Commit 611e32ef authored by Roger Meier's avatar Roger Meier Committed by Nick Thomas

Add api endpoint to get x509 signature

parent 87111a8c
---
title: Add api endpoint to get x509 signature
merge_request: 28590
author: Roger Meier
type: added
...@@ -741,19 +741,43 @@ Parameters: ...@@ -741,19 +741,43 @@ Parameters:
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/1/repository/commits/da738facbc19eb2fc2cef57c49be0e6038570352/signature" curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/1/repository/commits/da738facbc19eb2fc2cef57c49be0e6038570352/signature"
``` ```
Example response if commit is signed: Example response if commit is GPG signed:
```json ```json
{ {
"signature_type": "PGP",
"verification_status": "verified",
"gpg_key_id": 1, "gpg_key_id": 1,
"gpg_key_primary_keyid": "8254AAB3FBD54AC9", "gpg_key_primary_keyid": "8254AAB3FBD54AC9",
"gpg_key_user_name": "John Doe", "gpg_key_user_name": "John Doe",
"gpg_key_user_email": "johndoe@example.com", "gpg_key_user_email": "johndoe@example.com",
"verification_status": "verified",
"gpg_key_subkey_id": null "gpg_key_subkey_id": null
} }
``` ```
Example response if commit is x509 signed:
```json
{
"signature_type": "X509",
"verification_status": "unverified",
"x509_certificate": {
"id": 1,
"subject": "CN=gitlab@example.org,OU=Example,O=World",
"subject_key_identifier": "BC:BC:BC:BC:BC:BC:BC:BC:BC:BC:BC:BC:BC:BC:BC:BC:BC:BC:BC:BC",
"email": "gitlab@example.org",
"serial_number": 278969561018901340486471282831158785578,
"certificate_status": "good",
"x509_issuer": {
"id": 1,
"subject": "CN=PKI,OU=Example,O=World",
"subject_key_identifier": "AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB",
"crl_url": "http://example.com/pki.crl"
}
}
}
```
Example response if commit is unsigned: Example response if commit is unsigned:
```json ```json
......
...@@ -356,7 +356,7 @@ module API ...@@ -356,7 +356,7 @@ module API
present paginate(commit_merge_requests), with: Entities::MergeRequestBasic present paginate(commit_merge_requests), with: Entities::MergeRequestBasic
end end
desc "Get a commit's GPG signature" do desc "Get a commit's signature" do
success Entities::CommitSignature success Entities::CommitSignature
end end
params do params do
...@@ -365,11 +365,9 @@ module API ...@@ -365,11 +365,9 @@ module API
get ':id/repository/commits/:sha/signature', requirements: API::COMMIT_ENDPOINT_REQUIREMENTS do get ':id/repository/commits/:sha/signature', requirements: API::COMMIT_ENDPOINT_REQUIREMENTS do
commit = user_project.commit(params[:sha]) commit = user_project.commit(params[:sha])
not_found! 'Commit' unless commit not_found! 'Commit' unless commit
not_found! 'Signature' unless commit.has_signature?
signature = commit.signature present commit, with: Entities::CommitSignature
not_found! 'GPG Signature' unless signature
present signature, with: Entities::CommitSignature
end end
end end
end end
......
