asymkey

package
v1.23.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 10, 2025 License: MIT Imports: 38 Imported by: 23

Documentation

Index

Constants

View Source
const (
	// BadSignature is used as the reason when the signature has a KeyID that is in the db
	// but no key that has that ID verifies the signature. This is a suspicious failure.
	BadSignature = "gpg.error.probable_bad_signature"
	// BadDefaultSignature is used as the reason when the signature has a KeyID that matches the
	// default Key but is not verified by the default key. This is a suspicious failure.
	BadDefaultSignature = "gpg.error.probable_bad_default_signature"
	// NoKeyFound is used as the reason when no key can be found to verify the signature.
	NoKeyFound = "gpg.error.no_gpg_keys_found"
)
View Source
const (
	// KeyTypeUser specifies the user key
	KeyTypeUser = iota + 1
	// KeyTypeDeploy specifies the deploy key
	KeyTypeDeploy
	// KeyTypePrincipal specifies the authorized principal key
	KeyTypePrincipal
)

Variables

View Source
var ErrKeyIsPrivate = util.NewSilentWrapErrorf(util.ErrInvalidArgument, "the provided key is a private key")

ErrKeyIsPrivate is returned when the provided key is a private key not a public key

Functions

func AddPublicKeysBySource

func AddPublicKeysBySource(ctx context.Context, usr *user_model.User, s *auth.Source, sshPublicKeys []string) bool

AddPublicKeysBySource add a users public keys. Returns true if there are changes.

func AuthorizedStringForKey

func AuthorizedStringForKey(key *PublicKey) string

AuthorizedStringForKey creates the authorized keys string appropriate for the provided key

func CalcFingerprint added in v1.17.0

func CalcFingerprint(publicKeyContent string) (string, error)

CalcFingerprint calculate public key's fingerprint

func CalculateTrustStatus

func CalculateTrustStatus(verification *CommitVerification, repoTrustModel repo_model.TrustModelType, isOwnerMemberCollaborator func(*user_model.User) (bool, error), keyMap *map[string]bool) error

CalculateTrustStatus will calculate the TrustStatus for a commit verification within a repository There are several trust models in Gitea

func CheckPrincipalKeyString

func CheckPrincipalKeyString(ctx context.Context, user *user_model.User, content string) (_ string, err error)

CheckPrincipalKeyString strips spaces and returns an error if the given principal contains newlines

func CheckPublicKeyString

func CheckPublicKeyString(content string) (_ string, err error)

CheckPublicKeyString checks if the given public key string is recognized by SSH. It returns the actual public key line on success.

func DeleteGPGKey

func DeleteGPGKey(ctx context.Context, doer *user_model.User, id int64) (err error)

DeleteGPGKey deletes GPG key information in database.

func GPGKeyToEntity

func GPGKeyToEntity(ctx context.Context, k *GPGKey) (*openpgp.Entity, error)

GPGKeyToEntity retrieve the imported key and the traducted entity

func HasDeployKey

func HasDeployKey(ctx context.Context, keyID, repoID int64) bool

HasDeployKey returns true if public key is a deploy key of given repository.

func IsDeployKeyExistByKeyID added in v1.17.0

func IsDeployKeyExistByKeyID(ctx context.Context, keyID int64) (bool, error)

IsDeployKeyExistByKeyID return true if there is at least one deploykey with the key id

func IsErrDeployKeyAlreadyExist

func IsErrDeployKeyAlreadyExist(err error) bool

IsErrDeployKeyAlreadyExist checks if an error is a ErrDeployKeyAlreadyExist.

func IsErrDeployKeyNameAlreadyUsed

func IsErrDeployKeyNameAlreadyUsed(err error) bool

IsErrDeployKeyNameAlreadyUsed checks if an error is a ErrDeployKeyNameAlreadyUsed.

func IsErrDeployKeyNotExist

func IsErrDeployKeyNotExist(err error) bool

IsErrDeployKeyNotExist checks if an error is a ErrDeployKeyNotExist.

func IsErrGPGInvalidTokenSignature

func IsErrGPGInvalidTokenSignature(err error) bool

IsErrGPGInvalidTokenSignature checks if an error is a ErrGPGInvalidTokenSignature.

