diff --git a/src/it/keyServerList-fallBack/pom-test.xml b/src/it/keyServerList-fallBack/pom-test.xml
index d46de746..de911b6f 100644
--- a/src/it/keyServerList-fallBack/pom-test.xml
+++ b/src/it/keyServerList-fallBack/pom-test.xml
@@ -55,7 +55,7 @@
false
http://wrong.address.example.com
- https://hkps.pool.sks-keyservers.net
+ hkps://keyserver.ubuntu.com
diff --git a/src/it/keyServerList-fallBack/postbuild.groovy b/src/it/keyServerList-fallBack/postbuild.groovy
index 93cc2661..0c5ad454 100644
--- a/src/it/keyServerList-fallBack/postbuild.groovy
+++ b/src/it/keyServerList-fallBack/postbuild.groovy
@@ -15,12 +15,12 @@
*/
def buildLog = new File( basedir, 'build.log' )
-assert buildLog.text.contains('[INFO] Key server(s) - fallback list: [{http://wrong.address.example.com}, {https://hkps.pool.sks-keyservers.net}]')
+assert buildLog.text.contains('[INFO] Key server(s) - fallback list: [{http://wrong.address.example.com}, {https://keyserver.ubuntu.com}]')
assert buildLog.text.contains('[WARNING] {http://wrong.address.example.com} throw exception: UnknownHostException: wrong.address.example.com for: http://wrong.address.example.com/pks/lookup?op=get&options=mr&search=0xEFE8086F9E93774E - fallback try next client')
-assert buildLog.text.contains('[INFO] Receive key: https://hkps.pool.sks-keyservers.net/pks/lookup?op=get&options=mr&search=0xEFE8086F9E93774E')
+assert buildLog.text.contains('[INFO] Receive key: https://keyserver.ubuntu.com/pks/lookup?op=get&options=mr&search=0xEFE8086F9E93774E')
assert buildLog.text.contains('[WARNING] {http://wrong.address.example.com} throw exception: UnknownHostException: wrong.address.example.com for: http://wrong.address.example.com/pks/lookup?op=get&options=mr&search=0xA6ADFC93EF34893E - fallback try next client')
-assert buildLog.text.contains('[INFO] Receive key: https://hkps.pool.sks-keyservers.net/pks/lookup?op=get&options=mr&search=0xA6ADFC93EF34893E')
+assert buildLog.text.contains('[INFO] Receive key: https://keyserver.ubuntu.com/pks/lookup?op=get&options=mr&search=0xA6ADFC93EF34893E')
assert buildLog.text.contains('[INFO] junit:junit:pom:4.12 PGP Signature OK')
assert buildLog.text.contains('[INFO] junit:junit:jar:4.12 PGP Signature OK')
diff --git a/src/it/keyServerList-loadBalance/pom-test.xml b/src/it/keyServerList-loadBalance/pom-test.xml
index bc7cf974..a3a53371 100644
--- a/src/it/keyServerList-loadBalance/pom-test.xml
+++ b/src/it/keyServerList-loadBalance/pom-test.xml
@@ -52,7 +52,8 @@
${project.build.directory}/pgpkeys-cache
- https://hkps.pool.sks-keyservers.net; https://keyserver.ubuntu.com
+ https://keyserver.ubuntu.com,https://keys.openpgp.org
+ true
diff --git a/src/it/keyServerList-loadBalance/postbuild.groovy b/src/it/keyServerList-loadBalance/postbuild.groovy
index 632e044e..6cb3fe9b 100644
--- a/src/it/keyServerList-loadBalance/postbuild.groovy
+++ b/src/it/keyServerList-loadBalance/postbuild.groovy
@@ -15,16 +15,16 @@
*/
def buildLog = new File( basedir, 'build.log' )
-assert buildLog.text.contains('[INFO] Key server(s) - load balance list: [{https://hkps.pool.sks-keyservers.net}, {https://keyserver.ubuntu.com}]')
-assert buildLog.text.contains('[INFO] Receive key: https://hkps.pool.sks-keyservers.net/pks/lookup')
+assert buildLog.text.contains('[INFO] Key server(s) - load balance list: [{https://keyserver.ubuntu.com}, {https://keys.openpgp.org}]')