...@@ -3,10 +3,14 @@ ...@@ -3,10 +3,14 @@
module API module API
module Entities module Entities
class CommitSignature < Grape::Entity class CommitSignature < Grape::Entity
expose :gpg_key_id expose :signature_type
expose :gpg_key_primary_keyid, :gpg_key_user_name, :gpg_key_user_email expose :signature, merge: true do |commit, options|
expose :verification_status if commit.signature.is_a?(GpgSignature)
expose :gpg_key_subkey_id ::API::Entities::GpgCommitSignature.represent commit.signature, options
elsif commit.signature.is_a?(X509CommitSignature)
::API::Entities::X509Signature.represent commit.signature, options
end
end
end end
end end
end end
# frozen_string_literal: true
module API
module Entities
class GpgCommitSignature < Grape::Entity
expose :verification_status
expose :gpg_key_id
expose :gpg_key_primary_keyid, :gpg_key_user_name, :gpg_key_user_email
expose :gpg_key_subkey_id
end
end
end
# frozen_string_literal: true
module API
module Entities
class X509Certificate < Grape::Entity
expose :id
expose :subject
expose :subject_key_identifier
expose :email
expose :serial_number
expose :certificate_status
expose :x509_issuer, using: 'API::Entities::X509Issuer'
end
end
end
# frozen_string_literal: true
module API
module Entities
class X509Issuer < Grape::Entity
expose :id
expose :subject
expose :subject_key_identifier
expose :crl_url
end
end
end
# frozen_string_literal: true
module API
module Entities
class X509Signature < Grape::Entity
expose :verification_status
expose :x509_certificate, using: 'API::Entities::X509Certificate'
end
end
end
...@@ -1889,11 +1889,11 @@ describe API::Commits do ...@@ -1889,11 +1889,11 @@ describe API::Commits do
context 'unsigned commit' do context 'unsigned commit' do
it_behaves_like '404 response' do it_behaves_like '404 response' do
let(:request) { get api(route, current_user) } let(:request) { get api(route, current_user) }
let(:message) { '404 GPG Signature Not Found'} let(:message) { '404 Signature Not Found'}
end end
end end
context 'signed commit' do context 'gpg signed commit' do
let(:commit) { project.repository.commit(GpgHelpers::SIGNED_COMMIT_SHA) } let(:commit) { project.repository.commit(GpgHelpers::SIGNED_COMMIT_SHA) }
let(:commit_id) { commit.id } let(:commit_id) { commit.id }
...@@ -1901,11 +1901,35 @@ describe API::Commits do ...@@ -1901,11 +1901,35 @@ describe API::Commits do
get api(route, current_user) get api(route, current_user)
expect(response).to have_gitlab_http_status(:ok) expect(response).to have_gitlab_http_status(:ok)
expect(json_response['signature_type']).to eq('PGP')
expect(json_response['gpg_key_id']).to eq(commit.signature.gpg_key_id) expect(json_response['gpg_key_id']).to eq(commit.signature.gpg_key_id)
expect(json_response['gpg_key_subkey_id']).to eq(commit.signature.gpg_key_subkey_id) expect(json_response['gpg_key_subkey_id']).to eq(commit.signature.gpg_key_subkey_id)
expect(json_response['gpg_key_primary_keyid']).to eq(commit.signature.gpg_key_primary_keyid) expect(json_response['gpg_key_primary_keyid']).to eq(commit.signature.gpg_key_primary_keyid)
expect(json_response['verification_status']).to eq(commit.signature.verification_status) expect(json_response['verification_status']).to eq(commit.signature.verification_status)
end end
end end
context 'x509 signed commit' do
let(:commit) { project.repository.commit_by(oid: '189a6c924013fc3fe40d6f1ec1dc20214183bc97') }
let(:commit_id) { commit.id }
it 'returns correct JSON' do
get api(route, current_user)
expect(response).to have_gitlab_http_status(:ok)
expect(json_response['signature_type']).to eq('X509')
expect(json_response['verification_status']).to eq(commit.signature.verification_status)
expect(json_response['x509_certificate']['id']).to eq(commit.signature.x509_certificate.id)
expect(json_response['x509_certificate']['subject']).to eq(commit.signature.x509_certificate.subject)
expect(json_response['x509_certificate']['subject_key_identifier']).to eq(commit.signature.x509_certificate.subject_key_identifier)
expect(json_response['x509_certificate']['email']).to eq(commit.signature.x509_certificate.email)
expect(json_response['x509_certificate']['serial_number']).to eq(commit.signature.x509_certificate.serial_number)
expect(json_response['x509_certificate']['certificate_status']).to eq(commit.signature.x509_certificate.certificate_status)
expect(json_response['x509_certificate']['x509_issuer']['id']).to eq(commit.signature.x509_certificate.x509_issuer.id)
expect(json_response['x509_certificate']['x509_issuer']['subject']).to eq(commit.signature.x509_certificate.x509_issuer.subject)
expect(json_response['x509_certificate']['x509_issuer']['subject_key_identifier']).to eq(commit.signature.x509_certificate.x509_issuer.subject_key_identifier)
expect(json_response['x509_certificate']['x509_issuer']['crl_url']).to eq(commit.signature.x509_certificate.x509_issuer.crl_url)
end
end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment