gpg.error.no_committer_account",
  405. }
  406. }
  407. keys, err := ListGPGKeys(committer.ID)
  408. if err != nil { //Skipping failed to get gpg keys of user
  409. log.Error("ListGPGKeys: %v", err)
  410. return &CommitVerification{
  411. Verified: false,
  412. Reason: "gpg.error.failed_retrieval_gpg_keys",
  413. }
  414. }
  415. for _, k := range keys {
  416. //Pre-check (& optimization) that emails attached to key can be attached to the commiter email and can validate
  417. canValidate := false
  418. lowerCommiterEmail := strings.ToLower(c.Committer.Email)
  419. for _, e := range k.Emails {
  420. if e.IsActivated && strings.ToLower(e.Email) == lowerCommiterEmail {
  421. canValidate = true
  422. break
  423. }
  424. }
  425. if !canValidate {
  426. continue //Skip this key
  427. }
  428. //Generating hash of commit
  429. hash, err := populateHash(sig.Hash, []byte(c.Signature.Payload))
  430. if err != nil { //Skipping ailed to generate hash
  431. log.Error("PopulateHash: %v", err)
  432. return &CommitVerification{
  433. Verified: false,
  434. Reason: "gpg.error.generate_hash",
  435. }
  436. }
  437. //We get PK
  438. if err := verifySign(sig, hash, k); err == nil {
  439. return &CommitVerification{ //Everything is ok
  440. Verified: true,
  441. Reason: fmt.Sprintf("%s <%s> / %s", c.Committer.Name, c.Committer.Email, k.KeyID),
  442. SigningUser: committer,
  443. SigningKey: k,
  444. }
  445. }
  446. //And test also SubsKey
  447. for _, sk := range k.SubsKey {
  448. //Generating hash of commit
  449. hash, err := populateHash(sig.Hash, []byte(c.Signature.Payload))
  450. if err != nil { //Skipping ailed to generate hash
  451. log.Error("PopulateHash: %v", err)
  452. return &CommitVerification{
  453. Verified: false,
  454. Reason: "gpg.error.generate_hash",
  455. }
  456. }
  457. if err := verifySign(sig, hash, sk); err == nil {
  458. return &CommitVerification{ //Everything is ok
  459. Verified: true,
  460. Reason: fmt.Sprintf("%s <%s> / %s", c.Committer.Name, c.Committer.Email, sk.KeyID),
  461. SigningUser: committer,
  462. SigningKey: sk,
  463. }
  464. }
  465. }
  466. }
  467. return &CommitVerification{ //Default at this stage
  468. Verified: false,
  469. Reason: "gpg.error.no_gpg_keys_found",
  470. }
  471. }
  472. return &CommitVerification{
  473. Verified: false, //Default value
  474. Reason: "gpg.error.not_signed_commit", //Default value
  475. }
  476. }
  477. // ParseCommitsWithSignature checks if signaute of commits are corresponding to users gpg keys.
  478. func ParseCommitsWithSignature(oldCommits *list.List) *list.List {
  479. var (
  480. newCommits = list.New()
  481. e = oldCommits.Front()
  482. )
  483. for e != nil {
  484. c := e.Value.(UserCommit)
  485. newCommits.PushBack(SignCommit{
  486. UserCommit: &c,
  487. Verification: ParseCommitWithSignature(c.Commit),
  488. })
  489. e = e.Next()
  490. }
  491. return newCommits
  492. }