From: Fabian Stelzer <fs@gigacodes.de>
To: git@vger.kernel.org
Cc: Fabian Stelzer <fs@gigacodes.de>
Subject: [RFC PATCH 4/6] ssh signing: git log/check_signature with commit date
Date: Fri, 15 Oct 2021 15:15:05 +0200 [thread overview]
Message-ID: <20211015131507.1773153-5-fs@gigacodes.de> (raw)
In-Reply-To: <20211015131507.1773153-1-fs@gigacodes.de>
Pass the commit date and ident to check_signature when calling git log.
Implements the same tests as for verify-commit.
Signed-off-by: Fabian Stelzer <fs@gigacodes.de>
---
log-tree.c | 23 +++++++++++++++++++----
t/t4202-log.sh | 43 +++++++++++++++++++++++++++++++++++++++++++
2 files changed, 62 insertions(+), 4 deletions(-)
diff --git a/log-tree.c b/log-tree.c
index 3c3aec5c40..2fd7f0c398 100644
--- a/log-tree.c
+++ b/log-tree.c
@@ -509,12 +509,18 @@ static void show_signature(struct rev_info *opt, struct commit *commit)
struct strbuf signature = STRBUF_INIT;
struct signature_check sigc = { 0 };
int status;
+ struct strbuf payload_signer = STRBUF_INIT;
+ timestamp_t payload_timestamp = 0;
if (parse_signed_commit(commit, &payload, &signature, the_hash_algo) <= 0)
goto out;
- status = check_signature(payload.buf, payload.len, 0, NULL, signature.buf,
- signature.len, &sigc);
+ if (parse_signed_buffer_metadata(payload.buf, "committer", &payload_timestamp, &payload_signer))
+ goto out;
+
+ status = check_signature(payload.buf, payload.len, payload_timestamp,
+ &payload_signer, signature.buf, signature.len,
+ &sigc);
if (status && !sigc.output)
show_sig_lines(opt, status, "No signature\n");
else
@@ -524,6 +530,7 @@ static void show_signature(struct rev_info *opt, struct commit *commit)
out:
strbuf_release(&payload);
strbuf_release(&signature);
+ strbuf_release(&payload_signer);
}
static int which_parent(const struct object_id *oid, const struct commit *commit)
@@ -558,6 +565,8 @@ static int show_one_mergetag(struct commit *commit,
int status, nth;
struct strbuf payload = STRBUF_INIT;
struct strbuf signature = STRBUF_INIT;
+ struct strbuf payload_signer = STRBUF_INIT;
+ timestamp_t payload_timestamp = 0;
hash_object_file(the_hash_algo, extra->value, extra->len,
type_name(OBJ_TAG), &oid);
@@ -582,9 +591,14 @@ static int show_one_mergetag(struct commit *commit,
status = -1;
if (parse_signature(extra->value, extra->len, &payload, &signature)) {
+
+ if (parse_signed_buffer_metadata(payload.buf, "tagger", &payload_timestamp, &payload_signer))
+ strbuf_addstr(&verify_message, _("failed to parse timestamp and signer info from payload"));
+
/* could have a good signature */
- status = check_signature(payload.buf, payload.len, 0, NULL,
- signature.buf, signature.len, &sigc);
+ status = check_signature(payload.buf, payload.len, payload_timestamp,
+ &payload_signer, signature.buf,
+ signature.len, &sigc);
if (sigc.output)
strbuf_addstr(&verify_message, sigc.output);
else
@@ -597,6 +611,7 @@ static int show_one_mergetag(struct commit *commit,
strbuf_release(&verify_message);
strbuf_release(&payload);
strbuf_release(&signature);
+ strbuf_release(&payload_signer);
return 0;
}
diff --git a/t/t4202-log.sh b/t/t4202-log.sh
index 6a650dacd6..2b12baab77 100755
--- a/t/t4202-log.sh
+++ b/t/t4202-log.sh
@@ -1626,6 +1626,24 @@ test_expect_success GPGSSH 'setup sshkey signed branch' '
git commit -S -m signed_commit
'
+test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'create signed commits with keys having defined lifetimes' '
+ test_config gpg.format ssh &&
+ touch file &&
+ git add file &&
+
+ echo expired >file && test_tick && git commit -a -m expired -S"${GPGSSH_KEY_EXPIRED}" &&
+ git tag expired-signed &&
+
+ echo notyetvalid >file && test_tick && git commit -a -m notyetvalid -S"${GPGSSH_KEY_NOTYETVALID}" &&
+ git tag notyetvalid-signed &&
+
+ echo timeboxedvalid >file && test_tick && git commit -a -m timeboxedvalid -S"${GPGSSH_KEY_TIMEBOXEDVALID}" &&
+ git tag timeboxedvalid-signed &&
+
+ echo timeboxedinvalid >file && test_tick && git commit -a -m timeboxedinvalid -S"${GPGSSH_KEY_TIMEBOXEDINVALID}" &&
+ git tag timeboxedinvalid-signed
+'
+
test_expect_success GPGSM 'log x509 fingerprint' '
echo "F8BF62E0693D0694816377099909C779FA23FD65 | " >expect &&
git log -n1 --format="%GF | %GP" signed-x509 >actual &&
@@ -1663,6 +1681,31 @@ test_expect_success GPGSSH 'log --graph --show-signature ssh' '
grep "${GOOD_SIGNATURE_TRUSTED}" actual
'
+test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'log shows failure on expired signature key' '
+ test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
+ git log --graph --show-signature -n1 expired-signed >actual &&
+ ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual
+'
+
+test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'log shows failure on not yet valid signature key' '
+ test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
+ git log --graph --show-signature -n1 notyetvalid-signed >actual &&
+ ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual
+'
+
+test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'log show success with commit date and key validity matching' '
+ test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
+ git log --graph --show-signature -n1 timeboxedvalid-signed >actual &&
+ grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual &&
+ ! grep "${GPGSSH_BAD_SIGNATURE}" actual
+'
+
+test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'log shows failure with commit date outside of key validity' '
+ test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
+ git log --graph --show-signature -n1 timeboxedinvalid-signed >actual &&
+ ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual
+'
+
test_expect_success GPG 'log --graph --show-signature for merged tag' '
test_when_finished "git reset --hard && git checkout main" &&
git checkout -b plain main &&
--
2.31.1
next prev parent reply other threads:[~2021-10-15 13:15 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-15 13:15 [RFC PATCH 0/6] ssh signing: verify key lifetime Fabian Stelzer
2021-10-15 13:15 ` [RFC PATCH 1/6] ssh signing: extend check_signature to accept payload metadata Fabian Stelzer
2021-10-15 13:15 ` [RFC PATCH 2/6] ssh signing: add key lifetime test prereqs Fabian Stelzer
2021-10-15 13:15 ` [RFC PATCH 3/6] ssh signing: verify-commit/check_signature with commit date Fabian Stelzer
2021-10-15 13:15 ` Fabian Stelzer [this message]
2021-10-15 13:15 ` [RFC PATCH 5/6] ssh signing: verify-tag/check_signature with tag date Fabian Stelzer
2021-10-15 13:15 ` [RFC PATCH 6/6] ssh signing: fmt-merge-msg/check_signature " Fabian Stelzer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211015131507.1773153-5-fs@gigacodes.de \
--to=fs@gigacodes.de \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).