s4u · slawekjaranowski · Jun 28, 2021 · Jun 25, 2021
diff --git a/src/it/keyServerList-fallBack/pom-test.xml b/src/it/keyServerList-fallBack/pom-test.xml
@@ -55,7 +55,7 @@
                     <pgpKeyServerLoadBalance>false</pgpKeyServerLoadBalance>
                     <pgpKeyServer>
                         http://wrong.address.example.com
-                        https://hkps.pool.sks-keyservers.net
+                        hkps://keyserver.ubuntu.com
                     </pgpKeyServer>
                 </configuration>
             </plugin>

diff --git a/src/it/keyServerList-fallBack/postbuild.groovy b/src/it/keyServerList-fallBack/postbuild.groovy
@@ -15,12 +15,12 @@
  */
 def buildLog = new File( basedir, 'build.log' )
 
-assert buildLog.text.contains('[INFO] Key server(s) - fallback list: [{http://wrong.address.example.com}, {https://hkps.pool.sks-keyservers.net}]')
+assert buildLog.text.contains('[INFO] Key server(s) - fallback list: [{http://wrong.address.example.com}, {https://keyserver.ubuntu.com}]')
 assert buildLog.text.contains('[WARNING] {http://wrong.address.example.com} throw exception: UnknownHostException: wrong.address.example.com for: http://wrong.address.example.com/pks/lookup?op=get&options=mr&search=0xEFE8086F9E93774E - fallback try next client')
-assert buildLog.text.contains('[INFO] Receive key: https://hkps.pool.sks-keyservers.net/pks/lookup?op=get&options=mr&search=0xEFE8086F9E93774E')
+assert buildLog.text.contains('[INFO] Receive key: https://keyserver.ubuntu.com/pks/lookup?op=get&options=mr&search=0xEFE8086F9E93774E')
 
 assert buildLog.text.contains('[WARNING] {http://wrong.address.example.com} throw exception: UnknownHostException: wrong.address.example.com for: http://wrong.address.example.com/pks/lookup?op=get&options=mr&search=0xA6ADFC93EF34893E - fallback try next client')
-assert buildLog.text.contains('[INFO] Receive key: https://hkps.pool.sks-keyservers.net/pks/lookup?op=get&options=mr&search=0xA6ADFC93EF34893E')
+assert buildLog.text.contains('[INFO] Receive key: https://keyserver.ubuntu.com/pks/lookup?op=get&options=mr&search=0xA6ADFC93EF34893E')
 
 assert buildLog.text.contains('[INFO] junit:junit:pom:4.12 PGP Signature OK')
 assert buildLog.text.contains('[INFO] junit:junit:jar:4.12 PGP Signature OK')

diff --git a/src/it/keyServerList-loadBalance/pom-test.xml b/src/it/keyServerList-loadBalance/pom-test.xml
@@ -52,7 +52,8 @@
                 </executions>
                 <configuration>
                     <pgpKeysCachePath>${project.build.directory}/pgpkeys-cache</pgpKeysCachePath>
-                    <pgpKeyServer>https://hkps.pool.sks-keyservers.net; https://keyserver.ubuntu.com</pgpKeyServer>
+                    <pgpKeyServer>https://keyserver.ubuntu.com,https://keys.openpgp.org</pgpKeyServer>
+                    <pgpKeyServerLoadBalance>true</pgpKeyServerLoadBalance>
                 </configuration>
             </plugin>
         </plugins>

diff --git a/src/it/keyServerList-loadBalance/postbuild.groovy b/src/it/keyServerList-loadBalance/postbuild.groovy
@@ -15,16 +15,16 @@
  */
 def buildLog = new File( basedir, 'build.log' )
 
-assert buildLog.text.contains('[INFO] Key server(s) - load balance list: [{https://hkps.pool.sks-keyservers.net}, {https://keyserver.ubuntu.com}]')
-assert buildLog.text.contains('[INFO] Receive key: https://hkps.pool.sks-keyservers.net/pks/lookup')
+assert buildLog.text.contains('[INFO] Key server(s) - load balance list: [{https://keyserver.ubuntu.com}, {https://keys.openpgp.org}]')
+assert buildLog.text.contains('[INFO] Receive key: https://keys.openpgp.org/pks/lookup')
 assert buildLog.text.contains('[INFO] Receive key: https://keyserver.ubuntu.com/pks/lookup')
 
 assert buildLog.text.contains('[INFO] junit:junit:pom:4.12 PGP Signature OK')
 assert buildLog.text.contains('[INFO] junit:junit:jar:4.12 PGP Signature OK')
-assert buildLog.text.contains('SubKeyId: 0xD4C89EA4AAF455FD88B22087EFE8086F9E93774E of 0x58E79B6ABC762159DC0B1591164BD2247B936711 UserIds: [Marc Philipp (JUnit Development, 2014) <mail@marcphilipp.de>]')
+assert buildLog.text.contains('SubKeyId: 0xD4C89EA4AAF455FD88B22087EFE8086F9E93774E of 0x58E79B6ABC762159DC0B1591164BD2247B936711')
 
