asymkey

package
v1.16.0-rc1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 19, 2022 License: MIT Imports: 40 Imported by: 23

Documentation

Index

Constants

View Source
const (
	// BadSignature is used as the reason when the signature has a KeyID that is in the db
	// but no key that has that ID verifies the signature. This is a suspicious failure.
	BadSignature = "gpg.error.probable_bad_signature"
	// BadDefaultSignature is used as the reason when the signature has a KeyID that matches the
	// default Key but is not verified by the default key. This is a suspicious failure.
	BadDefaultSignature = "gpg.error.probable_bad_default_signature"
	// NoKeyFound is used as the reason when no key can be found to verify the signature.
	NoKeyFound = "gpg.error.no_gpg_keys_found"
)
View Source
const (
	// KeyTypeUser specifies the user key
	KeyTypeUser = iota + 1
	// KeyTypeDeploy specifies the deploy key
	KeyTypeDeploy
	// KeyTypePrincipal specifies the authorized principal key
	KeyTypePrincipal
)

Variables

This section is empty.

Functions

func AddPublicKeysBySource

func AddPublicKeysBySource(usr *user_model.User, s *auth.Source, sshPublicKeys []string) bool

AddPublicKeysBySource add a users public keys. Returns true if there are changes.

func AuthorizedStringForKey

func AuthorizedStringForKey(key *PublicKey) string

AuthorizedStringForKey creates the authorized keys string appropriate for the provided key

func CalculateTrustStatus

func CalculateTrustStatus(verification *CommitVerification, repoTrustModel repo_model.TrustModelType, isCodeReader func(*user_model.User) (bool, error), keyMap *map[string]bool) (err error)

CalculateTrustStatus will calculate the TrustStatus for a commit verification within a repository There are several trust models in Gitea

func CheckPrincipalKeyString

func CheckPrincipalKeyString(user *user_model.User, content string) (_ string, err error)

CheckPrincipalKeyString strips spaces and returns an error if the given principal contains newlines

func CheckPublicKeyString

func CheckPublicKeyString(content string) (_ string, err error)

CheckPublicKeyString checks if the given public key string is recognized by SSH. It returns the actual public key line on success.

func CountDeployKeys

func CountDeployKeys(opts *ListDeployKeysOptions) (int64, error)

CountDeployKeys returns count deploy keys matching the provided arguments.

func CountPublicKeys

func CountPublicKeys(userID int64) (int64, error)

CountPublicKeys count public keys a user has

func CountUserGPGKeys

func CountUserGPGKeys(userID int64) (int64, error)

CountUserGPGKeys return number of gpg keys a user own

func DeleteGPGKey

func DeleteGPGKey(doer *user_model.User, id int64) (err error)

DeleteGPGKey deletes GPG key information in database.

func DeletePublicKeys

func DeletePublicKeys(ctx context.Context, keyIDs ...int64) error

DeletePublicKeys does the actual key deletion but does not update authorized_keys file.

func GPGKeyToEntity

func GPGKeyToEntity(k *GPGKey) (*openpgp.Entity, error)

GPGKeyToEntity retrieve the imported key and the traducted entity

func HasDeployKey

func HasDeployKey(keyID, repoID int64) bool

HasDeployKey returns true if public key is a deploy key of given repository.

func IsErrDeployKeyAlreadyExist

func IsErrDeployKeyAlreadyExist(err error) bool

IsErrDeployKeyAlreadyExist checks if an error is a ErrDeployKeyAlreadyExist.

func IsErrDeployKeyNameAlreadyUsed

func IsErrDeployKeyNameAlreadyUsed(err error) bool

IsErrDeployKeyNameAlreadyUsed checks if an error is a ErrDeployKeyNameAlreadyUsed.

func IsErrDeployKeyNotExist

func IsErrDeployKeyNotExist(err error) bool

IsErrDeployKeyNotExist checks if an error is a ErrDeployKeyNotExist.

