Commit 502e31be authored by Alexis Reigel's avatar Alexis Reigel

memoize verified_signature call

parent 5d5fd4ba
...@@ -19,6 +19,19 @@ module Gitlab ...@@ -19,6 +19,19 @@ module Gitlab
cached_signature = GpgSignature.find_by(commit_sha: commit.sha) cached_signature = GpgSignature.find_by(commit_sha: commit.sha)
return cached_signature if cached_signature.present? return cached_signature if cached_signature.present?
using_keychain do |gpg_key|
if gpg_key
Gitlab::Gpg::CurrentKeyChain.add(gpg_key.key)
@verified_signature = nil
end
create_cached_signature!(gpg_key)
end
end
private
def using_keychain
Gitlab::Gpg.using_tmp_keychain do Gitlab::Gpg.using_tmp_keychain do
# first we need to get the keyid from the signature to query the gpg # first we need to get the keyid from the signature to query the gpg
# key belonging to the keyid. # key belonging to the keyid.
...@@ -30,27 +43,23 @@ module Gitlab ...@@ -30,27 +43,23 @@ module Gitlab
Gitlab::Gpg::CurrentKeyChain.add(gpg_key.key) Gitlab::Gpg::CurrentKeyChain.add(gpg_key.key)
end end
create_cached_signature!(gpg_key) yield gpg_key
end end
end end
private
def verified_signature def verified_signature
GPGME::Crypto.new.verify(@signature_text, signed_text: @signed_text) do |verified_signature| @verified_signature ||= GPGME::Crypto.new.verify(@signature_text, signed_text: @signed_text) do |verified_signature|
return verified_signature return verified_signature
end end
end end
def create_cached_signature!(gpg_key) def create_cached_signature!(gpg_key)
verified_signature_result = verified_signature
GpgSignature.create!( GpgSignature.create!(
commit_sha: commit.sha, commit_sha: commit.sha,
project: commit.project, project: commit.project,
gpg_key: gpg_key, gpg_key: gpg_key,
gpg_key_primary_keyid: gpg_key&.primary_keyid || verified_signature_result.fingerprint, gpg_key_primary_keyid: gpg_key&.primary_keyid || verified_signature.fingerprint,
valid_signature: !!(gpg_key && gpg_key.verified? && verified_signature_result.valid?) valid_signature: !!(gpg_key && gpg_key.verified? && verified_signature.valid?)
) )
end end
end end
......
...@@ -38,11 +38,11 @@ RSpec.describe Gitlab::Gpg::Commit do ...@@ -38,11 +38,11 @@ RSpec.describe Gitlab::Gpg::Commit do
it 'returns the cached signature on second call' do it 'returns the cached signature on second call' do
gpg_commit = described_class.new(commit) gpg_commit = described_class.new(commit)
expect(gpg_commit).to receive(:verified_signature).twice.and_call_original expect(gpg_commit).to receive(:using_keychain).and_call_original
gpg_commit.signature gpg_commit.signature
# consecutive call # consecutive call
expect(gpg_commit).not_to receive(:verified_signature).and_call_original expect(gpg_commit).not_to receive(:using_keychain).and_call_original
gpg_commit.signature gpg_commit.signature
end end
end end
...@@ -73,11 +73,11 @@ RSpec.describe Gitlab::Gpg::Commit do ...@@ -73,11 +73,11 @@ RSpec.describe Gitlab::Gpg::Commit do
it 'returns the cached signature on second call' do it 'returns the cached signature on second call' do
gpg_commit = described_class.new(commit) gpg_commit = described_class.new(commit)
expect(gpg_commit).to receive(:verified_signature).and_call_original expect(gpg_commit).to receive(:using_keychain).and_call_original
gpg_commit.signature gpg_commit.signature
# consecutive call # consecutive call
expect(gpg_commit).not_to receive(:verified_signature).and_call_original expect(gpg_commit).not_to receive(:using_keychain).and_call_original
gpg_commit.signature gpg_commit.signature
end end
end end
...@@ -108,11 +108,11 @@ RSpec.describe Gitlab::Gpg::Commit do ...@@ -108,11 +108,11 @@ RSpec.describe Gitlab::Gpg::Commit do
it 'returns the cached signature on second call' do it 'returns the cached signature on second call' do
gpg_commit = described_class.new(commit) gpg_commit = described_class.new(commit)
expect(gpg_commit).to receive(:verified_signature).and_call_original expect(gpg_commit).to receive(:using_keychain).and_call_original
gpg_commit.signature gpg_commit.signature
# consecutive call # consecutive call
expect(gpg_commit).not_to receive(:verified_signature).and_call_original expect(gpg_commit).not_to receive(:using_keychain).and_call_original
gpg_commit.signature gpg_commit.signature
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment