closed-social
/
gitea

// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package models
import (	"strings"
	"code.gitea.io/gitea/modules/git"	"code.gitea.io/gitea/modules/log"	"code.gitea.io/gitea/modules/process"	"code.gitea.io/gitea/modules/setting")
type signingMode string
const (	never         signingMode = "never"	always        signingMode = "always"	pubkey        signingMode = "pubkey"	twofa         signingMode = "twofa"	parentSigned  signingMode = "parentsigned"	baseSigned    signingMode = "basesigned"	headSigned    signingMode = "headsigned"	commitsSigned signingMode = "commitssigned"	approved      signingMode = "approved"	noKey         signingMode = "nokey")
func signingModeFromStrings(modeStrings []string) []signingMode {	returnable := make([]signingMode, 0, len(modeStrings))	for _, mode := range modeStrings {		signMode := signingMode(strings.ToLower(mode))		switch signMode {		case never:			return []signingMode{never}		case always:			return []signingMode{always}		case pubkey:			fallthrough		case twofa:			fallthrough		case parentSigned:			fallthrough		case baseSigned:			fallthrough		case headSigned:			fallthrough		case approved:			fallthrough		case commitsSigned:			returnable = append(returnable, signMode)		}	}	if len(returnable) == 0 {		return []signingMode{never}	}	return returnable}
func signingKey(repoPath string) string {	if setting.Repository.Signing.SigningKey == "none" {		return ""	}
	if setting.Repository.Signing.SigningKey == "default" || setting.Repository.Signing.SigningKey == "" {		// Can ignore the error here as it means that commit.gpgsign is not set
		value, _ := git.NewCommand("config", "--get", "commit.gpgsign").RunInDir(repoPath)		sign, valid := git.ParseBool(strings.TrimSpace(value))		if !sign || !valid {			return ""		}
		signingKey, _ := git.NewCommand("config", "--get", "user.signingkey").RunInDir(repoPath)		return strings.TrimSpace(signingKey)	}
	return setting.Repository.Signing.SigningKey}
// PublicSigningKey gets the public signing key within a provided repository directory
func PublicSigningKey(repoPath string) (string, error) {	signingKey := signingKey(repoPath)	if signingKey == "" {		return "", nil	}
	content, stderr, err := process.GetManager().ExecDir(-1, repoPath,		"gpg --export -a", "gpg", "--export", "-a", signingKey)	if err != nil {		log.Error("Unable to get default signing key in %s: %s, %s, %v", repoPath, signingKey, stderr, err)		return "", err	}	return content, nil}
// SignInitialCommit determines if we should sign the initial commit to this repository
func SignInitialCommit(repoPath string, u *User) (bool, string, error) {	rules := signingModeFromStrings(setting.Repository.Signing.InitialCommit)	signingKey := signingKey(repoPath)	if signingKey == "" {		return false, "", &ErrWontSign{noKey}	}
	for _, rule := range rules {		switch rule {		case never:			return false, "", &ErrWontSign{never}		case always:			break		case pubkey:			keys, err := ListGPGKeys(u.ID, ListOptions{})			if err != nil {				return false, "", err			}			if len(keys) == 0 {				return false, "", &ErrWontSign{pubkey}			}		case twofa:			twofaModel, err := GetTwoFactorByUID(u.ID)			if err != nil && !IsErrTwoFactorNotEnrolled(err) {				return false, "", err			}			if twofaModel == nil {				return false, "", &ErrWontSign{twofa}			}		}	}	return true, signingKey, nil}
// SignWikiCommit determines if we should sign the commits to this repository wiki
func (repo *Repository) SignWikiCommit(u *User) (bool, string, error) {	rules := signingModeFromStrings(setting.Repository.Signing.Wiki)	signingKey := signingKey(repo.WikiPath())	if signingKey == "" {		return false, "", &ErrWontSign{noKey}	}
	for _, rule := range rules {		switch rule {		case never:			return false, "", &ErrWontSign{never}		case always:			break		case pubkey:			keys, err := ListGPGKeys(u.ID, ListOptions{})			if err != nil {				return false, "", err			}			if len(keys) == 0 {				return false, "", &ErrWontSign{pubkey}			}		case twofa:			twofaModel, err := GetTwoFactorByUID(u.ID)			if err != nil && !IsErrTwoFactorNotEnrolled(err) {				return false, "", err			}			if twofaModel == nil {				return false, "", &ErrWontSign{twofa}			}		case parentSigned:			gitRepo, err := git.OpenRepository(repo.WikiPath())			if err != nil {				return false, "", err			}			defer gitRepo.Close()			commit, err := gitRepo.GetCommit("HEAD")			if err != nil {				return false, "", err			}			if commit.Signature == nil {				return false, "", &ErrWontSign{parentSigned}			}			verification := ParseCommitWithSignature(commit)			if !verification.Verified {				return false, "", &ErrWontSign{parentSigned}			}		}	}	return true, signingKey, nil}
// SignCRUDAction determines if we should sign a CRUD commit to this repository
func (repo *Repository) SignCRUDAction(u *User, tmpBasePath, parentCommit string) (bool, string, error) {	rules := signingModeFromStrings(setting.Repository.Signing.CRUDActions)	signingKey := signingKey(repo.RepoPath())	if signingKey == "" {		return false, "", &ErrWontSign{noKey}	}
	for _, rule := range rules {		switch rule {		case never:			return false, "", &ErrWontSign{never}		case always:			break		case pubkey:			keys, err := ListGPGKeys(u.ID, ListOptions{})			if err != nil {				return false, "", err			}			if len(keys) == 0 {				return false, "", &ErrWontSign{pubkey}			}		case twofa:			twofaModel, err := GetTwoFactorByUID(u.ID)			if err != nil && !IsErrTwoFactorNotEnrolled(err) {				return false, "", err			}			if twofaModel == nil {				return false, "", &ErrWontSign{twofa}			}		case parentSigned:			gitRepo, err := git.OpenRepository(tmpBasePath)			if err != nil {				return false, "", err			}			defer gitRepo.Close()			commit, err := gitRepo.GetCommit(parentCommit)			if err != nil {				return false, "", err			}			if commit.Signature == nil {				return false, "", &ErrWontSign{parentSigned}			}			verification := ParseCommitWithSignature(commit)			if !verification.Verified {				return false, "", &ErrWontSign{parentSigned}			}		}	}	return true, signingKey, nil}