Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
611e32ef
Commit
611e32ef
authored
Apr 03, 2020
by
Roger Meier
Committed by
Nick Thomas
Apr 03, 2020
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add api endpoint to get x509 signature
parent
87111a8c
Changes
9
Hide whitespace changes
Inline
Side-by-side
Showing
9 changed files
with
117 additions
and
13 deletions
+117
-13
changelogs/unreleased/feat-x509-signatures-api-endpoint.yml
changelogs/unreleased/feat-x509-signatures-api-endpoint.yml
+5
-0
doc/api/commits.md
doc/api/commits.md
+26
-2
lib/api/commits.rb
lib/api/commits.rb
+3
-5
lib/api/entities/commit_signature.rb
lib/api/entities/commit_signature.rb
+8
-4
lib/api/entities/gpg_commit_signature.rb
lib/api/entities/gpg_commit_signature.rb
+12
-0
lib/api/entities/x509_certificate.rb
lib/api/entities/x509_certificate.rb
+15
-0
lib/api/entities/x509_issuer.rb
lib/api/entities/x509_issuer.rb
+12
-0
lib/api/entities/x509_signature.rb
lib/api/entities/x509_signature.rb
+10
-0
spec/requests/api/commits_spec.rb
spec/requests/api/commits_spec.rb
+26
-2
No files found.
changelogs/unreleased/feat-x509-signatures-api-endpoint.yml
0 → 100644
View file @
611e32ef
---
title
:
Add api endpoint to get x509 signature
merge_request
:
28590
author
:
Roger Meier
type
:
added
doc/api/commits.md
View file @
611e32ef
...
@@ -741,19 +741,43 @@ Parameters:
...
@@ -741,19 +741,43 @@ Parameters:
curl
--header
"PRIVATE-TOKEN: <your_access_token>"
"https://gitlab.example.com/api/v4/projects/1/repository/commits/da738facbc19eb2fc2cef57c49be0e6038570352/signature"
curl
--header
"PRIVATE-TOKEN: <your_access_token>"
"https://gitlab.example.com/api/v4/projects/1/repository/commits/da738facbc19eb2fc2cef57c49be0e6038570352/signature"
```
```
Example response if commit is signed:
Example response if commit is
GPG
signed:
```
json
```
json
{
{
"signature_type"
:
"PGP"
,
"verification_status"
:
"verified"
,
"gpg_key_id"
:
1
,
"gpg_key_id"
:
1
,
"gpg_key_primary_keyid"
:
"8254AAB3FBD54AC9"
,
"gpg_key_primary_keyid"
:
"8254AAB3FBD54AC9"
,
"gpg_key_user_name"
:
"John Doe"
,
"gpg_key_user_name"
:
"John Doe"
,
"gpg_key_user_email"
:
"johndoe@example.com"
,
"gpg_key_user_email"
:
"johndoe@example.com"
,
"verification_status"
:
"verified"
,
"gpg_key_subkey_id"
:
null
"gpg_key_subkey_id"
:
null
}
}
```
```
Example response if commit is x509 signed:
```
json
{
"signature_type"
:
"X509"
,
"verification_status"
:
"unverified"
,
"x509_certificate"
:
{
"id"
:
1
,
"subject"
:
"CN=gitlab@example.org,OU=Example,O=World"
,
"subject_key_identifier"
:
"BC:BC:BC:BC:BC:BC:BC:BC:BC:BC:BC:BC:BC:BC:BC:BC:BC:BC:BC:BC"
,
"email"
:
"gitlab@example.org"
,
"serial_number"
:
278969561018901340486471282831158785578
,
"certificate_status"
:
"good"
,
"x509_issuer"
:
{
"id"
:
1
,
"subject"
:
"CN=PKI,OU=Example,O=World"
,
"subject_key_identifier"
:
"AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB"
,
"crl_url"
:
"http://example.com/pki.crl"
}
}
}
```
Example response if commit is unsigned:
Example response if commit is unsigned:
```
json
```
json
...
...
lib/api/commits.rb
View file @
611e32ef
...
@@ -356,7 +356,7 @@ module API
...
@@ -356,7 +356,7 @@ module API
present
paginate
(
commit_merge_requests
),
with:
Entities
::
MergeRequestBasic
present
paginate
(
commit_merge_requests
),
with:
Entities
::
MergeRequestBasic
end
end
desc
"Get a commit's
GPG
signature"
do
desc
"Get a commit's signature"
do
success
Entities
::
CommitSignature
success
Entities
::
CommitSignature
end
end
params
do
params
do
...
@@ -365,11 +365,9 @@ module API
...
@@ -365,11 +365,9 @@ module API
get
':id/repository/commits/:sha/signature'
,
requirements:
API
::
COMMIT_ENDPOINT_REQUIREMENTS
do
get
':id/repository/commits/:sha/signature'
,
requirements:
API
::
COMMIT_ENDPOINT_REQUIREMENTS
do
commit
=
user_project
.
commit
(
params
[
:sha
])
commit
=
user_project
.
commit
(
params
[
:sha
])
not_found!
'Commit'
unless
commit
not_found!
'Commit'
unless
commit
not_found!
'Signature'
unless
commit
.
has_signature?
signature
=
commit
.
signature
present
commit
,
with:
Entities
::
CommitSignature
not_found!
'GPG Signature'
unless
signature
present
signature
,
with:
Entities
::
CommitSignature
end
end
end
end
end
end
...
...
lib/api/entities/commit_signature.rb
View file @
611e32ef
...
@@ -3,10 +3,14 @@
...
@@ -3,10 +3,14 @@
module
API
module
API
module
Entities
module
Entities
class
CommitSignature
<
Grape
::
Entity
class
CommitSignature
<
Grape
::
Entity
expose
:gpg_key_id
expose
:signature_type
expose
:gpg_key_primary_keyid
,
:gpg_key_user_name
,
:gpg_key_user_email
expose
:signature
,
merge:
true
do
|
commit
,
options
|
expose
:verification_status
if
commit
.
signature
.
is_a?
(
GpgSignature
)
expose
:gpg_key_subkey_id
::
API
::
Entities
::
GpgCommitSignature
.
represent
commit
.
signature
,
options
elsif
commit
.
signature
.
is_a?
(
X509CommitSignature
)
::
API
::
Entities
::
X509Signature
.
represent
commit
.
signature
,
options
end
end
end
end
end
end
end
end
lib/api/entities/gpg_commit_signature.rb
0 → 100644
View file @
611e32ef
# frozen_string_literal: true
module
API
module
Entities
class
GpgCommitSignature
<
Grape
::
Entity
expose
:verification_status
expose
:gpg_key_id
expose
:gpg_key_primary_keyid
,
:gpg_key_user_name
,
:gpg_key_user_email
expose
:gpg_key_subkey_id
end
end
end
lib/api/entities/x509_certificate.rb
0 → 100644
View file @
611e32ef
# frozen_string_literal: true
module
API
module
Entities
class
X509Certificate
<
Grape
::
Entity
expose
:id
expose
:subject
expose
:subject_key_identifier
expose
:email
expose
:serial_number
expose
:certificate_status
expose
:x509_issuer
,
using:
'API::Entities::X509Issuer'
end
end
end
lib/api/entities/x509_issuer.rb
0 → 100644
View file @
611e32ef
# frozen_string_literal: true
module
API
module
Entities
class
X509Issuer
<
Grape
::
Entity
expose
:id
expose
:subject
expose
:subject_key_identifier
expose
:crl_url
end
end
end
lib/api/entities/x509_signature.rb
0 → 100644
View file @
611e32ef
# frozen_string_literal: true
module
API
module
Entities
class
X509Signature
<
Grape
::
Entity
expose
:verification_status
expose
:x509_certificate
,
using:
'API::Entities::X509Certificate'
end
end
end
spec/requests/api/commits_spec.rb
View file @
611e32ef
...
@@ -1889,11 +1889,11 @@ describe API::Commits do
...
@@ -1889,11 +1889,11 @@ describe API::Commits do
context
'unsigned commit'
do
context
'unsigned commit'
do
it_behaves_like
'404 response'
do
it_behaves_like
'404 response'
do
let
(
:request
)
{
get
api
(
route
,
current_user
)
}
let
(
:request
)
{
get
api
(
route
,
current_user
)
}
let
(
:message
)
{
'404
GPG
Signature Not Found'
}
let
(
:message
)
{
'404 Signature Not Found'
}
end
end
end
end
context
'signed commit'
do
context
'
gpg
signed commit'
do
let
(
:commit
)
{
project
.
repository
.
commit
(
GpgHelpers
::
SIGNED_COMMIT_SHA
)
}
let
(
:commit
)
{
project
.
repository
.
commit
(
GpgHelpers
::
SIGNED_COMMIT_SHA
)
}
let
(
:commit_id
)
{
commit
.
id
}
let
(
:commit_id
)
{
commit
.
id
}
...
