Process and create subkeys when a new GPG key is created

1 files changed, 19 insertions, 2 deletions

diff --git a/app/models/gpg_key.rb b/app/models/gpg_key.rb
index 54bd5b68777..cbf01183969 100644
--- a/app/models/gpg_key.rb
+++ b/app/models/gpg_key.rb
@@ -9,6 +9,7 @@ class GpgKey < ActiveRecord::Base
 
   belongs_to :user
   has_many :gpg_signatures
+  has_many :subkeys, class_name: 'GpgKey', foreign_key: :parent_id, dependent: :destroy
 
   validates :user, presence: true
 
@@ -18,7 +19,8 @@ class GpgKey < ActiveRecord::Base
     format: {
       with: /\A#{KEY_PREFIX}((?!#{KEY_PREFIX})(?!#{KEY_SUFFIX}).)+#{KEY_SUFFIX}\Z/m,
       message: "is invalid. A valid public GPG key begins with '#{KEY_PREFIX}' and ends with '#{KEY_SUFFIX}'"
-    }
+    },
+    unless: :parent_id?
 
   validates :fingerprint,
     presence: true,
@@ -34,8 +36,9 @@ class GpgKey < ActiveRecord::Base
     # the error about the fingerprint
     unless: -> { errors.has_key?(:key) }
 
-  before_validation :extract_fingerprint, :extract_primary_keyid
+  before_validation :extract_fingerprint, :extract_primary_keyid, unless: :parent_id?
   after_commit :update_invalid_gpg_signatures, on: :create
+  after_save :generate_subkeys, unless: :parent_id?
 
   def primary_keyid
     super&.upcase
@@ -106,4 +109,18 @@ class GpgKey < ActiveRecord::Base
     # only allows one key
     self.primary_keyid = Gitlab::Gpg.primary_keyids_from_key(key).first
   end
+
+  def generate_subkeys
+    gpg_subkeys = Gitlab::Gpg.subkeys_from_key(key)
+
+    gpg_subkeys[primary_keyid].each do |subkey_data|
+      unless subkeys.where(fingerprint: subkey_data[:fingerprint]).exists?
+        subkeys.create!(
+          user: user,
+          primary_keyid: subkey_data[:keyid],
+          fingerprint: subkey_data[:fingerprint]
+        )
+      end
+    end
+  end
 end