Move commits signature and verify functions to service layers (#33605)

No logic change, just move functions.

models/asymkey/gpg_key.go

@@ -106,7 +106,7 @@ func GPGKeyToEntity(ctx context.Context, k *GPGKey) (*openpgp.Entity, error) {
 	if err != nil {
 		return nil, err
 	}
-	keys, err := checkArmoredGPGKeyString(impKey.Content)
+	keys, err := CheckArmoredGPGKeyString(impKey.Content)
 	if err != nil {
 		return nil, err
 	}
@@ -115,7 +115,7 @@ func GPGKeyToEntity(ctx context.Context, k *GPGKey) (*openpgp.Entity, error) {
 
 // parseSubGPGKey parse a sub Key
 func parseSubGPGKey(ownerID int64, primaryID string, pubkey *packet.PublicKey, expiry time.Time) (*GPGKey, error) {
-	content, err := base64EncPubKey(pubkey)
+	content, err := Base64EncPubKey(pubkey)
 	if err != nil {
 		return nil, err
 	}
@@ -183,7 +183,7 @@ func parseGPGKey(ctx context.Context, ownerID int64, e *openpgp.Entity, verified
 		}
 	}
 
-	content, err := base64EncPubKey(pubkey)
+	content, err := Base64EncPubKey(pubkey)
 	if err != nil {
 		return nil, err
 	}
@@ -239,33 +239,3 @@ func DeleteGPGKey(ctx context.Context, doer *user_model.User, id int64) (err err
 
 	return committer.Commit()
 }
-
-func checkKeyEmails(ctx context.Context, email string, keys ...*GPGKey) (bool, string) {
-	uid := int64(0)
-	var userEmails []*user_model.EmailAddress
-	var user *user_model.User
-	for _, key := range keys {
-		for _, e := range key.Emails {
-			if e.IsActivated && (email == "" || strings.EqualFold(e.Email, email)) {
-				return true, e.Email
-			}
-		}
-		if key.Verified && key.OwnerID != 0 {
-			if uid != key.OwnerID {
-				userEmails, _ = user_model.GetEmailAddresses(ctx, key.OwnerID)
-				uid = key.OwnerID
-				user = &user_model.User{ID: uid}
-				_, _ = user_model.GetUser(ctx, user)
-			}
-			for _, e := range userEmails {
-				if e.IsActivated && (email == "" || strings.EqualFold(e.Email, email)) {
-					return true, e.Email
-				}
-			}
-			if user.KeepEmailPrivate && strings.EqualFold(email, user.GetEmail()) {
-				return true, user.GetEmail()
-			}
-		}
-	}
-	return false, email
-}

models/asymkey/gpg_key_add.go

@@ -67,7 +67,7 @@ func addGPGSubKey(ctx context.Context, key *GPGKey) (err error) {
 
 // AddGPGKey adds new public key to database.
 func AddGPGKey(ctx context.Context, ownerID int64, content, token, signature string) ([]*GPGKey, error) {
-	ekeys, err := checkArmoredGPGKeyString(content)
+	ekeys, err := CheckArmoredGPGKeyString(content)
 	if err != nil {
 		return nil, err
 	}

models/asymkey/gpg_key_commit_verification.go

@@ -4,18 +4,12 @@
 package asymkey
 
 import (
-	"context"
 	"fmt"
 	"hash"
-	"strings"
 
-	"code.gitea.io/gitea/models/db"
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
-	"code.gitea.io/gitea/modules/container"
-	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/setting"
 
 	"github.com/ProtonMail/go-crypto/openpgp/packet"
 )
@@ -71,287 +65,6 @@ const (
 	NoKeyFound = "gpg.error.no_gpg_keys_found"
 )
 