 assert buildLog.text.contains('[INFO] org.hamcrest:hamcrest-core:pom:1.3 PGP Signature OK')
 assert buildLog.text.contains('[INFO] org.hamcrest:hamcrest-core:jar:1.3 PGP Signature OK')
-assert buildLog.text.contains('KeyId: 0x4DB1A49729B053CAF015CEE9A6ADFC93EF34893E UserIds: [Tom Denley (scarytom) <t.denley@cantab.net>]')
+assert buildLog.text.contains('KeyId: 0x4DB1A49729B053CAF015CEE9A6ADFC93EF34893E')
 
 assert buildLog.text.contains('[INFO] BUILD SUCCESS')
diff --git a/src/it/noKeyFail/pom-test.xml b/src/it/noKeyFail/pom-test.xml
@@ -46,6 +46,7 @@
                 <version>@project.version@</version>
                 <configuration>
                     <keysMapLocation>${project.basedir}/keysmap.list</keysMapLocation>
+                    <pgpKeyServer>hkps://keyserver.ubuntu.com</pgpKeyServer>
                 </configuration>
                 <executions>
                     <execution>

diff --git a/src/it/noKeyFail/postbuild.groovy b/src/it/noKeyFail/postbuild.groovy
@@ -17,6 +17,6 @@
 def buildLog = new File( basedir, 'build.log' ).text
 
 
-assert buildLog.contains('[ERROR] PGP key https://hkps.pool.sks-keyservers.net/pks/lookup?op=vindex&fingerprint=on&search=0x466583F9480EBE2462C46B309F1A263E15FD0AC9 not found on keyserver for artifact nl.dannyvanheumen:helloworld:jar:1.0')
-assert buildLog.contains('[ERROR] PGP key https://hkps.pool.sks-keyservers.net/pks/lookup?op=vindex&fingerprint=on&search=0x466583F9480EBE2462C46B309F1A263E15FD0AC9 not found on keyserver for artifact nl.dannyvanheumen:helloworld:pom:1.0')
+assert buildLog.contains('[ERROR] PGP key https://keyserver.ubuntu.com/pks/lookup?op=vindex&fingerprint=on&search=0x466583F9480EBE2462C46B309F1A263E15FD0AC9 not found on keyserver for artifact nl.dannyvanheumen:helloworld:jar:1.0')
+assert buildLog.contains('[ERROR] PGP key https://keyserver.ubuntu.com/pks/lookup?op=vindex&fingerprint=on&search=0x466583F9480EBE2462C46B309F1A263E15FD0AC9 not found on keyserver for artifact nl.dannyvanheumen:helloworld:pom:1.0')
 assert buildLog.contains('[INFO] BUILD FAILURE')
diff --git a/src/it/noKeyOK/pom-test.xml b/src/it/noKeyOK/pom-test.xml
@@ -46,6 +46,7 @@
                 <version>@project.version@</version>
                 <configuration>
                     <keysMapLocation>${project.basedir}/keysmap.list</keysMapLocation>
+                    <pgpKeyServer>hkps://keyserver.ubuntu.com</pgpKeyServer>
                 </configuration>
                 <executions>
                     <execution>

diff --git a/src/main/java/org/simplify4u/plugins/AbstractPGPMojo.java b/src/main/java/org/simplify4u/plugins/AbstractPGPMojo.java
@@ -72,7 +72,7 @@ public abstract class AbstractPGPMojo extends AbstractMojo {
      * @since 1.0.0
      */
     @Parameter(property = "pgpverify.keyserver", required = true,
-            defaultValue = "hkps://hkps.pool.sks-keyservers.net,hkps://keyserver.ubuntu.com")
+            defaultValue = "hkps://keyserver.ubuntu.com")
     private String pgpKeyServer;
 
     /**
@@ -100,7 +100,7 @@ public abstract class AbstractPGPMojo extends AbstractMojo {
      *
      * @since 1.7.0
      */
-    @Parameter(property = "pgpverify.keyserversLoadBalance", defaultValue = "true")
+    @Parameter(property = "pgpverify.keyserversLoadBalance", defaultValue = "false")
     private boolean pgpKeyServerLoadBalance;
 
     /**

diff --git a/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClient.java b/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClient.java
@@ -59,7 +59,7 @@
 /**
  * Abstract base client for requesting keys from PGP key servers over HKP/HTTP and HKPS/HTTPS.
  */
-abstract class PGPKeysServerClient {
+class PGPKeysServerClient {
 
     private static final List<Class<? extends Throwable>> IGNORE_EXCEPTION_FOR_RETRY =
             Arrays.asList(PGPKeyNotFound.class, UnknownHostException.class);
@@ -256,7 +256,9 @@ private void processOnRetry(RetryEvent event, Duration waitInterval,
         }
     }
 
