Refactor the extraction and generation of GPG subkeys
This commit is contained in:
Rubén Dávila
parent
328f4a505b
commit
d0572d9aad
|
|
@ -20,8 +20,7 @@ class GpgKey < ActiveRecord::Base
|
||||||
format: {
|
format: {
|
||||||
with: /\A#{KEY_PREFIX}((?!#{KEY_PREFIX})(?!#{KEY_SUFFIX}).)+#{KEY_SUFFIX}\Z/m,
|
with: /\A#{KEY_PREFIX}((?!#{KEY_PREFIX})(?!#{KEY_SUFFIX}).)+#{KEY_SUFFIX}\Z/m,
|
||||||
message: "is invalid. A valid public GPG key begins with '#{KEY_PREFIX}' and ends with '#{KEY_SUFFIX}'"
|
message: "is invalid. A valid public GPG key begins with '#{KEY_PREFIX}' and ends with '#{KEY_SUFFIX}'"
|
||||||
},
|
}
|
||||||
unless: :parent_id?
|
|
||||||
|
|
||||||
validates :fingerprint,
|
validates :fingerprint,
|
||||||
presence: true,
|
presence: true,
|
||||||
|
|
@ -37,9 +36,9 @@ class GpgKey < ActiveRecord::Base
|
||||||
# the error about the fingerprint
|
# the error about the fingerprint
|
||||||
unless: -> { errors.has_key?(:key) }
|
unless: -> { errors.has_key?(:key) }
|
||||||
|
|
||||||
before_validation :extract_fingerprint, :extract_primary_keyid, unless: :parent_id?
|
before_validation :extract_fingerprint, :extract_primary_keyid
|
||||||
after_commit :update_invalid_gpg_signatures, on: :create
|
after_commit :update_invalid_gpg_signatures, on: :create
|
||||||
after_save :generate_subkeys, unless: :parent_id?
|
after_create :generate_subkeys
|
||||||
|
|
||||||
def primary_keyid
|
def primary_keyid
|
||||||
super&.upcase
|
super&.upcase
|
||||||
|
|
@ -49,10 +48,6 @@ class GpgKey < ActiveRecord::Base
|
||||||
super&.upcase
|
super&.upcase
|
||||||
end
|
end
|
||||||
|
|
||||||
def key
|
|
||||||
parent_id? ? parent.key : super
|
|
||||||
end
|
|
||||||
|
|
||||||
def key=(value)
|
def key=(value)
|
||||||
super(value&.strip)
|
super(value&.strip)
|
||||||
end
|
end
|
||||||
|
|
@ -119,13 +114,7 @@ class GpgKey < ActiveRecord::Base
|
||||||
gpg_subkeys = Gitlab::Gpg.subkeys_from_key(key)
|
gpg_subkeys = Gitlab::Gpg.subkeys_from_key(key)
|
||||||
|
|
||||||
gpg_subkeys[primary_keyid].each do |subkey_data|
|
gpg_subkeys[primary_keyid].each do |subkey_data|
|
||||||
unless subkeys.where(fingerprint: subkey_data[:fingerprint]).exists?
|
subkeys.create!(keyid: subkey_data[:keyid], fingerprint: subkey_data[:fingerprint])
|
||||||
subkeys.create!(
|
|
||||||
user: user,
|
|
||||||
primary_keyid: subkey_data[:keyid],
|
|
||||||
fingerprint: subkey_data[:fingerprint]
|
|
||||||
)
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -43,12 +43,7 @@ module Gitlab
|
||||||
raw_keys.each_with_object(grouped_subkeys).each do |raw_key, subkeys|
|
raw_keys.each_with_object(grouped_subkeys).each do |raw_key, subkeys|
|
||||||
primary_subkey_id = raw_key.primary_subkey.keyid
|
primary_subkey_id = raw_key.primary_subkey.keyid
|
||||||
|
|
||||||
raw_key.subkeys.each do |subkey|
|
raw_key.subkeys[1..-1].each do |subkey|
|
||||||
# Skip if current subkey is a master key
|
|
||||||
next if primary_subkey_id == subkey.keyid
|
|
||||||
# Skip if it isn't a sign key
|
|
||||||
next if subkey.capability.exclude?(:sign)
|
|
||||||
|
|
||||||
subkeys[primary_subkey_id] << { keyid: subkey.keyid, fingerprint: subkey.fingerprint }
|
subkeys[primary_subkey_id] << { keyid: subkey.keyid, fingerprint: subkey.fingerprint }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue