asymkey

package
v1.22.0-rc0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 28, 2024 License: MIT Imports: 38 Imported by: 23

Documentation

Index

Constants

View Source 
const (
	// BadSignature is used as the reason when the signature has a KeyID that is in the db
	// but no key that has that ID verifies the signature. This is a suspicious failure.
	BadSignature = "gpg.error.probable_bad_signature"
	// BadDefaultSignature is used as the reason when the signature has a KeyID that matches the
	// default Key but is not verified by the default key. This is a suspicious failure.
	BadDefaultSignature = "gpg.error.probable_bad_default_signature"
	// NoKeyFound is used as the reason when no key can be found to verify the signature.
	NoKeyFound = "gpg.error.no_gpg_keys_found"
)
View Source 
const (
	// KeyTypeUser specifies the user key
	KeyTypeUser = iota + 1
	// KeyTypeDeploy specifies the deploy key
	KeyTypeDeploy
	// KeyTypePrincipal specifies the authorized principal key
	KeyTypePrincipal
)

Variables

View Source 
var ErrKeyIsPrivate = util.NewSilentWrapErrorf(util.ErrInvalidArgument, "the provided key is a private key")

ErrKeyIsPrivate is returned when the provided key is a private key not a public key

Functions

func AddPublicKeysBySource 

func AddPublicKeysBySource(ctx context.Context, usr *user_model.User, s *auth.Source, sshPublicKeys []string) bool

AddPublicKeysBySource add a users public keys. Returns true if there are changes.

func AuthorizedStringForKey 

func AuthorizedStringForKey(key *PublicKey) string

AuthorizedStringForKey creates the authorized keys string appropriate for the provided key

func CalcFingerprint added in v1.17.0 

func CalcFingerprint(publicKeyContent string) (string, error)

CalcFingerprint calculate public key's fingerprint

func CalculateTrustStatus 

func CalculateTrustStatus(verification *CommitVerification, repoTrustModel repo_model.TrustModelType, isOwnerMemberCollaborator func(*user_model.User) (bool, error), keyMap *map[string]bool) error

CalculateTrustStatus will calculate the TrustStatus for a commit verification within a repository There are several trust models in Gitea

func CheckPrincipalKeyString 

func CheckPrincipalKeyString(ctx context.Context, user *user_model.User, content string) (_ string, err error)

CheckPrincipalKeyString strips spaces and returns an error if the given principal contains newlines

func CheckPublicKeyString 

func CheckPublicKeyString(content string) (_ string, err error)

CheckPublicKeyString checks if the given public key string is recognized by SSH. It returns the actual public key line on success.

func DeleteGPGKey 

func DeleteGPGKey(ctx context.Context, doer *user_model.User, id int64) (err error)

DeleteGPGKey deletes GPG key information in database.

func GPGKeyToEntity 

func GPGKeyToEntity(ctx context.Context, k *GPGKey) (*openpgp.Entity, error)

GPGKeyToEntity retrieve the imported key and the traducted entity

func HasDeployKey 

func HasDeployKey(ctx context.Context, keyID, repoID int64) bool

HasDeployKey returns true if public key is a deploy key of given repository.

func IsDeployKeyExistByKeyID added in v1.17.0 

func IsDeployKeyExistByKeyID(ctx context.Context, keyID int64) (bool, error)

IsDeployKeyExistByKeyID return true if there is at least one deploykey with the key id

func IsErrDeployKeyAlreadyExist 

func IsErrDeployKeyAlreadyExist(err error) bool

IsErrDeployKeyAlreadyExist checks if an error is a ErrDeployKeyAlreadyExist.

func IsErrDeployKeyNameAlreadyUsed 

func IsErrDeployKeyNameAlreadyUsed(err error) bool

IsErrDeployKeyNameAlreadyUsed checks if an error is a ErrDeployKeyNameAlreadyUsed.

func IsErrDeployKeyNotExist 

func IsErrDeployKeyNotExist(err error) bool

IsErrDeployKeyNotExist checks if an error is a ErrDeployKeyNotExist.

func IsErrGPGInvalidTokenSignature 

func IsErrGPGInvalidTokenSignature(err error) bool

IsErrGPGInvalidTokenSignature checks if an error is a ErrGPGInvalidTokenSignature.

func IsErrGPGKeyAccessDenied 

func IsErrGPGKeyAccessDenied(err error) bool

IsErrGPGKeyAccessDenied checks if an error is a ErrGPGKeyAccessDenied.

func IsErrGPGKeyIDAlreadyUsed 

func IsErrGPGKeyIDAlreadyUsed(err error) bool

IsErrGPGKeyIDAlreadyUsed checks if an error is a ErrKeyNameAlreadyUsed.

func IsErrGPGKeyImportNotExist 

func IsErrGPGKeyImportNotExist(err error) bool

IsErrGPGKeyImportNotExist checks if an error is a ErrGPGKeyImportNotExist.

func IsErrGPGKeyNotExist 

func IsErrGPGKeyNotExist(err error) bool

IsErrGPGKeyNotExist checks if an error is a ErrGPGKeyNotExist.

func IsErrGPGKeyParsing 

func IsErrGPGKeyParsing(err error) bool

IsErrGPGKeyParsing checks if an error is a ErrGPGKeyParsing.

func IsErrGPGNoEmailFound 

func IsErrGPGNoEmailFound(err error) bool

IsErrGPGNoEmailFound checks if an error is a ErrGPGNoEmailFound.

func IsErrKeyAccessDenied 

func IsErrKeyAccessDenied(err error) bool

IsErrKeyAccessDenied checks if an error is a ErrKeyAccessDenied.

func IsErrKeyAlreadyExist 

func IsErrKeyAlreadyExist(err error) bool

IsErrKeyAlreadyExist checks if an error is a ErrKeyAlreadyExist.

func IsErrKeyNameAlreadyUsed 

func IsErrKeyNameAlreadyUsed(err error) bool

IsErrKeyNameAlreadyUsed checks if an error is a ErrKeyNameAlreadyUsed.

func IsErrKeyNotExist 

func IsErrKeyNotExist(err error) bool

IsErrKeyNotExist checks if an error is a ErrKeyNotExist.

func IsErrKeyUnableVerify 

func IsErrKeyUnableVerify(err error) bool

IsErrKeyUnableVerify checks if an error is a ErrKeyUnableVerify.

func IsErrSSHInvalidTokenSignature 

func IsErrSSHInvalidTokenSignature(err error) bool

IsErrSSHInvalidTokenSignature checks if an error is a ErrSSHInvalidTokenSignature.

func PaddedKeyID added in v1.18.1 

func PaddedKeyID(keyID string) string

PaddedKeyID show KeyID padded to 16 characters

func PublicKeyIsExternallyManaged 

func PublicKeyIsExternallyManaged(ctx context.Context, id int64) (bool, error)

PublicKeyIsExternallyManaged returns whether the provided KeyID represents an externally managed Key

func PublicKeysAreExternallyManaged 

func PublicKeysAreExternallyManaged(ctx context.Context, keys []*PublicKey) ([]bool, error)

PublicKeysAreExternallyManaged returns whether the provided KeyID represents an externally managed Key

func RegeneratePublicKeys 

func RegeneratePublicKeys(ctx context.Context, t io.StringWriter) error

RegeneratePublicKeys regenerates the authorized_keys file

func SSHKeyGenParsePublicKey 

func SSHKeyGenParsePublicKey(key string) (string, int, error)

SSHKeyGenParsePublicKey extracts key type and length using ssh-keygen.

func SSHNativeParsePublicKey 

func SSHNativeParsePublicKey(keyLine string) (string, int, error)

SSHNativeParsePublicKey extracts the key type and length using the golang SSH library.

func SynchronizePublicKeys 

func SynchronizePublicKeys(ctx context.Context, usr *user_model.User, s *auth.Source, sshPublicKeys []string) bool

SynchronizePublicKeys updates a users public keys. Returns true if there are changes.

func UpdateDeployKeyCols 

func UpdateDeployKeyCols(ctx context.Context, key *DeployKey, cols ...string) error

UpdateDeployKeyCols updates deploy key information in the specified columns.

func UpdatePublicKeyUpdated 

func UpdatePublicKeyUpdated(ctx context.Context, id int64) error

UpdatePublicKeyUpdated updates public key use time.

