BigW Consortium Gitlab

Commit 2f956fae by Alexis Reigel

verify gpg commit using tmp keyring and db query

parent 3c42d730
......@@ -240,7 +240,22 @@ class Commit
@signature = nil
signature, signed_text = @raw.signature(project.repository)
if signature && signed_text
return unless signature && signed_text
Gitlab::Gpg.using_tmp_keychain do
# first we need to get the keyid from the signature...
GPGME::Crypto.new.verify(signature, signed_text: signed_text) do |verified_signature|
@signature = verified_signature
end
# ... then we query the gpg key belonging to the keyid.
gpg_key = GpgKey.find_by(primary_keyid: @signature.fingerprint)
return @signature unless gpg_key
Gitlab::Gpg::CurrentKeyChain.add(gpg_key.key)
GPGME::Crypto.new.verify(signature, signed_text: signed_text) do |verified_signature|
@signature = verified_signature
end
......
......@@ -2,6 +2,14 @@ module Gitlab
module Gpg
extend self
module CurrentKeyChain
extend self
def add(key)
GPGME::Key.import(key)
end
end
def fingerprints_from_key(key)
using_tmp_keychain do
import = GPGME::Key.import(key)
......
......@@ -43,3 +43,20 @@ describe Gitlab::Gpg do
end
end
end
describe Gitlab::Gpg::CurrentKeyChain, :gpg do
describe '.add', :gpg do
it 'stores the key in the keychain' do
expect(GPGME::Key.find(:public, GpgHelpers::User1.fingerprint)).to eq []
described_class.add(GpgHelpers::User1.public_key)
keys = GPGME::Key.find(:public, GpgHelpers::User1.fingerprint)
expect(keys.count).to eq 1
expect(keys.first).to have_attributes(
email: GpgHelpers::User1.emails.first,
fingerprint: GpgHelpers::User1.fingerprint
)
end
end
end
......@@ -422,7 +422,7 @@ eos
context 'signed commit', :gpg do
it 'returns a valid signature if the public key is known' do
GPGME::Key.import(GpgHelpers::User1.public_key)
create :gpg_key, key: GpgHelpers::User1.public_key
raw_commit = double(:raw_commit, signature: [
GpgHelpers::User1.signed_commit_signature,
......@@ -438,7 +438,7 @@ eos
expect(commit.signature.valid?).to be_truthy
end
it 'returns an invalid signature if the public commit is unknown', :gpg do
it 'returns an invalid signature if the public key is unknown', :gpg do
raw_commit = double(:raw_commit, signature: [
GpgHelpers::User1.signed_commit_signature,
GpgHelpers::User1.signed_commit_base_data
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment