Pass the commit date and ident to check_signature when calling git log. Implements the same tests as for verify-commit. Signed-off-by: Fabian Stelzer <fs@xxxxxxxxxxxx> --- log-tree.c | 23 +++++++++++++++++++---- t/t4202-log.sh | 43 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+), 4 deletions(-) diff --git a/log-tree.c b/log-tree.c index 3c3aec5c40..2fd7f0c398 100644 --- a/log-tree.c +++ b/log-tree.c @@ -509,12 +509,18 @@ static void show_signature(struct rev_info *opt, struct commit *commit) struct strbuf signature = STRBUF_INIT; struct signature_check sigc = { 0 }; int status; + struct strbuf payload_signer = STRBUF_INIT; + timestamp_t payload_timestamp = 0; if (parse_signed_commit(commit, &payload, &signature, the_hash_algo) <= 0) goto out; - status = check_signature(payload.buf, payload.len, 0, NULL, signature.buf, - signature.len, &sigc); + if (parse_signed_buffer_metadata(payload.buf, "committer", &payload_timestamp, &payload_signer)) + goto out; + + status = check_signature(payload.buf, payload.len, payload_timestamp, + &payload_signer, signature.buf, signature.len, + &sigc); if (status && !sigc.output) show_sig_lines(opt, status, "No signature\n"); else @@ -524,6 +530,7 @@ static void show_signature(struct rev_info *opt, struct commit *commit) out: strbuf_release(&payload); strbuf_release(&signature); + strbuf_release(&payload_signer); } static int which_parent(const struct object_id *oid, const struct commit *commit) @@ -558,6 +565,8 @@ static int show_one_mergetag(struct commit *commit, int status, nth; struct strbuf payload = STRBUF_INIT; struct strbuf signature = STRBUF_INIT; + struct strbuf payload_signer = STRBUF_INIT; + timestamp_t payload_timestamp = 0; hash_object_file(the_hash_algo, extra->value, extra->len, type_name(OBJ_TAG), &oid); @@ -582,9 +591,14 @@ static int show_one_mergetag(struct commit *commit, status = -1; if (parse_signature(extra->value, extra->len, &payload, &signature)) { + + if (parse_signed_buffer_metadata(payload.buf, "tagger", &payload_timestamp, &payload_signer)) + strbuf_addstr(&verify_message, _("failed to parse timestamp and signer info from payload")); + /* could have a good signature */ - status = check_signature(payload.buf, payload.len, 0, NULL, - signature.buf, signature.len, &sigc); + status = check_signature(payload.buf, payload.len, payload_timestamp, + &payload_signer, signature.buf, + signature.len, &sigc); if (sigc.output) strbuf_addstr(&verify_message, sigc.output); else @@ -597,6 +611,7 @@ static int show_one_mergetag(struct commit *commit, strbuf_release(&verify_message); strbuf_release(&payload); strbuf_release(&signature); + strbuf_release(&payload_signer); return 0; } diff --git a/t/t4202-log.sh b/t/t4202-log.sh index 6a650dacd6..2b12baab77 100755 --- a/t/t4202-log.sh +++ b/t/t4202-log.sh @@ -1626,6 +1626,24 @@ test_expect_success GPGSSH 'setup sshkey signed branch' ' git commit -S -m signed_commit ' +test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'create signed commits with keys having defined lifetimes' ' + test_config gpg.format ssh && + touch file && + git add file && + + echo expired >file && test_tick && git commit -a -m expired -S"${GPGSSH_KEY_EXPIRED}" && + git tag expired-signed && + + echo notyetvalid >file && test_tick && git commit -a -m notyetvalid -S"${GPGSSH_KEY_NOTYETVALID}" && + git tag notyetvalid-signed && + + echo timeboxedvalid >file && test_tick && git commit -a -m timeboxedvalid -S"${GPGSSH_KEY_TIMEBOXEDVALID}" && + git tag timeboxedvalid-signed && + + echo timeboxedinvalid >file && test_tick && git commit -a -m timeboxedinvalid -S"${GPGSSH_KEY_TIMEBOXEDINVALID}" && + git tag timeboxedinvalid-signed +' + test_expect_success GPGSM 'log x509 fingerprint' ' echo "F8BF62E0693D0694816377099909C779FA23FD65 | " >expect && git log -n1 --format="%GF | %GP" signed-x509 >actual && @@ -1663,6 +1681,31 @@ test_expect_success GPGSSH 'log --graph --show-signature ssh' ' grep "${GOOD_SIGNATURE_TRUSTED}" actual ' +test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'log shows failure on expired signature key' ' + test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" && + git log --graph --show-signature -n1 expired-signed >actual && + ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual +' + +test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'log shows failure on not yet valid signature key' ' + test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" && + git log --graph --show-signature -n1 notyetvalid-signed >actual && + ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual +' + +test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'log show success with commit date and key validity matching' ' + test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" && + git log --graph --show-signature -n1 timeboxedvalid-signed >actual && + grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual && + ! grep "${GPGSSH_BAD_SIGNATURE}" actual +' + +test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'log shows failure with commit date outside of key validity' ' + test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" && + git log --graph --show-signature -n1 timeboxedinvalid-signed >actual && + ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual +' + test_expect_success GPG 'log --graph --show-signature for merged tag' ' test_when_finished "git reset --hard && git checkout main" && git checkout -b plain main && -- 2.31.1