@@ -1901,11 +1901,35 @@ describe API::Commits do
...
@@ -1901,11 +1901,35 @@ describe API::Commits do
get
api
(
route
,
current_user
)
get
api
(
route
,
current_user
)
expect
(
response
).
to
have_gitlab_http_status
(
:ok
)
expect
(
response
).
to
have_gitlab_http_status
(
:ok
)
expect
(
json_response
[
'signature_type'
]).
to
eq
(
'PGP'
)
expect
(
json_response
[
'gpg_key_id'
]).
to
eq
(
commit
.
signature
.
gpg_key_id
)
expect
(
json_response
[
'gpg_key_id'
]).
to
eq
(
commit
.
signature
.
gpg_key_id
)
expect
(
json_response
[
'gpg_key_subkey_id'
]).
to
eq
(
commit
.
signature
.
gpg_key_subkey_id
)
expect
(
json_response
[
'gpg_key_subkey_id'
]).
to
eq
(
commit
.
signature
.
gpg_key_subkey_id
)
expect
(
json_response
[
'gpg_key_primary_keyid'
]).
to
eq
(
commit
.
signature
.
gpg_key_primary_keyid
)
expect
(
json_response
[
'gpg_key_primary_keyid'
]).
to
eq
(
commit
.
signature
.
gpg_key_primary_keyid
)
expect
(
json_response
[
'verification_status'
]).
to
eq
(
commit
.
signature
.
verification_status
)
expect
(
json_response
[
'verification_status'
]).
to
eq
(
commit
.
signature
.
verification_status
)
end
end
end
end
context
'x509 signed commit'
do
let
(
:commit
)
{
project
.
repository
.
commit_by
(
oid:
'189a6c924013fc3fe40d6f1ec1dc20214183bc97'
)
}
let
(
:commit_id
)
{
commit
.
id
}
it
'returns correct JSON'
do
get
api
(
route
,
current_user
)
expect
(
response
).
to
have_gitlab_http_status
(
:ok
)
expect
(
json_response
[
'signature_type'
]).
to
eq
(
'X509'
)
expect
(
json_response
[
'verification_status'
]).
to
eq
(
commit
.
signature
.
verification_status
)
expect
(
json_response
[
'x509_certificate'
][
'id'
]).
to
eq
(
commit
.
signature
.
x509_certificate
.
id
)
expect
(
json_response
[
'x509_certificate'
][
'subject'
]).
to
eq
(
commit
.
signature
.
x509_certificate
.
subject
)
expect
(
json_response
[
'x509_certificate'
][
'subject_key_identifier'
]).
to
eq
(
commit
.
signature
.
x509_certificate
.
subject_key_identifier
)
expect
(
json_response
[
'x509_certificate'
][
'email'
]).
to
eq
(
commit
.
signature
.
x509_certificate
.
email
)
expect
(
json_response
[
'x509_certificate'
][
'serial_number'
]).
to
eq
(
commit
.
signature
.
x509_certificate
.
serial_number
)
expect
(
json_response
[
'x509_certificate'
][
'certificate_status'
]).
to
eq
(
commit
.
signature
.
x509_certificate
.
certificate_status
)
expect
(
json_response
[
'x509_certificate'
][
'x509_issuer'
][
'id'
]).
to
eq
(
commit
.
signature
.
x509_certificate
.
x509_issuer
.
id
)
expect
(
json_response
[
'x509_certificate'
][
'x509_issuer'
][
'subject'
]).
to
eq
(
commit
.
signature
.
x509_certificate
.
x509_issuer
.
subject
)
expect
(
json_response
[
'x509_certificate'
][
'x509_issuer'
][
'subject_key_identifier'
]).
to
eq
(
commit
.
signature
.
x509_certificate
.
x509_issuer
.
subject_key_identifier
)
expect
(
json_response
[
'x509_certificate'
][
'x509_issuer'
][
'crl_url'
]).
to
eq
(
commit
.
signature
.
x509_certificate
.
x509_issuer
.
crl_url
)
end
end
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment