diff options
author | Alexis Reigel <mail@koffeinfrei.org> | 2017-06-14 11:51:34 +0200 |
---|---|---|
committer | Alexis Reigel <mail@koffeinfrei.org> | 2017-07-27 15:42:53 +0200 |
commit | 69e511c4c2a0409fa69658cf95bf5c4072b2b2d0 (patch) | |
tree | 416321052fa4614973a5f29c8f76c05c97b6d84a /lib/gitlab/gpg | |
parent | 8236b12dff3df6d223888664c820ae54b4e0eaf7 (diff) | |
download | gitlab-ce-69e511c4c2a0409fa69658cf95bf5c4072b2b2d0.tar.gz |
cache the gpg commit signature
we store the result of the gpg commit verification in the db because the
gpg verification is an expensive operation.
Diffstat (limited to 'lib/gitlab/gpg')
-rw-r--r-- | lib/gitlab/gpg/commit.rb | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/lib/gitlab/gpg/commit.rb b/lib/gitlab/gpg/commit.rb new file mode 100644 index 00000000000..f60e5125c13 --- /dev/null +++ b/lib/gitlab/gpg/commit.rb @@ -0,0 +1,51 @@ +module Gitlab + module Gpg + class Commit + attr_reader :commit + + def initialize(commit) + @commit = commit + + @signature_text, @signed_text = commit.raw.signature(commit.project.repository) + end + + def has_signature? + @signature_text && @signed_text + end + + def signature + Gitlab::Gpg.using_tmp_keychain do + # first we need to get the keyid from the signature to query the gpg + # key belonging to the keyid. + # This way we can add the key to the temporary keychain and extract + # the proper signature. + gpg_key = GpgKey.find_by(primary_keyid: verified_signature.fingerprint) + + if gpg_key + Gitlab::Gpg::CurrentKeyChain.add(gpg_key.key) + end + + create_cached_signature!(gpg_key) + end + end + + private + + def verified_signature + GPGME::Crypto.new.verify(@signature_text, signed_text: @signed_text) do |verified_signature| + return verified_signature + end + end + + def create_cached_signature!(gpg_key) + GpgSignature.create!( + commit_sha: commit.sha, + project: commit.project, + gpg_key: gpg_key, + gpg_key_primary_keyid: gpg_key&.primary_keyid, + valid_signature: !!(gpg_key && verified_signature&.valid?) + ) + end + end + end +end |