func IsErrGPGKeyAccessDenied

func IsErrGPGKeyAccessDenied(err error) bool

IsErrGPGKeyAccessDenied checks if an error is a ErrGPGKeyAccessDenied.

func IsErrGPGKeyIDAlreadyUsed

func IsErrGPGKeyIDAlreadyUsed(err error) bool

IsErrGPGKeyIDAlreadyUsed checks if an error is a ErrKeyNameAlreadyUsed.

func IsErrGPGKeyImportNotExist

func IsErrGPGKeyImportNotExist(err error) bool

IsErrGPGKeyImportNotExist checks if an error is a ErrGPGKeyImportNotExist.

func IsErrGPGKeyNotExist

func IsErrGPGKeyNotExist(err error) bool

IsErrGPGKeyNotExist checks if an error is a ErrGPGKeyNotExist.

func IsErrGPGKeyParsing

func IsErrGPGKeyParsing(err error) bool

IsErrGPGKeyParsing checks if an error is a ErrGPGKeyParsing.

func IsErrGPGNoEmailFound

func IsErrGPGNoEmailFound(err error) bool

IsErrGPGNoEmailFound checks if an error is a ErrGPGNoEmailFound.

func IsErrKeyAccessDenied

func IsErrKeyAccessDenied(err error) bool

IsErrKeyAccessDenied checks if an error is a ErrKeyAccessDenied.

func IsErrKeyAlreadyExist

func IsErrKeyAlreadyExist(err error) bool

IsErrKeyAlreadyExist checks if an error is a ErrKeyAlreadyExist.

func IsErrKeyNameAlreadyUsed

func IsErrKeyNameAlreadyUsed(err error) bool

IsErrKeyNameAlreadyUsed checks if an error is a ErrKeyNameAlreadyUsed.

func IsErrKeyNotExist

func IsErrKeyNotExist(err error) bool

IsErrKeyNotExist checks if an error is a ErrKeyNotExist.

func IsErrKeyUnableVerify

func IsErrKeyUnableVerify(err error) bool

IsErrKeyUnableVerify checks if an error is a ErrKeyUnableVerify.

func IsErrSSHInvalidTokenSignature

func IsErrSSHInvalidTokenSignature(err error) bool

IsErrSSHInvalidTokenSignature checks if an error is a ErrSSHInvalidTokenSignature.

func PaddedKeyID added in v1.18.1

func PaddedKeyID(keyID string) string

PaddedKeyID show KeyID padded to 16 characters

func PublicKeyIsExternallyManaged

func PublicKeyIsExternallyManaged(ctx context.Context, id int64) (bool, error)

PublicKeyIsExternallyManaged returns whether the provided KeyID represents an externally managed Key

func PublicKeysAreExternallyManaged

func PublicKeysAreExternallyManaged(ctx context.Context, keys []*PublicKey) ([]bool, error)

PublicKeysAreExternallyManaged returns whether the provided KeyID represents an externally managed Key

func RegeneratePublicKeys

func RegeneratePublicKeys(ctx context.Context, t io.StringWriter) error

RegeneratePublicKeys regenerates the authorized_keys file

func SSHKeyGenParsePublicKey

func SSHKeyGenParsePublicKey(key string) (string, int, error)

SSHKeyGenParsePublicKey extracts key type and length using ssh-keygen.

func SSHNativeParsePublicKey

func SSHNativeParsePublicKey(keyLine string) (string, int, error)

SSHNativeParsePublicKey extracts the key type and length using the golang SSH library.

func SynchronizePublicKeys

func SynchronizePublicKeys(ctx context.Context, usr *user_model.User, s *auth.Source, sshPublicKeys []string) bool

SynchronizePublicKeys updates a users public keys. Returns true if there are changes.

func UpdateDeployKeyCols

func UpdateDeployKeyCols(ctx context.Context, key *DeployKey, cols ...string) error

UpdateDeployKeyCols updates deploy key information in the specified columns.

func UpdatePublicKeyUpdated

func UpdatePublicKeyUpdated(ctx context.Context, id int64) error

UpdatePublicKeyUpdated updates public key use time.

func VerificationToken

func VerificationToken(user *user_model.User, minutes int) string

VerificationToken returns token for the user that will be valid in minutes (time)

func VerifyGPGKey

func VerifyGPGKey(ctx context.Context, ownerID int64, keyID, token, signature string) (string, error)

VerifyGPGKey marks a GPG key as verified

func VerifySSHKey

func VerifySSHKey(ctx context.Context, ownerID int64, fingerprint, token, signature string) (string, error)

VerifySSHKey marks a SSH key as verified

func WithSSHOpLocker added in v1.22.0

func WithSSHOpLocker(f func() error) error

Types

type CommitVerification

type CommitVerification struct {
	Verified       bool
	Warning        bool
	Reason         string
	SigningUser    *user_model.User
	CommittingUser *user_model.User
	SigningEmail   string
	SigningKey     *GPGKey
	SigningSSHKey  *PublicKey
	TrustStatus    string
}

CommitVerification represents a commit validation of signature

func ParseCommitWithSSHSignature

func ParseCommitWithSSHSignature(ctx context.Context, c *git.Commit, committer *user_model.User) *CommitVerification

ParseCommitWithSSHSignature check if signature is good against keystore.

func ParseCommitWithSignature

func ParseCommitWithSignature(ctx context.Context, c *git.Commit) *CommitVerification

ParseCommitWithSignature check if signature is good against keystore.

type DeployKey

type DeployKey struct {
	ID          int64 `xorm:"pk autoincr"`
	KeyID       int64 `xorm:"UNIQUE(s) INDEX"`
	RepoID      int64 `xorm:"UNIQUE(s) INDEX"`
	Name        string
	Fingerprint string
	Content     string `xorm:"-"`

	Mode perm.AccessMode `xorm:"NOT NULL DEFAULT 1"`

	CreatedUnix       timeutil.TimeStamp `xorm:"created"`
	UpdatedUnix       timeutil.TimeStamp `xorm:"updated"`
	HasRecentActivity bool               `xorm:"-"`
	HasUsed           bool               `xorm:"-"`
}

DeployKey represents deploy key information and its relation with repository.

func AddDeployKey

func AddDeployKey(ctx context.Context, repoID int64, name, content string, readOnly bool) (*DeployKey, error)

AddDeployKey add new deploy key to database and authorized_keys file.

func GetDeployKeyByID

func GetDeployKeyByID(ctx context.Context, id int64) (*DeployKey, error)

GetDeployKeyByID returns deploy key by given ID.

func GetDeployKeyByRepo

func GetDeployKeyByRepo(ctx context.Context, keyID, repoID int64) (*DeployKey, error)

GetDeployKeyByRepo returns deploy key by given public key ID and repository ID.

func (*DeployKey) AfterLoad

func (key *DeployKey) AfterLoad()

AfterLoad is invoked from XORM after setting the values of all fields of this object.

func (*DeployKey) GetContent

func (key *DeployKey) GetContent(ctx context.Context) error

GetContent gets associated public key content.

func (*DeployKey) IsReadOnly

func (key *DeployKey) IsReadOnly() bool

IsReadOnly checks if the key can only be used for read operations, used by template

type ErrDeployKeyAlreadyExist

type ErrDeployKeyAlreadyExist struct {
	KeyID  int64
	RepoID int64
}

ErrDeployKeyAlreadyExist represents a "DeployKeyAlreadyExist" kind of error.

func (ErrDeployKeyAlreadyExist) Error

func (err ErrDeployKeyAlreadyExist) Error() string

func (ErrDeployKeyAlreadyExist) Unwrap added in v1.17.4

func (err ErrDeployKeyAlreadyExist) Unwrap() error

type ErrDeployKeyNameAlreadyUsed

type ErrDeployKeyNameAlreadyUsed struct {
	RepoID int64
	Name   string
}

ErrDeployKeyNameAlreadyUsed represents a "DeployKeyNameAlreadyUsed" kind of error.

func (ErrDeployKeyNameAlreadyUsed) Error

func (err ErrDeployKeyNameAlreadyUsed) Error() string

func (ErrDeployKeyNameAlreadyUsed) Unwrap added in v1.17.4

func (err ErrDeployKeyNameAlreadyUsed) Unwrap() error

type ErrDeployKeyNotExist

type ErrDeployKeyNotExist struct {
	ID     int64
	KeyID  int64
	RepoID int64
}

ErrDeployKeyNotExist represents a "DeployKeyNotExist" kind of error.

