2017-03-16 02:27:35 +01:00
// Copyright 2017 The Gitea Authors. All rights reserved.
2022-11-27 13:20:29 -05:00
// SPDX-License-Identifier: MIT
2017-03-16 02:27:35 +01:00
2021-12-10 16:14:24 +08:00
package asymkey
2017-03-16 02:27:35 +01:00
import (
2021-12-10 16:14:24 +08:00
"context"
2017-03-16 02:27:35 +01:00
"fmt"
"strings"
"time"
2021-09-19 19:49:59 +08:00
"code.gitea.io/gitea/models/db"
2021-11-11 15:03:30 +08:00
user_model "code.gitea.io/gitea/models/user"
2017-03-22 11:43:54 +01:00
"code.gitea.io/gitea/modules/log"
2019-08-15 22:46:21 +08:00
"code.gitea.io/gitea/modules/timeutil"
2017-03-22 11:43:54 +01:00
2017-06-14 02:43:43 +02:00
"github.com/keybase/go-crypto/openpgp"
"github.com/keybase/go-crypto/openpgp/packet"
2019-10-17 17:26:49 +08:00
"xorm.io/xorm"
2017-03-16 02:27:35 +01:00
)
2021-07-13 14:28:07 +01:00
// __________________ ________ ____ __.
// / _____/\______ \/ _____/ | |/ _|____ ___.__.
// / \ ___ | ___/ \ ___ | <_/ __ < | |
// \ \_\ \| | \ \_\ \ | | \ ___/\___ |
// \______ /|____| \______ / |____|__ \___ > ____|
// \/ \/ \/ \/\/
2017-03-16 02:27:35 +01:00
// GPGKey represents a GPG key.
type GPGKey struct {
2019-08-15 22:46:21 +08:00
ID int64 ` xorm:"pk autoincr" `
OwnerID int64 ` xorm:"INDEX NOT NULL" `
KeyID string ` xorm:"INDEX CHAR(16) NOT NULL" `
PrimaryKeyID string ` xorm:"CHAR(16)" `
2022-08-22 14:32:28 +01:00
Content string ` xorm:"MEDIUMTEXT NOT NULL" `
2019-08-15 22:46:21 +08:00
CreatedUnix timeutil . TimeStamp ` xorm:"created" `
ExpiredUnix timeutil . TimeStamp
AddedUnix timeutil . TimeStamp
2017-03-16 02:27:35 +01:00
SubsKey [ ] * GPGKey ` xorm:"-" `
2021-11-11 15:03:30 +08:00
Emails [ ] * user_model . EmailAddress
2021-07-13 14:28:07 +01:00
Verified bool ` xorm:"NOT NULL DEFAULT false" `
2017-03-16 02:27:35 +01:00
CanSign bool
CanEncryptComms bool
CanEncryptStorage bool
CanCertify bool
}
2021-09-19 19:49:59 +08:00
func init ( ) {
db . RegisterModel ( new ( GPGKey ) )
}
2017-03-16 02:27:35 +01:00
// BeforeInsert will be invoked by XORM before inserting a record
func ( key * GPGKey ) BeforeInsert ( ) {
2019-08-15 22:46:21 +08:00
key . AddedUnix = timeutil . TimeStampNow ( )
2017-03-16 02:27:35 +01:00
}
2017-10-02 00:52:35 +08:00
// AfterLoad is invoked from XORM after setting the values of all fields of this object.
func ( key * GPGKey ) AfterLoad ( session * xorm . Session ) {
err := session . Where ( "primary_key_id=?" , key . KeyID ) . Find ( & key . SubsKey )
if err != nil {
2019-04-02 08:48:31 +01:00
log . Error ( "Find Sub GPGkeys[%s]: %v" , key . KeyID , err )
2017-03-16 02:27:35 +01:00
}
}
2022-08-21 07:50:15 +01:00
// PaddedKeyID show KeyID padded to 16 characters
func ( key * GPGKey ) PaddedKeyID ( ) string {
2022-12-30 05:53:05 +01:00
return PaddedKeyID ( key . KeyID )
}
// PaddedKeyID show KeyID padded to 16 characters
func PaddedKeyID ( keyID string ) string {
if len ( keyID ) > 15 {
return keyID
2022-08-21 07:50:15 +01:00
}
zeros := "0000000000000000"
2022-12-30 05:53:05 +01:00
return zeros [ 0 : 16 - len ( keyID ) ] + keyID
2022-08-21 07:50:15 +01:00
}
2017-03-16 02:27:35 +01:00
// ListGPGKeys returns a list of public keys belongs to given user.
