From 6def957bfefe016a0244be10836fd379846f9978 Mon Sep 17 00:00:00 2001 From: Slawomir Jaranowski Date: Fri, 25 Jun 2021 19:38:32 +0200 Subject: [PATCH] replace sks-keyservers.net by keyserver.ubuntu.com --- src/it/keyServerList-fallBack/pom-test.xml | 2 +- .../keyServerList-fallBack/postbuild.groovy | 6 +-- src/it/keyServerList-loadBalance/pom-test.xml | 3 +- .../postbuild.groovy | 8 +-- src/it/noKeyFail/pom-test.xml | 1 + src/it/noKeyFail/postbuild.groovy | 4 +- src/it/noKeyOK/pom-test.xml | 1 + .../simplify4u/plugins/AbstractPGPMojo.java | 4 +- .../keyserver/PGPKeysServerClient.java | 6 ++- .../keyserver/PGPKeysServerClientHttp.java | 6 --- .../keyserver/PGPKeysServerClientHttps.java | 52 +------------------ src/main/resources/sks-keyservers.netCA.pem | 32 ------------ .../keyserver/PGPKeysServerClientIT.java | 6 +-- 13 files changed, 22 insertions(+), 109 deletions(-) delete mode 100644 src/main/resources/sks-keyservers.netCA.pem diff --git a/src/it/keyServerList-fallBack/pom-test.xml b/src/it/keyServerList-fallBack/pom-test.xml index d46de746..de911b6f 100644 --- a/src/it/keyServerList-fallBack/pom-test.xml +++ b/src/it/keyServerList-fallBack/pom-test.xml @@ -55,7 +55,7 @@ false http://wrong.address.example.com - https://hkps.pool.sks-keyservers.net + hkps://keyserver.ubuntu.com diff --git a/src/it/keyServerList-fallBack/postbuild.groovy b/src/it/keyServerList-fallBack/postbuild.groovy index 93cc2661..0c5ad454 100644 --- a/src/it/keyServerList-fallBack/postbuild.groovy +++ b/src/it/keyServerList-fallBack/postbuild.groovy @@ -15,12 +15,12 @@ */ def buildLog = new File( basedir, 'build.log' ) -assert buildLog.text.contains('[INFO] Key server(s) - fallback list: [{http://wrong.address.example.com}, {https://hkps.pool.sks-keyservers.net}]') +assert buildLog.text.contains('[INFO] Key server(s) - fallback list: [{http://wrong.address.example.com}, {https://keyserver.ubuntu.com}]') assert buildLog.text.contains('[WARNING] {http://wrong.address.example.com} throw exception: UnknownHostException: wrong.address.example.com for: http://wrong.address.example.com/pks/lookup?op=get&options=mr&search=0xEFE8086F9E93774E - fallback try next client') -assert buildLog.text.contains('[INFO] Receive key: https://hkps.pool.sks-keyservers.net/pks/lookup?op=get&options=mr&search=0xEFE8086F9E93774E') +assert buildLog.text.contains('[INFO] Receive key: https://keyserver.ubuntu.com/pks/lookup?op=get&options=mr&search=0xEFE8086F9E93774E') assert buildLog.text.contains('[WARNING] {http://wrong.address.example.com} throw exception: UnknownHostException: wrong.address.example.com for: http://wrong.address.example.com/pks/lookup?op=get&options=mr&search=0xA6ADFC93EF34893E - fallback try next client') -assert buildLog.text.contains('[INFO] Receive key: https://hkps.pool.sks-keyservers.net/pks/lookup?op=get&options=mr&search=0xA6ADFC93EF34893E') +assert buildLog.text.contains('[INFO] Receive key: https://keyserver.ubuntu.com/pks/lookup?op=get&options=mr&search=0xA6ADFC93EF34893E') assert buildLog.text.contains('[INFO] junit:junit:pom:4.12 PGP Signature OK') assert buildLog.text.contains('[INFO] junit:junit:jar:4.12 PGP Signature OK') diff --git a/src/it/keyServerList-loadBalance/pom-test.xml