Documentation ¶
Index ¶
- Constants
- Variables
- func AddPublicKeysBySource(ctx context.Context, usr *user_model.User, s *auth.Source, ...) bool
- func AuthorizedStringForKey(key *PublicKey) string
- func CalcFingerprint(publicKeyContent string) (string, error)
- func CalculateTrustStatus(verification *CommitVerification, repoTrustModel repo_model.TrustModelType, ...) error
- func CheckPrincipalKeyString(ctx context.Context, user *user_model.User, content string) (_ string, err error)
- func CheckPublicKeyString(content string) (_ string, err error)
- func DeleteGPGKey(ctx context.Context, doer *user_model.User, id int64) (err error)
- func GPGKeyToEntity(ctx context.Context, k *GPGKey) (*openpgp.Entity, error)
- func HasDeployKey(ctx context.Context, keyID, repoID int64) bool
- func IsDeployKeyExistByKeyID(ctx context.Context, keyID int64) (bool, error)
- func IsErrDeployKeyAlreadyExist(err error) bool
- func IsErrDeployKeyNameAlreadyUsed(err error) bool
- func IsErrDeployKeyNotExist(err error) bool
- func IsErrGPGInvalidTokenSignature(err error) bool
- func IsErrGPGKeyAccessDenied(err error) bool
- func IsErrGPGKeyIDAlreadyUsed(err error) bool
- func IsErrGPGKeyImportNotExist(err error) bool
- func IsErrGPGKeyNotExist(err error) bool
- func IsErrGPGKeyParsing(err error) bool
- func IsErrGPGNoEmailFound(err error) bool
- func IsErrKeyAccessDenied(err error) bool
- func IsErrKeyAlreadyExist(err error) bool
- func IsErrKeyNameAlreadyUsed(err error) bool
- func IsErrKeyNotExist(err error) bool
- func IsErrKeyUnableVerify(err error) bool
- func IsErrSSHInvalidTokenSignature(err error) bool
- func PaddedKeyID(keyID string) string
- func PublicKeyIsExternallyManaged(ctx context.Context, id int64) (bool, error)
- func PublicKeysAreExternallyManaged(ctx context.Context, keys []*PublicKey) ([]bool, error)
- func RegeneratePublicKeys(ctx context.Context, t io.StringWriter) error
- func SSHKeyGenParsePublicKey(key string) (string, int, error)
- func SSHNativeParsePublicKey(keyLine string) (string, int, error)
- func SynchronizePublicKeys(ctx context.Context, usr *user_model.User, s *auth.Source, ...) bool
- func UpdateDeployKeyCols(ctx context.Context, key *DeployKey, cols ...string) error
- func UpdatePublicKeyUpdated(ctx context.Context, id int64) error
- func VerificationToken(user *user_model.User, minutes int) string
- func VerifyGPGKey(ctx context.Context, ownerID int64, keyID, token, signature string) (string, error)
- func VerifySSHKey(ctx context.Context, ownerID int64, fingerprint, token, signature string) (string, error)
- func WithSSHOpLocker(f func() error) error
- type CommitVerification
- type DeployKey
- type ErrDeployKeyAlreadyExist
- type ErrDeployKeyNameAlreadyUsed
- type ErrDeployKeyNotExist
- type ErrGPGInvalidTokenSignature
- type ErrGPGKeyAccessDenied
- type ErrGPGKeyIDAlreadyUsed
- type ErrGPGKeyImportNotExist
- type ErrGPGKeyNotExist
- type ErrGPGKeyParsing
- type ErrGPGNoEmailFound
- type ErrKeyAccessDenied
- type ErrKeyAlreadyExist
- type ErrKeyNameAlreadyUsed
- type ErrKeyNotExist
- type ErrKeyUnableVerify
- type ErrSSHInvalidTokenSignature
- type FindGPGKeyOptions
- type FindPublicKeyOptions
- type GPGKey
- type GPGKeyImport
- type GPGKeyList
- type KeyType
- type ListDeployKeysOptions
- type PublicKey
- func AddPublicKey(ctx context.Context, ownerID int64, name, content string, authSourceID int64) (*PublicKey, error)
- func GetPublicKeyByID(ctx context.Context, keyID int64) (*PublicKey, error)
- func SearchPublicKeyByContent(ctx context.Context, content string) (*PublicKey, error)