func (ErrDeployKeyNotExist) Error

func (err ErrDeployKeyNotExist) Error() string

func (ErrDeployKeyNotExist) Unwrap added in v1.17.4

func (err ErrDeployKeyNotExist) Unwrap() error

type ErrGPGInvalidTokenSignature

type ErrGPGInvalidTokenSignature struct {
	Wrapped error
	ID      string
}

ErrGPGInvalidTokenSignature represents a "ErrGPGInvalidTokenSignature" kind of error.

func (ErrGPGInvalidTokenSignature) Error

func (err ErrGPGInvalidTokenSignature) Error() string

type ErrGPGKeyAccessDenied

type ErrGPGKeyAccessDenied struct {
	UserID int64
	KeyID  int64
}

ErrGPGKeyAccessDenied represents a "GPGKeyAccessDenied" kind of Error.

func (ErrGPGKeyAccessDenied) Error

func (err ErrGPGKeyAccessDenied) Error() string

Error pretty-prints an error of type ErrGPGKeyAccessDenied.

func (ErrGPGKeyAccessDenied) Unwrap added in v1.17.4

func (err ErrGPGKeyAccessDenied) Unwrap() error

type ErrGPGKeyIDAlreadyUsed

type ErrGPGKeyIDAlreadyUsed struct {
	KeyID string
}

ErrGPGKeyIDAlreadyUsed represents a "GPGKeyIDAlreadyUsed" kind of error.

func (ErrGPGKeyIDAlreadyUsed) Error

func (err ErrGPGKeyIDAlreadyUsed) Error() string

func (ErrGPGKeyIDAlreadyUsed) Unwrap added in v1.17.4

func (err ErrGPGKeyIDAlreadyUsed) Unwrap() error

type ErrGPGKeyImportNotExist

type ErrGPGKeyImportNotExist struct {
	ID string
}

ErrGPGKeyImportNotExist represents a "GPGKeyImportNotExist" kind of error.

func (ErrGPGKeyImportNotExist) Error

func (err ErrGPGKeyImportNotExist) Error() string

func (ErrGPGKeyImportNotExist) Unwrap added in v1.17.4

func (err ErrGPGKeyImportNotExist) Unwrap() error

type ErrGPGKeyNotExist

type ErrGPGKeyNotExist struct {
	ID int64
}

ErrGPGKeyNotExist represents a "GPGKeyNotExist" kind of error.

func (ErrGPGKeyNotExist) Error

func (err ErrGPGKeyNotExist) Error() string

func (ErrGPGKeyNotExist) Unwrap added in v1.17.4

func (err ErrGPGKeyNotExist) Unwrap() error

type ErrGPGKeyParsing

type ErrGPGKeyParsing struct {
	ParseError error
}

ErrGPGKeyParsing represents a "ErrGPGKeyParsing" kind of error.

func (ErrGPGKeyParsing) Error

func (err ErrGPGKeyParsing) Error() string

type ErrGPGNoEmailFound

type ErrGPGNoEmailFound struct {
	FailedEmails []string
	ID           string
}

ErrGPGNoEmailFound represents a "ErrGPGNoEmailFound" kind of error.

func (ErrGPGNoEmailFound) Error

func (err ErrGPGNoEmailFound) Error() string

type ErrKeyAccessDenied

type ErrKeyAccessDenied struct {
	UserID int64
	KeyID  int64
	Note   string
}

ErrKeyAccessDenied represents a "KeyAccessDenied" kind of error.

func (ErrKeyAccessDenied) Error

func (err ErrKeyAccessDenied) Error() string

func (ErrKeyAccessDenied) Unwrap added in v1.17.4

func (err ErrKeyAccessDenied) Unwrap() error

type ErrKeyAlreadyExist

type ErrKeyAlreadyExist struct {
	OwnerID     int64
	Fingerprint string
	Content     string
}

ErrKeyAlreadyExist represents a "KeyAlreadyExist" kind of error.