-// ParseCommitsWithSignature checks if signaute of commits are corresponding to users gpg keys.
-func ParseCommitsWithSignature(ctx context.Context, oldCommits []*user_model.UserCommit, repoTrustModel repo_model.TrustModelType, isOwnerMemberCollaborator func(*user_model.User) (bool, error)) ([]*SignCommit, error) {
-	newCommits := make([]*SignCommit, 0, len(oldCommits))
-	keyMap := map[string]bool{}
-
-	emails := make(container.Set[string])
-	for _, c := range oldCommits {
-		if c.Committer != nil {
-			emails.Add(c.Committer.Email)
-		}
-	}
-
-	emailUsers, err := user_model.GetUsersByEmails(ctx, emails.Values())
-	if err != nil {
-		return nil, err
-	}
-
-	for _, c := range oldCommits {
-		committer, ok := emailUsers[c.Committer.Email]
-		if !ok && c.Committer != nil {
-			committer = &user_model.User{
-				Name:  c.Committer.Name,
-				Email: c.Committer.Email,
-			}
-		}
-
-		signCommit := &SignCommit{
-			UserCommit:   c,
-			Verification: parseCommitWithSignatureCommitter(ctx, c.Commit, committer),
-		}
-
-		_ = CalculateTrustStatus(signCommit.Verification, repoTrustModel, isOwnerMemberCollaborator, &keyMap)
-
-		newCommits = append(newCommits, signCommit)
-	}
-	return newCommits, nil
-}
-
-// ParseCommitWithSignature check if signature is good against keystore.
-func ParseCommitWithSignature(ctx context.Context, c *git.Commit) *CommitVerification {
-	var committer *user_model.User
-	if c.Committer != nil {
-		var err error
-		// Find Committer account
-		committer, err = user_model.GetUserByEmail(ctx, c.Committer.Email) // This finds the user by primary email or activated email so commit will not be valid if email is not
-		if err != nil {                                                    // Skipping not user for committer
-			committer = &user_model.User{
-				Name:  c.Committer.Name,
-				Email: c.Committer.Email,
-			}
-			// We can expect this to often be an ErrUserNotExist. in the case
-			// it is not, however, it is important to log it.
-			if !user_model.IsErrUserNotExist(err) {
-				log.Error("GetUserByEmail: %v", err)
-				return &CommitVerification{
-					CommittingUser: committer,
-					Verified:       false,
-					Reason:         "gpg.error.no_committer_account",
-				}
-			}
-		}
-	}
-
-	return parseCommitWithSignatureCommitter(ctx, c, committer)
-}
-
-func parseCommitWithSignatureCommitter(ctx context.Context, c *git.Commit, committer *user_model.User) *CommitVerification {
-	// If no signature just report the committer
-	if c.Signature == nil {
-		return &CommitVerification{
-			CommittingUser: committer,
-			Verified:       false,                         // Default value
-			Reason:         "gpg.error.not_signed_commit", // Default value
-		}
-	}
-
-	// If this a SSH signature handle it differently
-	if strings.HasPrefix(c.Signature.Signature, "-----BEGIN SSH SIGNATURE-----") {
-		return ParseCommitWithSSHSignature(ctx, c, committer)
-	}
-
-	// Parsing signature
-	sig, err := extractSignature(c.Signature.Signature)
-	if err != nil { // Skipping failed to extract sign
-		log.Error("SignatureRead err: %v", err)
-		return &CommitVerification{
-			CommittingUser: committer,
-			Verified:       false,
-			Reason:         "gpg.error.extract_sign",
-		}
-	}
-
-	keyID := tryGetKeyIDFromSignature(sig)
-	defaultReason := NoKeyFound
-
-	// First check if the sig has a keyID and if so just look at that
-	if commitVerification := hashAndVerifyForKeyID(
-		ctx,
-		sig,
-		c.Signature.Payload,
-		committer,
-		keyID,
-		setting.AppName,
-		""); commitVerification != nil {
-		if commitVerification.Reason == BadSignature {
-			defaultReason = BadSignature
-		} else {
-			return commitVerification
-		}
-	}
-
-	// Now try to associate the signature with the committer, if present
-	if committer.ID != 0 {
-		keys, err := db.Find[GPGKey](ctx, FindGPGKeyOptions{
-			OwnerID: committer.ID,
-		})
-		if err != nil { // Skipping failed to get gpg keys of user
-			log.Error("ListGPGKeys: %v", err)
-			return &CommitVerification{
-				CommittingUser: committer,
-				Verified:       false,
-				Reason:         "gpg.error.failed_retrieval_gpg_keys",
-			}
-		}
-
-		if err := GPGKeyList(keys).LoadSubKeys(ctx); err != nil {
-			log.Error("LoadSubKeys: %v", err)
-			return &CommitVerification{
-				CommittingUser: committer,
-				Verified:       false,
-				Reason:         "gpg.error.failed_retrieval_gpg_keys",
-			}
-		}
-
-		committerEmailAddresses, _ := user_model.GetEmailAddresses(ctx, committer.ID)
-		activated := false
-		for _, e := range committerEmailAddresses {
-			if e.IsActivated && strings.EqualFold(e.Email, c.Committer.Email) {
-				activated = true
-				break
-			}
-		}
-
-		for _, k := range keys {
-			// Pre-check (& optimization) that emails attached to key can be attached to the committer email and can validate
-			canValidate := false
-			email := ""
-			if k.Verified && activated {
-				canValidate = true
-				email = c.Committer.Email
-			}
-			if !canValidate {
-				for _, e := range k.Emails {
-					if e.IsActivated && strings.EqualFold(e.Email, c.Committer.Email) {
-						canValidate = true
-						email = e.Email
-						break
-					}
-				}
-			}
-			if !canValidate {
-				continue // Skip this key
-			}
-
-			commitVerification := hashAndVerifyWithSubKeysCommitVerification(sig, c.Signature.Payload, k, committer, committer, email)
-			if commitVerification != nil {
-				return commitVerification
-			}
-		}
-	}
-
-	if setting.Repository.Signing.SigningKey != "" && setting.Repository.Signing.SigningKey != "default" && setting.Repository.Signing.SigningKey != "none" {
-		// OK we should try the default key
-		gpgSettings := git.GPGSettings{
-			Sign:  true,
-			KeyID: setting.Repository.Signing.SigningKey,
-			Name:  setting.Repository.Signing.SigningName,
-			Email: setting.Repository.Signing.SigningEmail,
-		}
-		if err := gpgSettings.LoadPublicKeyContent(); err != nil {
-			log.Error("Error getting default signing key: %s %v", gpgSettings.KeyID, err)
-		} else if commitVerification := verifyWithGPGSettings(ctx, &gpgSettings, sig, c.Signature.Payload, committer, keyID); commitVerification != nil {
-			if commitVerification.Reason == BadSignature {
-				defaultReason = BadSignature
-			} else {
-				return commitVerification
-			}
-		}
-	}
-
-	defaultGPGSettings, err := c.GetRepositoryDefaultPublicGPGKey(false)
-	if err != nil {
-		log.Error("Error getting default public gpg key: %v", err)
-	} else if defaultGPGSettings == nil {
-		log.Warn("Unable to get defaultGPGSettings for unattached commit: %s", c.ID.String())
-	} else if defaultGPGSettings.Sign {
-		if commitVerification := verifyWithGPGSettings(ctx, defaultGPGSettings, sig, c.Signature.Payload, committer, keyID); commitVerification != nil {
-			if commitVerification.Reason == BadSignature {
-				defaultReason = BadSignature
-			} else {
-				return commitVerification
-			}
-		}
-	}
-
-	return &CommitVerification{ // Default at this stage
-		CommittingUser: committer,
-		Verified:       false,
-		Warning:        defaultReason != NoKeyFound,
-		Reason:         defaultReason,
-		SigningKey: &GPGKey{
-			KeyID: keyID,
-		},
-	}
-}
-
-func verifyWithGPGSettings(ctx context.Context, gpgSettings *git.GPGSettings, sig *packet.Signature, payload string, committer *user_model.User, keyID string) *CommitVerification {
-	// First try to find the key in the db
-	if commitVerification := hashAndVerifyForKeyID(ctx, sig, payload, committer, gpgSettings.KeyID, gpgSettings.Name, gpgSettings.Email); commitVerification != nil {
-		return commitVerification
-	}
-
-	// Otherwise we have to parse the key
-	ekeys, err := checkArmoredGPGKeyString(gpgSettings.PublicKeyContent)
-	if err != nil {
-		log.Error("Unable to get default signing key: %v", err)
-		return &CommitVerification{
-			CommittingUser: committer,
-			Verified:       false,
-			Reason:         "gpg.error.generate_hash",
-		}
-	}
-	for _, ekey := range ekeys {
-		pubkey := ekey.PrimaryKey
-		content, err := base64EncPubKey(pubkey)
-		if err != nil {
-			return &CommitVerification{
-				CommittingUser: committer,
-				Verified:       false,
-				Reason:         "gpg.error.generate_hash",
-			}
-		}
-		k := &GPGKey{
-			Content: content,
-			CanSign: pubkey.CanSign(),
-			KeyID:   pubkey.KeyIdString(),
-		}
-		for _, subKey := range ekey.Subkeys {
-			content, err := base64EncPubKey(subKey.PublicKey)
-			if err != nil {
-				return &CommitVerification{
-					CommittingUser: committer,
-					Verified:       false,
-					Reason:         "gpg.error.generate_hash",
-				}
-			}
-			k.SubsKey = append(k.SubsKey, &GPGKey{
-				Content: content,
-				CanSign: subKey.PublicKey.CanSign(),
-				KeyID:   subKey.PublicKey.KeyIdString(),
-			})
-		}
-		if commitVerification := hashAndVerifyWithSubKeysCommitVerification(sig, payload, k, committer, &user_model.User{
-			Name:  gpgSettings.Name,
-			Email: gpgSettings.Email,
-		}, gpgSettings.Email); commitVerification != nil {
-			return commitVerification
-		}
-		if keyID == k.KeyID {
-			// This is a bad situation ... We have a key id that matches our default key but the signature doesn't match.
-			return &CommitVerification{
-				CommittingUser: committer,
-				Verified:       false,
-				Warning:        true,
-				Reason:         BadSignature,
-			}
-		}
-	}
-	return nil
-}
-
 func verifySign(s *packet.Signature, h hash.Hash, k *GPGKey) error {
 	// Check if key can sign
 	if !k.CanSign {
@@ -394,7 +107,7 @@ func hashAndVerifyWithSubKeys(sig *packet.Signature, payload string, k *GPGKey)
 	return nil, nil
 }
 
-func hashAndVerifyWithSubKeysCommitVerification(sig *packet.Signature, payload string, k *GPGKey, committer, signer *user_model.User, email string) *CommitVerification {
+func HashAndVerifyWithSubKeysCommitVerification(sig *packet.Signature, payload string, k *GPGKey, committer, signer *user_model.User, email string) *CommitVerification {
 	key, err := hashAndVerifyWithSubKeys(sig, payload, k)
 	if err != nil { // Skipping failed to generate hash
 		return &CommitVerification{
@@ -417,78 +130,6 @@ func hashAndVerifyWithSubKeysCommitVerification(sig *packet.Signature, payload s
 	return nil
 }
 