- func SearchPublicKeyByContentExact(ctx context.Context, content string) (*PublicKey, error)
- type SignCommit
Constants ¶
const ( // BadSignature is used as the reason when the signature has a KeyID that is in the db // but no key that has that ID verifies the signature. This is a suspicious failure. BadSignature = "gpg.error.probable_bad_signature" // BadDefaultSignature is used as the reason when the signature has a KeyID that matches the // default Key but is not verified by the default key. This is a suspicious failure. BadDefaultSignature = "gpg.error.probable_bad_default_signature" // NoKeyFound is used as the reason when no key can be found to verify the signature. NoKeyFound = "gpg.error.no_gpg_keys_found" )
const ( // KeyTypeUser specifies the user key KeyTypeUser = iota + 1 // KeyTypeDeploy specifies the deploy key KeyTypeDeploy // KeyTypePrincipal specifies the authorized principal key KeyTypePrincipal )
Variables ¶
var ErrKeyIsPrivate = util.NewSilentWrapErrorf(util.ErrInvalidArgument, "the provided key is a private key")
ErrKeyIsPrivate is returned when the provided key is a private key not a public key
Functions ¶
func AddPublicKeysBySource ¶
func AddPublicKeysBySource(ctx context.Context, usr *user_model.User, s *auth.Source, sshPublicKeys []string) bool
AddPublicKeysBySource add a users public keys. Returns true if there are changes.
func AuthorizedStringForKey ¶
AuthorizedStringForKey creates the authorized keys string appropriate for the provided key
func CalcFingerprint ¶
CalcFingerprint calculate public key's fingerprint
func CalculateTrustStatus ¶
func CalculateTrustStatus(verification *CommitVerification, repoTrustModel repo_model.TrustModelType, isOwnerMemberCollaborator func(*user_model.User) (bool, error), keyMap *map[string]bool) error
CalculateTrustStatus will calculate the TrustStatus for a commit verification within a repository There are several trust models in Gitea
func CheckPrincipalKeyString ¶
func CheckPrincipalKeyString(ctx context.Context, user *user_model.User, content string) (_ string, err error)
CheckPrincipalKeyString strips spaces and returns an error if the given principal contains newlines
func CheckPublicKeyString ¶
CheckPublicKeyString checks if the given public key string is recognized by SSH. It returns the actual public key line on success.
func DeleteGPGKey ¶
DeleteGPGKey deletes GPG key information in database.
func GPGKeyToEntity ¶
GPGKeyToEntity retrieve the imported key and the traducted entity
func HasDeployKey ¶
HasDeployKey returns true if public key is a deploy key of given repository.
func IsDeployKeyExistByKeyID ¶
IsDeployKeyExistByKeyID return true if there is at least one deploykey with the key id
func IsErrDeployKeyAlreadyExist ¶
IsErrDeployKeyAlreadyExist checks if an error is a ErrDeployKeyAlreadyExist.
func IsErrDeployKeyNameAlreadyUsed ¶
IsErrDeployKeyNameAlreadyUsed checks if an error is a ErrDeployKeyNameAlreadyUsed.
func IsErrDeployKeyNotExist ¶
IsErrDeployKeyNotExist checks if an error is a ErrDeployKeyNotExist.
func IsErrGPGInvalidTokenSignature ¶
IsErrGPGInvalidTokenSignature checks if an error is a ErrGPGInvalidTokenSignature.
func IsErrGPGKeyAccessDenied ¶
IsErrGPGKeyAccessDenied checks if an error is a ErrGPGKeyAccessDenied.
func IsErrGPGKeyIDAlreadyUsed ¶
IsErrGPGKeyIDAlreadyUsed checks if an error is a ErrKeyNameAlreadyUsed.
func IsErrGPGKeyImportNotExist ¶
IsErrGPGKeyImportNotExist checks if an error is a ErrGPGKeyImportNotExist.
func IsErrGPGKeyNotExist ¶
IsErrGPGKeyNotExist checks if an error is a ErrGPGKeyNotExist.
func IsErrGPGKeyParsing ¶
IsErrGPGKeyParsing checks if an error is a ErrGPGKeyParsing.
func IsErrGPGNoEmailFound ¶
IsErrGPGNoEmailFound checks if an error is a ErrGPGNoEmailFound.
func IsErrKeyAccessDenied ¶
IsErrKeyAccessDenied checks if an error is a ErrKeyAccessDenied.
func IsErrKeyAlreadyExist ¶
IsErrKeyAlreadyExist checks if an error is a ErrKeyAlreadyExist.
func IsErrKeyNameAlreadyUsed ¶
IsErrKeyNameAlreadyUsed checks if an error is a ErrKeyNameAlreadyUsed.
func IsErrKeyNotExist ¶
IsErrKeyNotExist checks if an error is a ErrKeyNotExist.
func IsErrKeyUnableVerify ¶
IsErrKeyUnableVerify checks if an error is a ErrKeyUnableVerify.
func IsErrSSHInvalidTokenSignature ¶
IsErrSSHInvalidTokenSignature checks if an error is a ErrSSHInvalidTokenSignature.
func PaddedKeyID ¶
PaddedKeyID show KeyID padded to 16 characters
func PublicKeyIsExternallyManaged ¶
PublicKeyIsExternallyManaged returns whether the provided KeyID represents an externally managed Key
func PublicKeysAreExternallyManaged ¶
PublicKeysAreExternallyManaged returns whether the provided KeyID represents an externally managed Key
func RegeneratePublicKeys ¶
func RegeneratePublicKeys(ctx context.Context, t io.StringWriter) error
RegeneratePublicKeys regenerates the authorized_keys file
func SSHKeyGenParsePublicKey ¶
SSHKeyGenParsePublicKey extracts key type and length using ssh-keygen.
func SSHNativeParsePublicKey ¶
SSHNativeParsePublicKey extracts the key type and length using the golang SSH library.
func SynchronizePublicKeys ¶
func SynchronizePublicKeys(ctx context.Context, usr *user_model.User, s *auth.Source, sshPublicKeys []string) bool
SynchronizePublicKeys updates a users public keys. Returns true if there are changes.
func UpdateDeployKeyCols ¶
UpdateDeployKeyCols updates deploy key information in the specified columns.
func UpdatePublicKeyUpdated ¶
UpdatePublicKeyUpdated updates public key use time.
func VerificationToken ¶
func VerificationToken(user *user_model.User, minutes int) string
VerificationToken returns token for the user that will be valid in minutes (time)
func VerifyGPGKey ¶
func VerifyGPGKey(ctx context.Context, ownerID int64, keyID, token, signature string) (string, error)
VerifyGPGKey marks a GPG key as verified
func VerifySSHKey ¶
func VerifySSHKey(ctx context.Context, ownerID int64, fingerprint, token, signature string) (string, error)
VerifySSHKey marks a SSH key as verified
func WithSSHOpLocker ¶
Types ¶
type CommitVerification ¶
type CommitVerification struct { Verified bool Warning bool Reason string SigningUser *user_model.User CommittingUser *user_model.User SigningEmail string SigningKey *GPGKey SigningSSHKey *PublicKey TrustStatus string }
CommitVerification represents a commit validation of signature
func ParseCommitWithSSHSignature ¶
func ParseCommitWithSSHSignature(ctx context.Context, c *git.Commit, committer *user_model.User) *CommitVerification
ParseCommitWithSSHSignature check if signature is good against keystore.
func ParseCommitWithSignature ¶
func ParseCommitWithSignature(ctx context.Context, c *git.Commit) *CommitVerification
ParseCommitWithSignature check if signature is good against keystore.
type DeployKey ¶
type DeployKey struct { ID int64 `xorm:"pk autoincr"` KeyID int64 `xorm:"UNIQUE(s) INDEX"` RepoID int64 `xorm:"UNIQUE(s) INDEX"` Name string Fingerprint string Content string `xorm:"-"` Mode perm.AccessMode `xorm:"NOT NULL DEFAULT 1"` CreatedUnix timeutil.TimeStamp `xorm:"created"` UpdatedUnix timeutil.TimeStamp `xorm:"updated"` HasRecentActivity bool `xorm:"-"` HasUsed bool `xorm:"-"` }
DeployKey represents deploy key information and its relation with repository.
func AddDeployKey ¶
func AddDeployKey(ctx context.Context, repoID int64, name, content string, readOnly bool) (*DeployKey, error)
AddDeployKey add new deploy key to database and authorized_keys file.
func GetDeployKeyByID ¶
GetDeployKeyByID returns deploy key by given ID.
func GetDeployKeyByRepo ¶
GetDeployKeyByRepo returns deploy key by given public key ID and repository ID.
func (*DeployKey) AfterLoad ¶
func (key *DeployKey) AfterLoad()
AfterLoad is invoked from XORM after setting the values of all fields of this object.
func (*DeployKey) GetContent ¶
GetContent gets associated public key content.
func (*DeployKey) IsReadOnly ¶
IsReadOnly checks if the key can only be used for read operations, used by template
type ErrDeployKeyAlreadyExist ¶
ErrDeployKeyAlreadyExist represents a "DeployKeyAlreadyExist" kind of error.
func (ErrDeployKeyAlreadyExist) Error ¶
func (err ErrDeployKeyAlreadyExist) Error() string
func (ErrDeployKeyAlreadyExist) Unwrap ¶
func (err ErrDeployKeyAlreadyExist) Unwrap() error
type ErrDeployKeyNameAlreadyUsed ¶
ErrDeployKeyNameAlreadyUsed represents a "DeployKeyNameAlreadyUsed" kind of error.
func (ErrDeployKeyNameAlreadyUsed) Error ¶
func (err ErrDeployKeyNameAlreadyUsed) Error() string
func (ErrDeployKeyNameAlreadyUsed) Unwrap ¶
func (err ErrDeployKeyNameAlreadyUsed) Unwrap() error
type ErrDeployKeyNotExist ¶
ErrDeployKeyNotExist represents a "DeployKeyNotExist" kind of error.
func (ErrDeployKeyNotExist) Error ¶
func (err ErrDeployKeyNotExist) Error() string
func (ErrDeployKeyNotExist) Unwrap ¶
func (err ErrDeployKeyNotExist) Unwrap() error
type ErrGPGInvalidTokenSignature ¶
ErrGPGInvalidTokenSignature represents a "ErrGPGInvalidTokenSignature" kind of error.
func (ErrGPGInvalidTokenSignature) Error ¶
func (err ErrGPGInvalidTokenSignature) Error() string
type ErrGPGKeyAccessDenied ¶
ErrGPGKeyAccessDenied represents a "GPGKeyAccessDenied" kind of Error.
func (ErrGPGKeyAccessDenied) Error ¶
func (err ErrGPGKeyAccessDenied) Error() string
Error pretty-prints an error of type ErrGPGKeyAccessDenied.
func (ErrGPGKeyAccessDenied) Unwrap ¶
func (err ErrGPGKeyAccessDenied) Unwrap() error
type ErrGPGKeyIDAlreadyUsed ¶
type ErrGPGKeyIDAlreadyUsed struct {
KeyID string
}
ErrGPGKeyIDAlreadyUsed represents a "GPGKeyIDAlreadyUsed" kind of error.
func (ErrGPGKeyIDAlreadyUsed) Error ¶
func (err ErrGPGKeyIDAlreadyUsed) Error() string
func (ErrGPGKeyIDAlreadyUsed) Unwrap ¶
func (err ErrGPGKeyIDAlreadyUsed) Unwrap() error
type ErrGPGKeyImportNotExist ¶
type ErrGPGKeyImportNotExist struct {
ID string
}
ErrGPGKeyImportNotExist represents a "GPGKeyImportNotExist" kind of error.
func (ErrGPGKeyImportNotExist) Error ¶
func (err ErrGPGKeyImportNotExist) Error() string
func (ErrGPGKeyImportNotExist) Unwrap ¶
func (err ErrGPGKeyImportNotExist) Unwrap() error
type ErrGPGKeyNotExist ¶
type ErrGPGKeyNotExist struct {
ID int64
}
ErrGPGKeyNotExist represents a "GPGKeyNotExist" kind of error.
func (ErrGPGKeyNotExist) Error ¶
func (err ErrGPGKeyNotExist) Error() string
func (ErrGPGKeyNotExist) Unwrap ¶
func (err ErrGPGKeyNotExist) Unwrap() error
type ErrGPGKeyParsing ¶
type ErrGPGKeyParsing struct {
ParseError error
}
ErrGPGKeyParsing represents a "ErrGPGKeyParsing" kind of error.
func (ErrGPGKeyParsing) Error ¶
func (err ErrGPGKeyParsing) Error() string
type ErrGPGNoEmailFound ¶
ErrGPGNoEmailFound represents a "ErrGPGNoEmailFound" kind of error.
func (ErrGPGNoEmailFound) Error ¶
func (err ErrGPGNoEmailFound) Error() string
type ErrKeyAccessDenied ¶
ErrKeyAccessDenied represents a "KeyAccessDenied" kind of error.
func (ErrKeyAccessDenied) Error ¶
func (err ErrKeyAccessDenied) Error() string
func (ErrKeyAccessDenied) Unwrap ¶
func (err ErrKeyAccessDenied) Unwrap() error
type ErrKeyAlreadyExist ¶
ErrKeyAlreadyExist represents a "KeyAlreadyExist" kind of error.
func (ErrKeyAlreadyExist) Error ¶
func (err ErrKeyAlreadyExist) Error() string
func (ErrKeyAlreadyExist) Unwrap ¶
func (err ErrKeyAlreadyExist) Unwrap() error
type ErrKeyNameAlreadyUsed ¶
ErrKeyNameAlreadyUsed represents a "KeyNameAlreadyUsed" kind of error.
func (ErrKeyNameAlreadyUsed) Error ¶
func (err ErrKeyNameAlreadyUsed) Error() string
func (ErrKeyNameAlreadyUsed) Unwrap ¶
func (err ErrKeyNameAlreadyUsed) Unwrap() error
type ErrKeyNotExist ¶
type ErrKeyNotExist struct {
ID int64
}
ErrKeyNotExist represents a "KeyNotExist" kind of error.
func (ErrKeyNotExist) Error ¶
func (err ErrKeyNotExist) Error() string
func (ErrKeyNotExist) Unwrap ¶
func (err ErrKeyNotExist) Unwrap() error
type ErrKeyUnableVerify ¶
type ErrKeyUnableVerify struct {
Result string
}
ErrKeyUnableVerify represents a "KeyUnableVerify" kind of error.
func (ErrKeyUnableVerify) Error ¶
func (err ErrKeyUnableVerify) Error() string
type ErrSSHInvalidTokenSignature ¶
ErrSSHInvalidTokenSignature represents a "ErrSSHInvalidTokenSignature" kind of error.
func (ErrSSHInvalidTokenSignature) Error ¶
func (err ErrSSHInvalidTokenSignature) Error() string
func (ErrSSHInvalidTokenSignature) Unwrap ¶
func (err ErrSSHInvalidTokenSignature) Unwrap() error
type FindGPGKeyOptions ¶
type FindGPGKeyOptions struct { db.ListOptions OwnerID int64 KeyID string IncludeSubKeys bool }
func (FindGPGKeyOptions) ToConds ¶
func (opts FindGPGKeyOptions) ToConds() builder.Cond
type FindPublicKeyOptions ¶
type FindPublicKeyOptions struct { db.ListOptions OwnerID int64 Fingerprint string KeyTypes []KeyType NotKeytype KeyType LoginSourceID int64 }
func (FindPublicKeyOptions) ToConds ¶
func (opts FindPublicKeyOptions) ToConds() builder.Cond
type GPGKey ¶
type GPGKey struct { ID int64 `xorm:"pk autoincr"` OwnerID int64 `xorm:"INDEX NOT NULL"` KeyID string `xorm:"INDEX CHAR(16) NOT NULL"` PrimaryKeyID string `xorm:"CHAR(16)"` Content string `xorm:"MEDIUMTEXT NOT NULL"` CreatedUnix timeutil.TimeStamp `xorm:"created"` ExpiredUnix timeutil.TimeStamp AddedUnix timeutil.TimeStamp SubsKey []*GPGKey `xorm:"-"` Emails []*user_model.EmailAddress Verified bool `xorm:"NOT NULL DEFAULT false"` CanSign bool CanEncryptComms bool CanEncryptStorage bool CanCertify bool }
GPGKey represents a GPG key.
