Describe the bug
It seems like the plugin is failing when the key has been revoked on the key server.
Caused by: org.bouncycastle.openpgp.PGPException: org.bouncycastle.openpgp.PGPSignatureList found where PGPPublicKeyRing expected
at org.bouncycastle.openpgp.PGPPublicKeyRingCollection.<init> (Unknown Source)
at org.simplify4u.plugins.pgp.PublicKeyUtils.loadPublicKeyRing (PublicKeyUtils.java:144)
at org.simplify4u.plugins.keyserver.PGPKeysCache.loadKeyFromFile (PGPKeysCache.java:230)
at org.simplify4u.plugins.keyserver.PGPKeysCache.receiveKey (PGPKeysCache.java:275)
at org.simplify4u.plugins.keyserver.PGPKeysCache.lambda$null$2 (PGPKeysCache.java:181)
at org.simplify4u.plugins.keyserver.PGPKeysCache$KeyServerListOne.execute (PGPKeysCache.java:372)
at org.simplify4u.plugins.keyserver.PGPKeysCache.lambda$getKeyRing$b1186df7$1 (PGPKeysCache.java:181)
at io.vavr.control.Try.of (Try.java:75)
at org.simplify4u.plugins.keyserver.PGPKeysCache.getKeyRing (PGPKeysCache.java:181)
at org.simplify4u.plugins.pgp.SignatureUtils.lambda$checkSignature$91862a76$1 (SignatureUtils.java:304)
at io.vavr.control.Try.of (Try.java:75)
at org.simplify4u.plugins.pgp.SignatureUtils.checkSignature (SignatureUtils.java:304)
at org.simplify4u.plugins.pgp.SignatureUtils.checkSignature (SignatureUtils.java:362)
at org.simplify4u.plugins.CheckMojo.processArtifactSignature (CheckMojo.java:243)
To Reproduce
cd $CI_PROJECT_DIR/project/dir && mvn org.simplify4u.plugins:pgpverify-maven-plugin:1.17.0:check
-Dpgpverify.keyserversLoadBalance=false
-Dpgpverify.keyserver=https://keyserver.ubuntu.com
-Dpgpverify.keysMapLocation=`pwd`/../../.mvn/keysmap.properties
Describe the bug It seems like the plugin is failing when the key has been revoked on the key server.
To Reproduce
Project needs to include this artifact: https://mvnrepository.com/artifact/org.springframework.plugin/spring-plugin-core/2.0.0.RELEASE
Expected behavior PGP Verify handles it as
badSig
ornoSig
as a revoked key means that the signature should not be trusted.Additional context
Related: spring-projects/spring-plugin#102