-func hashAndVerifyForKeyID(ctx context.Context, sig *packet.Signature, payload string, committer *user_model.User, keyID, name, email string) *CommitVerification {
-	if keyID == "" {
-		return nil
-	}
-	keys, err := db.Find[GPGKey](ctx, FindGPGKeyOptions{
-		KeyID:          keyID,
-		IncludeSubKeys: true,
-	})
-	if err != nil {
-		log.Error("GetGPGKeysByKeyID: %v", err)
-		return &CommitVerification{
-			CommittingUser: committer,
-			Verified:       false,
-			Reason:         "gpg.error.failed_retrieval_gpg_keys",
-		}
-	}
-	if len(keys) == 0 {
-		return nil
-	}
-	for _, key := range keys {
-		var primaryKeys []*GPGKey
-		if key.PrimaryKeyID != "" {
-			primaryKeys, err = db.Find[GPGKey](ctx, FindGPGKeyOptions{
-				KeyID:          key.PrimaryKeyID,
-				IncludeSubKeys: true,
-			})
-			if err != nil {
-				log.Error("GetGPGKeysByKeyID: %v", err)
-				return &CommitVerification{
-					CommittingUser: committer,
-					Verified:       false,
-					Reason:         "gpg.error.failed_retrieval_gpg_keys",
-				}
-			}
-		}
-
-		activated, email := checkKeyEmails(ctx, email, append([]*GPGKey{key}, primaryKeys...)...)
-		if !activated {
-			continue
-		}
-
-		signer := &user_model.User{
-			Name:  name,
-			Email: email,
-		}
-		if key.OwnerID != 0 {
-			owner, err := user_model.GetUserByID(ctx, key.OwnerID)
-			if err == nil {
-				signer = owner
-			} else if !user_model.IsErrUserNotExist(err) {
-				log.Error("Failed to user_model.GetUserByID: %d for key ID: %d (%s) %v", key.OwnerID, key.ID, key.KeyID, err)
-				return &CommitVerification{
-					CommittingUser: committer,
-					Verified:       false,
-					Reason:         "gpg.error.no_committer_account",
-				}
-			}
-		}
-		commitVerification := hashAndVerifyWithSubKeysCommitVerification(sig, payload, key, committer, signer, email)
-		if commitVerification != nil {
-			return commitVerification
-		}
-	}
-	// This is a bad situation ... We have a key id that is in our database but the signature doesn't match.
-	return &CommitVerification{
-		CommittingUser: committer,
-		Verified:       false,
-		Warning:        true,
-		Reason:         BadSignature,
-	}
-}
-
 // CalculateTrustStatus will calculate the TrustStatus for a commit verification within a repository
 // There are several trust models in Gitea
 func CalculateTrustStatus(verification *CommitVerification, repoTrustModel repo_model.TrustModelType, isOwnerMemberCollaborator func(*user_model.User) (bool, error), keyMap *map[string]bool) error {

models/asymkey/gpg_key_common.go

@@ -33,9 +33,9 @@ import (
 
 // This file provides common functions relating to GPG Keys
 
-// checkArmoredGPGKeyString checks if the given key string is a valid GPG armored key.
+// CheckArmoredGPGKeyString checks if the given key string is a valid GPG armored key.
 // The function returns the actual public key on success
-func checkArmoredGPGKeyString(content string) (openpgp.EntityList, error) {
+func CheckArmoredGPGKeyString(content string) (openpgp.EntityList, error) {
 	list, err := openpgp.ReadArmoredKeyRing(strings.NewReader(content))
 	if err != nil {
 		return nil, ErrGPGKeyParsing{err}
@@ -43,8 +43,8 @@ func checkArmoredGPGKeyString(content string) (openpgp.EntityList, error) {
 	return list, nil
 }
 
-// base64EncPubKey encode public key content to base 64
+// Base64EncPubKey encode public key content to base 64
-func base64EncPubKey(pubkey *packet.PublicKey) (string, error) {
+func Base64EncPubKey(pubkey *packet.PublicKey) (string, error) {
 	var w bytes.Buffer
 	err := pubkey.Serialize(&w)
 	if err != nil {
@@ -119,7 +119,7 @@ func readArmoredSign(r io.Reader) (body io.Reader, err error) {
 	return block.Body, nil
 }
 
-func extractSignature(s string) (*packet.Signature, error) {
+func ExtractSignature(s string) (*packet.Signature, error) {
 	r, err := readArmoredSign(strings.NewReader(s))
 	if err != nil {
 		return nil, fmt.Errorf("Failed to read signature armor")
@@ -135,7 +135,7 @@ func extractSignature(s string) (*packet.Signature, error) {
 	return sig, nil
 }
 
-func tryGetKeyIDFromSignature(sig *packet.Signature) string {
+func TryGetKeyIDFromSignature(sig *packet.Signature) string {
 	if sig.IssuerKeyId != nil && (*sig.IssuerKeyId) != 0 {
 		return fmt.Sprintf("%016X", *sig.IssuerKeyId)
 	}

models/asymkey/gpg_key_test.go

@@ -51,7 +51,7 @@ MkM/fdpyc2hY7Dl/+qFmN5MG5yGmMpQcX+RNNR222ibNC1D3wg==
 =i9b7
 -----END PGP PUBLIC KEY BLOCK-----`
 
-	key, err := checkArmoredGPGKeyString(testGPGArmor)
+	key, err := CheckArmoredGPGKeyString(testGPGArmor)
 	assert.NoError(t, err, "Could not parse a valid GPG public armored rsa key", key)
 	// TODO verify value of key
 }
@@ -72,7 +72,7 @@ OyjLLnFQiVmq7kEA/0z0CQe3ZQiQIq5zrs7Nh1XRkFAo8GlU/SGC9XFFi722
 =ZiSe
 -----END PGP PUBLIC KEY BLOCK-----`
 
-	key, err := checkArmoredGPGKeyString(testGPGArmor)
+	key, err := CheckArmoredGPGKeyString(testGPGArmor)
 	assert.NoError(t, err, "Could not parse a valid GPG public armored brainpoolP256r1 key", key)
 	// TODO verify value of key
 }
@@ -108,14 +108,14 @@ Av844q/BfRuVsJsK1NDNG09LC30B0l3LKBqlrRmRTUMHtgchdX2dY+p7GPOoSzlR
 MkM/fdpyc2hY7Dl/+qFmN5MG5yGmMpQcX+RNNR222ibNC1D3wg==
 =i9b7
 -----END PGP PUBLIC KEY BLOCK-----`
-	keys, err := checkArmoredGPGKeyString(testGPGArmor)
+	keys, err := CheckArmoredGPGKeyString(testGPGArmor)
 	require.NotEmpty(t, keys)
 
 	ekey := keys[0]
 	assert.NoError(t, err, "Could not parse a valid GPG armored key", ekey)
 
 	pubkey := ekey.PrimaryKey
-	content, err := base64EncPubKey(pubkey)
+	content, err := Base64EncPubKey(pubkey)
 	assert.NoError(t, err, "Could not base64 encode a valid PublicKey content", ekey)
 
 	key := &GPGKey{
@@ -176,9 +176,9 @@ committer Antoine GIRARD <sapk@sapk.fr> 1489013107 +0100
 Unknown GPG key with good email
 `
 	// Reading Sign
-	goodSig, err := extractSignature(testGoodSigArmor)
+	goodSig, err := ExtractSignature(testGoodSigArmor)
 	assert.NoError(t, err, "Could not parse a valid GPG armored signature", testGoodSigArmor)
-	badSig, err := extractSignature(testBadSigArmor)
+	badSig, err := ExtractSignature(testBadSigArmor)
 	assert.NoError(t, err, "Could not parse a valid GPG armored signature", testBadSigArmor)
 