2021-12-10 16:14:24 +08:00
func ListGPGKeys ( ctx context . Context , uid int64 , listOptions db . ListOptions ) ( [ ] * GPGKey , error ) {
sess := db . GetEngine ( ctx ) . Table ( & GPGKey { } ) . Where ( "owner_id=? AND primary_key_id=''" , uid )
2020-01-24 19:00:29 +00:00
if listOptions . Page != 0 {
2021-09-24 19:32:56 +08:00
sess = db . SetSessionPagination ( sess , & listOptions )
2020-01-24 19:00:29 +00:00
}
keys := make ( [ ] * GPGKey , 0 , 2 )
return keys , sess . Find ( & keys )
2017-03-16 02:27:35 +01:00
}
2021-08-12 14:43:08 +02:00
// CountUserGPGKeys return number of gpg keys a user own
func CountUserGPGKeys ( userID int64 ) ( int64 , error ) {
2021-09-23 16:45:36 +01:00
return db . GetEngine ( db . DefaultContext ) . Where ( "owner_id=? AND primary_key_id=''" , userID ) . Count ( & GPGKey { } )
2021-08-12 14:43:08 +02:00
}
2017-03-16 02:27:35 +01:00
// GetGPGKeyByID returns public key by given ID.
func GetGPGKeyByID ( keyID int64 ) ( * GPGKey , error ) {
key := new ( GPGKey )
2021-09-23 16:45:36 +01:00
has , err := db . GetEngine ( db . DefaultContext ) . ID ( keyID ) . Get ( key )
2017-03-16 02:27:35 +01:00
if err != nil {
return nil , err
} else if ! has {
return nil , ErrGPGKeyNotExist { keyID }
}
return key , nil
}
2019-10-16 14:42:42 +01:00
// GetGPGKeysByKeyID returns public key by given ID.
func GetGPGKeysByKeyID ( keyID string ) ( [ ] * GPGKey , error ) {
keys := make ( [ ] * GPGKey , 0 , 1 )
2021-09-23 16:45:36 +01:00
return keys , db . GetEngine ( db . DefaultContext ) . Where ( "key_id=?" , keyID ) . Find ( & keys )
2019-10-16 14:42:42 +01:00
}
2021-03-15 02:52:12 +08:00
// GPGKeyToEntity retrieve the imported key and the traducted entity
2019-04-14 18:43:56 +02:00
func GPGKeyToEntity ( k * GPGKey ) ( * openpgp . Entity , error ) {
impKey , err := GetGPGImportByKeyID ( k . KeyID )
if err != nil {
return nil , err
}
2020-08-21 11:45:50 +01:00
keys , err := checkArmoredGPGKeyString ( impKey . Content )
if err != nil {
return nil , err
}
return keys [ 0 ] , err
2019-04-14 18:43:56 +02:00
}
2021-03-15 02:52:12 +08:00
// parseSubGPGKey parse a sub Key
2017-03-16 02:27:35 +01:00
func parseSubGPGKey ( ownerID int64 , primaryID string , pubkey * packet . PublicKey , expiry time . Time ) ( * GPGKey , error ) {
content , err := base64EncPubKey ( pubkey )
if err != nil {
return nil , err
}
return & GPGKey {
OwnerID : ownerID ,
KeyID : pubkey . KeyIdString ( ) ,
PrimaryKeyID : primaryID ,
Content : content ,
2019-08-15 22:46:21 +08:00
CreatedUnix : timeutil . TimeStamp ( pubkey . CreationTime . Unix ( ) ) ,
ExpiredUnix : timeutil . TimeStamp ( expiry . Unix ( ) ) ,
2017-03-16 02:27:35 +01:00
CanSign : pubkey . CanSign ( ) ,
CanEncryptComms : pubkey . PubKeyAlgo . CanEncrypt ( ) ,
CanEncryptStorage : pubkey . PubKeyAlgo . CanEncrypt ( ) ,
CanCertify : pubkey . PubKeyAlgo . CanSign ( ) ,
} , nil
}
2021-03-15 02:52:12 +08:00
// parseGPGKey parse a PrimaryKey entity (primary key + subs keys + self-signature)
2021-07-13 14:28:07 +01:00
func parseGPGKey ( ownerID int64 , e * openpgp . Entity , verified bool ) ( * GPGKey , error ) {
2019-04-16 02:32:15 +02:00
pubkey := e . PrimaryKey
expiry := getExpiryTime ( e )
2017-03-16 02:27:35 +01:00
2021-03-15 02:52:12 +08:00
// Parse Subkeys
2017-03-16 02:27:35 +01:00
subkeys := make ( [ ] * GPGKey , len ( e . Subkeys ) )
for i , k := range e . Subkeys {
subs , err := parseSubGPGKey ( ownerID , pubkey . KeyIdString ( ) , k . PublicKey , expiry )
if err != nil {
2020-05-28 23:25:54 +02:00
return nil , ErrGPGKeyParsing { ParseError : err }
2017-03-16 02:27:35 +01:00
}
subkeys [ i ] = subs
}
2021-03-15 02:52:12 +08:00
// Check emails
2021-11-11 15:03:30 +08:00
userEmails , err := user_model . GetEmailAddresses ( ownerID )
2017-03-16 02:27:35 +01:00
if err != nil {
return nil , err
}
2017-09-05 15:45:18 +02:00
2021-11-11 15:03:30 +08:00
emails := make ( [ ] * user_model . EmailAddress , 0 , len ( e . Identities ) )
2017-03-16 02:27:35 +01:00
for _ , ident := range e . Identities {
2020-08-16 09:44:34 +01:00
if ident . Revocation != nil {
continue
}
2017-06-17 13:56:40 +03:00
email := strings . ToLower ( strings . TrimSpace ( ident . UserId . Email ) )
2017-03-16 02:27:35 +01:00
for _ , e := range userEmails {
2021-07-13 14:28:07 +01:00
if e . IsActivated && e . LowerEmail == email {
2017-09-05 15:45:18 +02:00
emails = append ( emails , e )
2017-03-16 02:27:35 +01:00
break
}
}
2017-09-05 15:45:18 +02:00
}
2021-07-13 14:28:07 +01:00
if ! verified {
// In the case no email as been found
if len ( emails ) == 0 {
failedEmails := make ( [ ] string , 0 , len ( e . Identities ) )
for _ , ident := range e . Identities {
failedEmails = append ( failedEmails , ident . UserId . Email )
}
return nil , ErrGPGNoEmailFound { failedEmails , e . PrimaryKey . KeyIdString ( ) }
2017-03-16 02:27:35 +01:00
}
}
2017-09-05 15:45:18 +02:00
2017-03-16 02:27:35 +01:00
content , err := base64EncPubKey ( pubkey )
if err != nil {
return nil , err
}
return & GPGKey {
OwnerID : ownerID ,
KeyID : pubkey . KeyIdString ( ) ,
PrimaryKeyID : "" ,
Content : content ,
2019-08-15 22:46:21 +08:00
CreatedUnix : timeutil . TimeStamp ( pubkey . CreationTime . Unix ( ) ) ,
ExpiredUnix : timeutil . TimeStamp ( expiry . Unix ( ) ) ,
2017-03-16 02:27:35 +01:00
Emails : emails ,
SubsKey : subkeys ,
2021-07-13 14:28:07 +01:00
Verified : verified ,
2017-03-16 02:27:35 +01:00
CanSign : pubkey . CanSign ( ) ,
CanEncryptComms : pubkey . PubKeyAlgo . CanEncrypt ( ) ,
CanEncryptStorage : pubkey . PubKeyAlgo . CanEncrypt ( ) ,
CanCertify : pubkey . PubKeyAlgo . CanSign ( ) ,
} , nil
}
// deleteGPGKey does the actual key deletion
2022-05-20 22:08:52 +08:00
func deleteGPGKey ( ctx context . Context , keyID string ) ( int64 , error ) {
2017-03-16 02:27:35 +01:00
if keyID == "" {
2021-03-15 02:52:12 +08:00
return 0 , fmt . Errorf ( "empty KeyId forbidden" ) // Should never happen but just to be sure
2017-03-16 02:27:35 +01:00
}
2021-03-15 02:52:12 +08:00
// Delete imported key
2022-05-20 22:08:52 +08:00
n , err := db . GetEngine ( ctx ) . Where ( "key_id=?" , keyID ) . Delete ( new ( GPGKeyImport ) )
2019-04-14 18:43:56 +02:00
if err != nil {
return n , err
}
2022-05-20 22:08:52 +08:00
return db . GetEngine ( ctx ) . Where ( "key_id=?" , keyID ) . Or ( "primary_key_id=?" , keyID ) . Delete ( new ( GPGKey ) )
2017-03-16 02:27:35 +01:00
}
// DeleteGPGKey deletes GPG key information in database.
