Merge branch 'id-verify-signature' into 'master'

Extend GetCommitSignatures to return Signer See merge request https://gitlab.com/gitlab-org/gitaly/-/merge_requests/5961 Merged-by: Patrick Steinhardt <psteinhardt@gitlab.com> Approved-by: Patrick Steinhardt <psteinhardt@gitlab.com> Reviewed-by: Igor Drozdov <idrozdov@gitlab.com> Reviewed-by: Patrick Steinhardt <psteinhardt@gitlab.com> Reviewed-by: Will Chandler <wchandler@gitlab.com> Co-authored-by: Igor Drozdov <idrozdov@gitlab.com>
author: Patrick Steinhardt <psteinhardt@gitlab.com> 2023-06-29 09:19:10 +0300
committer: Patrick Steinhardt <psteinhardt@gitlab.com> 2023-06-29 09:19:10 +0300
commit: e12d191e0ac316f1084eff3ebcf75b0a22a668d7 (patch)
tree: 4f28c0e2dbe64c1af88d71c7c054273cc3591775 /internal/git2go
parent: dd1b32fff7eaeb1d8002563b67ae0da110594be4 (diff)
parent: 06ec73c64bed32ce40bc839910a0a73d9b72dd01 (diff)
4 files changed, 6 insertions, 22 deletions
diff --git a/internal/git2go/commit_test.go b/internal/git2go/commit_test.go
index ea49c0e5e..aff97419e 100644
--- a/internal/git2go/commit_test.go
+++ b/internal/git2go/commit_test.go
@@ -8,11 +8,8 @@ import (
 	"errors"
 	"fmt"
 	"os"
-	"strings"
 	"testing"
 
-	"github.com/ProtonMail/go-crypto/openpgp"
-	"github.com/ProtonMail/go-crypto/openpgp/packet"
 	"github.com/stretchr/testify/require"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/git"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/git/gittest"
@@ -522,16 +519,17 @@ func TestExecutor_Commit(t *testing.T) {
 						{Mode: DefaultMode, Path: "file", Content: "updated"},
 					},
 					testCommit: func(tb testing.TB, commitID git.ObjectID, key signingKey) {
-						gpgsig, dataWithoutGpgSig := extractSignature(t, ctx, repo, commitID)
+						sshsig, dataWithoutSSHSig := extractSignature(t, ctx, repo, commitID)
 
-						err := signature.VerifySSH(key.path+".pub", []byte(gpgsig), []byte(dataWithoutGpgSig))
+						signingKey, err := signature.ParseSigningKey(key.path)
 						require.NoError(tb, err)
+						require.NoError(tb, signingKey.Verify([]byte(sshsig), []byte(dataWithoutSSHSig)))
 
 						// Verify that the generated signature equals the one generated by Git for the identical content.
 						if key.sigPath != "" {
 							expectedSig, err := os.ReadFile(key.sigPath)
 							require.NoError(tb, err)
-							require.Equal(tb, string(expectedSig), gpgsig)
+							require.Equal(tb, string(expectedSig), sshsig)
 						}
 					},
 				},
@@ -563,20 +561,9 @@ func TestExecutor_Commit(t *testing.T) {
 					testCommit: func(tb testing.TB, commitID git.ObjectID, key signingKey) {
 						gpgsig, dataWithoutGpgSig := extractSignature(t, ctx, repo, commitID)
 
