 cd19564acc
			
		
	
	
	
	
	cd19564accThis is, in large part, a refactoring: we rename `CommitVerification` to `ObjectVerification`, and adjust `ParseObjectWithSignature` (previously `ParseCommitWithSignature`) to work on an object, rather than a commit. This in turn, lets us implement `ParseTagWithSignature` on top of it, so commit & tag signature verification will share most of the code. Work sponsored by @glts. Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
		
			
				
	
	
		
			63 lines
		
	
	
	
		
			2.3 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			63 lines
		
	
	
	
		
			2.3 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
| // Copyright 2021 The Gitea Authors. All rights reserved.
 | |
| // SPDX-License-Identifier: MIT
 | |
| 
 | |
| package asymkey
 | |
| 
 | |
| import (
 | |
| 	"context"
 | |
| 
 | |
| 	repo_model "code.gitea.io/gitea/models/repo"
 | |
| 	user_model "code.gitea.io/gitea/models/user"
 | |
| 	"code.gitea.io/gitea/modules/git"
 | |
| )
 | |
| 
 | |
| //   __________________  ________   ____  __.
 | |
| //  /  _____/\______   \/  _____/  |    |/ _|____ ___.__.
 | |
| // /   \  ___ |     ___/   \  ___  |      <_/ __ <   |  |
 | |
| // \    \_\  \|    |   \    \_\  \ |    |  \  ___/\___  |
 | |
| //  \______  /|____|    \______  / |____|__ \___  > ____|
 | |
| //         \/                  \/          \/   \/\/
 | |
| // _________                        .__  __
 | |
| // \_   ___ \  ____   _____   _____ |__|/  |_
 | |
| // /    \  \/ /  _ \ /     \ /     \|  \   __\
 | |
| // \     \___(  <_> )  Y Y  \  Y Y  \  ||  |
 | |
| //  \______  /\____/|__|_|  /__|_|  /__||__|
 | |
| //         \/             \/      \/
 | |
| // ____   ____           .__  _____.__               __  .__
 | |
| // \   \ /   /___________|__|/ ____\__| ____ _____ _/  |_|__| ____   ____
 | |
| //  \   Y   // __ \_  __ \  \   __\|  |/ ___\\__  \\   __\  |/  _ \ /    \
 | |
| //   \     /\  ___/|  | \/  ||  |  |  \  \___ / __ \|  | |  (  <_> )   |  \
 | |
| //    \___/  \___  >__|  |__||__|  |__|\___  >____  /__| |__|\____/|___|  /
 | |
| //               \/                        \/     \/                    \/
 | |
| 
 | |
| // This file provides functions relating commit verification
 | |
| 
 | |
| // SignCommit represents a commit with validation of signature.
 | |
| type SignCommit struct {
 | |
| 	Verification *ObjectVerification
 | |
| 	*user_model.UserCommit
 | |
| }
 | |
| 
 | |
| // ParseCommitsWithSignature checks if signaute of commits are corresponding to users gpg keys.
 | |
| func ParseCommitsWithSignature(ctx context.Context, oldCommits []*user_model.UserCommit, repoTrustModel repo_model.TrustModelType, isOwnerMemberCollaborator func(*user_model.User) (bool, error)) []*SignCommit {
 | |
| 	newCommits := make([]*SignCommit, 0, len(oldCommits))
 | |
| 	keyMap := map[string]bool{}
 | |
| 
 | |
| 	for _, c := range oldCommits {
 | |
| 		o := commitToGitObject(c.Commit)
 | |
| 		signCommit := &SignCommit{
 | |
| 			UserCommit:   c,
 | |
| 			Verification: ParseObjectWithSignature(ctx, &o),
 | |
| 		}
 | |
| 
 | |
| 		_ = CalculateTrustStatus(signCommit.Verification, repoTrustModel, isOwnerMemberCollaborator, &keyMap)
 | |
| 
 | |
| 		newCommits = append(newCommits, signCommit)
 | |
| 	}
 | |
| 	return newCommits
 | |
| }
 | |
| 
 | |
| func ParseCommitWithSignature(ctx context.Context, c *git.Commit) *ObjectVerification {
 | |
| 	o := commitToGitObject(c)
 | |
| 	return ParseObjectWithSignature(ctx, &o)
 | |
| }
 |