2021-11-24 17:49:20 +08:00
func DeleteGPGKey ( doer * user_model . User , id int64 ) ( err error ) {
2017-03-16 02:27:35 +01:00
key , err := GetGPGKeyByID ( id )
if err != nil {
if IsErrGPGKeyNotExist ( err ) {
return nil
}
2022-10-24 21:29:17 +02:00
return fmt . Errorf ( "GetPublicKeyByID: %w" , err )
2017-03-16 02:27:35 +01:00
}
// Check if user has access to delete this key.
if ! doer . IsAdmin && doer . ID != key . OwnerID {
return ErrGPGKeyAccessDenied { doer . ID , key . ID }
}
2022-11-13 04:18:50 +08:00
ctx , committer , err := db . TxContext ( db . DefaultContext )
2021-09-19 19:49:59 +08:00
if err != nil {
2017-03-16 02:27:35 +01:00
return err
}
2021-09-19 19:49:59 +08:00
defer committer . Close ( )
2017-03-16 02:27:35 +01:00
2022-05-20 22:08:52 +08:00
if _ , err = deleteGPGKey ( ctx , key . KeyID ) ; err != nil {
2017-03-16 02:27:35 +01:00
return err
}
2021-09-19 19:49:59 +08:00
return committer . Commit ( )
2017-03-16 02:27:35 +01:00
}
2017-03-22 11:43:54 +01:00
2021-07-13 14:28:07 +01:00
func checkKeyEmails ( email string , keys ... * GPGKey ) ( bool , string ) {
uid := int64 ( 0 )
2021-11-11 15:03:30 +08:00
var userEmails [ ] * user_model . EmailAddress
2021-11-24 17:49:20 +08:00
var user * user_model . User
2019-10-16 14:42:42 +01:00
for _ , key := range keys {
2021-07-13 14:28:07 +01:00
for _ , e := range key . Emails {
if e . IsActivated && ( email == "" || strings . EqualFold ( e . Email , email ) ) {
return true , e . Email
2018-03-04 03:45:01 +01:00
}
2019-10-16 14:42:42 +01:00
}
2021-07-13 14:28:07 +01:00
if key . Verified && key . OwnerID != 0 {
if uid != key . OwnerID {
2021-11-11 15:03:30 +08:00
userEmails , _ = user_model . GetEmailAddresses ( key . OwnerID )
2021-07-13 14:28:07 +01:00
uid = key . OwnerID
2021-11-24 17:49:20 +08:00
user = & user_model . User { ID : uid }
_ , _ = user_model . GetUser ( user )
2017-03-22 11:43:54 +01:00
}
2021-07-13 14:28:07 +01:00
for _ , e := range userEmails {
if e . IsActivated && ( email == "" || strings . EqualFold ( e . Email , email ) ) {
return true , e . Email
2017-09-05 15:45:18 +02:00
}
}
2021-07-13 14:28:07 +01:00
if user . KeepEmailPrivate && strings . EqualFold ( email , user . GetEmail ( ) ) {
return true , user . GetEmail ( )
2017-03-22 11:43:54 +01:00
}
2019-10-16 14:42:42 +01:00
}
}
2021-07-13 14:28:07 +01:00
return false , email
2020-02-27 19:20:55 +00:00
}