diff options
author | Daniel Baumann <daniel@debian.org> | 2024-10-18 20:33:49 +0200 |
---|---|---|
committer | Daniel Baumann <daniel@debian.org> | 2024-12-12 23:57:56 +0100 |
commit | e68b9d00a6e05b3a941f63ffb696f91e554ac5ec (patch) | |
tree | 97775d6c13b0f416af55314eb6a89ef792474615 /models/asymkey/ssh_key_verify.go | |
parent | Initial commit. (diff) | |
download | forgejo-e68b9d00a6e05b3a941f63ffb696f91e554ac5ec.tar.xz forgejo-e68b9d00a6e05b3a941f63ffb696f91e554ac5ec.zip |
Adding upstream version 9.0.3.
Signed-off-by: Daniel Baumann <daniel@debian.org>
Diffstat (limited to '')
-rw-r--r-- | models/asymkey/ssh_key_verify.go | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/models/asymkey/ssh_key_verify.go b/models/asymkey/ssh_key_verify.go new file mode 100644 index 0000000..208288c --- /dev/null +++ b/models/asymkey/ssh_key_verify.go @@ -0,0 +1,55 @@ +// Copyright 2021 The Gitea Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +package asymkey + +import ( + "bytes" + "context" + + "code.gitea.io/gitea/models/db" + "code.gitea.io/gitea/modules/log" + + "github.com/42wim/sshsig" +) + +// VerifySSHKey marks a SSH key as verified +func VerifySSHKey(ctx context.Context, ownerID int64, fingerprint, token, signature string) (string, error) { + ctx, committer, err := db.TxContext(ctx) + if err != nil { + return "", err + } + defer committer.Close() + + key := new(PublicKey) + + has, err := db.GetEngine(ctx).Where("owner_id = ? AND fingerprint = ?", ownerID, fingerprint).Get(key) + if err != nil { + return "", err + } else if !has { + return "", ErrKeyNotExist{} + } + + err = sshsig.Verify(bytes.NewBuffer([]byte(token)), []byte(signature), []byte(key.Content), "gitea") + if err != nil { + // edge case for Windows based shells that will add CR LF if piped to ssh-keygen command + // see https://github.com/PowerShell/PowerShell/issues/5974 + if sshsig.Verify(bytes.NewBuffer([]byte(token+"\r\n")), []byte(signature), []byte(key.Content), "gitea") != nil { + log.Error("Unable to validate token signature. Error: %v", err) + return "", ErrSSHInvalidTokenSignature{ + Fingerprint: key.Fingerprint, + } + } + } + + key.Verified = true + if _, err := db.GetEngine(ctx).ID(key.ID).Cols("verified").Update(key); err != nil { + return "", err + } + + if err := committer.Commit(); err != nil { + return "", err + } + + return key.Fingerprint, nil +} |