2020-03-13 15:44:24 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
require 'openssl'
|
|
|
|
require 'digest'
|
|
|
|
|
|
|
|
module Gitlab
|
|
|
|
module X509
|
|
|
|
class Commit < Gitlab::SignedCommit
|
|
|
|
def signature
|
|
|
|
super
|
|
|
|
|
|
|
|
return @signature if @signature
|
|
|
|
|
|
|
|
cached_signature = lazy_signature&.itself
|
|
|
|
return @signature = cached_signature if cached_signature.present?
|
|
|
|
|
|
|
|
@signature = create_cached_signature!
|
|
|
|
end
|
|
|
|
|
|
|
|
def update_signature!(cached_signature)
|
|
|
|
cached_signature.update!(attributes)
|
|
|
|
@signature = cached_signature
|
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
def lazy_signature
|
|
|
|
BatchLoader.for(@commit.sha).batch do |shas, loader|
|
|
|
|
X509CommitSignature.by_commit_sha(shas).each do |signature|
|
|
|
|
loader.call(signature.commit_sha, signature)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def attributes
|
2020-04-22 19:07:51 +05:30
|
|
|
return if @commit.sha.nil? || @commit.project.nil?
|
2020-03-13 15:44:24 +05:30
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
signature = X509::Signature.new(signature_text, signed_text, @commit.committer_email, @commit.created_at)
|
|
|
|
|
|
|
|
return if signature.verified_signature.nil? || signature.x509_certificate.nil?
|
2020-03-13 15:44:24 +05:30
|
|
|
|
|
|
|
{
|
|
|
|
commit_sha: @commit.sha,
|
|
|
|
project: @commit.project,
|
2020-04-22 19:07:51 +05:30
|
|
|
x509_certificate_id: signature.x509_certificate.id,
|
|
|
|
verification_status: signature.verification_status
|
2020-03-13 15:44:24 +05:30
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
def create_cached_signature!
|
2020-04-22 19:07:51 +05:30
|
|
|
return if attributes.nil?
|
2020-03-13 15:44:24 +05:30
|
|
|
|
|
|
|
return X509CommitSignature.new(attributes) if Gitlab::Database.read_only?
|
|
|
|
|
|
|
|
X509CommitSignature.safe_create!(attributes)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|