 	// Generating hash of commit
@@ -386,7 +386,7 @@ epiDVQ==
 =VSKJ
 -----END PGP PUBLIC KEY BLOCK-----
 `
-	keys, err := checkArmoredGPGKeyString(testIssue6599)
+	keys, err := CheckArmoredGPGKeyString(testIssue6599)
 	assert.NoError(t, err)
 	if assert.NotEmpty(t, keys) {
 		ekey := keys[0]
@@ -396,11 +396,11 @@ epiDVQ==
 }
 
 func TestTryGetKeyIDFromSignature(t *testing.T) {
-	assert.Empty(t, tryGetKeyIDFromSignature(&packet.Signature{}))
+	assert.Empty(t, TryGetKeyIDFromSignature(&packet.Signature{}))
-	assert.Equal(t, "038D1A3EADDBEA9C", tryGetKeyIDFromSignature(&packet.Signature{
+	assert.Equal(t, "038D1A3EADDBEA9C", TryGetKeyIDFromSignature(&packet.Signature{
 		IssuerKeyId: util.ToPointer(uint64(0x38D1A3EADDBEA9C)),
 	}))
-	assert.Equal(t, "038D1A3EADDBEA9C", tryGetKeyIDFromSignature(&packet.Signature{
+	assert.Equal(t, "038D1A3EADDBEA9C", TryGetKeyIDFromSignature(&packet.Signature{
 		IssuerFingerprint: []uint8{0xb, 0x23, 0x24, 0xc7, 0xe6, 0xfe, 0x4f, 0x3a, 0x6, 0x26, 0xc1, 0x21, 0x3, 0x8d, 0x1a, 0x3e, 0xad, 0xdb, 0xea, 0x9c},
 	}))
 }

models/asymkey/gpg_key_verify.go

@@ -50,7 +50,7 @@ func VerifyGPGKey(ctx context.Context, ownerID int64, keyID, token, signature st
 		return "", err
 	}
 
-	sig, err := extractSignature(signature)
+	sig, err := ExtractSignature(signature)
 	if err != nil {
 		return "", ErrGPGInvalidTokenSignature{
 			ID:      key.KeyID,

models/git/commit_status.go

@@ -496,51 +496,11 @@ type SignCommitWithStatuses struct {
 	*asymkey_model.SignCommit
 }
 
-// ParseCommitsWithStatus checks commits latest statuses and calculates its worst status state
-func ParseCommitsWithStatus(ctx context.Context, oldCommits []*asymkey_model.SignCommit, repo *repo_model.Repository) ([]*SignCommitWithStatuses, error) {
-	newCommits := make([]*SignCommitWithStatuses, 0, len(oldCommits))
-
-	for _, c := range oldCommits {
-		commit := &SignCommitWithStatuses{
-			SignCommit: c,
-		}
-		statuses, _, err := GetLatestCommitStatus(ctx, repo.ID, commit.ID.String(), db.ListOptions{})
-		if err != nil {
-			return nil, err
-		}
-
-		commit.Statuses = statuses
-		commit.Status = CalcCommitStatus(statuses)
-		newCommits = append(newCommits, commit)
-	}
-	return newCommits, nil
-}
-
 // hashCommitStatusContext hash context
 func hashCommitStatusContext(context string) string {
 	return fmt.Sprintf("%x", sha1.Sum([]byte(context)))
 }
 
-// ConvertFromGitCommit converts git commits into SignCommitWithStatuses
-func ConvertFromGitCommit(ctx context.Context, commits []*git.Commit, repo *repo_model.Repository) ([]*SignCommitWithStatuses, error) {
-	validatedCommits, err := user_model.ValidateCommitsWithEmails(ctx, commits)
-	if err != nil {
-		return nil, err
-	}
-	signedCommits, err := asymkey_model.ParseCommitsWithSignature(
-		ctx,
-		validatedCommits,
-		repo.GetTrustModel(),
-		func(user *user_model.User) (bool, error) {
-			return repo_model.IsOwnerMemberCollaborator(ctx, repo, user.ID)
-		},
-	)
-	if err != nil {
-		return nil, err
-	}
-	return ParseCommitsWithStatus(ctx, signedCommits, repo)
-}
-
 // CommitStatusesHideActionsURL hide Gitea Actions urls
 func CommitStatusesHideActionsURL(ctx context.Context, statuses []*CommitStatus) {
 	idToRepos := make(map[int64]*repo_model.Repository)

models/issues/comment.go

@@ -19,8 +19,6 @@ import (
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/container"
-	"code.gitea.io/gitea/modules/gitrepo"
-	"code.gitea.io/gitea/modules/json"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/optional"
 	"code.gitea.io/gitea/modules/references"
@@ -774,44 +772,6 @@ func (c *Comment) CodeCommentLink(ctx context.Context) string {
 	return fmt.Sprintf("%s/files#%s", c.Issue.Link(), c.HashTag())
 }
 
-// LoadPushCommits Load push commits
-func (c *Comment) LoadPushCommits(ctx context.Context) (err error) {
-	if c.Content == "" || c.Commits != nil || c.Type != CommentTypePullRequestPush {
-		return nil
-	}
-
-	var data PushActionContent
-
-	err = json.Unmarshal([]byte(c.Content), &data)
-	if err != nil {
-		return err
-	}
-
-	c.IsForcePush = data.IsForcePush
-
-	if c.IsForcePush {
-		if len(data.CommitIDs) != 2 {
-			return nil
-		}
-		c.OldCommit = data.CommitIDs[0]
-		c.NewCommit = data.CommitIDs[1]
-	} else {
-		gitRepo, closer, err := gitrepo.RepositoryFromContextOrOpen(ctx, c.Issue.Repo)
-		if err != nil {
-			return err
-		}
-		defer closer.Close()
-
-		c.Commits, err = git_model.ConvertFromGitCommit(ctx, gitRepo.GetCommitsFromIDs(data.CommitIDs), c.Issue.Repo)
-		if err != nil {
-			return err
-		}
-		c.CommitsNum = int64(len(c.Commits))
-	}
-
-	return err
-}
-
 // CreateComment creates comment with context
 func CreateComment(ctx context.Context, opts *CreateCommentOptions) (_ *Comment, err error) {
 	ctx, committer, err := db.TxContext(ctx)

routers/private/hook_verification.go

@@ -10,9 +10,9 @@ import (
 	"io"
 	"os"
 
-	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
+	asymkey_service "code.gitea.io/gitea/services/asymkey"
 )
 