func (ErrKeyAlreadyExist) Error

func (err ErrKeyAlreadyExist) Error() string

func (ErrKeyAlreadyExist) Unwrap added in v1.17.4

func (err ErrKeyAlreadyExist) Unwrap() error

type ErrKeyNameAlreadyUsed

type ErrKeyNameAlreadyUsed struct {
	OwnerID int64
	Name    string
}

ErrKeyNameAlreadyUsed represents a "KeyNameAlreadyUsed" kind of error.

func (ErrKeyNameAlreadyUsed) Error

func (err ErrKeyNameAlreadyUsed) Error() string

func (ErrKeyNameAlreadyUsed) Unwrap added in v1.17.4

func (err ErrKeyNameAlreadyUsed) Unwrap() error

type ErrKeyNotExist

type ErrKeyNotExist struct {
	ID int64
}

ErrKeyNotExist represents a "KeyNotExist" kind of error.

func (ErrKeyNotExist) Error

func (err ErrKeyNotExist) Error() string

func (ErrKeyNotExist) Unwrap added in v1.17.4

func (err ErrKeyNotExist) Unwrap() error

type ErrKeyUnableVerify

type ErrKeyUnableVerify struct {
	Result string
}

ErrKeyUnableVerify represents a "KeyUnableVerify" kind of error.

func (ErrKeyUnableVerify) Error

func (err ErrKeyUnableVerify) Error() string

type ErrSSHInvalidTokenSignature

type ErrSSHInvalidTokenSignature struct {
	Wrapped     error
	Fingerprint string
}

ErrSSHInvalidTokenSignature represents a "ErrSSHInvalidTokenSignature" kind of error.

func (ErrSSHInvalidTokenSignature) Error

func (err ErrSSHInvalidTokenSignature) Error() string

func (ErrSSHInvalidTokenSignature) Unwrap added in v1.17.4

func (err ErrSSHInvalidTokenSignature) Unwrap() error

type FindGPGKeyOptions added in v1.22.0

type FindGPGKeyOptions struct {
	db.ListOptions
	OwnerID        int64
	KeyID          string
	IncludeSubKeys bool
}

func (FindGPGKeyOptions) ToConds added in v1.22.0

func (opts FindGPGKeyOptions) ToConds() builder.Cond

type FindPublicKeyOptions added in v1.22.0

type FindPublicKeyOptions struct {
	db.ListOptions
	OwnerID       int64
	Fingerprint   string
	KeyTypes      []KeyType
	NotKeytype    KeyType
	LoginSourceID int64
}

func (FindPublicKeyOptions) ToConds added in v1.22.0

func (opts FindPublicKeyOptions) ToConds() builder.Cond

type GPGKey

type GPGKey struct {
	ID                int64              `xorm:"pk autoincr"`
	OwnerID           int64              `xorm:"INDEX NOT NULL"`
	KeyID             string             `xorm:"INDEX CHAR(16) NOT NULL"`
	PrimaryKeyID      string             `xorm:"CHAR(16)"`
	Content           string             `xorm:"MEDIUMTEXT NOT NULL"`
	CreatedUnix       timeutil.TimeStamp `xorm:"created"`
	ExpiredUnix       timeutil.TimeStamp
	AddedUnix         timeutil.TimeStamp
	SubsKey           []*GPGKey `xorm:"-"`
	Emails            []*user_model.EmailAddress
	Verified          bool `xorm:"NOT NULL DEFAULT false"`
	CanSign           bool
	CanEncryptComms   bool
	CanEncryptStorage bool
	CanCertify        bool
}

GPGKey represents a GPG key.

func AddGPGKey

func AddGPGKey(ctx context.Context, ownerID int64, content, token, signature string) ([]*GPGKey, error)

AddGPGKey adds new public key to database.

func GetGPGKeyForUserByID added in v1.20.6

func GetGPGKeyForUserByID(ctx context.Context, ownerID, keyID int64) (*GPGKey, error)

func (*GPGKey) BeforeInsert

func (key *GPGKey) BeforeInsert()

BeforeInsert will be invoked by XORM before inserting a record

func (*GPGKey) LoadSubKeys added in v1.22.0

func (key *GPGKey) LoadSubKeys(ctx context.Context) error

func (*GPGKey) PaddedKeyID added in v1.17.2

func (key *GPGKey) PaddedKeyID() string

PaddedKeyID show KeyID padded to 16 characters

type GPGKeyImport

type GPGKeyImport struct {
	KeyID   string `xorm:"pk CHAR(16) NOT NULL"`
	Content string `xorm:"MEDIUMTEXT NOT NULL"`
}

GPGKeyImport the original import of key

func GetGPGImportByKeyID

func GetGPGImportByKeyID(ctx context.Context, keyID string) (*GPGKeyImport, error)

GetGPGImportByKeyID returns the import public armored key by given KeyID.

type GPGKeyList added in v1.22.0

type GPGKeyList []*GPGKey

func (GPGKeyList) LoadSubKeys added in v1.22.0

func (keys GPGKeyList) LoadSubKeys(ctx context.Context) error

type KeyType

type KeyType int

KeyType specifies the key type

type ListDeployKeysOptions

type ListDeployKeysOptions struct {
	db.ListOptions
	RepoID      int64
	KeyID       int64
	Fingerprint string
}

ListDeployKeysOptions are options for ListDeployKeys

func (ListDeployKeysOptions) ToConds added in v1.22.0

func (opt ListDeployKeysOptions) ToConds() builder.Cond

type PublicKey

type PublicKey struct {
	ID            int64           `xorm:"pk autoincr"`
	OwnerID       int64           `xorm:"INDEX NOT NULL"`
	Name          string          `xorm:"NOT NULL"`
	Fingerprint   string          `xorm:"INDEX NOT NULL"`
	Content       string          `xorm:"MEDIUMTEXT NOT NULL"`
	Mode          perm.AccessMode `xorm:"NOT NULL DEFAULT 2"`
	Type          KeyType         `xorm:"NOT NULL DEFAULT 1"`
	LoginSourceID int64           `xorm:"NOT NULL DEFAULT 0"`

	CreatedUnix       timeutil.TimeStamp `xorm:"created"`
	UpdatedUnix       timeutil.TimeStamp `xorm:"updated"`
	HasRecentActivity bool               `xorm:"-"`
	HasUsed           bool               `xorm:"-"`
	Verified          bool               `xorm:"NOT NULL DEFAULT false"`
}

PublicKey represents a user or deploy SSH public key.

func AddPublicKey

func AddPublicKey(ctx context.Context, ownerID int64, name, content string, authSourceID int64) (*PublicKey, error)

AddPublicKey adds new public key to database and authorized_keys file.

func GetPublicKeyByID

func GetPublicKeyByID(ctx context.Context, keyID int64) (*PublicKey, error)

GetPublicKeyByID returns public key by given ID.

func SearchPublicKeyByContent

func SearchPublicKeyByContent(ctx context.Context, content string) (*PublicKey, error)

SearchPublicKeyByContent searches content as prefix (leak e-mail part) and returns public key found.

func SearchPublicKeyByContentExact

func SearchPublicKeyByContentExact(ctx context.Context, content string) (*PublicKey, error)

SearchPublicKeyByContentExact searches content and returns public key found.

func (*PublicKey) AfterLoad

func (key *PublicKey) AfterLoad()

AfterLoad is invoked from XORM after setting the values of all fields of this object.

func (*PublicKey) AuthorizedString

func (key *PublicKey) AuthorizedString() string

AuthorizedString returns formatted public key string for authorized_keys file.

TODO: Consider dropping this function

func (*PublicKey) OmitEmail

func (key *PublicKey) OmitEmail() string

OmitEmail returns content of public key without email address.

type SignCommit

type SignCommit struct {
	Verification *CommitVerification
	*user_model.UserCommit
}

SignCommit represents a commit with validation of signature.

func ParseCommitsWithSignature

func ParseCommitsWithSignature(ctx context.Context, oldCommits []*user_model.UserCommit, repoTrustModel repo_model.TrustModelType, isOwnerMemberCollaborator func(*user_model.User) (bool, error)) []*SignCommit

ParseCommitsWithSignature checks if signaute of commits are corresponding to users gpg keys.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL