gitlab-org--gitlab-foss/lib/gitlab/gpg/commit.rb

module Gitlab
  module Gpg
    class Commit
      include Gitlab::Utils::StrongMemoize

      def initialize(commit)
        @commit = commit

        repo = commit.project.repository.raw_repository
        @signature_data = Gitlab::Git::Commit.extract_signature_lazily(repo, commit.sha || commit.id)
      end

      def signature_text
        strong_memoize(:signature_text) do
          @signature_data&.itself && @signature_data[0]
        end
      end

      def signed_text
        strong_memoize(:signed_text) do
          @signature_data&.itself && @signature_data[1]
        end
      end

      def has_signature?
        !!(signature_text && signed_text)
      end

      # rubocop: disable CodeReuse/ActiveRecord
      def signature
        return unless has_signature?

        return @signature if @signature

        cached_signature = GpgSignature.find_by(commit_sha: @commit.sha)
        return @signature = cached_signature if cached_signature.present?

        @signature = create_cached_signature!
      end
      # rubocop: enable CodeReuse/ActiveRecord

      def update_signature!(cached_signature)
        using_keychain do |gpg_key|
          cached_signature.update!(attributes(gpg_key))
        end

        @signature = cached_signature
      end

      private

      def using_keychain
        Gitlab::Gpg.using_tmp_keychain do
          # first we need to get the keyid from the signature to query the gpg
          # key belonging to the keyid.
          # This way we can add the key to the temporary keychain and extract
          # the proper signature.
          # NOTE: the invoked method is #fingerprint but it's only returning
          # 16 characters (the format used by keyid) instead of 40.
          gpg_key = find_gpg_key(verified_signature.fingerprint)

          if gpg_key
            Gitlab::Gpg::CurrentKeyChain.add(gpg_key.key)
            @verified_signature = nil
          end

          yield gpg_key
        end
      end

      def verified_signature
        @verified_signature ||= GPGME::Crypto.new.verify(signature_text, signed_text: signed_text) do |verified_signature|
          break verified_signature
        end
      end

      def create_cached_signature!
        using_keychain do |gpg_key|
          signature = GpgSignature.new(attributes(gpg_key))
          signature.save! unless Gitlab::Database.read_only?
          signature
        end
      end

      def attributes(gpg_key)
        user_infos = user_infos(gpg_key)
        verification_status = verification_status(gpg_key)

        {
          commit_sha: @commit.sha,
          project: @commit.project,
          gpg_key: gpg_key,
          gpg_key_primary_keyid: gpg_key&.keyid || verified_signature.fingerprint,
          gpg_key_user_name: user_infos[:name],
          gpg_key_user_email: user_infos[:email],
          verification_status: verification_status
        }
      end

      def verification_status(gpg_key)
        return :unknown_key unless gpg_key
        return :unverified_key unless gpg_key.verified?
        return :unverified unless verified_signature.valid?

        if gpg_key.verified_and_belongs_to_email?(@commit.committer_email)
          :verified
        elsif gpg_key.user.all_emails.include?(@commit.committer_email)
          :same_user_different_email
        else
          :other_user
        end
      end

      def user_infos(gpg_key)
        gpg_key&.verified_user_infos&.first || gpg_key&.user_infos&.first || {}
      end

      # rubocop: disable CodeReuse/ActiveRecord
      def find_gpg_key(keyid)
        GpgKey.find_by(primary_keyid: keyid) || GpgKeySubkey.find_by(keyid: keyid)
      end
      # rubocop: enable CodeReuse/ActiveRecord
    end
  end
end
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 09:51:34 +00:00			`module Gitlab`
			`module Gpg`
			`class Commit`
Fetch commit signatures from Gitaly in batches Closes gitaly#1046 2018-02-28 16:56:00 +00:00			`include Gitlab::Utils::StrongMemoize`

pass whole commit to Gitlab::Gpg::Commit again we need the commit object for the updated verification that also checks the committer's email to match the gpg key and user's emails. 2017-08-24 12:21:26 +00:00			`def initialize(commit)`
			`@commit = commit`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 09:51:34 +00:00
Retrieve commit signatures with Gitaly 2018-01-18 14:10:17 +00:00			`repo = commit.project.repository.raw_repository`
Fetch commit signatures from Gitaly in batches Closes gitaly#1046 2018-02-28 16:56:00 +00:00			`@signature_data = Gitlab::Git::Commit.extract_signature_lazily(repo, commit.sha \|\| commit.id)`
			`end`