b/src/it/keyServerList-loadBalance/pom-test.xml index bc7cf974..a3a53371 100644 --- a/src/it/keyServerList-loadBalance/pom-test.xml +++ b/src/it/keyServerList-loadBalance/pom-test.xml @@ -52,7 +52,8 @@ ${project.build.directory}/pgpkeys-cache - https://hkps.pool.sks-keyservers.net; https://keyserver.ubuntu.com + https://keyserver.ubuntu.com,https://keys.openpgp.org + true diff --git a/src/it/keyServerList-loadBalance/postbuild.groovy b/src/it/keyServerList-loadBalance/postbuild.groovy index 632e044e..6cb3fe9b 100644 --- a/src/it/keyServerList-loadBalance/postbuild.groovy +++ b/src/it/keyServerList-loadBalance/postbuild.groovy @@ -15,16 +15,16 @@ */ def buildLog = new File( basedir, 'build.log' ) -assert buildLog.text.contains('[INFO] Key server(s) - load balance list: [{https://hkps.pool.sks-keyservers.net}, {https://keyserver.ubuntu.com}]') -assert buildLog.text.contains('[INFO] Receive key: https://hkps.pool.sks-keyservers.net/pks/lookup') +assert buildLog.text.contains('[INFO] Key server(s) - load balance list: [{https://keyserver.ubuntu.com}, {https://keys.openpgp.org}]') +assert buildLog.text.contains('[INFO] Receive key: https://keys.openpgp.org/pks/lookup') assert buildLog.text.contains('[INFO] Receive key: https://keyserver.ubuntu.com/pks/lookup') assert buildLog.text.contains('[INFO] junit:junit:pom:4.12 PGP Signature OK') assert buildLog.text.contains('[INFO] junit:junit:jar:4.12 PGP Signature OK') -assert buildLog.text.contains('SubKeyId: 0xD4C89EA4AAF455FD88B22087EFE8086F9E93774E of 0x58E79B6ABC762159DC0B1591164BD2247B936711 UserIds: [Marc Philipp (JUnit Development, 2014) ]') +assert buildLog.text.contains('SubKeyId: 0xD4C89EA4AAF455FD88B22087EFE8086F9E93774E of 0x58E79B6ABC762159DC0B1591164BD2247B936711') assert buildLog.text.contains('[INFO] org.hamcrest:hamcrest-core:pom:1.3 PGP Signature OK') assert buildLog.text.contains('[INFO] org.hamcrest:hamcrest-core:jar:1.3 PGP Signature OK') -assert buildLog.text.contains('KeyId: 0x4DB1A49729B053CAF015CEE9A6ADFC93EF34893E UserIds: [Tom Denley (scarytom) ]') +assert buildLog.text.contains('KeyId: 0x4DB1A49729B053CAF015CEE9A6ADFC93EF34893E') assert buildLog.text.contains('[INFO] BUILD SUCCESS') diff --git a/src/it/noKeyFail/pom-test.xml b/src/it/noKeyFail/pom-test.xml index da31197c..51f1013b 100644 --- a/src/it/noKeyFail/pom-test.xml +++ b/src/it/noKeyFail/pom-test.xml @@ -46,6 +46,7 @@ @project.version@ ${project.basedir}/keysmap.list + hkps://keyserver.ubuntu.com diff --git a/src/it/noKeyFail/postbuild.groovy b/src/it/noKeyFail/postbuild.groovy index 7f188711..ebd099b0 100644 --- a/src/it/noKeyFail/postbuild.groovy +++ b/src/it/noKeyFail/postbuild.groovy @@ -17,6 +17,6 @@ def buildLog = new File( basedir, 'build.log' ).text -assert buildLog.contains('[ERROR] PGP key https://hkps.pool.sks-keyservers.net/pks/lookup?op=vindex&fingerprint=on&search=0x466583F9480EBE2462C46B309F1A263E15FD0AC9 not found on keyserver for artifact nl.dannyvanheumen:helloworld:jar:1.0') -assert buildLog.contains('[ERROR] PGP key https://hkps.pool.sks-keyservers.net/pks/lookup?op=vindex&fingerprint=on&search=0x466583F9480EBE2462C46B309F1A263E15FD0AC9 not found on keyserver for artifact nl.dannyvanheumen:helloworld:pom:1.0') +assert buildLog.contains('[ERROR] PGP key https://keyserver.ubuntu.com/pks/lookup?op=vindex&fingerprint=on&search=0x466583F9480EBE2462C46B309F1A263E15FD0AC9 not found on keyserver for artifact nl.dannyvanheumen:helloworld:jar:1.0') +assert buildLog.contains('[ERROR] PGP key https://keyserver.ubuntu.com/pks/lookup?op=vindex&fingerprint=on&search=0x466583F9480EBE2462C46B309F1A263E15FD0AC9 not found on keyserver for artifact nl.dannyvanheumen:helloworld:pom:1.0') assert buildLog.contains('[INFO] BUILD FAILURE') diff --git a/src/it/noKeyOK/pom-test.xml b/src/it/noKeyOK/pom-test.xml index da31197c..51f1013b 100644 --- a/src/it/noKeyOK/pom-test.xml +++ b/src/it/noKeyOK/pom-test.xml @@ -46,6 +46,7 @@ @project.version@ ${project.basedir}/keysmap.list + hkps://keyserver.ubuntu.com diff --git a/src/main/java/org/simplify4u/plugins/AbstractPGPMojo.java b/src/main/java/org/simplify4u/plugins/AbstractPGPMojo.java index 54b71de5..dc838149 100644 --- a/src/main/java/org/simplify4u/plugins/AbstractPGPMojo.java +++ b/src/main/java/org/simplify4u/plugins/AbstractPGPMojo.java @@ -72,7 +72,7 @@ public abstract class AbstractPGPMojo extends AbstractMojo { * @since 1.0.0 */ @Parameter(property = "pgpverify.keyserver", required = true, - defaultValue = "hkps://hkps.pool.sks-keyservers.net,hkps://keyserver.ubuntu.com") + defaultValue = "hkps://keyserver.ubuntu.com") private String pgpKeyServer; /** @@ -100,7 +100,7 @@ public abstract class AbstractPGPMojo extends AbstractMojo { * * @since 1.7.0 */ - @Parameter(property = "pgpverify.keyserversLoadBalance", defaultValue = "true") + @Parameter(property = "pgpverify.keyserversLoadBalance", defaultValue = "false") private boolean pgpKeyServerLoadBalance; /** diff --git a/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClient.java b/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClient.java index 18faff2e..5ff58735 100644 --- a/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClient.java +++ b/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClient.java @@ -59,7 +59,7 @@ /** * Abstract base client for requesting keys from PGP key servers over HKP/HTTP and HKPS/HTTPS. */ -abstract class PGPKeysServerClient { +class PGPKeysServerClient { private static final List> IGNORE_EXCEPTION_FOR_RETRY = Arrays.asList(PGPKeyNotFound.class, UnknownHostException.class); @@ -256,7 +256,9 @@ private void processOnRetry(RetryEvent event, Duration waitInterval, } } - protected abstract HttpClientBuilder createClientBuilder(); + protected HttpClientBuilder createClientBuilder() { + return setupProxy(HttpClientBuilder.create()); + } // abstract methods to implemented in child class. diff --git a/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClientHttp.java b/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClientHttp.java index 12902003..2d58dc3a 100644 --- a/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClientHttp.java +++ b/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClientHttp.java @@ -20,7 +20,6 @@ import java.util.function.Function; import io.vavr.control.Try; -import org.apache.http.impl.client.HttpClientBuilder; /** * Implementation of a client for requesting keys from PGP key servers over HKP/HTTP. @@ -49,9 +48,4 @@ private static URI prepareKeyServerURI(URI keyServer) throws IOException { return Try.of(() -> new URI("http", keyServer.getUserInfo(), keyServer.getHost(), port, null, null, null)) .getOrElseThrow((Function) IOException::new); } - - @Override - protected HttpClientBuilder createClientBuilder() { - return setupProxy(HttpClientBuilder.create()); - } } diff --git a/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClientHttps.java b/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClientHttps.java index 3601d58d..5bd5768e 100644 --- a/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClientHttps.java +++ b/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClientHttps.java @@ -15,62 +15,17 @@ */ package org.simplify4u.plugins.keyserver; -import java.io.IOException; import java.net.URI; -import java.security.KeyManagementException; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.cert.Certificate; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.util.Locale; -import javax.net.ssl.SSLContext; -import javax.net.ssl.TrustManagerFactory; import io.vavr.control.Try; -import org.apache.http.conn.ssl.SSLConnectionSocketFactory; -import org.apache.http.impl.client.HttpClientBuilder; -import org.apache.http.impl.client.HttpClients; /** * Implementation of a client for requesting keys from PGP key servers over HKPS/HTTPS. */ class PGPKeysServerClientHttps extends PGPKeysServerClient { - private final SSLConnectionSocketFactory sslSocketFactory; - - protected PGPKeysServerClientHttps(URI uri, KeyServerClientSettings keyServerClientSettings) - throws IOException { + protected PGPKeysServerClientHttps(URI uri, KeyServerClientSettings keyServerClientSettings) { super(prepareKeyServerURI(uri), keyServerClientSettings); - - try { - if (uri.getHost().toLowerCase(Locale.ROOT).endsWith("sks-keyservers.net")) { - final CertificateFactory cf = CertificateFactory.getInstance("X.509"); - final Certificate ca = cf.generateCertificate( - Thread.currentThread().getContextClassLoader().getResourceAsStream("sks-keyservers.netCA.pem")); - - final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); - - keyStore.load(null, null); - keyStore.setCertificateEntry("ca", ca); - - final TrustManagerFactory tmf - = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); - tmf.init(keyStore); - - final SSLContext context = SSLContext.getInstance("TLS"); - context.init(null, tmf.getTrustManagers(), null); - - this.sslSocketFactory - = new SSLConnectionSocketFactory( - context, SSLConnectionSocketFactory.getDefaultHostnameVerifier()); - } else { - this.sslSocketFactory = SSLConnectionSocketFactory.getSystemSocketFactory(); - } - } catch (CertificateException | KeyStoreException | NoSuchAlgorithmException | KeyManagementException e) { - throw new IOException(e); - } } private static URI prepareKeyServerURI(URI keyserver) { @@ -79,9 +34,4 @@ private static URI prepareKeyServerURI(URI keyserver) { new URI("https", keyserver.getUserInfo(), keyserver.getHost(), keyserver.getPort(), null, null, null)).get(); } - - @Override - protected HttpClientBuilder createClientBuilder() { - return setupProxy(HttpClients.custom().setSSLSocketFactory(this.sslSocketFactory)); - } } diff --git a/src/main/resources/sks-keyservers.netCA.pem b/src/main/resources/sks-keyservers.netCA.pem deleted file mode 100644 index 24a2ad2e..00000000 --- a/src/main/resources/sks-keyservers.netCA.pem +++ /dev/null @@ -1,32 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFizCCA3OgAwIBAgIJAK9zyLTPn4CPMA0GCSqGSIb3DQEBBQUAMFwxCzAJBgNV -BAYTAk5PMQ0wCwYDVQQIDARPc2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5u -ZXQgQ0ExHjAcBgNVBAMMFXNrcy1rZXlzZXJ2ZXJzLm5ldCBDQTAeFw0xMjEwMDkw -MDMzMzdaFw0yMjEwMDcwMDMzMzdaMFwxCzAJBgNVBAYTAk5PMQ0wCwYDVQQIDARP -c2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5uZXQgQ0ExHjAcBgNVBAMMFXNr -cy1rZXlzZXJ2ZXJzLm5ldCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC -ggIBANdsWy4PXWNUCkS3L//nrd0GqN3dVwoBGZ6w94Tw2jPDPifegwxQozFXkG6I -6A4TK1CJLXPvfz0UP0aBYyPmTNadDinaB9T4jIwd4rnxl+59GiEmqkN3IfPsv5Jj -MkKUmJnvOT0DEVlEaO1UZIwx5WpfprB3mR81/qm4XkAgmYrmgnLXd/pJDAMk7y1F -45b5zWofiD5l677lplcIPRbFhpJ6kDTODXh/XEdtF71EAeaOdEGOvyGDmCO0GWqS -FDkMMPTlieLA/0rgFTcz4xwUYj/cD5e0ZBuSkYsYFAU3hd1cGfBue0cPZaQH2HYx -Qk4zXD8S3F4690fRhr+tki5gyG6JDR67aKp3BIGLqm7f45WkX1hYp+YXywmEziM4 -aSbGYhx8hoFGfq9UcfPEvp2aoc8u5sdqjDslhyUzM1v3m3ZGbhwEOnVjljY6JJLx -MxagxnZZSAY424ZZ3t71E/Mn27dm2w+xFRuoy8JEjv1d+BT3eChM5KaNwrj0IO/y -u8kFIgWYA1vZ/15qMT+tyJTfyrNVV/7Df7TNeWyNqjJ5rBmt0M6NpHG7CrUSkBy9 -p8JhimgjP5r0FlEkgg+lyD+V79H98gQfVgP3pbJICz0SpBQf2F/2tyS4rLm+49rP -fcOajiXEuyhpcmzgusAj/1FjrtlynH1r9mnNaX4e+rLWzvU5AgMBAAGjUDBOMB0G -A1UdDgQWBBTkwyoJFGfYTVISTpM8E+igjdq28zAfBgNVHSMEGDAWgBTkwyoJFGfY -TVISTpM8E+igjdq28zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQAR -OXnYwu3g1ZjHyley3fZI5aLPsaE17cOImVTehC8DcIphm2HOMR/hYTTL+V0G4P+u -gH+6xeRLKSHMHZTtSBIa6GDL03434y9CBuwGvAFCMU2GV8w92/Z7apkAhdLToZA/ -X/iWP2jeaVJhxgEcH8uPrnSlqoPBcKC9PrgUzQYfSZJkLmB+3jEa3HKruy1abJP5 -gAdQvwvcPpvYRnIzUc9fZODsVmlHVFBCl2dlu/iHh2h4GmL4Da2rRkUMlbVTdioB -UYIvMycdOkpH5wJftzw7cpjsudGas0PARDXCFfGyKhwBRFY7Xp7lbjtU5Rz0Gc04 -lPrhDf0pFE98Aw4jJRpFeWMjpXUEaG1cq7D641RpgcMfPFvOHY47rvDTS7XJOaUT -BwRjmDt896s6vMDcaG/uXJbQjuzmmx3W2Idyh3s5SI0GTHb0IwMKYb4eBUIpQOnB -cE77VnCYqKvN1NVYAqhWjXbY7XasZvszCRcOG+W3FqNaHOK/n/0ueb0uijdLan+U -f4p1bjbAox8eAOQS/8a3bzkJzdyBNUKGx1BIK2IBL9bn/HravSDOiNRSnZ/R3l9G -ZauX0tu7IIDlRCILXSyeazu0aj/vdT3YFQXPcvt5Fkf5wiNTo53f72/jYEJd6qph -WrpoKqrwGwTpRUCMhYIUt65hsTxCiJJ5nKe39h46sg== ------END CERTIFICATE----- diff --git a/src/test/java/org/simplify4u/plugins/keyserver/PGPKeysServerClientIT.java b/src/test/java/org/simplify4u/plugins/keyserver/PGPKeysServerClientIT.java index 1c7c9111..1988dfa2 100644 --- a/src/test/java/org/simplify4u/plugins/keyserver/PGPKeysServerClientIT.java +++ b/src/test/java/org/simplify4u/plugins/keyserver/PGPKeysServerClientIT.java @@ -54,11 +54,8 @@ public class PGPKeysServerClientIT { @DataProvider(name = "goodServerUrls") Object[][] goodServerUrls() { return new Object[][]{ - {"hkp://pool.sks-keyservers.net"}, - {"hkp://p80.pool.sks-keyservers.net:80"}, - {"http://p80.pool.sks-keyservers.net"}, + {"hkp://keyserver.ubuntu.com/"}, {"hkps://keyserver.ubuntu.com/"}, - {"hkps://hkps.pool.sks-keyservers.net"} }; } @@ -114,7 +111,6 @@ public void setupMockServer() { mavenSession = mock(MavenSession.class); when(mavenSession.getSettings()).thenReturn(mock(Settings.class)); - } @AfterClass(alwaysRun = true)