func VerificationToken 

func VerificationToken(user *user_model.User, minutes int) string

VerificationToken returns token for the user that will be valid in minutes (time)

func VerifyGPGKey 

func VerifyGPGKey(ctx context.Context, ownerID int64, keyID, token, signature string) (string, error)

VerifyGPGKey marks a GPG key as verified

func VerifySSHKey 

func VerifySSHKey(ctx context.Context, ownerID int64, fingerprint, token, signature string) (string, error)

VerifySSHKey marks a SSH key as verified

func WithSSHOpLocker added in v1.22.0 

func WithSSHOpLocker(f func() error) error

Types

type CommitVerification 

type CommitVerification struct {
	Verified       bool
	Warning        bool
	Reason         string
	SigningUser    *user_model.User
	CommittingUser *user_model.User
	SigningEmail   string
	SigningKey     *GPGKey
	SigningSSHKey  *PublicKey
	TrustStatus    string
}

CommitVerification represents a commit validation of signature

func ParseCommitWithSSHSignature 

func ParseCommitWithSSHSignature(ctx context.Context, c *git.Commit, committer *user_model.User) *CommitVerification

ParseCommitWithSSHSignature check if signature is good against keystore.

func ParseCommitWithSignature 

func ParseCommitWithSignature(ctx context.Context, c *git.Commit) *CommitVerification

ParseCommitWithSignature check if signature is good against keystore.

type DeployKey 

type DeployKey struct {
	ID          int64 `xorm:"pk autoincr"`
	KeyID       int64 `xorm:"UNIQUE(s) INDEX"`
	RepoID      int64 `xorm:"UNIQUE(s) INDEX"`
	Name        string
	Fingerprint string
	Content     string `xorm:"-"`

	Mode perm.AccessMode `xorm:"NOT NULL DEFAULT 1"`

	CreatedUnix       timeutil.TimeStamp `xorm:"created"`
	UpdatedUnix       timeutil.TimeStamp `xorm:"updated"`
	HasRecentActivity bool               `xorm:"-"`
	HasUsed           bool               `xorm:"-"`
}

DeployKey represents deploy key information and its relation with repository.

func AddDeployKey 

func AddDeployKey(ctx context.Context, repoID int64, name, content string, readOnly bool) (*DeployKey, error)

AddDeployKey add new deploy key to database and authorized_keys file.

func GetDeployKeyByID 

func GetDeployKeyByID(ctx context.Context, id int64) (*DeployKey, error)

GetDeployKeyByID returns deploy key by given ID.

func GetDeployKeyByRepo 

func GetDeployKeyByRepo(ctx context.Context, keyID, repoID int64) (*DeployKey, error)

GetDeployKeyByRepo returns deploy key by given public key ID and repository ID.

func (*DeployKey) AfterLoad 

func (key *DeployKey) AfterLoad()

AfterLoad is invoked from XORM after setting the values of all fields of this object.

func (*DeployKey) GetContent 

func (key *DeployKey) GetContent(ctx context.Context) error

GetContent gets associated public key content.

func (*DeployKey) IsReadOnly 

func (key *DeployKey) IsReadOnly() bool

IsReadOnly checks if the key can only be used for read operations, used by template

type ErrDeployKeyAlreadyExist 

type ErrDeployKeyAlreadyExist struct {
	KeyID  int64
	RepoID int64
}

ErrDeployKeyAlreadyExist represents a "DeployKeyAlreadyExist" kind of error.

func (ErrDeployKeyAlreadyExist) Error 

func (err ErrDeployKeyAlreadyExist) Error() string

func (ErrDeployKeyAlreadyExist) Unwrap added in v1.17.4 

func (err ErrDeployKeyAlreadyExist) Unwrap() error

type ErrDeployKeyNameAlreadyUsed 

type ErrDeployKeyNameAlreadyUsed struct {
	RepoID int64
	Name   string
}

ErrDeployKeyNameAlreadyUsed represents a "DeployKeyNameAlreadyUsed" kind of error.

func (ErrDeployKeyNameAlreadyUsed) Error 

func (err ErrDeployKeyNameAlreadyUsed) Error() string

func (ErrDeployKeyNameAlreadyUsed) Unwrap added in v1.17.4 

func (err ErrDeployKeyNameAlreadyUsed) Unwrap() error

type ErrDeployKeyNotExist 

type ErrDeployKeyNotExist struct {
	ID     int64
	KeyID  int64
	RepoID int64
}

ErrDeployKeyNotExist represents a "DeployKeyNotExist" kind of error.