 // This file contains commit verification functions for refs passed across in hooks
@@ -96,7 +96,7 @@ func readAndVerifyCommit(sha string, repo *git.Repository, env []string) error {
 				if err != nil {
 					return err
 				}
-				verification := asymkey_model.ParseCommitWithSignature(ctx, commit)
+				verification := asymkey_service.ParseCommitWithSignature(ctx, commit)
 				if !verification.Verified {
 					cancel()
 					return &errUnverifiedCommit{

routers/web/repo/commit.go

@@ -28,7 +28,9 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/templates"
 	"code.gitea.io/gitea/modules/util"
+	asymkey_service "code.gitea.io/gitea/services/asymkey"
 	"code.gitea.io/gitea/services/context"
+	git_service "code.gitea.io/gitea/services/git"
 	"code.gitea.io/gitea/services/gitdiff"
 	repo_service "code.gitea.io/gitea/services/repository"
 	"code.gitea.io/gitea/services/repository/gitgraph"
@@ -365,7 +367,7 @@ func Diff(ctx *context.Context) {
 	ctx.Data["CommitStatus"] = git_model.CalcCommitStatus(statuses)
 	ctx.Data["CommitStatuses"] = statuses
 
-	verification := asymkey_model.ParseCommitWithSignature(ctx, commit)
+	verification := asymkey_service.ParseCommitWithSignature(ctx, commit)
 	ctx.Data["Verification"] = verification
 	ctx.Data["Author"] = user_model.ValidateCommitWithEmail(ctx, commit)
 	ctx.Data["Parents"] = parents
@@ -429,7 +431,7 @@ func RawDiff(ctx *context.Context) {
 }
 
 func processGitCommits(ctx *context.Context, gitCommits []*git.Commit) ([]*git_model.SignCommitWithStatuses, error) {
-	commits, err := git_model.ConvertFromGitCommit(ctx, gitCommits, ctx.Repo.Repository)
+	commits, err := git_service.ConvertFromGitCommit(ctx, gitCommits, ctx.Repo.Repository)
 	if err != nil {
 		return nil, err
 	}

routers/web/repo/issue_view.go

@@ -716,8 +716,8 @@ func prepareIssueViewCommentsAndSidebarParticipants(ctx *context.Context, issue
 			}
 		} else if comment.Type == issues_model.CommentTypePullRequestPush {
 			participants = addParticipant(comment.Poster, participants)
-			if err = comment.LoadPushCommits(ctx); err != nil {
+			if err = issue_service.LoadCommentPushCommits(ctx, comment); err != nil {
-				ctx.ServerError("LoadPushCommits", err)
+				ctx.ServerError("LoadCommentPushCommits", err)
 				return
 			}
 			if !ctx.Repo.CanRead(unit.TypeActions) {

routers/web/repo/view.go

@@ -38,6 +38,7 @@ import (
 	"code.gitea.io/gitea/modules/templates"
 	"code.gitea.io/gitea/modules/typesniffer"
 	"code.gitea.io/gitea/modules/util"
+	asymkey_service "code.gitea.io/gitea/services/asymkey"
 	"code.gitea.io/gitea/services/context"
 	repo_service "code.gitea.io/gitea/services/repository"
 
@@ -116,7 +117,7 @@ func loadLatestCommitData(ctx *context.Context, latestCommit *git.Commit) bool {
 	// or of directory if not in root directory.
 	ctx.Data["LatestCommit"] = latestCommit
 	if latestCommit != nil {
-		verification := asymkey_model.ParseCommitWithSignature(ctx, latestCommit)
+		verification := asymkey_service.ParseCommitWithSignature(ctx, latestCommit)
 
 		if err := asymkey_model.CalculateTrustStatus(verification, ctx.Repo.Repository.GetTrustModel(), func(user *user_model.User) (bool, error) {
 			return repo_model.IsOwnerMemberCollaborator(ctx, ctx.Repo.Repository, user.ID)

routers/web/repo/wiki.go

@@ -14,7 +14,6 @@ import (
 	"path/filepath"
 	"strings"
 
-	git_model "code.gitea.io/gitea/models/git"
 	"code.gitea.io/gitea/models/renderhelper"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unit"
@@ -33,6 +32,7 @@ import (
 	"code.gitea.io/gitea/routers/common"
 	"code.gitea.io/gitea/services/context"
 	"code.gitea.io/gitea/services/forms"
+	git_service "code.gitea.io/gitea/services/git"
 	notify_service "code.gitea.io/gitea/services/notify"
 	wiki_service "code.gitea.io/gitea/services/wiki"
 )
@@ -437,7 +437,7 @@ func renderRevisionPage(ctx *context.Context) (*git.Repository, *git.TreeEntry)
 		ctx.ServerError("CommitsByFileAndRange", err)
 		return nil, nil
 	}
-	ctx.Data["Commits"], err = git_model.ConvertFromGitCommit(ctx, commitsHistory, ctx.Repo.Repository)
+	ctx.Data["Commits"], err = git_service.ConvertFromGitCommit(ctx, commitsHistory, ctx.Repo.Repository)
 	if err != nil {
 		if wikiRepo != nil {
 			wikiRepo.Close()

services/asymkey/commit.go

@@ -0,0 +1,363 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package asymkey
+
+import (
+	"context"
+	"strings"
+
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
+	"code.gitea.io/gitea/models/db"
+	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+
+	"github.com/ProtonMail/go-crypto/openpgp/packet"
+)
+
+// ParseCommitWithSignature check if signature is good against keystore.
+func ParseCommitWithSignature(ctx context.Context, c *git.Commit) *asymkey_model.CommitVerification {
+	var committer *user_model.User
+	if c.Committer != nil {
+		var err error
+		// Find Committer account
+		committer, err = user_model.GetUserByEmail(ctx, c.Committer.Email) // This finds the user by primary email or activated email so commit will not be valid if email is not
+		if err != nil {                                                    // Skipping not user for committer
+			committer = &user_model.User{
+				Name:  c.Committer.Name,
+				Email: c.Committer.Email,
+			}
+			// We can expect this to often be an ErrUserNotExist. in the case
+			// it is not, however, it is important to log it.
+			if !user_model.IsErrUserNotExist(err) {
+				log.Error("GetUserByEmail: %v", err)
+				return &asymkey_model.CommitVerification{
+					CommittingUser: committer,
+					Verified:       false,
+					Reason:         "gpg.error.no_committer_account",
+				}
+			}
+		}
+	}
+
+	return ParseCommitWithSignatureCommitter(ctx, c, committer)
+}
+
+func ParseCommitWithSignatureCommitter(ctx context.Context, c *git.Commit, committer *user_model.User) *asymkey_model.CommitVerification {
+	// If no signature just report the committer
+	if c.Signature == nil {
+		return &asymkey_model.CommitVerification{
+			CommittingUser: committer,
+			Verified:       false,                         // Default value
+			Reason:         "gpg.error.not_signed_commit", // Default value
+		}
+	}
+
+	// If this a SSH signature handle it differently
+	if strings.HasPrefix(c.Signature.Signature, "-----BEGIN SSH SIGNATURE-----") {
+		return asymkey_model.ParseCommitWithSSHSignature(ctx, c, committer)
+	}
+
+	// Parsing signature
+	sig, err := asymkey_model.ExtractSignature(c.Signature.Signature)
+	if err != nil { // Skipping failed to extract sign
+		log.Error("SignatureRead err: %v", err)
+		return &asymkey_model.CommitVerification{
+			CommittingUser: committer,
+			Verified:       false,
+			Reason:         "gpg.error.extract_sign",
+		}
+	}
+
+	keyID := asymkey_model.TryGetKeyIDFromSignature(sig)
+	defaultReason := asymkey_model.NoKeyFound
+
+	// First check if the sig has a keyID and if so just look at that
+	if commitVerification := HashAndVerifyForKeyID(
+		ctx,
+		sig,
+		c.Signature.Payload,
+		committer,
+		keyID,
+		setting.AppName,
+		""); commitVerification != nil {
+		if commitVerification.Reason == asymkey_model.BadSignature {
+			defaultReason = asymkey_model.BadSignature
+		} else {
+			return commitVerification
+		}
+	}
+
+	// Now try to associate the signature with the committer, if present
+	if committer.ID != 0 {
+		keys, err := db.Find[asymkey_model.GPGKey](ctx, asymkey_model.FindGPGKeyOptions{
+			OwnerID: committer.ID,
+		})
+		if err != nil { // Skipping failed to get gpg keys of user
+			log.Error("ListGPGKeys: %v", err)
+			return &asymkey_model.CommitVerification{
+				CommittingUser: committer,
+				Verified:       false,
+				Reason:         "gpg.error.failed_retrieval_gpg_keys",
+			}
+		}
+
+		if err := asymkey_model.GPGKeyList(keys).LoadSubKeys(ctx); err != nil {
+			log.Error("LoadSubKeys: %v", err)
+			return &asymkey_model.CommitVerification{
+				CommittingUser: committer,
+				Verified:       false,
+				Reason:         "gpg.error.failed_retrieval_gpg_keys",
+			}
+		}
+
+		committerEmailAddresses, _ := user_model.GetEmailAddresses(ctx, committer.ID)
+		activated := false
+		for _, e := range committerEmailAddresses {
+			if e.IsActivated && strings.EqualFold(e.Email, c.Committer.Email) {
+				activated = true
+				break
+			}
+		}
+
+		for _, k := range keys {
+			// Pre-check (& optimization) that emails attached to key can be attached to the committer email and can validate
+			canValidate := false
+			email := ""
+			if k.Verified && activated {
+				canValidate = true
+				email = c.Committer.Email
+			}
+			if !canValidate {
+				for _, e := range k.Emails {
+					if e.IsActivated && strings.EqualFold(e.Email, c.Committer.Email) {
+						canValidate = true
+						email = e.Email
+						break
+					}
+				}
+			}
+			if !canValidate {
+				continue // Skip this key
+			}
+
+			commitVerification := asymkey_model.HashAndVerifyWithSubKeysCommitVerification(sig, c.Signature.Payload, k, committer, committer, email)
+			if commitVerification != nil {
+				return commitVerification
+			}
+		}
+	}
+
+	if setting.Repository.Signing.SigningKey != "" && setting.Repository.Signing.SigningKey != "default" && setting.Repository.Signing.SigningKey != "none" {
+		// OK we should try the default key
+		gpgSettings := git.GPGSettings{
+			Sign:  true,
+			KeyID: setting.Repository.Signing.SigningKey,
+			Name:  setting.Repository.Signing.SigningName,
+			Email: setting.Repository.Signing.SigningEmail,
+		}
+		if err := gpgSettings.LoadPublicKeyContent(); err != nil {
+			log.Error("Error getting default signing key: %s %v", gpgSettings.KeyID, err)
+		} else if commitVerification := VerifyWithGPGSettings(ctx, &gpgSettings, sig, c.Signature.Payload, committer, keyID); commitVerification != nil {
+			if commitVerification.Reason == asymkey_model.BadSignature {
+				defaultReason = asymkey_model.BadSignature
+			} else {
+				return commitVerification
+			}
+		}
+	}
+
+	defaultGPGSettings, err := c.GetRepositoryDefaultPublicGPGKey(false)
+	if err != nil {
+		log.Error("Error getting default public gpg key: %v", err)
+	} else if defaultGPGSettings == nil {
+		log.Warn("Unable to get defaultGPGSettings for unattached commit: %s", c.ID.String())
+	} else if defaultGPGSettings.Sign {
+		if commitVerification := VerifyWithGPGSettings(ctx, defaultGPGSettings, sig, c.Signature.Payload, committer, keyID); commitVerification != nil {
+			if commitVerification.Reason == asymkey_model.BadSignature {
+				defaultReason = asymkey_model.BadSignature
+			} else {
+				return commitVerification
+			}
+		}
+	}
+
+	return &asymkey_model.CommitVerification{ // Default at this stage
+		CommittingUser: committer,
+		Verified:       false,
+		Warning:        defaultReason != asymkey_model.NoKeyFound,
+		Reason:         defaultReason,
+		SigningKey: &asymkey_model.GPGKey{
+			KeyID: keyID,
+		},
+	}
+}
+
+func checkKeyEmails(ctx context.Context, email string, keys ...*asymkey_model.GPGKey) (bool, string) {
+	uid := int64(0)
+	var userEmails []*user_model.EmailAddress
+	var user *user_model.User
+	for _, key := range keys {
+		for _, e := range key.Emails {
+			if e.IsActivated && (email == "" || strings.EqualFold(e.Email, email)) {
+				return true, e.Email
+			}
+		}
+		if key.Verified && key.OwnerID != 0 {
+			if uid != key.OwnerID {
+				userEmails, _ = user_model.GetEmailAddresses(ctx, key.OwnerID)
+				uid = key.OwnerID
+				user = &user_model.User{ID: uid}
+				_, _ = user_model.GetUser(ctx, user)
+			}
+			for _, e := range userEmails {
+				if e.IsActivated && (email == "" || strings.EqualFold(e.Email, email)) {
+					return true, e.Email
+				}
+			}
+			if user.KeepEmailPrivate && strings.EqualFold(email, user.GetEmail()) {
+				return true, user.GetEmail()
+			}
+		}
+	}
+	return false, email
+}
+
+func HashAndVerifyForKeyID(ctx context.Context, sig *packet.Signature, payload string, committer *user_model.User, keyID, name, email string) *asymkey_model.CommitVerification {
+	if keyID == "" {
+		return nil
+	}
+	keys, err := db.Find[asymkey_model.GPGKey](ctx, asymkey_model.FindGPGKeyOptions{
+		KeyID:          keyID,
+		IncludeSubKeys: true,
+	})
+	if err != nil {
+		log.Error("GetGPGKeysByKeyID: %v", err)
+		return &asymkey_model.CommitVerification{
+			CommittingUser: committer,
+			Verified:       false,
+			Reason:         "gpg.error.failed_retrieval_gpg_keys",
+		}
+	}
+	if len(keys) == 0 {
+		return nil
+	}
+	for _, key := range keys {
+		var primaryKeys []*asymkey_model.GPGKey
+		if key.PrimaryKeyID != "" {
+			primaryKeys, err = db.Find[asymkey_model.GPGKey](ctx, asymkey_model.FindGPGKeyOptions{
+				KeyID:          key.PrimaryKeyID,
+				IncludeSubKeys: true,
+			})
+			if err != nil {
+				log.Error("GetGPGKeysByKeyID: %v", err)
+				return &asymkey_model.CommitVerification{
+					CommittingUser: committer,
+					Verified:       false,
+					Reason:         "gpg.error.failed_retrieval_gpg_keys",
+				}
+			}
+		}
+
+		activated, email := checkKeyEmails(ctx, email, append([]*asymkey_model.GPGKey{key}, primaryKeys...)...)
+		if !activated {
+			continue
+		}
+
+		signer := &user_model.User{
+			Name:  name,
+			Email: email,
+		}
+		if key.OwnerID != 0 {
+			owner, err := user_model.GetUserByID(ctx, key.OwnerID)
+			if err == nil {
+				signer = owner
+			} else if !user_model.IsErrUserNotExist(err) {
+				log.Error("Failed to user_model.GetUserByID: %d for key ID: %d (%s) %v", key.OwnerID, key.ID, key.KeyID, err)
+				return &asymkey_model.CommitVerification{
+					CommittingUser: committer,
+					Verified:       false,
+					Reason:         "gpg.error.no_committer_account",
+				}
+			}
+		}
+		commitVerification := asymkey_model.HashAndVerifyWithSubKeysCommitVerification(sig, payload, key, committer, signer, email)
+		if commitVerification != nil {
+			return commitVerification
+		}
+	}
+	// This is a bad situation ... We have a key id that is in our database but the signature doesn't match.
+	return &asymkey_model.CommitVerification{
+		CommittingUser: committer,
+		Verified:       false,
+		Warning:        true,
+		Reason:         asymkey_model.BadSignature,
+	}
+}
+
+func VerifyWithGPGSettings(ctx context.Context, gpgSettings *git.GPGSettings, sig *packet.Signature, payload string, committer *user_model.User, keyID string) *asymkey_model.CommitVerification {
+	// First try to find the key in the db
+	if commitVerification := HashAndVerifyForKeyID(ctx, sig, payload, committer, gpgSettings.KeyID, gpgSettings.Name, gpgSettings.Email); commitVerification != nil {
+		return commitVerification
+	}
+
+	// Otherwise we have to parse the key
+	ekeys, err := asymkey_model.CheckArmoredGPGKeyString(gpgSettings.PublicKeyContent)
+	if err != nil {
+		log.Error("Unable to get default signing key: %v", err)
+		return &asymkey_model.CommitVerification{
+			CommittingUser: committer,
+			Verified:       false,
+			Reason:         "gpg.error.generate_hash",
+		}
+	}
+	for _, ekey := range ekeys {
+		pubkey := ekey.PrimaryKey
+		content, err := asymkey_model.Base64EncPubKey(pubkey)
+		if err != nil {
+			return &asymkey_model.CommitVerification{
+				CommittingUser: committer,
+				Verified:       false,
+				Reason:         "gpg.error.generate_hash",
+			}
+		}
+		k := &asymkey_model.GPGKey{
+			Content: content,
+			CanSign: pubkey.CanSign(),
+			KeyID:   pubkey.KeyIdString(),
+		}
+		for _, subKey := range ekey.Subkeys {
+			content, err := asymkey_model.Base64EncPubKey(subKey.PublicKey)
+			if err != nil {
+				return &asymkey_model.CommitVerification{
+					CommittingUser: committer,
+					Verified:       false,
+					Reason:         "gpg.error.generate_hash",
+				}
+			}
+			k.SubsKey = append(k.SubsKey, &asymkey_model.GPGKey{
+				Content: content,
+				CanSign: subKey.PublicKey.CanSign(),
+				KeyID:   subKey.PublicKey.KeyIdString(),
+			})
+		}
+		if commitVerification := asymkey_model.HashAndVerifyWithSubKeysCommitVerification(sig, payload, k, committer, &user_model.User{
+			Name:  gpgSettings.Name,
+			Email: gpgSettings.Email,
+		}, gpgSettings.Email); commitVerification != nil {
+			return commitVerification
+		}
+		if keyID == k.KeyID {
+			// This is a bad situation ... We have a key id that matches our default key but the signature doesn't match.
+			return &asymkey_model.CommitVerification{
+				CommittingUser: committer,
+				Verified:       false,
+				Warning:        true,
+				Reason:         asymkey_model.BadSignature,
+			}
+		}
+	}
+	return nil
+}

services/asymkey/sign.go

@@ -216,7 +216,7 @@ Loop:
 			if commit.Signature == nil {
 				return false, "", nil, &ErrWontSign{parentSigned}
 			}
-			verification := asymkey_model.ParseCommitWithSignature(ctx, commit)
+			verification := ParseCommitWithSignature(ctx, commit)
 			if !verification.Verified {
 				return false, "", nil, &ErrWontSign{parentSigned}
 			}
@@ -272,7 +272,7 @@ Loop:
 			if commit.Signature == nil {
 				return false, "", nil, &ErrWontSign{parentSigned}
 			}
-			verification := asymkey_model.ParseCommitWithSignature(ctx, commit)
+			verification := ParseCommitWithSignature(ctx, commit)
 			if !verification.Verified {
 				return false, "", nil, &ErrWontSign{parentSigned}
 			}
@@ -347,7 +347,7 @@ Loop:
 			if err != nil {
 				return false, "", nil, err
 			}
-			verification := asymkey_model.ParseCommitWithSignature(ctx, commit)
+			verification := ParseCommitWithSignature(ctx, commit)
 			if !verification.Verified {
 				return false, "", nil, &ErrWontSign{baseSigned}
 			}
@@ -363,7 +363,7 @@ Loop:
 			if err != nil {
 				return false, "", nil, err
 			}
-			verification := asymkey_model.ParseCommitWithSignature(ctx, commit)
+			verification := ParseCommitWithSignature(ctx, commit)
 			if !verification.Verified {
 				return false, "", nil, &ErrWontSign{headSigned}
 			}
@@ -379,7 +379,7 @@ Loop:
 			if err != nil {
 				return false, "", nil, err
 			}
-			verification := asymkey_model.ParseCommitWithSignature(ctx, commit)
+			verification := ParseCommitWithSignature(ctx, commit)
 			if !verification.Verified {
 				return false, "", nil, &ErrWontSign{commitsSigned}
 			}
@@ -393,7 +393,7 @@ Loop:
 				return false, "", nil, err
 			}
 			for _, commit := range commitList {
-				verification := asymkey_model.ParseCommitWithSignature(ctx, commit)
+				verification := ParseCommitWithSignature(ctx, commit)
 				if !verification.Verified {
 					return false, "", nil, &ErrWontSign{commitsSigned}
 				}

services/convert/convert.go

@@ -28,6 +28,7 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/util"
+	asymkey_service "code.gitea.io/gitea/services/asymkey"
 	"code.gitea.io/gitea/services/gitdiff"
 )
 
@@ -253,7 +254,7 @@ func ToActionArtifact(repo *repo_model.Repository, art *actions_model.ActionArti
 
 // ToVerification convert a git.Commit.Signature to an api.PayloadCommitVerification
 func ToVerification(ctx context.Context, c *git.Commit) *api.PayloadCommitVerification {
-	verif := asymkey_model.ParseCommitWithSignature(ctx, c)
+	verif := asymkey_service.ParseCommitWithSignature(ctx, c)
 	commitVerification := &api.PayloadCommitVerification{
 		Verified: verif.Verified,
 		Reason:   verif.Reason,