func IsErrGPGInvalidTokenSignature

func IsErrGPGInvalidTokenSignature(err error) bool

IsErrGPGInvalidTokenSignature checks if an error is a ErrGPGInvalidTokenSignature.

func IsErrGPGKeyAccessDenied

func IsErrGPGKeyAccessDenied(err error) bool

IsErrGPGKeyAccessDenied checks if an error is a ErrGPGKeyAccessDenied.

func IsErrGPGKeyIDAlreadyUsed

func IsErrGPGKeyIDAlreadyUsed(err error) bool

IsErrGPGKeyIDAlreadyUsed checks if an error is a ErrKeyNameAlreadyUsed.

func IsErrGPGKeyImportNotExist

func IsErrGPGKeyImportNotExist(err error) bool

IsErrGPGKeyImportNotExist checks if an error is a ErrGPGKeyImportNotExist.

func IsErrGPGKeyNotExist

func IsErrGPGKeyNotExist(err error) bool

IsErrGPGKeyNotExist checks if an error is a ErrGPGKeyNotExist.

func IsErrGPGKeyParsing

func IsErrGPGKeyParsing(err error) bool

IsErrGPGKeyParsing checks if an error is a ErrGPGKeyParsing.

func IsErrGPGNoEmailFound

func IsErrGPGNoEmailFound(err error) bool

IsErrGPGNoEmailFound checks if an error is a ErrGPGNoEmailFound.

func IsErrKeyAccessDenied

func IsErrKeyAccessDenied(err error) bool

IsErrKeyAccessDenied checks if an error is a ErrKeyAccessDenied.

func IsErrKeyAlreadyExist

func IsErrKeyAlreadyExist(err error) bool

IsErrKeyAlreadyExist checks if an error is a ErrKeyAlreadyExist.

func IsErrKeyNameAlreadyUsed

func IsErrKeyNameAlreadyUsed(err error) bool

IsErrKeyNameAlreadyUsed checks if an error is a ErrKeyNameAlreadyUsed.

func IsErrKeyNotExist

func IsErrKeyNotExist(err error) bool

IsErrKeyNotExist checks if an error is a ErrKeyNotExist.

func IsErrKeyUnableVerify

func IsErrKeyUnableVerify(err error) bool

IsErrKeyUnableVerify checks if an error is a ErrKeyUnableVerify.

func IsErrSSHInvalidTokenSignature

func IsErrSSHInvalidTokenSignature(err error) bool

IsErrSSHInvalidTokenSignature checks if an error is a ErrSSHInvalidTokenSignature.

func PublicKeyIsExternallyManaged

func PublicKeyIsExternallyManaged(id int64) (bool, error)

PublicKeyIsExternallyManaged returns whether the provided KeyID represents an externally managed Key

func PublicKeysAreExternallyManaged

func PublicKeysAreExternallyManaged(keys []*PublicKey) ([]bool, error)

PublicKeysAreExternallyManaged returns whether the provided KeyID represents an externally managed Key

func RegeneratePrincipalKeys

func RegeneratePrincipalKeys(t io.StringWriter) error

RegeneratePrincipalKeys regenerates the authorized_principals file

func RegeneratePublicKeys

func RegeneratePublicKeys(t io.StringWriter) error

RegeneratePublicKeys regenerates the authorized_keys file

func RewriteAllPrincipalKeys

func RewriteAllPrincipalKeys() error

RewriteAllPrincipalKeys removes any authorized principal and rewrite all keys from database again. Note: db.GetEngine(db.DefaultContext).Iterate does not get latest data after insert/delete, so we have to call this function outside any session scope independently.

func RewriteAllPublicKeys

func RewriteAllPublicKeys() error

RewriteAllPublicKeys removes any authorized key and rewrite all keys from database again. Note: db.GetEngine(db.DefaultContext).Iterate does not get latest data after insert/delete, so we have to call this function outside any session scope independently.

func SSHKeyGenParsePublicKey

func SSHKeyGenParsePublicKey(key string) (string, int, error)

