Move commit GPG signature verification to commit.c
[gitweb.git] / pretty.c
index eae57ad9d7f3b06a5a76f9d934825f9824def477..35b592ad837b0e0394b6aa3036d6062043ae469f 100644 (file)
--- a/pretty.c
+++ b/pretty.c
@@ -345,7 +345,7 @@ static int needs_rfc2047_encoding(const char *line, int len,
        return 0;
 }
 
-static void add_rfc2047(struct strbuf *sb, const char *line, int len,
+static void add_rfc2047(struct strbuf *sb, const char *line, size_t len,
                       const char *encoding, enum rfc2047_type type)
 {
        static const int max_encoded_length = 76; /* per rfc2047 */
@@ -355,9 +355,22 @@ static void add_rfc2047(struct strbuf *sb, const char *line, int len,
        strbuf_grow(sb, len * 3 + strlen(encoding) + 100);
        strbuf_addf(sb, "=?%s?q?", encoding);
        line_len += strlen(encoding) + 5; /* 5 for =??q? */
-       for (i = 0; i < len; i++) {
-               unsigned ch = line[i] & 0xFF;
-               int is_special = is_rfc2047_special(ch, type);
+
+       while (len) {
+               /*
+                * RFC 2047, section 5 (3):
+                *
+                * Each 'encoded-word' MUST represent an integral number of
+                * characters.  A multi-octet character may not be split across
+                * adjacent 'encoded- word's.
+                */
+               const unsigned char *p = (const unsigned char *)line;
+               int chrlen = mbs_chrlen(&line, &len, encoding);
+               int is_special = (chrlen > 1) || is_rfc2047_special(*p, type);
+
+               /* "=%02X" * chrlen, or the byte itself */
+               const char *encoded_fmt = is_special ? "=%02X"    : "%c";
+               int         encoded_len = is_special ? 3 * chrlen : 1;
 
                /*
                 * According to RFC 2047, we could encode the special character
@@ -367,18 +380,15 @@ static void add_rfc2047(struct strbuf *sb, const char *line, int len,
                 * causes ' ' to be encoded as '=20', avoiding this problem.
                 */
 
-               if (line_len + 2 + (is_special ? 3 : 1) > max_encoded_length) {
+               if (line_len + encoded_len + 2 > max_encoded_length) {
+                       /* It won't fit with trailing "?=" --- break the line */
                        strbuf_addf(sb, "?=\n =?%s?q?", encoding);
                        line_len = strlen(encoding) + 5 + 1; /* =??q? plus SP */
                }
 
-               if (is_special) {
-                       strbuf_addf(sb, "=%02X", ch);
-                       line_len += 3;
-               } else {
-                       strbuf_addch(sb, ch);
-                       line_len++;
-               }
+               for (i = 0; i < chrlen; i++)
+                       strbuf_addf(sb, encoded_fmt, p[i]);
+               line_len += encoded_len;
        }
        strbuf_addstr(sb, "?=");
 }
@@ -756,12 +766,7 @@ struct format_commit_context {
        const struct pretty_print_context *pretty_ctx;
        unsigned commit_header_parsed:1;
        unsigned commit_message_parsed:1;
-       unsigned commit_signature_parsed:1;
-       struct {
-               char *gpg_output;
-               char good_bad;
-               char *signer;
-       } signature;
+       struct signature_check signature_check;
        char *message;
        size_t width, indent1, indent2;
 
@@ -944,59 +949,6 @@ static void rewrap_message_tail(struct strbuf *sb,
        c->indent2 = new_indent2;
 }
 
-static struct {
-       char result;
-       const char *check;
-} signature_check[] = {
-       { 'G', ": Good signature from " },
-       { 'B', ": BAD signature from " },
-};
-
-static void parse_signature_lines(struct format_commit_context *ctx)
-{
-       const char *buf = ctx->signature.gpg_output;
-       int i;
-
-       for (i = 0; i < ARRAY_SIZE(signature_check); i++) {
-               const char *found = strstr(buf, signature_check[i].check);
-               const char *next;
-               if (!found)
-                       continue;
-               ctx->signature.good_bad = signature_check[i].result;
-               found += strlen(signature_check[i].check);
-               next = strchrnul(found, '\n');
-               ctx->signature.signer = xmemdupz(found, next - found);
-               break;
-       }
-}
-
-static void parse_commit_signature(struct format_commit_context *ctx)
-{
-       struct strbuf payload = STRBUF_INIT;
-       struct strbuf signature = STRBUF_INIT;
-       struct strbuf gpg_output = STRBUF_INIT;
-       int status;
-
-       ctx->commit_signature_parsed = 1;
-
-       if (parse_signed_commit(ctx->commit->object.sha1,
-                               &payload, &signature) <= 0)
-               goto out;
-       status = verify_signed_buffer(payload.buf, payload.len,
-                                     signature.buf, signature.len,
-                                     &gpg_output);
-       if (status && !gpg_output.len)
-               goto out;
-       ctx->signature.gpg_output = strbuf_detach(&gpg_output, NULL);
-       parse_signature_lines(ctx);
-
- out:
-       strbuf_release(&gpg_output);
-       strbuf_release(&payload);
-       strbuf_release(&signature);
-}
-
-
 static int format_reflog_person(struct strbuf *sb,
                                char part,
                                struct reflog_walk_info *log,
@@ -1182,23 +1134,27 @@ static size_t format_commit_one(struct strbuf *sb, const char *placeholder,
        }
 
        if (placeholder[0] == 'G') {
-               if (!c->commit_signature_parsed)
-                       parse_commit_signature(c);
+               if (!c->signature_check.result)
+                       check_commit_signature(c->commit, &(c->signature_check));
                switch (placeholder[1]) {
                case 'G':
-                       if (c->signature.gpg_output)
-                               strbuf_addstr(sb, c->signature.gpg_output);
+                       if (c->signature_check.gpg_output)
+                               strbuf_addstr(sb, c->signature_check.gpg_output);
                        break;
                case '?':
-                       switch (c->signature.good_bad) {
+                       switch (c->signature_check.result) {
                        case 'G':
                        case 'B':
-                               strbuf_addch(sb, c->signature.good_bad);
+                               strbuf_addch(sb, c->signature_check.result);
                        }
                        break;
                case 'S':
-                       if (c->signature.signer)
-                               strbuf_addstr(sb, c->signature.signer);
+                       if (c->signature_check.signer)
+                               strbuf_addstr(sb, c->signature_check.signer);
+                       break;
+               case 'K':
+                       if (c->signature_check.key)
+                               strbuf_addstr(sb, c->signature_check.key);
                        break;
                }
                return 2;
@@ -1336,8 +1292,8 @@ void format_commit_message(const struct commit *commit,
        rewrap_message_tail(sb, &context, 0, 0, 0);
 
        logmsg_free(context.message, commit);
-       free(context.signature.gpg_output);
-       free(context.signature.signer);
+       free(context.signature_check.gpg_output);
+       free(context.signature_check.signer);
 }
 
 static void pp_header(const struct pretty_print_context *pp,