services/git/commit.go

@@ -0,0 +1,95 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package git
+
+import (
+	"context"
+
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
+	"code.gitea.io/gitea/models/db"
+	git_model "code.gitea.io/gitea/models/git"
+	repo_model "code.gitea.io/gitea/models/repo"
+	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/container"
+	"code.gitea.io/gitea/modules/git"
+	asymkey_service "code.gitea.io/gitea/services/asymkey"
+)
+
+// ParseCommitsWithSignature checks if signaute of commits are corresponding to users gpg keys.
+func ParseCommitsWithSignature(ctx context.Context, oldCommits []*user_model.UserCommit, repoTrustModel repo_model.TrustModelType, isOwnerMemberCollaborator func(*user_model.User) (bool, error)) ([]*asymkey_model.SignCommit, error) {
+	newCommits := make([]*asymkey_model.SignCommit, 0, len(oldCommits))
+	keyMap := map[string]bool{}
+
+	emails := make(container.Set[string])
+	for _, c := range oldCommits {
+		if c.Committer != nil {
+			emails.Add(c.Committer.Email)
+		}
+	}
+
+	emailUsers, err := user_model.GetUsersByEmails(ctx, emails.Values())
+	if err != nil {
+		return nil, err
+	}
+
+	for _, c := range oldCommits {
+		committer, ok := emailUsers[c.Committer.Email]
+		if !ok && c.Committer != nil {
+			committer = &user_model.User{
+				Name:  c.Committer.Name,
+				Email: c.Committer.Email,
+			}
+		}
+
+		signCommit := &asymkey_model.SignCommit{
+			UserCommit:   c,
+			Verification: asymkey_service.ParseCommitWithSignatureCommitter(ctx, c.Commit, committer),
+		}
+
+		_ = asymkey_model.CalculateTrustStatus(signCommit.Verification, repoTrustModel, isOwnerMemberCollaborator, &keyMap)
+
+		newCommits = append(newCommits, signCommit)
+	}
+	return newCommits, nil
+}
+
+// ConvertFromGitCommit converts git commits into SignCommitWithStatuses
+func ConvertFromGitCommit(ctx context.Context, commits []*git.Commit, repo *repo_model.Repository) ([]*git_model.SignCommitWithStatuses, error) {
+	validatedCommits, err := user_model.ValidateCommitsWithEmails(ctx, commits)
+	if err != nil {
+		return nil, err
+	}
+	signedCommits, err := ParseCommitsWithSignature(
+		ctx,
+		validatedCommits,
+		repo.GetTrustModel(),
+		func(user *user_model.User) (bool, error) {
+			return repo_model.IsOwnerMemberCollaborator(ctx, repo, user.ID)
+		},
+	)
+	if err != nil {
+		return nil, err
+	}
+	return ParseCommitsWithStatus(ctx, signedCommits, repo)
+}
+
+// ParseCommitsWithStatus checks commits latest statuses and calculates its worst status state
+func ParseCommitsWithStatus(ctx context.Context, oldCommits []*asymkey_model.SignCommit, repo *repo_model.Repository) ([]*git_model.SignCommitWithStatuses, error) {
+	newCommits := make([]*git_model.SignCommitWithStatuses, 0, len(oldCommits))
+
+	for _, c := range oldCommits {
+		commit := &git_model.SignCommitWithStatuses{
+			SignCommit: c,
+		}
+		statuses, _, err := git_model.GetLatestCommitStatus(ctx, repo.ID, commit.ID.String(), db.ListOptions{})
+		if err != nil {
+			return nil, err
+		}
+
+		commit.Statuses = statuses
+		commit.Status = git_model.CalcCommitStatus(statuses)
+		newCommits = append(newCommits, commit)
+	}
+	return newCommits, nil
+}

services/issue/comments.go

@@ -12,7 +12,10 @@ import (
 	access_model "code.gitea.io/gitea/models/perm/access"
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/gitrepo"
+	"code.gitea.io/gitea/modules/json"
 	"code.gitea.io/gitea/modules/timeutil"
+	git_service "code.gitea.io/gitea/services/git"
 	notify_service "code.gitea.io/gitea/services/notify"
 )
 
@@ -139,3 +142,40 @@ func DeleteComment(ctx context.Context, doer *user_model.User, comment *issues_m
 
 	return nil
 }
+
+// LoadCommentPushCommits Load push commits
+func LoadCommentPushCommits(ctx context.Context, c *issues_model.Comment) (err error) {
+	if c.Content == "" || c.Commits != nil || c.Type != issues_model.CommentTypePullRequestPush {
+		return nil
+	}
+
+	var data issues_model.PushActionContent
+	err = json.Unmarshal([]byte(c.Content), &data)
+	if err != nil {
+		return err
+	}
+
+	c.IsForcePush = data.IsForcePush
+
+	if c.IsForcePush {
+		if len(data.CommitIDs) != 2 {
+			return nil
+		}
+		c.OldCommit = data.CommitIDs[0]
+		c.NewCommit = data.CommitIDs[1]
+	} else {
+		gitRepo, closer, err := gitrepo.RepositoryFromContextOrOpen(ctx, c.Issue.Repo)
+		if err != nil {
+			return err
+		}
+		defer closer.Close()
+
+		c.Commits, err = git_service.ConvertFromGitCommit(ctx, gitRepo.GetCommitsFromIDs(data.CommitIDs), c.Issue.Repo)
+		if err != nil {
+			return err
+		}
+		c.CommitsNum = int64(len(c.Commits))
+	}
+
+	return err
+}

services/mailer/notify.go

@@ -12,6 +12,7 @@ import (
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/log"
+	issue_service "code.gitea.io/gitea/services/issue"
 	notify_service "code.gitea.io/gitea/services/notify"
 )
 
@@ -169,7 +170,7 @@ func (m *mailNotifier) PullRequestPushCommits(ctx context.Context, doer *user_mo
 		log.Error("comment.Issue.PullRequest.LoadBaseRepo: %v", err)
 		return
 	}
-	if err := comment.LoadPushCommits(ctx); err != nil {
+	if err := issue_service.LoadCommentPushCommits(ctx, comment); err != nil {
 		log.Error("comment.LoadPushCommits: %v", err)
 	}
 	m.CreateIssueComment(ctx, doer, comment.Issue.Repo, comment.Issue, comment, nil)

services/repository/files/commit.go

@@ -6,10 +6,10 @@ package files
 import (
 	"context"
 
-	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/structs"
+	asymkey_service "code.gitea.io/gitea/services/asymkey"
 )
 
 // CountDivergingCommits determines how many commits a branch is ahead or behind the repository's base branch
@@ -24,7 +24,7 @@ func CountDivergingCommits(ctx context.Context, repo *repo_model.Repository, bra
 // GetPayloadCommitVerification returns the verification information of a commit
 func GetPayloadCommitVerification(ctx context.Context, commit *git.Commit) *structs.PayloadCommitVerification {
 	verification := &structs.PayloadCommitVerification{}
-	commitVerification := asymkey_model.ParseCommitWithSignature(ctx, commit)
+	commitVerification := asymkey_service.ParseCommitWithSignature(ctx, commit)
 	if commit.Signature != nil {
 		verification.Signature = commit.Signature.Signature
 		verification.Payload = commit.Signature.Payload

services/repository/gitgraph/graph_models.go

@@ -17,6 +17,7 @@ import (
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
+	asymkey_service "code.gitea.io/gitea/services/asymkey"
 )
 
 // NewGraph creates a basic graph
@@ -114,7 +115,7 @@ func (graph *Graph) LoadAndProcessCommits(ctx context.Context, repository *repo_
 			}
 		}
 
-		c.Verification = asymkey_model.ParseCommitWithSignature(ctx, c.Commit)
+		c.Verification = asymkey_service.ParseCommitWithSignature(ctx, c.Commit)
 
 		_ = asymkey_model.CalculateTrustStatus(c.Verification, repository.GetTrustModel(), func(user *user_model.User) (bool, error) {
 			return repo_model.IsOwnerMemberCollaborator(ctx, repository, user.ID)