gitlab-org--gitlab-foss/lib/gitlab/gpg/commit.rb

module Gitlab
  module Gpg
    class Commit
      def self.for_commit(commit)
        new(commit.project, commit.sha)
      end

      def initialize(project, sha)
        @project = project
        @sha = sha

        @signature_text, @signed_text =
          begin
            Rugged::Commit.extract_signature(project.repository.rugged, sha)
          rescue Rugged::OdbError
            nil
          end
      end

      def has_signature?
        !!(@signature_text && @signed_text)
      end

      def signature
        return unless has_signature?

        return @signature if @signature

        cached_signature = GpgSignature.find_by(commit_sha: @sha)
        return @signature = cached_signature if cached_signature.present?

        @signature = create_cached_signature!
      end

      def update_signature!(cached_signature)
        using_keychain do |gpg_key|
          cached_signature.update_attributes!(attributes(gpg_key))
        end

        @signature = cached_signature
      end

      private

      def using_keychain
        Gitlab::Gpg.using_tmp_keychain do
          # first we need to get the keyid from the signature to query the gpg
          # key belonging to the keyid.
          # This way we can add the key to the temporary keychain and extract
          # the proper signature.
          gpg_key = GpgKey.find_by(primary_keyid: verified_signature.fingerprint)

          if gpg_key
            Gitlab::Gpg::CurrentKeyChain.add(gpg_key.key)
            @verified_signature = nil
          end

          yield gpg_key
        end
      end

      def verified_signature
        @verified_signature ||= GPGME::Crypto.new.verify(@signature_text, signed_text: @signed_text) do |verified_signature|
          break verified_signature
        end
      end

      def create_cached_signature!
        using_keychain do |gpg_key|
          GpgSignature.create!(attributes(gpg_key))
        end
      end

      def attributes(gpg_key)
        user_infos = user_infos(gpg_key)

        {
          commit_sha: @sha,
          project: @project,
          gpg_key: gpg_key,
          gpg_key_primary_keyid: gpg_key&.primary_keyid || verified_signature.fingerprint,
          gpg_key_user_name: user_infos[:name],
          gpg_key_user_email: user_infos[:email],
          valid_signature: gpg_signature_valid_signature_value(gpg_key)
        }
      end

      def gpg_signature_valid_signature_value(gpg_key)
        !!(gpg_key && gpg_key.verified? && verified_signature.valid?)
      end

      def user_infos(gpg_key)
        gpg_key&.verified_user_infos&.first || gpg_key&.user_infos&.first || {}
      end
    end
  end
end
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 09:51:34 +00:00			`module Gitlab`
			`module Gpg`
			`class Commit`
Only create commit GPG signature when necessary 2017-08-15 11:22:55 +00:00			`def self.for_commit(commit)`
			`new(commit.project, commit.sha)`
			`end`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 09:51:34 +00:00
Only create commit GPG signature when necessary 2017-08-15 11:22:55 +00:00			`def initialize(project, sha)`
			`@project = project`
			`@sha = sha`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 09:51:34 +00:00
Only create commit GPG signature when necessary 2017-08-15 11:22:55 +00:00			`@signature_text, @signed_text =`
			`begin`
			`Rugged::Commit.extract_signature(project.repository.rugged, sha)`
			`rescue Rugged::OdbError`
			`nil`
			`end`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 09:51:34 +00:00			`end`

			`def has_signature?`
bail if the commit has no signature 2017-06-15 07:16:50 +00:00			`!!(@signature_text && @signed_text)`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 09:51:34 +00:00			`end`

			`def signature`
bail if the commit has no signature 2017-06-15 07:16:50 +00:00			`return unless has_signature?`

Only create commit GPG signature when necessary 2017-08-15 11:22:55 +00:00			`return @signature if @signature`
move signature cache read to Gpg::Commit as we write the cache in the gpg commit class already the read should also happen there. This also removes all logic from the main commit class, which just proxies the call to the Gpg::Commit now. 2017-06-15 08:28:28 +00:00
Only create commit GPG signature when necessary 2017-08-15 11:22:55 +00:00			`cached_signature = GpgSignature.find_by(commit_sha: @sha)`
			`return @signature = cached_signature if cached_signature.present?`

			`@signature = create_cached_signature!`
memoize verified_signature call 2017-06-15 11:37:03 +00:00			`end`

allow updating of gpg signature through gpg commit 2017-06-15 12:18:00 +00:00			`def update_signature!(cached_signature)`
			`using_keychain do \|gpg_key\|`
store gpg user name and email on the signature 2017-07-13 13:22:15 +00:00			`cached_signature.update_attributes!(attributes(gpg_key))`
allow updating of gpg signature through gpg commit 2017-06-15 12:18:00 +00:00			`end`
Only create commit GPG signature when necessary 2017-08-15 11:22:55 +00:00
			`@signature = cached_signature`
allow updating of gpg signature through gpg commit 2017-06-15 12:18:00 +00:00			`end`

memoize verified_signature call 2017-06-15 11:37:03 +00:00			`private`

			`def using_keychain`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 09:51:34 +00:00			`Gitlab::Gpg.using_tmp_keychain do`
			`# first we need to get the keyid from the signature to query the gpg`
			`# key belonging to the keyid.`
			`# This way we can add the key to the temporary keychain and extract`
			`# the proper signature.`
			`gpg_key = GpgKey.find_by(primary_keyid: verified_signature.fingerprint)`

			`if gpg_key`
			`Gitlab::Gpg::CurrentKeyChain.add(gpg_key.key)`
fix memoization 2017-07-06 06:03:16 +00:00			`@verified_signature = nil`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 09:51:34 +00:00			`end`

memoize verified_signature call 2017-06-15 11:37:03 +00:00			`yield gpg_key`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 09:51:34 +00:00			`end`
			`end`

			`def verified_signature`
memoize verified_signature call 2017-06-15 11:37:03 +00:00			`@verified_signature \|\|= GPGME::Crypto.new.verify(@signature_text, signed_text: @signed_text) do \|verified_signature\|`
fix memoization 2017-07-06 06:03:16 +00:00			`break verified_signature`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 09:51:34 +00:00			`end`
			`end`

Only create commit GPG signature when necessary 2017-08-15 11:22:55 +00:00			`def create_cached_signature!`
			`using_keychain do \|gpg_key\|`
			`GpgSignature.create!(attributes(gpg_key))`
			`end`
store gpg user name and email on the signature 2017-07-13 13:22:15 +00:00			`end`

			`def attributes(gpg_key)`
			`user_infos = user_infos(gpg_key)`

			`{`
Only create commit GPG signature when necessary 2017-08-15 11:22:55 +00:00			`commit_sha: @sha,`
			`project: @project,`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 09:51:34 +00:00			`gpg_key: gpg_key,`
memoize verified_signature call 2017-06-15 11:37:03 +00:00			`gpg_key_primary_keyid: gpg_key&.primary_keyid \|\| verified_signature.fingerprint,`
store gpg user name and email on the signature 2017-07-13 13:22:15 +00:00			`gpg_key_user_name: user_infos[:name],`
			`gpg_key_user_email: user_infos[:email],`
no need for passing parameter we introduced memoizing, so it's safe to call the method multiple times. 2017-06-16 12:37:28 +00:00			`valid_signature: gpg_signature_valid_signature_value(gpg_key)`
store gpg user name and email on the signature 2017-07-13 13:22:15 +00:00			`}`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 09:51:34 +00:00			`end`
allow updating of gpg signature through gpg commit 2017-06-15 12:18:00 +00:00
no need for passing parameter we introduced memoizing, so it's safe to call the method multiple times. 2017-06-16 12:37:28 +00:00			`def gpg_signature_valid_signature_value(gpg_key)`
			`!!(gpg_key && gpg_key.verified? && verified_signature.valid?)`
allow updating of gpg signature through gpg commit 2017-06-15 12:18:00 +00:00			`end`
store gpg user name and email on the signature 2017-07-13 13:22:15 +00:00
			`def user_infos(gpg_key)`
			`gpg_key&.verified_user_infos&.first \|\| gpg_key&.user_infos&.first \|\| {}`
			`end`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 09:51:34 +00:00			`end`
			`end`
			`end`