2017-02-22 11:20:42 -05:00
|
|
|
module Gitlab
|
|
|
|
module Gpg
|
|
|
|
extend self
|
|
|
|
|
2017-08-10 14:33:24 -04:00
|
|
|
MUTEX = Mutex.new
|
|
|
|
|
2017-06-13 08:26:42 -04:00
|
|
|
module CurrentKeyChain
|
|
|
|
extend self
|
|
|
|
|
|
|
|
def add(key)
|
|
|
|
GPGME::Key.import(key)
|
|
|
|
end
|
|
|
|
|
2017-07-06 05:55:56 -04:00
|
|
|
def fingerprints_from_key(key)
|
2017-02-22 11:20:42 -05:00
|
|
|
import = GPGME::Key.import(key)
|
|
|
|
|
|
|
|
return [] if import.imported == 0
|
|
|
|
|
|
|
|
import.imports.map(&:fingerprint)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-07-06 05:55:56 -04:00
|
|
|
def fingerprints_from_key(key)
|
2017-06-13 07:46:43 -04:00
|
|
|
using_tmp_keychain do
|
2017-07-06 05:55:56 -04:00
|
|
|
CurrentKeyChain.fingerprints_from_key(key)
|
|
|
|
end
|
|
|
|
end
|
2017-06-13 07:46:43 -04:00
|
|
|
|
2017-07-06 05:55:56 -04:00
|
|
|
def primary_keyids_from_key(key)
|
|
|
|
using_tmp_keychain do
|
|
|
|
fingerprints = CurrentKeyChain.fingerprints_from_key(key)
|
2017-06-13 07:46:43 -04:00
|
|
|
|
|
|
|
GPGME::Key.find(:public, fingerprints).map { |raw_key| raw_key.primary_subkey.keyid }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-09-26 20:42:23 -04:00
|
|
|
def subkeys_from_key(key)
|
|
|
|
using_tmp_keychain do
|
2017-09-29 18:55:36 -04:00
|
|
|
fingerprints = CurrentKeyChain.fingerprints_from_key(key)
|
|
|
|
raw_keys = GPGME::Key.find(:public, fingerprints)
|
2017-09-26 20:42:23 -04:00
|
|
|
|
2017-09-29 18:55:36 -04:00
|
|
|
raw_keys.each_with_object({}) do |raw_key, grouped_subkeys|
|
2017-09-26 20:42:23 -04:00
|
|
|
primary_subkey_id = raw_key.primary_subkey.keyid
|
|
|
|
|
2017-09-29 18:55:36 -04:00
|
|
|
grouped_subkeys[primary_subkey_id] = raw_key.subkeys[1..-1].map do |s|
|
|
|
|
{ keyid: s.keyid, fingerprint: s.fingerprint }
|
2017-09-26 20:42:23 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-07-13 09:22:15 -04:00
|
|
|
def user_infos_from_key(key)
|
2017-02-24 14:07:57 -05:00
|
|
|
using_tmp_keychain do
|
2017-07-06 05:55:56 -04:00
|
|
|
fingerprints = CurrentKeyChain.fingerprints_from_key(key)
|
2017-02-24 14:07:57 -05:00
|
|
|
|
2017-07-13 09:22:15 -04:00
|
|
|
GPGME::Key.find(:public, fingerprints).flat_map do |raw_key|
|
2018-06-05 17:39:44 -04:00
|
|
|
raw_key.uids.each_with_object([]) do |uid, arr|
|
|
|
|
name = uid.name.force_encoding('UTF-8')
|
|
|
|
email = uid.email.force_encoding('UTF-8')
|
|
|
|
arr << { name: name, email: email.downcase } if name.valid_encoding? && email.valid_encoding?
|
|
|
|
end
|
2017-07-13 09:22:15 -04:00
|
|
|
end
|
2017-02-24 14:07:57 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-08-10 14:33:24 -04:00
|
|
|
# Allows thread safe switching of temporary keychain files
|
|
|
|
#
|
|
|
|
# 1. The current thread may use nesting of temporary keychain
|
|
|
|
# 2. Another thread needs to wait for the lock to be released
|
|
|
|
def using_tmp_keychain(&block)
|
|
|
|
if MUTEX.locked? && MUTEX.owned?
|
|
|
|
optimistic_using_tmp_keychain(&block)
|
|
|
|
else
|
2018-07-28 09:47:26 -04:00
|
|
|
if Gitlab.rails5?
|
|
|
|
ActiveSupport::Dependencies.interlock.permit_concurrent_loads do
|
|
|
|
MUTEX.synchronize do
|
|
|
|
optimistic_using_tmp_keychain(&block)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
else
|
|
|
|
MUTEX.synchronize do
|
|
|
|
optimistic_using_tmp_keychain(&block)
|
|
|
|
end
|
2017-08-10 14:33:24 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
# 1. Returns the custom home directory if one has been set by calling
|
|
|
|
# `GPGME::Engine.home_dir=`
|
|
|
|
# 2. Returns the default home directory otherwise
|
|
|
|
def current_home_dir
|
|
|
|
GPGME::Engine.info.first.home_dir || GPGME::Engine.dirinfo('homedir')
|
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
def optimistic_using_tmp_keychain
|
2017-08-14 06:38:08 -04:00
|
|
|
previous_dir = current_home_dir
|
2017-09-13 07:31:37 -04:00
|
|
|
tmp_dir = Dir.mktmpdir
|
|
|
|
GPGME::Engine.home_dir = tmp_dir
|
|
|
|
yield
|
2017-08-14 06:38:08 -04:00
|
|
|
ensure
|
2017-09-13 07:31:37 -04:00
|
|
|
# Ignore any errors when removing the tmp directory, as we may run into a
|
|
|
|
# race condition:
|
|
|
|
# The `gpg-agent` agent process may clean up some files as well while
|
|
|
|
# `FileUtils.remove_entry` is iterating the directory and removing all
|
|
|
|
# its contained files and directories recursively, which could raise an
|
|
|
|
# error.
|
|
|
|
FileUtils.remove_entry(tmp_dir, true)
|
2017-08-14 06:38:08 -04:00
|
|
|
GPGME::Engine.home_dir = previous_dir
|
2017-02-22 11:20:42 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|