-						file, err := os.Open(key.path + ".pub")
-						require.NoError(tb, err)
-						defer testhelper.MustClose(tb, file)
-
-						keyring, err := openpgp.ReadKeyRing(file)
-						require.NoError(tb, err)
-
-						_, err = openpgp.CheckArmoredDetachedSignature(
-							keyring,
-							strings.NewReader(dataWithoutGpgSig),
-							strings.NewReader(gpgsig),
-							&packet.Config{},
-						)
+						signingKey, err := signature.ParseSigningKey(key.path)
 						require.NoError(tb, err)
+						require.NoError(tb, signingKey.Verify([]byte(gpgsig), []byte(dataWithoutGpgSig)))
 					},
 				},
 			},
diff --git a/internal/git2go/testdata/signing_ssh_key_ecdsa.pub b/internal/git2go/testdata/signing_ssh_key_ecdsa.pub
deleted file mode 100644
index 43cf9d4eb..000000000
--- a/internal/git2go/testdata/signing_ssh_key_ecdsa.pub
+++ /dev/null
@@ -1 +0,0 @@
-ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBADNDgupT5psvNahGy+MDQkmDGFpWpgwXtxlCH7H1TsTt3Y2QtMaT87wDNcjTHfsL4RdsfdJ8LnMBSUpEEqyacFTeQEzCDl6TSGp6S8+2Xrz2bSbdbHsY0sU0Vs41trssWX+diMFlDpVaHeF1RzLNA6zbcDvBcGMwgx0Oank3UHb70PbxA== user@localhost
diff --git a/internal/git2go/testdata/signing_ssh_key_ed25519.pub b/internal/git2go/testdata/signing_ssh_key_ed25519.pub
deleted file mode 100644
index 3d19b507c..000000000
--- a/internal/git2go/testdata/signing_ssh_key_ed25519.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFcykDaUT7x4oXyUCfgqJhfAXRbhtsLl4fi4142zrPCI user@localhost
diff --git a/internal/git2go/testdata/signing_ssh_key_rsa.pub b/internal/git2go/testdata/signing_ssh_key_rsa.pub
deleted file mode 100644
index 1db22a053..000000000
--- a/internal/git2go/testdata/signing_ssh_key_rsa.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDhn0or8bp0JRdMBKhEBeSFf9iWOK6OHyfWqVTT9aRwrEodO4tg1ky96JYbGZLNW3d/t4Qt1sH5AU04oeVrtFNUhoRyakLoYH5ss6VFQBPfsVoFFmDRKYyUmw711RiP1PTzeaPwyuk2DiS+oRrf7dY9i6uSrtBVKakpIqmX0Enk0uUABcAE8+XprTLCTtrl/agAiPlco8nRoBUIss98iJOp3siFPBt3UT+bj2+v/dqVI8iRvDsNJJ73Ys9Y+LDCqIO14qSSU8dZQ+wrQVK7+wE/9z1lGgjF9/NALSyQYBfeTM3wu4xIdiKSPKQDmAM3TUiLbi1ZVMN6+ifEcpKiDaNkuihUsXLCOVRwKnaC731QBzWpJOA3WrvC0dpQQ5fc4BdcmgoditNdIYC26whNiKQi/zjb8LGb/2OnC0Ez3paVDZiNWRAD+Rq/0u4nVmqiytw5lSMmck14wkKNdfiJnj3b4jF+zUE+C1D1T3Oy8wwcIceFfaFgWyPH2PT5+xVRNCczKm6bC7yslU2W/bgDw9tCwzvHUO4FLDg6CMpXWt3xX1s7bQFUV/sjflVbj7mhZit9oUlQyfaqbEOW6YRcjV2CYC+OTXlOguBGcRD2bvo/lCNb9hVIs0DUy6KxDIAWH1Z7+ME0j24rdS5GsVMsz/CyGWUmRNRJxrCsr+USMB9ebQ== user@localhost
author	Patrick Steinhardt <psteinhardt@gitlab.com>	2023-06-29 09:19:10 +0300
committer	Patrick Steinhardt <psteinhardt@gitlab.com>	2023-06-29 09:19:10 +0300
commit	e12d191e0ac316f1084eff3ebcf75b0a22a668d7 (patch)
tree	4f28c0e2dbe64c1af88d71c7c054273cc3591775 /internal/git2go
parent	dd1b32fff7eaeb1d8002563b67ae0da110594be4 (diff)
parent	06ec73c64bed32ce40bc839910a0a73d9b72dd01 (diff)