opendev/gerrit
Code Issues Proposed changes

Add a collection and API for a user's GPG keys

Browse Source 
Users are allowed to upload GPG keys as long as they meet the
restrictions in GerritPublicKeyChecker, i.e. it is a valid key
matching at least one user ID to an external ID in the database. Allow
adding keys with a POST to /accounts/self/gpgkeys, as well as listing
GPG keys and looking up by ID or fingerprint.

To facilitate listing keys, store an additional external ID in the
database with the key fingerprint. Since this is the entire external
ID key, this implies only a single user may use a particular GPG key;
this is similar to the restriction that only a single user may use a
particular email address or HTTP username.

Change-Id: I92102279452af904a985b0933a294573a16a48ca
This commit is contained in:
Dave Borowitz
2015-07-27 17:31:49 -07:00
parent 6d883d8830
commit ed170f35f6
20 changed files with 1005 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
gerrit-server/src/main/java/com/google/gerrit/server/account/Module.java
View File

@@ -17,6 +17,7 @@ package com.google.gerrit.server.account;
import static com.google.gerrit.server.account.AccountResource.ACCOUNT_KIND;
import static com.google.gerrit.server.account.AccountResource.CAPABILITY_KIND;
import static com.google.gerrit.server.account.AccountResource.EMAIL_KIND;
import static com.google.gerrit.server.account.AccountResource.GPG_KEY_KIND;
import static com.google.gerrit.server.account.AccountResource.SSH_KEY_KIND;
import static com.google.gerrit.server.account.AccountResource.STARRED_CHANGE_KIND;
@@ -33,6 +34,7 @@ public class Module extends RestApiModule {
DynamicMap.mapOf(binder(), ACCOUNT_KIND);
DynamicMap.mapOf(binder(), CAPABILITY_KIND);
DynamicMap.mapOf(binder(), EMAIL_KIND);
DynamicMap.mapOf(binder(), GPG_KEY_KIND);
DynamicMap.mapOf(binder(), SSH_KEY_KIND);
DynamicMap.mapOf(binder(), STARRED_CHANGE_KIND);
@@ -57,11 +59,19 @@ public class Module extends RestApiModule {
delete(ACCOUNT_KIND, "password.http").to(PutHttpPassword.class);
child(ACCOUNT_KIND, "sshkeys").to(SshKeys.class);
post(ACCOUNT_KIND, "sshkeys").to(AddSshKey.class);
get(SSH_KEY_KIND).to(GetSshKey.class);
delete(SSH_KEY_KIND).to(DeleteSshKey.class);
child(ACCOUNT_KIND, "gpgkeys").to(GpgKeys.class);
post(ACCOUNT_KIND, "gpgkeys").to(PostGpgKeys.class);
get(GPG_KEY_KIND).to(GpgKeys.Get.class);
get(ACCOUNT_KIND, "avatar").to(GetAvatar.class);
get(ACCOUNT_KIND, "avatar.change.url").to(GetAvatarChangeUrl.class);
child(ACCOUNT_KIND, "capabilities").to(Capabilities.class);
get(ACCOUNT_KIND, "groups").to(GetGroups.class);
get(ACCOUNT_KIND, "preferences").to(GetPreferences.class);
put(ACCOUNT_KIND, "preferences").to(SetPreferences.class);