+assert buildLog.text.contains('[INFO] Receive key: https://keys.openpgp.org/pks/lookup')
assert buildLog.text.contains('[INFO] Receive key: https://keyserver.ubuntu.com/pks/lookup')
assert buildLog.text.contains('[INFO] junit:junit:pom:4.12 PGP Signature OK')
assert buildLog.text.contains('[INFO] junit:junit:jar:4.12 PGP Signature OK')
-assert buildLog.text.contains('SubKeyId: 0xD4C89EA4AAF455FD88B22087EFE8086F9E93774E of 0x58E79B6ABC762159DC0B1591164BD2247B936711 UserIds: [Marc Philipp (JUnit Development, 2014) ]')
+assert buildLog.text.contains('SubKeyId: 0xD4C89EA4AAF455FD88B22087EFE8086F9E93774E of 0x58E79B6ABC762159DC0B1591164BD2247B936711')
assert buildLog.text.contains('[INFO] org.hamcrest:hamcrest-core:pom:1.3 PGP Signature OK')
assert buildLog.text.contains('[INFO] org.hamcrest:hamcrest-core:jar:1.3 PGP Signature OK')
-assert buildLog.text.contains('KeyId: 0x4DB1A49729B053CAF015CEE9A6ADFC93EF34893E UserIds: [Tom Denley (scarytom) ]')
+assert buildLog.text.contains('KeyId: 0x4DB1A49729B053CAF015CEE9A6ADFC93EF34893E')
assert buildLog.text.contains('[INFO] BUILD SUCCESS')
diff --git a/src/it/noKeyFail/pom-test.xml b/src/it/noKeyFail/pom-test.xml
index da31197c..51f1013b 100644
--- a/src/it/noKeyFail/pom-test.xml
+++ b/src/it/noKeyFail/pom-test.xml
@@ -46,6 +46,7 @@
@project.version@
${project.basedir}/keysmap.list
+ hkps://keyserver.ubuntu.com
diff --git a/src/it/noKeyFail/postbuild.groovy b/src/it/noKeyFail/postbuild.groovy
index 7f188711..ebd099b0 100644
--- a/src/it/noKeyFail/postbuild.groovy
+++ b/src/it/noKeyFail/postbuild.groovy
@@ -17,6 +17,6 @@
def buildLog = new File( basedir, 'build.log' ).text
-assert buildLog.contains('[ERROR] PGP key https://hkps.pool.sks-keyservers.net/pks/lookup?op=vindex&fingerprint=on&search=0x466583F9480EBE2462C46B309F1A263E15FD0AC9 not found on keyserver for artifact nl.dannyvanheumen:helloworld:jar:1.0')
-assert buildLog.contains('[ERROR] PGP key https://hkps.pool.sks-keyservers.net/pks/lookup?op=vindex&fingerprint=on&search=0x466583F9480EBE2462C46B309F1A263E15FD0AC9 not found on keyserver for artifact nl.dannyvanheumen:helloworld:pom:1.0')
+assert buildLog.contains('[ERROR] PGP key https://keyserver.ubuntu.com/pks/lookup?op=vindex&fingerprint=on&search=0x466583F9480EBE2462C46B309F1A263E15FD0AC9 not found on keyserver for artifact nl.dannyvanheumen:helloworld:jar:1.0')
+assert buildLog.contains('[ERROR] PGP key https://keyserver.ubuntu.com/pks/lookup?op=vindex&fingerprint=on&search=0x466583F9480EBE2462C46B309F1A263E15FD0AC9 not found on keyserver for artifact nl.dannyvanheumen:helloworld:pom:1.0')
assert buildLog.contains('[INFO] BUILD FAILURE')
diff --git a/src/it/noKeyOK/pom-test.xml b/src/it/noKeyOK/pom-test.xml
index da31197c..51f1013b 100644
--- a/src/it/noKeyOK/pom-test.xml
+++ b/src/it/noKeyOK/pom-test.xml
@@ -46,6 +46,7 @@
@project.version@
${project.basedir}/keysmap.list
+ hkps://keyserver.ubuntu.com
diff --git a/src/main/java/org/simplify4u/plugins/AbstractPGPMojo.java b/src/main/java/org/simplify4u/plugins/AbstractPGPMojo.java
index 54b71de5..dc838149 100644
--- a/src/main/java/org/simplify4u/plugins/AbstractPGPMojo.java
+++ b/src/main/java/org/simplify4u/plugins/AbstractPGPMojo.java
@@ -72,7 +72,7 @@ public abstract class AbstractPGPMojo extends AbstractMojo {
* @since 1.0.0
*/
@Parameter(property = "pgpverify.keyserver", required = true,
- defaultValue = "hkps://hkps.pool.sks-keyservers.net,hkps://keyserver.ubuntu.com")
+ defaultValue = "hkps://keyserver.ubuntu.com")
private String pgpKeyServer;
/**
@@ -100,7 +100,7 @@ public abstract class AbstractPGPMojo extends AbstractMojo {
*
* @since 1.7.0
*/
- @Parameter(property = "pgpverify.keyserversLoadBalance", defaultValue = "true")
+ @Parameter(property = "pgpverify.keyserversLoadBalance", defaultValue = "false")
private boolean pgpKeyServerLoadBalance;
/**
diff --git a/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClient.java b/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClient.java
index 18faff2e..5ff58735 100644
--- a/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClient.java
+++ b/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClient.java
@@ -59,7 +59,7 @@
/**
* Abstract base client for requesting keys from PGP key servers over HKP/HTTP and HKPS/HTTPS.
*/
-abstract class PGPKeysServerClient {
+class PGPKeysServerClient {
private static final List> IGNORE_EXCEPTION_FOR_RETRY =
Arrays.asList(PGPKeyNotFound.class, UnknownHostException.class);
@@ -256,7 +256,9 @@ private void processOnRetry(RetryEvent event, Duration waitInterval,
}
}
- protected abstract HttpClientBuilder createClientBuilder();
+ protected HttpClientBuilder createClientBuilder() {
+ return setupProxy(HttpClientBuilder.create());
+ }
// abstract methods to implemented in child class.
diff --git a/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClientHttp.java b/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClientHttp.java
index 12902003..2d58dc3a 100644
--- a/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClientHttp.java
+++ b/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClientHttp.java
@@ -20,7 +20,6 @@
import java.util.function.Function;
import io.vavr.control.Try;
-import org.apache.http.impl.client.HttpClientBuilder;
/**
* Implementation of a client for requesting keys from PGP key servers over HKP/HTTP.
@@ -49,9 +48,4 @@ private static URI prepareKeyServerURI(URI keyServer) throws IOException {
return Try.of(() -> new URI("http", keyServer.getUserInfo(), keyServer.getHost(), port, null, null, null))
.getOrElseThrow((Function) IOException::new);
}
-
- @Override
- protected HttpClientBuilder createClientBuilder() {
- return setupProxy(HttpClientBuilder.create());
- }
}
diff --git a/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClientHttps.java b/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClientHttps.java
index 3601d58d..5bd5768e 100644
--- a/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClientHttps.java
+++ b/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClientHttps.java
@@ -15,62 +15,17 @@
*/
package org.simplify4u.plugins.keyserver;
-import java.io.IOException;
import java.net.URI;
-import java.security.KeyManagementException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.util.Locale;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.TrustManagerFactory;
import io.vavr.control.Try;
-import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
-import org.apache.http.impl.client.HttpClientBuilder;
-import org.apache.http.impl.client.HttpClients;
/**
* Implementation of a client for requesting keys from PGP key servers over HKPS/HTTPS.
*/
class PGPKeysServerClientHttps extends PGPKeysServerClient {
- private final SSLConnectionSocketFactory sslSocketFactory;
-
- protected PGPKeysServerClientHttps(URI uri, KeyServerClientSettings keyServerClientSettings)
- throws IOException {
+ protected PGPKeysServerClientHttps(URI uri, KeyServerClientSettings keyServerClientSettings) {
super(prepareKeyServerURI(uri), keyServerClientSettings);
-
- try {
- if (uri.getHost().toLowerCase(Locale.ROOT).endsWith("sks-keyservers.net")) {
- final CertificateFactory cf = CertificateFactory.getInstance("X.509");
- final Certificate ca = cf.generateCertificate(
- Thread.currentThread().getContextClassLoader().getResourceAsStream("sks-keyservers.netCA.pem"));
-
- final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
-
- keyStore.load(null, null);
- keyStore.setCertificateEntry("ca", ca);
-
- final TrustManagerFactory tmf
- = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
- tmf.init(keyStore);
-
- final SSLContext context = SSLContext.getInstance("TLS");
- context.init(null, tmf.getTrustManagers(), null);
-
- this.sslSocketFactory
- = new SSLConnectionSocketFactory(
- context, SSLConnectionSocketFactory.getDefaultHostnameVerifier());
- } else {
- this.sslSocketFactory = SSLConnectionSocketFactory.getSystemSocketFactory();
- }
- } catch (CertificateException | KeyStoreException | NoSuchAlgorithmException | KeyManagementException e) {
- throw new IOException(e);
- }
}
private static URI prepareKeyServerURI(URI keyserver) {
@@ -79,9 +34,4 @@ private static URI prepareKeyServerURI(URI keyserver) {
new URI("https", keyserver.getUserInfo(), keyserver.getHost(), keyserver.getPort(),
null, null, null)).get();
}
-
- @Override
- protected HttpClientBuilder createClientBuilder() {
- return setupProxy(HttpClients.custom().setSSLSocketFactory(this.sslSocketFactory));
- }
}
diff --git a/src/main/resources/sks-keyservers.netCA.pem b/src/main/resources/sks-keyservers.netCA.pem
deleted file mode 100644
index 24a2ad2e..00000000
--- a/src/main/resources/sks-keyservers.netCA.pem
+++ /dev/null
@@ -1,32 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFizCCA3OgAwIBAgIJAK9zyLTPn4CPMA0GCSqGSIb3DQEBBQUAMFwxCzAJBgNV
-BAYTAk5PMQ0wCwYDVQQIDARPc2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5u
-ZXQgQ0ExHjAcBgNVBAMMFXNrcy1rZXlzZXJ2ZXJzLm5ldCBDQTAeFw0xMjEwMDkw
-MDMzMzdaFw0yMjEwMDcwMDMzMzdaMFwxCzAJBgNVBAYTAk5PMQ0wCwYDVQQIDARP
-c2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5uZXQgQ0ExHjAcBgNVBAMMFXNr