func AddGPGKey ¶
func AddGPGKey(ctx context.Context, ownerID int64, content, token, signature string) ([]*GPGKey, error)
AddGPGKey adds new public key to database.
func GetGPGKeyForUserByID ¶
func (*GPGKey) BeforeInsert ¶
func (key *GPGKey) BeforeInsert()
BeforeInsert will be invoked by XORM before inserting a record
func (*GPGKey) PaddedKeyID ¶
PaddedKeyID show KeyID padded to 16 characters
type GPGKeyImport ¶
type GPGKeyImport struct { KeyID string `xorm:"pk CHAR(16) NOT NULL"` Content string `xorm:"MEDIUMTEXT NOT NULL"` }
GPGKeyImport the original import of key
func GetGPGImportByKeyID ¶
func GetGPGImportByKeyID(ctx context.Context, keyID string) (*GPGKeyImport, error)
GetGPGImportByKeyID returns the import public armored key by given KeyID.
type GPGKeyList ¶
type GPGKeyList []*GPGKey
func (GPGKeyList) LoadSubKeys ¶
func (keys GPGKeyList) LoadSubKeys(ctx context.Context) error
type ListDeployKeysOptions ¶
type ListDeployKeysOptions struct { db.ListOptions RepoID int64 KeyID int64 Fingerprint string }
ListDeployKeysOptions are options for ListDeployKeys
func (ListDeployKeysOptions) ToConds ¶
func (opt ListDeployKeysOptions) ToConds() builder.Cond
type PublicKey ¶
type PublicKey struct { ID int64 `xorm:"pk autoincr"` OwnerID int64 `xorm:"INDEX NOT NULL"` Name string `xorm:"NOT NULL"` Fingerprint string `xorm:"INDEX NOT NULL"` Content string `xorm:"MEDIUMTEXT NOT NULL"` Mode perm.AccessMode `xorm:"NOT NULL DEFAULT 2"` Type KeyType `xorm:"NOT NULL DEFAULT 1"` LoginSourceID int64 `xorm:"NOT NULL DEFAULT 0"` CreatedUnix timeutil.TimeStamp `xorm:"created"` UpdatedUnix timeutil.TimeStamp `xorm:"updated"` HasRecentActivity bool `xorm:"-"` HasUsed bool `xorm:"-"` Verified bool `xorm:"NOT NULL DEFAULT false"` }
PublicKey represents a user or deploy SSH public key.
func AddPublicKey ¶
func AddPublicKey(ctx context.Context, ownerID int64, name, content string, authSourceID int64) (*PublicKey, error)
AddPublicKey adds new public key to database and authorized_keys file.
func GetPublicKeyByID ¶
GetPublicKeyByID returns public key by given ID.
func SearchPublicKeyByContent ¶
SearchPublicKeyByContent searches content as prefix (leak e-mail part) and returns public key found.
func SearchPublicKeyByContentExact ¶
SearchPublicKeyByContentExact searches content and returns public key found.
func (*PublicKey) AfterLoad ¶
func (key *PublicKey) AfterLoad()
AfterLoad is invoked from XORM after setting the values of all fields of this object.
func (*PublicKey) AuthorizedString ¶
AuthorizedString returns formatted public key string for authorized_keys file.
TODO: Consider dropping this function
type SignCommit ¶
type SignCommit struct { Verification *CommitVerification *user_model.UserCommit }
SignCommit represents a commit with validation of signature.
func ParseCommitsWithSignature ¶
func ParseCommitsWithSignature(ctx context.Context, oldCommits []*user_model.UserCommit, repoTrustModel repo_model.TrustModelType, isOwnerMemberCollaborator func(*user_model.User) (bool, error)) []*SignCommit
ParseCommitsWithSignature checks if signaute of commits are corresponding to users gpg keys.
Source Files ¶
- error.go
- gpg_key.go
- gpg_key_add.go
- gpg_key_commit_verification.go
- gpg_key_common.go
- gpg_key_import.go
- gpg_key_list.go
- gpg_key_verify.go
- ssh_key.go
- ssh_key_authorized_keys.go
- ssh_key_commit_verification.go
- ssh_key_deploy.go
- ssh_key_fingerprint.go
- ssh_key_parse.go
- ssh_key_principals.go
- ssh_key_verify.go