			`def signature_text`
			`strong_memoize(:signature_text) do`
			`@signature_data&.itself && @signature_data[0]`
			`end`
			`end`

			`def signed_text`
			`strong_memoize(:signed_text) do`
			`@signature_data&.itself && @signature_data[1]`
			`end`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 09:51:34 +00:00			`end`

			`def has_signature?`
Fetch commit signatures from Gitaly in batches Closes gitaly#1046 2018-02-28 16:56:00 +00:00			`!!(signature_text && signed_text)`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 09:51:34 +00:00			`end`

Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. 2018-08-27 15:31:01 +00:00			`# rubocop: disable CodeReuse/ActiveRecord`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 09:51:34 +00:00			`def signature`
bail if the commit has no signature 2017-06-15 07:16:50 +00:00			`return unless has_signature?`

Only create commit GPG signature when necessary 2017-08-15 11:22:55 +00:00			`return @signature if @signature`
move signature cache read to Gpg::Commit as we write the cache in the gpg commit class already the read should also happen there. This also removes all logic from the main commit class, which just proxies the call to the Gpg::Commit now. 2017-06-15 08:28:28 +00:00
pass whole commit to Gitlab::Gpg::Commit again we need the commit object for the updated verification that also checks the committer's email to match the gpg key and user's emails. 2017-08-24 12:21:26 +00:00			`cached_signature = GpgSignature.find_by(commit_sha: @commit.sha)`
Only create commit GPG signature when necessary 2017-08-15 11:22:55 +00:00			`return @signature = cached_signature if cached_signature.present?`

			`@signature = create_cached_signature!`
memoize verified_signature call 2017-06-15 11:37:03 +00:00			`end`
Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. 2018-08-27 15:31:01 +00:00			`# rubocop: enable CodeReuse/ActiveRecord`
memoize verified_signature call 2017-06-15 11:37:03 +00:00
allow updating of gpg signature through gpg commit 2017-06-15 12:18:00 +00:00			`def update_signature!(cached_signature)`
			`using_keychain do \|gpg_key\|`
Updates from `rubocop -a` 2018-07-02 10:43:06 +00:00			`cached_signature.update!(attributes(gpg_key))`
allow updating of gpg signature through gpg commit 2017-06-15 12:18:00 +00:00			`end`
Only create commit GPG signature when necessary 2017-08-15 11:22:55 +00:00
			`@signature = cached_signature`
allow updating of gpg signature through gpg commit 2017-06-15 12:18:00 +00:00			`end`

memoize verified_signature call 2017-06-15 11:37:03 +00:00			`private`

			`def using_keychain`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 09:51:34 +00:00			`Gitlab::Gpg.using_tmp_keychain do`
			`# first we need to get the keyid from the signature to query the gpg`
			`# key belonging to the keyid.`
			`# This way we can add the key to the temporary keychain and extract`
			`# the proper signature.`
Address some feedback from last code review 2017-10-04 15:34:50 +00:00			`# NOTE: the invoked method is #fingerprint but it's only returning`
			`# 16 characters (the format used by keyid) instead of 40.`
Associate GgpSignature with GpgKeySubkey if comes from a subkey Additionally we're delegating missing method calls on GpgKeySubkey to GpgKey since most of the info required when verifying a signature is found on GpgKey which is the parent of GpgKeySubkey 2017-09-28 00:45:19 +00:00			`gpg_key = find_gpg_key(verified_signature.fingerprint)`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 09:51:34 +00:00
			`if gpg_key`
			`Gitlab::Gpg::CurrentKeyChain.add(gpg_key.key)`
fix memoization 2017-07-06 06:03:16 +00:00			`@verified_signature = nil`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 09:51:34 +00:00			`end`

memoize verified_signature call 2017-06-15 11:37:03 +00:00			`yield gpg_key`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 09:51:34 +00:00			`end`
			`end`

			`def verified_signature`
Fetch commit signatures from Gitaly in batches Closes gitaly#1046 2018-02-28 16:56:00 +00:00			`@verified_signature \|\|= GPGME::Crypto.new.verify(signature_text, signed_text: signed_text) do \|verified_signature\|`
fix memoization 2017-07-06 06:03:16 +00:00			`break verified_signature`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 09:51:34 +00:00			`end`
			`end`

Only create commit GPG signature when necessary 2017-08-15 11:22:55 +00:00			`def create_cached_signature!`
			`using_keychain do \|gpg_key\|`
Fix Error 500 when viewing a commit with a GPG signature in Geo Closes gitlab-org/gitlab-ee#4825 2018-02-19 08:21:47 +00:00			`signature = GpgSignature.new(attributes(gpg_key))`
			`signature.save! unless Gitlab::Database.read_only?`
			`signature`
Only create commit GPG signature when necessary 2017-08-15 11:22:55 +00:00			`end`
store gpg user name and email on the signature 2017-07-13 13:22:15 +00:00			`end`

			`def attributes(gpg_key)`
			`user_infos = user_infos(gpg_key)`
match the committer's email against the gpg key the updated verification of a gpg signature requires the committer's email to also match the user's and the key's emails. 2017-08-24 12:21:30 +00:00			`verification_status = verification_status(gpg_key)`
store gpg user name and email on the signature 2017-07-13 13:22:15 +00:00
			`{`
pass whole commit to Gitlab::Gpg::Commit again we need the commit object for the updated verification that also checks the committer's email to match the gpg key and user's emails. 2017-08-24 12:21:26 +00:00			`commit_sha: @commit.sha,`
			`project: @commit.project,`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 09:51:34 +00:00			`gpg_key: gpg_key,`
Address feedback from last code review 2017-09-29 22:55:36 +00:00			`gpg_key_primary_keyid: gpg_key&.keyid \|\| verified_signature.fingerprint,`
store gpg user name and email on the signature 2017-07-13 13:22:15 +00:00			`gpg_key_user_name: user_infos[:name],`
			`gpg_key_user_email: user_infos[:email],`
match the committer's email against the gpg key the updated verification of a gpg signature requires the committer's email to also match the user's and the key's emails. 2017-08-24 12:21:30 +00:00			`verification_status: verification_status`
store gpg user name and email on the signature 2017-07-13 13:22:15 +00:00			`}`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 09:51:34 +00:00			`end`
allow updating of gpg signature through gpg commit 2017-06-15 12:18:00 +00:00
match the committer's email against the gpg key the updated verification of a gpg signature requires the committer's email to also match the user's and the key's emails. 2017-08-24 12:21:30 +00:00			`def verification_status(gpg_key)`
only use symbols instead of enum hash accessor 2017-08-24 12:22:19 +00:00			`return :unknown_key unless gpg_key`
			`return :unverified_key unless gpg_key.verified?`
			`return :unverified unless verified_signature.valid?`
simplify if/else with guards 2017-08-24 12:21:46 +00:00
			`if gpg_key.verified_and_belongs_to_email?(@commit.committer_email)`
only use symbols instead of enum hash accessor 2017-08-24 12:22:19 +00:00			`:verified`
simplify if/else with guards 2017-08-24 12:21:46 +00:00			`elsif gpg_key.user.all_emails.include?(@commit.committer_email)`
only use symbols instead of enum hash accessor 2017-08-24 12:22:19 +00:00			`:same_user_different_email`
match the committer's email against the gpg key the updated verification of a gpg signature requires the committer's email to also match the user's and the key's emails. 2017-08-24 12:21:30 +00:00			`else`
only use symbols instead of enum hash accessor 2017-08-24 12:22:19 +00:00			`:other_user`
match the committer's email against the gpg key the updated verification of a gpg signature requires the committer's email to also match the user's and the key's emails. 2017-08-24 12:21:30 +00:00			`end`
allow updating of gpg signature through gpg commit 2017-06-15 12:18:00 +00:00			`end`
store gpg user name and email on the signature 2017-07-13 13:22:15 +00:00
			`def user_infos(gpg_key)`
			`gpg_key&.verified_user_infos&.first \|\| gpg_key&.user_infos&.first \|\| {}`
			`end`
Associate GgpSignature with GpgKeySubkey if comes from a subkey Additionally we're delegating missing method calls on GpgKeySubkey to GpgKey since most of the info required when verifying a signature is found on GpgKey which is the parent of GpgKeySubkey 2017-09-28 00:45:19 +00:00
Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. 2018-08-27 15:31:01 +00:00			`# rubocop: disable CodeReuse/ActiveRecord`
Associate GgpSignature with GpgKeySubkey if comes from a subkey Additionally we're delegating missing method calls on GpgKeySubkey to GpgKey since most of the info required when verifying a signature is found on GpgKey which is the parent of GpgKeySubkey 2017-09-28 00:45:19 +00:00			`def find_gpg_key(keyid)`
			`GpgKey.find_by(primary_keyid: keyid) \|\| GpgKeySubkey.find_by(keyid: keyid)`
			`end`
Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. 2018-08-27 15:31:01 +00:00			`# rubocop: enable CodeReuse/ActiveRecord`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 09:51:34 +00:00			`end`
			`end`
			`end`