2018-07-25 09:30:33 +00:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2019-03-28 13:17:42 +00:00
|
|
|
class GpgKey < ApplicationRecord
|
2019-08-31 19:57:00 +00:00
|
|
|
KEY_PREFIX = '-----BEGIN PGP PUBLIC KEY BLOCK-----'
|
|
|
|
KEY_SUFFIX = '-----END PGP PUBLIC KEY BLOCK-----'
|
2017-02-22 11:49:17 +00:00
|
|
|
|
2017-07-20 13:44:15 +00:00
|
|
|
include ShaAttribute
|
|
|
|
|
|
|
|
sha_attribute :primary_keyid
|
|
|
|
sha_attribute :fingerprint
|
|
|
|
|
2017-02-22 11:49:17 +00:00
|
|
|
belongs_to :user
|
2017-07-20 14:33:44 +00:00
|
|
|
has_many :gpg_signatures
|
2017-09-27 17:27:39 +00:00
|
|
|
has_many :subkeys, class_name: 'GpgKeySubkey'
|
2017-02-22 11:49:17 +00:00
|
|
|
|
2017-09-28 01:45:08 +00:00
|
|
|
scope :with_subkeys, -> { includes(:subkeys) }
|
|
|
|
|
2017-07-05 12:03:36 +00:00
|
|
|
validates :user, presence: true
|
|
|
|
|
2017-02-22 11:49:17 +00:00
|
|
|
validates :key,
|
|
|
|
presence: true,
|
|
|
|
uniqueness: true,
|
|
|
|
format: {
|
2017-07-26 13:47:00 +00:00
|
|
|
with: /\A#{KEY_PREFIX}((?!#{KEY_PREFIX})(?!#{KEY_SUFFIX}).)+#{KEY_SUFFIX}\Z/m,
|
|
|
|
message: "is invalid. A valid public GPG key begins with '#{KEY_PREFIX}' and ends with '#{KEY_SUFFIX}'"
|
2017-09-27 17:28:50 +00:00
|
|
|
}
|
2017-02-22 11:49:17 +00:00
|
|
|
|
2017-02-22 15:22:39 +00:00
|
|
|
validates :fingerprint,
|
|
|
|
presence: true,
|
|
|
|
uniqueness: true,
|
|
|
|
# only validate when the `key` is valid, as we don't want the user to show
|
|
|
|
# the error about the fingerprint
|
|
|
|
unless: -> { errors.has_key?(:key) }
|
|
|
|
|
2017-06-13 11:46:43 +00:00
|
|
|
validates :primary_keyid,
|
|
|
|
presence: true,
|
|
|
|
uniqueness: true,
|
|
|
|
# only validate when the `key` is valid, as we don't want the user to show
|
|
|
|
# the error about the fingerprint
|
|
|
|
unless: -> { errors.has_key?(:key) }
|
|
|
|
|
2017-09-27 17:28:50 +00:00
|
|
|
before_validation :extract_fingerprint, :extract_primary_keyid
|
2017-07-05 12:23:23 +00:00
|
|
|
after_commit :update_invalid_gpg_signatures, on: :create
|
2017-09-27 17:28:50 +00:00
|
|
|
after_create :generate_subkeys
|
2017-02-22 11:49:17 +00:00
|
|
|
|
2017-07-25 14:23:52 +00:00
|
|
|
def primary_keyid
|
|
|
|
super&.upcase
|
|
|
|
end
|
2017-09-29 22:55:36 +00:00
|
|
|
alias_method :keyid, :primary_keyid
|
2017-07-25 14:23:52 +00:00
|
|
|
|
|
|
|
def fingerprint
|
|
|
|
super&.upcase
|
|
|
|
end
|
|
|
|
|
2017-02-22 11:49:17 +00:00
|
|
|
def key=(value)
|
2017-07-25 18:35:44 +00:00
|
|
|
super(value&.strip)
|
2017-02-22 11:49:17 +00:00
|
|
|
end
|
|
|
|
|
2017-09-29 22:55:36 +00:00
|
|
|
def keyids
|
|
|
|
[keyid].concat(subkeys.map(&:keyid))
|
|
|
|
end
|
|
|
|
|
2017-07-13 13:22:15 +00:00
|
|
|
def user_infos
|
|
|
|
@user_infos ||= Gitlab::Gpg.user_infos_from_key(key)
|
|
|
|
end
|
|
|
|
|
|
|
|
def verified_user_infos
|
|
|
|
user_infos.select do |user_info|
|
2017-08-28 10:31:14 +00:00
|
|
|
user.verified_email?(user_info[:email])
|
2017-07-13 13:22:15 +00:00
|
|
|
end
|
2017-02-22 14:37:49 +00:00
|
|
|
end
|
|
|
|
|
2017-02-28 14:25:12 +00:00
|
|
|
def emails_with_verified_status
|
2021-03-28 15:09:30 +00:00
|
|
|
user_infos.to_h do |user_info|
|
2017-02-24 20:28:26 +00:00
|
|
|
[
|
2017-07-13 13:22:15 +00:00
|
|
|
user_info[:email],
|
2017-08-28 10:31:14 +00:00
|
|
|
user.verified_email?(user_info[:email])
|
2017-02-24 20:28:26 +00:00
|
|
|
]
|
2021-03-28 15:09:30 +00:00
|
|
|
end
|
2017-02-24 20:28:26 +00:00
|
|
|
end
|
|
|
|
|
2017-06-15 07:57:50 +00:00
|
|
|
def verified?
|
2017-08-24 14:52:06 +00:00
|
|
|
emails_with_verified_status.values.any?
|
2017-06-15 07:57:50 +00:00
|
|
|
end
|
|
|
|
|
2017-08-24 12:21:30 +00:00
|
|
|
def verified_and_belongs_to_email?(email)
|
2017-09-19 17:57:01 +00:00
|
|
|
emails_with_verified_status.fetch(email.downcase, false)
|
2017-08-24 12:21:30 +00:00
|
|
|
end
|
|
|
|
|
2017-06-15 13:07:44 +00:00
|
|
|
def update_invalid_gpg_signatures
|
2017-06-22 12:18:01 +00:00
|
|
|
InvalidGpgSignatureUpdateWorker.perform_async(self.id)
|
2017-06-15 13:07:44 +00:00
|
|
|
end
|
|
|
|
|
2017-07-12 05:59:28 +00:00
|
|
|
def revoke
|
2017-08-30 11:27:40 +00:00
|
|
|
GpgSignature
|
2017-10-04 23:44:49 +00:00
|
|
|
.with_key_and_subkeys(self)
|
2017-08-30 11:27:40 +00:00
|
|
|
.where.not(verification_status: GpgSignature.verification_statuses[:unknown_key])
|
|
|
|
.update_all(
|
|
|
|
gpg_key_id: nil,
|
2017-10-04 23:44:49 +00:00
|
|
|
gpg_key_subkey_id: nil,
|
2017-08-30 11:27:40 +00:00
|
|
|
verification_status: GpgSignature.verification_statuses[:unknown_key],
|
|
|
|
updated_at: Time.zone.now
|
|
|
|
)
|
2017-07-12 05:59:28 +00:00
|
|
|
|
|
|
|
destroy
|
|
|
|
end
|
|
|
|
|
2017-02-22 11:49:17 +00:00
|
|
|
private
|
|
|
|
|
|
|
|
def extract_fingerprint
|
|
|
|
# we can assume that the result only contains one item as the validation
|
|
|
|
# only allows one key
|
2017-02-22 16:20:42 +00:00
|
|
|
self.fingerprint = Gitlab::Gpg.fingerprints_from_key(key).first
|
2017-02-22 11:49:17 +00:00
|
|
|
end
|
2017-02-22 17:36:25 +00:00
|
|
|
|
2017-06-13 11:46:43 +00:00
|
|
|
def extract_primary_keyid
|
|
|
|
# we can assume that the result only contains one item as the validation
|
|
|
|
# only allows one key
|
|
|
|
self.primary_keyid = Gitlab::Gpg.primary_keyids_from_key(key).first
|
|
|
|
end
|
2017-09-27 00:42:23 +00:00
|
|
|
|
|
|
|
def generate_subkeys
|
|
|
|
gpg_subkeys = Gitlab::Gpg.subkeys_from_key(key)
|
|
|
|
|
2017-10-02 02:50:38 +00:00
|
|
|
gpg_subkeys[primary_keyid]&.each do |subkey_data|
|
2017-09-27 17:28:50 +00:00
|
|
|
subkeys.create!(keyid: subkey_data[:keyid], fingerprint: subkey_data[:fingerprint])
|
2017-09-27 00:42:23 +00:00
|
|
|
end
|
|
|
|
end
|
2017-02-22 11:49:17 +00:00
|
|
|
end
|
2020-12-24 15:09:57 +00:00
|
|
|
|
|
|
|
GpgKey.prepend_if_ee('EE::GpgKey')
|