gitlab-org--gitlab-foss/app/models/gpg_key.rb

class GpgKey < ActiveRecord::Base
  KEY_PREFIX = '-----BEGIN PGP PUBLIC KEY BLOCK-----'.freeze
  KEY_SUFFIX = '-----END PGP PUBLIC KEY BLOCK-----'.freeze

  include ShaAttribute

  sha_attribute :primary_keyid
  sha_attribute :fingerprint

  belongs_to :user
  has_many :gpg_signatures
  has_many :subkeys, class_name: 'GpgKeySubkey'

  scope :with_subkeys, -> { includes(:subkeys) }

  validates :user, presence: true

  validates :key,
    presence: true,
    uniqueness: true,
    format: {
      with: /\A#{KEY_PREFIX}((?!#{KEY_PREFIX})(?!#{KEY_SUFFIX}).)+#{KEY_SUFFIX}\Z/m,
      message: "is invalid. A valid public GPG key begins with '#{KEY_PREFIX}' and ends with '#{KEY_SUFFIX}'"
    }

  validates :fingerprint,
    presence: true,
    uniqueness: true,
    # only validate when the `key` is valid, as we don't want the user to show
    # the error about the fingerprint
    unless: -> { errors.has_key?(:key) }

  validates :primary_keyid,
    presence: true,
    uniqueness: true,
    # only validate when the `key` is valid, as we don't want the user to show
    # the error about the fingerprint
    unless: -> { errors.has_key?(:key) }

  before_validation :extract_fingerprint, :extract_primary_keyid
  after_commit :update_invalid_gpg_signatures, on: :create
  after_create :generate_subkeys

  def primary_keyid
    super&.upcase
  end
  alias_method :keyid, :primary_keyid

  def fingerprint
    super&.upcase
  end

  def key=(value)
    super(value&.strip)
  end

  def keyids
    [keyid].concat(subkeys.map(&:keyid))
  end

  def user_infos
    @user_infos ||= Gitlab::Gpg.user_infos_from_key(key)
  end

  def verified_user_infos
    user_infos.select do |user_info|
      user.verified_email?(user_info[:email])
    end
  end

  def emails_with_verified_status
    user_infos.map do |user_info|
      [
        user_info[:email],
        user.verified_email?(user_info[:email])
      ]
    end.to_h
  end

  def verified?
    emails_with_verified_status.values.any?
  end

  def verified_and_belongs_to_email?(email)
    emails_with_verified_status.fetch(email.downcase, false)
  end

  def update_invalid_gpg_signatures
    InvalidGpgSignatureUpdateWorker.perform_async(self.id)
  end

  def revoke
    GpgSignature
      .with_key_and_subkeys(self)
      .where.not(verification_status: GpgSignature.verification_statuses[:unknown_key])
      .update_all(
        gpg_key_id: nil,
        gpg_key_subkey_id: nil,
        verification_status: GpgSignature.verification_statuses[:unknown_key],
        updated_at: Time.zone.now
      )

    destroy
  end

  private

  def extract_fingerprint
    # we can assume that the result only contains one item as the validation
    # only allows one key
    self.fingerprint = Gitlab::Gpg.fingerprints_from_key(key).first
  end

  def extract_primary_keyid
    # we can assume that the result only contains one item as the validation
    # only allows one key
    self.primary_keyid = Gitlab::Gpg.primary_keyids_from_key(key).first
  end

  def generate_subkeys
    gpg_subkeys = Gitlab::Gpg.subkeys_from_key(key)

    gpg_subkeys[primary_keyid]&.each do |subkey_data|
      subkeys.create!(keyid: subkey_data[:keyid], fingerprint: subkey_data[:fingerprint])
    end
  end
end
add gpg key model 2017-02-22 06:49:17 -05:00			`class GpgKey < ActiveRecord::Base`
			`KEY_PREFIX = '-----BEGIN PGP PUBLIC KEY BLOCK-----'.freeze`
improve gpg key validation when omitting the end part of the key ('-----END PGP PUBLIC KEY BLOCK-----') the error message was not about the key anymore, but about the missing fingerprint and primary_keyid, which was confusing for the user. the new validation checks that the end also matches the expected format. 2017-07-26 09:47:00 -04:00			`KEY_SUFFIX = '-----END PGP PUBLIC KEY BLOCK-----'.freeze`
add gpg key model 2017-02-22 06:49:17 -05:00
use ShaAttribute for gpg table columns 2017-07-20 09:44:15 -04:00			`include ShaAttribute`

			`sha_attribute :primary_keyid`
			`sha_attribute :fingerprint`

add gpg key model 2017-02-22 06:49:17 -05:00			`belongs_to :user`
use db's on_delete instead of has_many :dependent 2017-07-20 10:33:44 -04:00			`has_many :gpg_signatures`
Use a separate model to handle GPG subkeys 2017-09-27 13:27:39 -04:00			`has_many :subkeys, class_name: 'GpgKeySubkey'`
add gpg key model 2017-02-22 06:49:17 -05:00
Render GPG subkeys on index page 2017-09-27 21:45:08 -04:00			`scope :with_subkeys, -> { includes(:subkeys) }`

validate presence of user on gpg_key 2017-07-05 08:03:36 -04:00			`validates :user, presence: true`

add gpg key model 2017-02-22 06:49:17 -05:00			`validates :key,`
			`presence: true,`
			`uniqueness: true,`
			`format: {`
improve gpg key validation when omitting the end part of the key ('-----END PGP PUBLIC KEY BLOCK-----') the error message was not about the key anymore, but about the missing fingerprint and primary_keyid, which was confusing for the user. the new validation checks that the end also matches the expected format. 2017-07-26 09:47:00 -04:00			`with: /\A#{KEY_PREFIX}((?!#{KEY_PREFIX})(?!#{KEY_SUFFIX}).)+#{KEY_SUFFIX}\Z/m,`
			`message: "is invalid. A valid public GPG key begins with '#{KEY_PREFIX}' and ends with '#{KEY_SUFFIX}'"`
Refactor the extraction and generation of GPG subkeys 2017-09-27 13:28:50 -04:00			`}`
add gpg key model 2017-02-22 06:49:17 -05:00
only validate gpg_key#fingerprint "internally" 2017-02-22 10:22:39 -05:00			`validates :fingerprint,`
			`presence: true,`
			`uniqueness: true,`
			# only validate when the `key` is valid, as we don't want the user to show
			`# the error about the fingerprint`
			`unless: -> { errors.has_key?(:key) }`

add primary keyid attribute to gpg keys 2017-06-13 07:46:43 -04:00			`validates :primary_keyid,`
			`presence: true,`
			`uniqueness: true,`
			# only validate when the `key` is valid, as we don't want the user to show
			`# the error about the fingerprint`
			`unless: -> { errors.has_key?(:key) }`

Refactor the extraction and generation of GPG subkeys 2017-09-27 13:28:50 -04:00			`before_validation :extract_fingerprint, :extract_primary_keyid`
use after_commit instead of AfterCommitQueue 2017-07-05 08:23:23 -04:00			`after_commit :update_invalid_gpg_signatures, on: :create`
Refactor the extraction and generation of GPG subkeys 2017-09-27 13:28:50 -04:00			`after_create :generate_subkeys`
add gpg key model 2017-02-22 06:49:17 -05:00
upcase in the model instead of in the view 2017-07-25 10:23:52 -04:00			`def primary_keyid`
			`super&.upcase`
			`end`
Address feedback from last code review 2017-09-29 18:55:36 -04:00			`alias_method :keyid, :primary_keyid`
upcase in the model instead of in the view 2017-07-25 10:23:52 -04:00
			`def fingerprint`
			`super&.upcase`
			`end`

add gpg key model 2017-02-22 06:49:17 -05:00			`def key=(value)`
simplify nil handling 2017-07-25 14:35:44 -04:00			`super(value&.strip)`
add gpg key model 2017-02-22 06:49:17 -05:00			`end`

Address feedback from last code review 2017-09-29 18:55:36 -04:00			`def keyids`
			`[keyid].concat(subkeys.map(&:keyid))`
			`end`

store gpg user name and email on the signature 2017-07-13 09:22:15 -04:00			`def user_infos`
			`@user_infos \|\|= Gitlab::Gpg.user_infos_from_key(key)`
			`end`

			`def verified_user_infos`
			`user_infos.select do \|user_info\|`
use User#verified_email? for gpg key verification 2017-08-28 06:31:14 -04:00			`user.verified_email?(user_info[:email])`
store gpg user name and email on the signature 2017-07-13 09:22:15 -04:00			`end`
add emails method to GgpKey 2017-02-22 09:37:49 -05:00			`end`

remove gpg from keychain when user's email changes 2017-02-28 09:25:12 -05:00			`def emails_with_verified_status`
store gpg user name and email on the signature 2017-07-13 09:22:15 -04:00			`user_infos.map do \|user_info\|`
gpg email verification 2017-02-24 15:28:26 -05:00			`[`
store gpg user name and email on the signature 2017-07-13 09:22:15 -04:00			`user_info[:email],`
use User#verified_email? for gpg key verification 2017-08-28 06:31:14 -04:00			`user.verified_email?(user_info[:email])`
gpg email verification 2017-02-24 15:28:26 -05:00			`]`
use hash instead of 2d array 2017-07-05 07:16:50 -04:00			`end.to_h`
gpg email verification 2017-02-24 15:28:26 -05:00			`end`

gpg signature is only valid when key is verified 2017-06-15 03:57:50 -04:00			`def verified?`
simplify check for verified email in collection 2017-08-24 10:52:06 -04:00			`emails_with_verified_status.values.any?`
gpg signature is only valid when key is verified 2017-06-15 03:57:50 -04:00			`end`

match the committer's email against the gpg key the updated verification of a gpg signature requires the committer's email to also match the user's and the key's emails. 2017-08-24 08:21:30 -04:00			`def verified_and_belongs_to_email?(email)`
Make GPG validation case insensitive. In line with other changes in GitLab, make email address validation properly case insensitive. The email address in the commit may be in any case, so it needs downcasing to match the address stored in GitLab for the user. Without this change the comparison fails and commits are not marked as verified. See #37009. 2017-09-19 13:57:01 -04:00			`emails_with_verified_status.fetch(email.downcase, false)`
match the committer's email against the gpg key the updated verification of a gpg signature requires the committer's email to also match the user's and the key's emails. 2017-08-24 08:21:30 -04:00			`end`

update invalid gpg signatures when email changes 2017-06-15 09:07:44 -04:00			`def update_invalid_gpg_signatures`
perform signature update in sidekiq worker 2017-06-22 08:18:01 -04:00			`InvalidGpgSignatureUpdateWorker.perform_async(self.id)`
update invalid gpg signatures when email changes 2017-06-15 09:07:44 -04:00			`end`

user may now revoke a gpg key other than just removing a key, which doesn't affect the verified state of a commit, revoking a key unverifies all signed commits. 2017-07-12 01:59:28 -04:00			`def revoke`
use new #verification_status 2017-08-30 07:27:40 -04:00			`GpgSignature`
Invalidate GpgSignatures associated to GpgKeySubkeys when revoking the GpgKey 2017-10-04 19:44:49 -04:00			`.with_key_and_subkeys(self)`
use new #verification_status 2017-08-30 07:27:40 -04:00			`.where.not(verification_status: GpgSignature.verification_statuses[:unknown_key])`
			`.update_all(`
			`gpg_key_id: nil,`
Invalidate GpgSignatures associated to GpgKeySubkeys when revoking the GpgKey 2017-10-04 19:44:49 -04:00			`gpg_key_subkey_id: nil,`
use new #verification_status 2017-08-30 07:27:40 -04:00			`verification_status: GpgSignature.verification_statuses[:unknown_key],`
			`updated_at: Time.zone.now`
			`)`
user may now revoke a gpg key other than just removing a key, which doesn't affect the verified state of a commit, revoking a key unverifies all signed commits. 2017-07-12 01:59:28 -04:00
			`destroy`
			`end`

add gpg key model 2017-02-22 06:49:17 -05:00			`private`

			`def extract_fingerprint`
			`# we can assume that the result only contains one item as the validation`
			`# only allows one key`
extract gpg functionality to lib class 2017-02-22 11:20:42 -05:00			`self.fingerprint = Gitlab::Gpg.fingerprints_from_key(key).first`
add gpg key model 2017-02-22 06:49:17 -05:00			`end`
add / remove gpg keys to / from system keychain 2017-02-22 12:36:25 -05:00
add primary keyid attribute to gpg keys 2017-06-13 07:46:43 -04:00			`def extract_primary_keyid`
			`# we can assume that the result only contains one item as the validation`
			`# only allows one key`
			`self.primary_keyid = Gitlab::Gpg.primary_keyids_from_key(key).first`
			`end`
Process and create subkeys when a new GPG key is created 2017-09-26 20:42:23 -04:00
			`def generate_subkeys`
			`gpg_subkeys = Gitlab::Gpg.subkeys_from_key(key)`

Fix some broken specs 2017-10-01 22:50:38 -04:00			`gpg_subkeys[primary_keyid]&.each do \|subkey_data\|`
Refactor the extraction and generation of GPG subkeys 2017-09-27 13:28:50 -04:00			`subkeys.create!(keyid: subkey_data[:keyid], fingerprint: subkey_data[:fingerprint])`
Process and create subkeys when a new GPG key is created 2017-09-26 20:42:23 -04:00			`end`
			`end`
add gpg key model 2017-02-22 06:49:17 -05:00			`end`