validate

validate_sig

in www/secretary/workbench/views/actions/check-signature.json.rb [77:185]
76 lines of code
14 McCabe index (conditional complexity)

def validate_sig(attachment, signature, msgid, message)
  
  gpg = `which gpg2`.chomp
  gpg = `which gpg`.chomp if gpg.empty?

  
  
  
  out, err, rc = Open3.capture3 gpg,
    '--keyid-format', 'long', 
    '--verify', signature.path, attachment.path

  
  
  

  
  
  fetchKey = !File.exist?('/srv/gpg/whimsy_use_db')
  
  unless fetchKey
    if
      err.include? "gpg: Can't check signature: No public key" or
      err.include? "gpg: Can't check signature: public key not found"
    then
      fetchKey = true
    end
  end

  
  keyid = err[/[RD]SA key (ID )?(\w+)/,2]

  
  if keyid and fetchKey
  then
    
    Dir.mktmpdir do |dir|
      found = false
      tmpfile = File.join(dir, keyid)
      KEYSERVERS.each do |server|
        begin
          uri = getServerURI(server, keyid)
          
          getURI(uri, tmpfile)
          
          out, err, rc = Open3.capture3 gpg,
            '--batch', '--import', tmpfile
          
          Wunderbar.warn "#{gpg} --import #{tmpfile} rc=#{rc} out=#{out} err=#{err}"
          if err.include?('processed: 1') 
            Dir.mktmpdir do |tmpdir|
              container = ASF::SVN.svnpath!('iclas', '__keys__')
              ASF::SVN.svn!('checkout',[container, tmpdir], {depth: 'empty', env: env})
              outfile = File.join(tmpdir, keyid)
              
              ASF::SVN.svn!('update', outfile, {env: env})
              present = File.exist? outfile
              FileUtils.cp(tmpfile, outfile) 
              if present 
                Wunderbar.warn "Already have a copy of #{keyid}"
                
                Wunderbar.warn ASF::SVN.svn('diff', outfile, {verbose: true}).inspect
              else 
                ASF::SVN.svn!('add', outfile, {verbose: true})
              end
              begin
                message.add_email_details(outfile)
              rescue StandardError => err
                Wunderbar.warn "Failed to add properties for #{keyid} - #{err}"
              end
              ASF::SVN.svn!('commit', outfile, {msg: "Adding key for msgid: #{msgid}", env: env})
            end
          else
            Wunderbar.warn "Failed to import #{keyid}"
          end
          found = true
        rescue Exception => e
          Wunderbar.warn "GET uri=#{uri} e=#{e}"
          err = "Key #{keyid} not found: #{e.to_s}".dup 
        end
        break if found
      end
      if found

        
        
        
        out, err, rc = Open3.capture3 gpg,
          '--keyid-format', 'long', 
          '--verify', signature.path, attachment.path
      end
    end
  end

  
  ignore = [
    /^gpg:\s+WARNING: This key is not certified with a trusted signature!$/,
    /^gpg:\s+There is no indication that the signature belongs to the owner\.$/
  ]

  unless err.valid_encoding?
    err = err.force_encoding('windows-1252').encode('utf-8')
  end

  ignore.each {|re| err.gsub! re, ''}

  return out, err, rc
end