-cy1rZXlzZXJ2ZXJzLm5ldCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBANdsWy4PXWNUCkS3L//nrd0GqN3dVwoBGZ6w94Tw2jPDPifegwxQozFXkG6I
-6A4TK1CJLXPvfz0UP0aBYyPmTNadDinaB9T4jIwd4rnxl+59GiEmqkN3IfPsv5Jj
-MkKUmJnvOT0DEVlEaO1UZIwx5WpfprB3mR81/qm4XkAgmYrmgnLXd/pJDAMk7y1F
-45b5zWofiD5l677lplcIPRbFhpJ6kDTODXh/XEdtF71EAeaOdEGOvyGDmCO0GWqS
-FDkMMPTlieLA/0rgFTcz4xwUYj/cD5e0ZBuSkYsYFAU3hd1cGfBue0cPZaQH2HYx
-Qk4zXD8S3F4690fRhr+tki5gyG6JDR67aKp3BIGLqm7f45WkX1hYp+YXywmEziM4
-aSbGYhx8hoFGfq9UcfPEvp2aoc8u5sdqjDslhyUzM1v3m3ZGbhwEOnVjljY6JJLx
-MxagxnZZSAY424ZZ3t71E/Mn27dm2w+xFRuoy8JEjv1d+BT3eChM5KaNwrj0IO/y
-u8kFIgWYA1vZ/15qMT+tyJTfyrNVV/7Df7TNeWyNqjJ5rBmt0M6NpHG7CrUSkBy9
-p8JhimgjP5r0FlEkgg+lyD+V79H98gQfVgP3pbJICz0SpBQf2F/2tyS4rLm+49rP
-fcOajiXEuyhpcmzgusAj/1FjrtlynH1r9mnNaX4e+rLWzvU5AgMBAAGjUDBOMB0G
-A1UdDgQWBBTkwyoJFGfYTVISTpM8E+igjdq28zAfBgNVHSMEGDAWgBTkwyoJFGfY
-TVISTpM8E+igjdq28zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQAR
-OXnYwu3g1ZjHyley3fZI5aLPsaE17cOImVTehC8DcIphm2HOMR/hYTTL+V0G4P+u
-gH+6xeRLKSHMHZTtSBIa6GDL03434y9CBuwGvAFCMU2GV8w92/Z7apkAhdLToZA/
-X/iWP2jeaVJhxgEcH8uPrnSlqoPBcKC9PrgUzQYfSZJkLmB+3jEa3HKruy1abJP5
-gAdQvwvcPpvYRnIzUc9fZODsVmlHVFBCl2dlu/iHh2h4GmL4Da2rRkUMlbVTdioB
-UYIvMycdOkpH5wJftzw7cpjsudGas0PARDXCFfGyKhwBRFY7Xp7lbjtU5Rz0Gc04
-lPrhDf0pFE98Aw4jJRpFeWMjpXUEaG1cq7D641RpgcMfPFvOHY47rvDTS7XJOaUT
-BwRjmDt896s6vMDcaG/uXJbQjuzmmx3W2Idyh3s5SI0GTHb0IwMKYb4eBUIpQOnB
-cE77VnCYqKvN1NVYAqhWjXbY7XasZvszCRcOG+W3FqNaHOK/n/0ueb0uijdLan+U
-f4p1bjbAox8eAOQS/8a3bzkJzdyBNUKGx1BIK2IBL9bn/HravSDOiNRSnZ/R3l9G
-ZauX0tu7IIDlRCILXSyeazu0aj/vdT3YFQXPcvt5Fkf5wiNTo53f72/jYEJd6qph
-WrpoKqrwGwTpRUCMhYIUt65hsTxCiJJ5nKe39h46sg==
------END CERTIFICATE-----
diff --git a/src/test/java/org/simplify4u/plugins/keyserver/PGPKeysServerClientIT.java b/src/test/java/org/simplify4u/plugins/keyserver/PGPKeysServerClientIT.java
index 1c7c9111..1988dfa2 100644
--- a/src/test/java/org/simplify4u/plugins/keyserver/PGPKeysServerClientIT.java
+++ b/src/test/java/org/simplify4u/plugins/keyserver/PGPKeysServerClientIT.java
@@ -54,11 +54,8 @@ public class PGPKeysServerClientIT {
@DataProvider(name = "goodServerUrls")
Object[][] goodServerUrls() {
return new Object[][]{
- {"hkp://pool.sks-keyservers.net"},
- {"hkp://p80.pool.sks-keyservers.net:80"},
- {"http://p80.pool.sks-keyservers.net"},
+ {"hkp://keyserver.ubuntu.com/"},
{"hkps://keyserver.ubuntu.com/"},
- {"hkps://hkps.pool.sks-keyservers.net"}
};
}
@@ -114,7 +111,6 @@ public void setupMockServer() {
mavenSession = mock(MavenSession.class);
when(mavenSession.getSettings()).thenReturn(mock(Settings.class));
-
}
@AfterClass(alwaysRun = true)