SSHKeyGenParsePublicKey extracts key type and length using ssh-keygen.

func SSHNativeParsePublicKey

func SSHNativeParsePublicKey(keyLine string) (string, int, error)

SSHNativeParsePublicKey extracts the key type and length using the golang SSH library.

func SynchronizePublicKeys

func SynchronizePublicKeys(usr *user_model.User, s *auth.Source, sshPublicKeys []string) bool

SynchronizePublicKeys updates a users public keys. Returns true if there are changes.

func UpdateDeployKey

func UpdateDeployKey(key *DeployKey) error

UpdateDeployKey updates deploy key information.

func UpdateDeployKeyCols

func UpdateDeployKeyCols(key *DeployKey, cols ...string) error

UpdateDeployKeyCols updates deploy key information in the specified columns.

func UpdatePublicKeyUpdated

func UpdatePublicKeyUpdated(id int64) error

UpdatePublicKeyUpdated updates public key use time.

func VerificationToken

func VerificationToken(user *user_model.User, minutes int) string

VerificationToken returns token for the user that will be valid in minutes (time)

func VerifyGPGKey

func VerifyGPGKey(ownerID int64, keyID, token, signature string) (string, error)

VerifyGPGKey marks a GPG key as verified

func VerifySSHKey

func VerifySSHKey(ownerID int64, fingerprint, token, signature string) (string, error)

VerifySSHKey marks a SSH key as verified

Types

type CommitVerification

type CommitVerification struct {
	Verified       bool
	Warning        bool
	Reason         string
	SigningUser    *user_model.User
	CommittingUser *user_model.User
	SigningEmail   string
	SigningKey     *GPGKey
	SigningSSHKey  *PublicKey
	TrustStatus    string
}

CommitVerification represents a commit validation of signature

func ParseCommitWithSSHSignature

func ParseCommitWithSSHSignature(c *git.Commit, committer *user_model.User) *CommitVerification

ParseCommitWithSSHSignature check if signature is good against keystore.

func ParseCommitWithSignature

func ParseCommitWithSignature(c *git.Commit) *CommitVerification

ParseCommitWithSignature check if signature is good against keystore.

type DeployKey

type DeployKey struct {
	ID          int64 `xorm:"pk autoincr"`
	KeyID       int64 `xorm:"UNIQUE(s) INDEX"`
	RepoID      int64 `xorm:"UNIQUE(s) INDEX"`
	Name        string
	Fingerprint string
	Content     string `xorm:"-"`

	Mode perm.AccessMode `xorm:"NOT NULL DEFAULT 1"`

	CreatedUnix       timeutil.TimeStamp `xorm:"created"`
	UpdatedUnix       timeutil.TimeStamp `xorm:"updated"`
	HasRecentActivity bool               `xorm:"-"`
	HasUsed           bool               `xorm:"-"`
}

DeployKey represents deploy key information and its relation with repository.

func AddDeployKey

func AddDeployKey(repoID int64, name, content string, readOnly bool) (*DeployKey, error)

AddDeployKey add new deploy key to database and authorized_keys file.

func GetDeployKeyByID

func GetDeployKeyByID(ctx context.Context, id int64) (*DeployKey, error)

GetDeployKeyByID returns deploy key by given ID.

func GetDeployKeyByRepo

func GetDeployKeyByRepo(keyID, repoID int64) (*DeployKey, error)

GetDeployKeyByRepo returns deploy key by given public key ID and repository ID.

func ListDeployKeys

func ListDeployKeys(ctx context.Context, opts *ListDeployKeysOptions) ([]*DeployKey, error)

ListDeployKeys returns a list of deploy keys matching the provided arguments.

func (*DeployKey) AfterLoad

func (key *DeployKey) AfterLoad()

AfterLoad is invoked from XORM after setting the values of all fields of this object.

func (*DeployKey) GetContent

func (key *DeployKey) GetContent() error

GetContent gets associated public key content.

func (*DeployKey) IsReadOnly

func (key *DeployKey) IsReadOnly() bool

IsReadOnly checks if the key can only be used for read operations

type ErrDeployKeyAlreadyExist

type ErrDeployKeyAlreadyExist struct {
	KeyID  int64
	RepoID int64
}

ErrDeployKeyAlreadyExist represents a "DeployKeyAlreadyExist" kind of error.

func (ErrDeployKeyAlreadyExist) Error

func (err ErrDeployKeyAlreadyExist) Error() string

type ErrDeployKeyNameAlreadyUsed

type ErrDeployKeyNameAlreadyUsed struct {
	RepoID int64
	Name   string
}

ErrDeployKeyNameAlreadyUsed represents a "DeployKeyNameAlreadyUsed" kind of error.

func (ErrDeployKeyNameAlreadyUsed) Error

func (err ErrDeployKeyNameAlreadyUsed) Error() string

type ErrDeployKeyNotExist

type ErrDeployKeyNotExist struct {
	ID     int64
	KeyID  int64
	RepoID int64
}

ErrDeployKeyNotExist represents a "DeployKeyNotExist" kind of error.

func (ErrDeployKeyNotExist) Error

func (err ErrDeployKeyNotExist) Error() string

type ErrGPGInvalidTokenSignature

type ErrGPGInvalidTokenSignature struct {
	Wrapped error
	ID      string
}

ErrGPGInvalidTokenSignature represents a "ErrGPGInvalidTokenSignature" kind of error.

func (ErrGPGInvalidTokenSignature) Error

func (err ErrGPGInvalidTokenSignature) Error() string

type ErrGPGKeyAccessDenied

type ErrGPGKeyAccessDenied struct {
	UserID int64
	KeyID  int64
}

ErrGPGKeyAccessDenied represents a "GPGKeyAccessDenied" kind of Error.

func (ErrGPGKeyAccessDenied) Error

func (err ErrGPGKeyAccessDenied) Error() string

Error pretty-prints an error of type ErrGPGKeyAccessDenied.

type ErrGPGKeyIDAlreadyUsed

type ErrGPGKeyIDAlreadyUsed struct {
	KeyID string
}

ErrGPGKeyIDAlreadyUsed represents a "GPGKeyIDAlreadyUsed" kind of error.

func (ErrGPGKeyIDAlreadyUsed) Error

func (err ErrGPGKeyIDAlreadyUsed) Error() string

type ErrGPGKeyImportNotExist

type ErrGPGKeyImportNotExist struct {
	ID string
}

ErrGPGKeyImportNotExist represents a "GPGKeyImportNotExist" kind of error.

func (ErrGPGKeyImportNotExist) Error

func (err ErrGPGKeyImportNotExist) Error() string

type ErrGPGKeyNotExist

type ErrGPGKeyNotExist struct {
	ID int64
}

ErrGPGKeyNotExist represents a "GPGKeyNotExist" kind of error.

func (ErrGPGKeyNotExist) Error

func (err ErrGPGKeyNotExist) Error() string

type ErrGPGKeyParsing

type ErrGPGKeyParsing struct {
	ParseError error
}

ErrGPGKeyParsing represents a "ErrGPGKeyParsing" kind of error.

func (ErrGPGKeyParsing) Error

func (err ErrGPGKeyParsing) Error() string

type ErrGPGNoEmailFound

type ErrGPGNoEmailFound struct {
	FailedEmails []string
	ID           string
}

ErrGPGNoEmailFound represents a "ErrGPGNoEmailFound" kind of error.

func (ErrGPGNoEmailFound) Error

func (err ErrGPGNoEmailFound) Error() string

type ErrKeyAccessDenied

type ErrKeyAccessDenied struct {
	UserID int64
	KeyID  int64
	Note   string
}

ErrKeyAccessDenied represents a "KeyAccessDenied" kind of error.

func (ErrKeyAccessDenied) Error

func (err ErrKeyAccessDenied) Error() string

type ErrKeyAlreadyExist

type ErrKeyAlreadyExist struct {
	OwnerID     int64
	Fingerprint string
	Content     string
}

ErrKeyAlreadyExist represents a "KeyAlreadyExist" kind of error.

func (ErrKeyAlreadyExist) Error

func (err ErrKeyAlreadyExist) Error() string

type ErrKeyNameAlreadyUsed

type ErrKeyNameAlreadyUsed struct {
	OwnerID int64
	Name    string
}

ErrKeyNameAlreadyUsed represents a "KeyNameAlreadyUsed" kind of error.

func (ErrKeyNameAlreadyUsed) Error

func (err ErrKeyNameAlreadyUsed) Error() string

type ErrKeyNotExist

type ErrKeyNotExist struct {
	ID int64
}

ErrKeyNotExist represents a "KeyNotExist" kind of error.

func (ErrKeyNotExist) Error

func (err ErrKeyNotExist) Error() string

type ErrKeyUnableVerify

type ErrKeyUnableVerify struct {
	Result string
}

ErrKeyUnableVerify represents a "KeyUnableVerify" kind of error.

func (ErrKeyUnableVerify) Error

func (err ErrKeyUnableVerify) Error() string

type ErrSSHInvalidTokenSignature

type ErrSSHInvalidTokenSignature struct {
	Wrapped     error
	Fingerprint string
}

ErrSSHInvalidTokenSignature represents a "ErrSSHInvalidTokenSignature" kind of error.

func (ErrSSHInvalidTokenSignature) Error

func (err ErrSSHInvalidTokenSignature) Error() string

type GPGKey

type GPGKey struct {
	ID                int64              `xorm:"pk autoincr"`
	OwnerID           int64              `xorm:"INDEX NOT NULL"`
	KeyID             string             `xorm:"INDEX CHAR(16) NOT NULL"`
	PrimaryKeyID      string             `xorm:"CHAR(16)"`
	Content           string             `xorm:"TEXT NOT NULL"`
	CreatedUnix       timeutil.TimeStamp `xorm:"created"`
	ExpiredUnix       timeutil.TimeStamp
	AddedUnix         timeutil.TimeStamp
	SubsKey           []*GPGKey `xorm:"-"`
	Emails            []*user_model.EmailAddress
	Verified          bool `xorm:"NOT NULL DEFAULT false"`
	CanSign           bool
	CanEncryptComms   bool
	CanEncryptStorage bool
	CanCertify        bool
}

GPGKey represents a GPG key.

func AddGPGKey

func AddGPGKey(ownerID int64, content, token, signature string) ([]*GPGKey, error)

AddGPGKey adds new public key to database.

func GetGPGKeyByID

func GetGPGKeyByID(keyID int64) (*GPGKey, error)

GetGPGKeyByID returns public key by given ID.

func GetGPGKeysByKeyID

func GetGPGKeysByKeyID(keyID string) ([]*GPGKey, error)

GetGPGKeysByKeyID returns public key by given ID.

func ListGPGKeys

func ListGPGKeys(ctx context.Context, uid int64, listOptions db.ListOptions) ([]*GPGKey, error)

ListGPGKeys returns a list of public keys belongs to given user.

func (*GPGKey) AfterLoad

func (key *GPGKey) AfterLoad(session *xorm.Session)

AfterLoad is invoked from XORM after setting the values of all fields of this object.

func (*GPGKey) BeforeInsert

func (key *GPGKey) BeforeInsert()

BeforeInsert will be invoked by XORM before inserting a record

type GPGKeyImport

type GPGKeyImport struct {
	KeyID   string `xorm:"pk CHAR(16) NOT NULL"`
	Content string `xorm:"TEXT NOT NULL"`
}

GPGKeyImport the original import of key

func GetGPGImportByKeyID

func GetGPGImportByKeyID(keyID string) (*GPGKeyImport, error)

GetGPGImportByKeyID returns the import public armored key by given KeyID.

