GerritPublicKeyChecker: Resolve external ID via account index

GerritPublicKeyChecker needs to find the account for a given public
PGP key. Lookup the coresponding external ID via the account index
instead of loading it from the database.

This is a preparation for moving the external IDs into git.

Change-Id: Ia456c5bdb89da294b51a86087b92ad14165eae8a
Signed-off-by: Edwin Kempin <ekempin@google.com>

gerrit-gpg/src/main/java/com/google/gerrit/gpg/GerritPublicKeyChecker.java

@@ -28,8 +28,11 @@ import com.google.gerrit.common.PageLinks;
 import com.google.gerrit.reviewdb.client.AccountExternalId;
 import com.google.gerrit.reviewdb.server.ReviewDb;
 import com.google.gerrit.server.IdentifiedUser;
+import com.google.gerrit.server.account.AccountState;
 import com.google.gerrit.server.config.CanonicalWebUrl;
 import com.google.gerrit.server.config.GerritServerConfig;
+import com.google.gerrit.server.index.account.AccountIndexCollection;
+import com.google.gerrit.server.query.account.InternalAccountQuery;
 import com.google.gwtorm.server.OrmException;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
@@ -47,6 +50,7 @@ import org.slf4j.LoggerFactory;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Iterator;
+import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
@@ -63,6 +67,8 @@ public class GerritPublicKeyChecker extends PublicKeyChecker {
   @Singleton
   public static class Factory {
     private final Provider<ReviewDb> db;
+    private final AccountIndexCollection accountIndexes;
+    private final Provider<InternalAccountQuery> accountQueryProvider;
     private final String webUrl;
     private final IdentifiedUser.GenericFactory userFactory;
     private final int maxTrustDepth;
@@ -71,9 +77,13 @@ public class GerritPublicKeyChecker extends PublicKeyChecker {
     @Inject
     Factory(@GerritServerConfig Config cfg,
         Provider<ReviewDb> db,
+        AccountIndexCollection accountIndexes,
+        Provider<InternalAccountQuery> accountQueryProvider,
         IdentifiedUser.GenericFactory userFactory,
         @CanonicalWebUrl String webUrl) {
       this.db = db;
+      this.accountIndexes = accountIndexes;
+      this.accountQueryProvider = accountQueryProvider;
       this.webUrl = webUrl;
       this.userFactory = userFactory;
       this.maxTrustDepth = cfg.getInt("receive", null, "maxTrustDepth", 0);
@@ -107,6 +117,8 @@ public class GerritPublicKeyChecker extends PublicKeyChecker {
   }
 
   private final Provider<ReviewDb> db;
+  private final AccountIndexCollection accountIndexes;
+  private final Provider<InternalAccountQuery> accountQueryProvider;
   private final String webUrl;
   private final IdentifiedUser.GenericFactory userFactory;
 
@@ -114,6 +126,8 @@ public class GerritPublicKeyChecker extends PublicKeyChecker {
 
   private GerritPublicKeyChecker(Factory factory) {
     this.db = factory.db;
+    this.accountIndexes = factory.accountIndexes;
+    this.accountQueryProvider = factory.accountQueryProvider;
     this.webUrl = factory.webUrl;
     this.userFactory = factory.userFactory;
     if (factory.trusted != null) {
@@ -163,12 +177,26 @@ public class GerritPublicKeyChecker extends PublicKeyChecker {
 
   private CheckResult checkIdsForArbitraryUser(PGPPublicKey key)
       throws PGPException, OrmException {
+    IdentifiedUser user;
+    if (accountIndexes.getSearchIndex() != null) {
+      List<AccountState> accountStates =
+          accountQueryProvider.get().byExternalId(toExtIdKey(key).get());
+      if (accountStates.isEmpty()) {
+        return CheckResult.bad("Key is not associated with any users");
+      }
+      if (accountStates.size() > 1) {
+        return CheckResult.bad("Key is associated with multiple users");
+      }
+      user = userFactory.create(accountStates.get(0));
+    } else {
       AccountExternalId extId = db.get().accountExternalIds().get(
           toExtIdKey(key));
       if (extId == null) {
         return CheckResult.bad("Key is not associated with any users");
       }
-    IdentifiedUser user = userFactory.create(extId.getAccountId());
+      user = userFactory.create(extId.getAccountId());
+    }
+
     Set<String> allowedUserIds = getAllowedUserIds(user);
     if (allowedUserIds.isEmpty()) {
       return CheckResult.bad("No identities found for user");

gerrit-server/src/main/java/com/google/gerrit/server/query/account/AccountPredicates.java

@@ -43,6 +43,10 @@ public class AccountPredicates {
         AccountQueryBuilder.FIELD_NAME, name.toLowerCase());
   }
 
+  static Predicate<AccountState> externalId(String externalId) {
+    return new AccountPredicate(AccountField.EXTERNAL_ID, externalId);
+  }
+
   public static Predicate<AccountState> isActive() {
     return new AccountPredicate(AccountField.ACTIVE, "1");
   }

gerrit-server/src/main/java/com/google/gerrit/server/query/account/InternalAccountQuery.java

@@ -18,8 +18,10 @@ import com.google.gerrit.server.account.AccountState;
 import com.google.gerrit.server.index.IndexConfig;
 import com.google.gerrit.server.index.account.AccountIndexCollection;
 import com.google.gerrit.server.query.InternalQuery;
+import com.google.gwtorm.server.OrmException;
 import com.google.inject.Inject;
 
+import java.util.List;
 import java.util.Set;
 
 public class InternalAccountQuery extends InternalQuery<AccountState> {
@@ -53,4 +55,9 @@ public class InternalAccountQuery extends InternalQuery<AccountState> {
     super.noFields();
     return this;
   }
+
+  public List<AccountState> byExternalId(String externalId)
+      throws OrmException {
+    return query(AccountPredicates.externalId(externalId));
+  }
 }