func (ErrDeployKeyNotExist) Error 

func (err ErrDeployKeyNotExist) Error() string

func (ErrDeployKeyNotExist) Unwrap added in v1.17.4 

func (err ErrDeployKeyNotExist) Unwrap() error

type ErrGPGInvalidTokenSignature 

type ErrGPGInvalidTokenSignature struct {
	Wrapped error
	ID      string
}

ErrGPGInvalidTokenSignature represents a "ErrGPGInvalidTokenSignature" kind of error.

func (ErrGPGInvalidTokenSignature) Error 

func (err ErrGPGInvalidTokenSignature) Error() string

type ErrGPGKeyAccessDenied 

type ErrGPGKeyAccessDenied struct {
	UserID int64
	KeyID  int64
}

ErrGPGKeyAccessDenied represents a "GPGKeyAccessDenied" kind of Error.

func (ErrGPGKeyAccessDenied) Error 

func (err ErrGPGKeyAccessDenied) Error() string

Error pretty-prints an error of type ErrGPGKeyAccessDenied.

func (ErrGPGKeyAccessDenied) Unwrap added in v1.17.4 

func (err ErrGPGKeyAccessDenied) Unwrap() error

type ErrGPGKeyIDAlreadyUsed 

type ErrGPGKeyIDAlreadyUsed struct {
	KeyID string
}

ErrGPGKeyIDAlreadyUsed represents a "GPGKeyIDAlreadyUsed" kind of error.

func (ErrGPGKeyIDAlreadyUsed) Error 

func (err ErrGPGKeyIDAlreadyUsed) Error() string

func (ErrGPGKeyIDAlreadyUsed) Unwrap added in v1.17.4 

func (err ErrGPGKeyIDAlreadyUsed) Unwrap() error

type ErrGPGKeyImportNotExist 

type ErrGPGKeyImportNotExist struct {
	ID string
}

ErrGPGKeyImportNotExist represents a "GPGKeyImportNotExist" kind of error.

func (ErrGPGKeyImportNotExist) Error 

func (err ErrGPGKeyImportNotExist) Error() string

func (ErrGPGKeyImportNotExist) Unwrap added in v1.17.4 

func (err ErrGPGKeyImportNotExist) Unwrap() error

type ErrGPGKeyNotExist 

type ErrGPGKeyNotExist struct {
	ID int64
}

ErrGPGKeyNotExist represents a "GPGKeyNotExist" kind of error.

func (ErrGPGKeyNotExist) Error 

func (err ErrGPGKeyNotExist) Error() string

func (ErrGPGKeyNotExist) Unwrap added in v1.17.4 

func (err ErrGPGKeyNotExist) Unwrap() error

type ErrGPGKeyParsing 

type ErrGPGKeyParsing struct {
	ParseError error
}

ErrGPGKeyParsing represents a "ErrGPGKeyParsing" kind of error.

func (ErrGPGKeyParsing) Error 

func (err ErrGPGKeyParsing) Error() string

type ErrGPGNoEmailFound 

type ErrGPGNoEmailFound struct {
	FailedEmails []string
	ID           string
}

ErrGPGNoEmailFound represents a "ErrGPGNoEmailFound" kind of error.

func (ErrGPGNoEmailFound) Error 

func (err ErrGPGNoEmailFound) Error() string

type ErrKeyAccessDenied 

type ErrKeyAccessDenied struct {
	UserID int64
	KeyID  int64
	Note   string
}

ErrKeyAccessDenied represents a "KeyAccessDenied" kind of error.

func (ErrKeyAccessDenied) Error 

func (err ErrKeyAccessDenied) Error() string

func (ErrKeyAccessDenied) Unwrap added in v1.17.4 

func (err ErrKeyAccessDenied) Unwrap() error

type ErrKeyAlreadyExist 

type ErrKeyAlreadyExist struct {
	OwnerID     int64
	Fingerprint string
	Content     string
}

ErrKeyAlreadyExist represents a "KeyAlreadyExist" kind of error.

func (ErrKeyAlreadyExist) Error 

func (err ErrKeyAlreadyExist) Error() string

func (ErrKeyAlreadyExist) Unwrap added in v1.17.4 

func (err ErrKeyAlreadyExist) Unwrap() error

type ErrKeyNameAlreadyUsed 

type ErrKeyNameAlreadyUsed struct {
	OwnerID int64
	Name    string
}

ErrKeyNameAlreadyUsed represents a "KeyNameAlreadyUsed" kind of error.

func (ErrKeyNameAlreadyUsed) Error 

func (err ErrKeyNameAlreadyUsed) Error() string

func (ErrKeyNameAlreadyUsed) Unwrap added in v1.17.4 

func (err ErrKeyNameAlreadyUsed) Unwrap() error

type ErrKeyNotExist 

type ErrKeyNotExist struct {
	ID int64
}

ErrKeyNotExist represents a "KeyNotExist" kind of error.

func (ErrKeyNotExist) Error 

func (err ErrKeyNotExist) Error() string

func (ErrKeyNotExist) Unwrap added in v1.17.4 

func (err ErrKeyNotExist) Unwrap() error

type ErrKeyUnableVerify 

type ErrKeyUnableVerify struct {
	Result string
}

ErrKeyUnableVerify represents a "KeyUnableVerify" kind of error.

func (ErrKeyUnableVerify) Error 

func (err ErrKeyUnableVerify) Error() string

type ErrSSHInvalidTokenSignature 

type ErrSSHInvalidTokenSignature struct {
	Wrapped     error
	Fingerprint string
}

ErrSSHInvalidTokenSignature represents a "ErrSSHInvalidTokenSignature" kind of error.

func (ErrSSHInvalidTokenSignature) Error 

func (err ErrSSHInvalidTokenSignature) Error() string

func (ErrSSHInvalidTokenSignature) Unwrap added in v1.17.4 

func (err ErrSSHInvalidTokenSignature) Unwrap() error

type FindGPGKeyOptions added in v1.22.0 

type FindGPGKeyOptions struct {
	db.ListOptions
	OwnerID        int64
	KeyID          string
	IncludeSubKeys bool
}

func (FindGPGKeyOptions) ToConds added in v1.22.0 

func (opts FindGPGKeyOptions) ToConds() builder.Cond

type FindPublicKeyOptions added in v1.22.0 

type FindPublicKeyOptions struct {
	db.ListOptions
	OwnerID       int64
	Fingerprint   string
	KeyTypes      []KeyType
	NotKeytype    KeyType
	LoginSourceID int64
}

func (FindPublicKeyOptions) ToConds added in v1.22.0 

func (opts FindPublicKeyOptions) ToConds() builder.Cond

type GPGKey 

type GPGKey struct {
	ID                int64              `xorm:"pk autoincr"`
	OwnerID           int64              `xorm:"INDEX NOT NULL"`
	KeyID             string             `xorm:"INDEX CHAR(16) NOT NULL"`
	PrimaryKeyID      string             `xorm:"CHAR(16)"`
	Content           string             `xorm:"MEDIUMTEXT NOT NULL"`
	CreatedUnix       timeutil.TimeStamp `xorm:"created"`
	ExpiredUnix       timeutil.TimeStamp
	AddedUnix         timeutil.TimeStamp
	SubsKey           []*GPGKey `xorm:"-"`
	Emails            []*user_model.EmailAddress
	Verified          bool `xorm:"NOT NULL DEFAULT false"`
	CanSign           bool
	CanEncryptComms   bool
	CanEncryptStorage bool
	CanCertify        bool
}

GPGKey represents a GPG key.

func AddGPGKey 

func AddGPGKey(ctx context.Context, ownerID int64, content, token, signature string) ([]*GPGKey, error)

AddGPGKey adds new public key to database.

func GetGPGKeyForUserByID added in v1.20.6 

func GetGPGKeyForUserByID(ctx context.Context, ownerID, keyID int64) (*GPGKey, error)

func (*GPGKey) BeforeInsert 

func (key *GPGKey) BeforeInsert()

BeforeInsert will be invoked by XORM before inserting a record

func (*GPGKey) LoadSubKeys added in v1.22.0 

func (key *GPGKey) LoadSubKeys(ctx context.Context) error

func (*GPGKey) PaddedKeyID added in v1.17.2 

func (key *GPGKey) PaddedKeyID() string

PaddedKeyID show KeyID padded to 16 characters

type GPGKeyImport 

type GPGKeyImport struct {
	KeyID   string `xorm:"pk CHAR(16) NOT NULL"`
	Content string `xorm:"MEDIUMTEXT NOT NULL"`
}

GPGKeyImport the original import of key

func GetGPGImportByKeyID 

func GetGPGImportByKeyID(ctx context.Context, keyID string) (*GPGKeyImport, error)

GetGPGImportByKeyID returns the import public armored key by given KeyID.

type GPGKeyList added in v1.22.0 

type GPGKeyList []*GPGKey

func (GPGKeyList) LoadSubKeys added in v1.22.0 

func (keys GPGKeyList) LoadSubKeys(ctx context.Context) error

type KeyType 

type KeyType int

KeyType specifies the key type

type ListDeployKeysOptions 

type ListDeployKeysOptions struct {
	db.ListOptions
	RepoID      int64
	KeyID       int64
	Fingerprint string
}

ListDeployKeysOptions are options for ListDeployKeys

func (ListDeployKeysOptions) ToConds added in v1.22.0 

func (opt ListDeployKeysOptions) ToConds() builder.Cond

type PublicKey 

type PublicKey struct {
	ID            int64           `xorm:"pk autoincr"`
	OwnerID       int64           `xorm:"INDEX NOT NULL"`
	Name          string          `xorm:"NOT NULL"`
	Fingerprint   string          `xorm:"INDEX NOT NULL"`
	Content       string          `xorm:"MEDIUMTEXT NOT NULL"`
	Mode          perm.AccessMode `xorm:"NOT NULL DEFAULT 2"`
	Type          KeyType         `xorm:"NOT NULL DEFAULT 1"`
	LoginSourceID int64           `xorm:"NOT NULL DEFAULT 0"`

	CreatedUnix       timeutil.TimeStamp `xorm:"created"`
	UpdatedUnix       timeutil.TimeStamp `xorm:"updated"`
	HasRecentActivity bool               `xorm:"-"`
	HasUsed           bool               `xorm:"-"`
	Verified          bool               `xorm:"NOT NULL DEFAULT false"`
}

PublicKey represents a user or deploy SSH public key.

func AddPublicKey 

func AddPublicKey(ctx context.Context, ownerID int64, name, content string, authSourceID int64) (*PublicKey, error)

AddPublicKey adds new public key to database and authorized_keys file.

func GetPublicKeyByID 

func GetPublicKeyByID(ctx context.Context, keyID int64) (*PublicKey, error)

GetPublicKeyByID returns public key by given ID.

func SearchPublicKeyByContent 

func SearchPublicKeyByContent(ctx context.Context, content string) (*PublicKey, error)

SearchPublicKeyByContent searches content as prefix (leak e-mail part) and returns public key found.

func SearchPublicKeyByContentExact 

func SearchPublicKeyByContentExact(ctx context.Context, content string) (*PublicKey, error)

SearchPublicKeyByContentExact searches content and returns public key found.

func (*PublicKey) AfterLoad 

func (key *PublicKey) AfterLoad()

AfterLoad is invoked from XORM after setting the values of all fields of this object.

func (*PublicKey) AuthorizedString 

func (key *PublicKey) AuthorizedString() string

AuthorizedString returns formatted public key string for authorized_keys file.

TODO: Consider dropping this function

func (*PublicKey) OmitEmail 

func (key *PublicKey) OmitEmail() string

OmitEmail returns content of public key without email address.

type SignCommit 

type SignCommit struct {
	Verification *CommitVerification
	*user_model.UserCommit
}

SignCommit represents a commit with validation of signature.

func ParseCommitsWithSignature 

func ParseCommitsWithSignature(ctx context.Context, oldCommits []*user_model.UserCommit, repoTrustModel repo_model.TrustModelType, isOwnerMemberCollaborator func(*user_model.User) (bool, error)) []*SignCommit

ParseCommitsWithSignature checks if signaute of commits are corresponding to users gpg keys.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.