type KeyType

type KeyType int

KeyType specifies the key type

type ListDeployKeysOptions

type ListDeployKeysOptions struct {
	db.ListOptions
	RepoID      int64
	KeyID       int64
	Fingerprint string
}

ListDeployKeysOptions are options for ListDeployKeys

type PublicKey

type PublicKey struct {
	ID            int64           `xorm:"pk autoincr"`
	OwnerID       int64           `xorm:"INDEX NOT NULL"`
	Name          string          `xorm:"NOT NULL"`
	Fingerprint   string          `xorm:"INDEX NOT NULL"`
	Content       string          `xorm:"TEXT NOT NULL"`
	Mode          perm.AccessMode `xorm:"NOT NULL DEFAULT 2"`
	Type          KeyType         `xorm:"NOT NULL DEFAULT 1"`
	LoginSourceID int64           `xorm:"NOT NULL DEFAULT 0"`

	CreatedUnix       timeutil.TimeStamp `xorm:"created"`
	UpdatedUnix       timeutil.TimeStamp `xorm:"updated"`
	HasRecentActivity bool               `xorm:"-"`
	HasUsed           bool               `xorm:"-"`
	Verified          bool               `xorm:"NOT NULL DEFAULT false"`
}

PublicKey represents a user or deploy SSH public key.

func AddPrincipalKey

func AddPrincipalKey(ownerID int64, content string, authSourceID int64) (*PublicKey, error)

AddPrincipalKey adds new principal to database and authorized_principals file.

func AddPublicKey

func AddPublicKey(ownerID int64, name, content string, authSourceID int64) (*PublicKey, error)

AddPublicKey adds new public key to database and authorized_keys file.

func GetPublicKeyByID

func GetPublicKeyByID(keyID int64) (*PublicKey, error)

GetPublicKeyByID returns public key by given ID.

func ListPrincipalKeys

func ListPrincipalKeys(uid int64, listOptions db.ListOptions) ([]*PublicKey, error)

ListPrincipalKeys returns a list of principals belongs to given user.

func ListPublicKeys

func ListPublicKeys(uid int64, listOptions db.ListOptions) ([]*PublicKey, error)

ListPublicKeys returns a list of public keys belongs to given user.

func ListPublicKeysBySource

func ListPublicKeysBySource(uid, authSourceID int64) ([]*PublicKey, error)

ListPublicKeysBySource returns a list of synchronized public keys for a given user and login source.

func SearchPublicKey

func SearchPublicKey(uid int64, fingerprint string) ([]*PublicKey, error)

SearchPublicKey returns a list of public keys matching the provided arguments.

func SearchPublicKeyByContent

func SearchPublicKeyByContent(content string) (*PublicKey, error)

SearchPublicKeyByContent searches content as prefix (leak e-mail part) and returns public key found.

func SearchPublicKeyByContentExact

func SearchPublicKeyByContentExact(content string) (*PublicKey, error)

SearchPublicKeyByContentExact searches content and returns public key found.

func (*PublicKey) AfterLoad

func (key *PublicKey) AfterLoad()

AfterLoad is invoked from XORM after setting the values of all fields of this object.

func (*PublicKey) AuthorizedString

func (key *PublicKey) AuthorizedString() string

AuthorizedString returns formatted public key string for authorized_keys file.

TODO: Consider dropping this function

func (*PublicKey) OmitEmail

func (key *PublicKey) OmitEmail() string

OmitEmail returns content of public key without email address.

type SignCommit

type SignCommit struct {
	Verification *CommitVerification
	*user_model.UserCommit
}

SignCommit represents a commit with validation of signature.

func ParseCommitsWithSignature

func ParseCommitsWithSignature(oldCommits []*user_model.UserCommit, repoTrustModel repo_model.TrustModelType, isCodeReader func(*user_model.User) (bool, error)) []*SignCommit

ParseCommitsWithSignature checks if signaute of commits are corresponding to users gpg keys.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL