Add a collection and API for a user's GPG keys

Users are allowed to upload GPG keys as long as they meet the restrictions in GerritPublicKeyChecker, i.e. it is a valid key matching at least one user ID to an external ID in the database. Allow adding keys with a POST to /accounts/self/gpgkeys, as well as listing GPG keys and looking up by ID or fingerprint. To facilitate listing keys, store an additional external ID in the database with the key fingerprint. Since this is the entire external ID key, this implies only a single user may use a particular GPG key; this is similar to the restriction that only a single user may use a particular email address or HTTP username. Change-Id: I92102279452af904a985b0933a294573a16a48ca
2015-07-27 17:31:49 -07:00
parent 6d883d8830
commit ed170f35f6
20 changed files with 1005 additions and 37 deletions
--- a/gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/client/AccountExternalId.java
+++ b/gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/client/AccountExternalId.java
@@ -36,6 +36,9 @@ public final class AccountExternalId {
  /** Scheme for the username used to authenticate an account, e.g. over SSH. */
  public static final String SCHEME_USERNAME = "username:";

+  /** Scheme used for GPG public keys. */
+  public static final String SCHEME_GPGKEY = "gpgkey:";
+
  /** Scheme for external auth used during authentication, e.g. OAuth Token */
  public static final String SCHEME_EXTERNAL = "external:";