-    protected abstract HttpClientBuilder createClientBuilder();
+    protected HttpClientBuilder createClientBuilder() {
+        return setupProxy(HttpClientBuilder.create());
+    }
 
     // abstract methods to implemented in child class.
 

diff --git a/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClientHttp.java b/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClientHttp.java
@@ -20,7 +20,6 @@
 import java.util.function.Function;
 
 import io.vavr.control.Try;
-import org.apache.http.impl.client.HttpClientBuilder;
 
 /**
  * Implementation of a client for requesting keys from PGP key servers over HKP/HTTP.
@@ -49,9 +48,4 @@ private static URI prepareKeyServerURI(URI keyServer) throws IOException {
         return Try.of(() -> new URI("http", keyServer.getUserInfo(), keyServer.getHost(), port, null, null, null))
                 .getOrElseThrow((Function<Throwable, IOException>) IOException::new);
     }
-
-    @Override
-    protected HttpClientBuilder createClientBuilder() {
-        return setupProxy(HttpClientBuilder.create());
-    }
 }
diff --git a/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClientHttps.java b/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClientHttps.java
@@ -15,62 +15,17 @@
  */
 package org.simplify4u.plugins.keyserver;
 
-import java.io.IOException;
 import java.net.URI;
-import java.security.KeyManagementException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.util.Locale;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.TrustManagerFactory;
 
 import io.vavr.control.Try;
-import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
-import org.apache.http.impl.client.HttpClientBuilder;
-import org.apache.http.impl.client.HttpClients;
 
 /**
  * Implementation of a client for requesting keys from PGP key servers over HKPS/HTTPS.
  */
 class PGPKeysServerClientHttps extends PGPKeysServerClient {
-    private final SSLConnectionSocketFactory sslSocketFactory;
-
-    protected PGPKeysServerClientHttps(URI uri, KeyServerClientSettings keyServerClientSettings)
-            throws IOException {
 
+    protected PGPKeysServerClientHttps(URI uri, KeyServerClientSettings keyServerClientSettings) {
         super(prepareKeyServerURI(uri), keyServerClientSettings);
-
-        try {
-            if (uri.getHost().toLowerCase(Locale.ROOT).endsWith("sks-keyservers.net")) {
-                final CertificateFactory cf = CertificateFactory.getInstance("X.509");
-                final Certificate ca = cf.generateCertificate(
-                        Thread.currentThread().getContextClassLoader().getResourceAsStream("sks-keyservers.netCA.pem"));
-
-                final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
-
-                keyStore.load(null, null);
-                keyStore.setCertificateEntry("ca", ca);
-
-                final TrustManagerFactory tmf
-                        = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
-                tmf.init(keyStore);
-
-                final SSLContext context = SSLContext.getInstance("TLS");
-                context.init(null, tmf.getTrustManagers(), null);
-
-                this.sslSocketFactory
-                        = new SSLConnectionSocketFactory(
-                        context, SSLConnectionSocketFactory.getDefaultHostnameVerifier());
-            } else {
-                this.sslSocketFactory = SSLConnectionSocketFactory.getSystemSocketFactory();
-            }
-        } catch (CertificateException | KeyStoreException | NoSuchAlgorithmException | KeyManagementException e) {
-            throw new IOException(e);
-        }
     }
 
     private static URI prepareKeyServerURI(URI keyserver) {
@@ -79,9 +34,4 @@ private static URI prepareKeyServerURI(URI keyserver) {
                 new URI("https", keyserver.getUserInfo(), keyserver.getHost(), keyserver.getPort(),
                         null, null, null)).get();
     }
-
-    @Override
-    protected HttpClientBuilder createClientBuilder() {
-        return setupProxy(HttpClients.custom().setSSLSocketFactory(this.sslSocketFactory));
-    }
 }
diff --git a/src/main/resources/sks-keyservers.netCA.pem b/src/main/resources/sks-keyservers.netCA.pem
diff --git a/src/test/java/org/simplify4u/plugins/keyserver/PGPKeysServerClientIT.java b/src/test/java/org/simplify4u/plugins/keyserver/PGPKeysServerClientIT.java
@@ -54,11 +54,8 @@ public class PGPKeysServerClientIT {
     @DataProvider(name = "goodServerUrls")
     Object[][] goodServerUrls() {
         return new Object[][]{
-                {"hkp://pool.sks-keyservers.net"},
-                {"hkp://p80.pool.sks-keyservers.net:80"},
-                {"http://p80.pool.sks-keyservers.net"},
+                {"hkp://keyserver.ubuntu.com/"},
                 {"hkps://keyserver.ubuntu.com/"},
-                {"hkps://hkps.pool.sks-keyservers.net"}
         };
     }
 
@@ -114,7 +111,6 @@ public void setupMockServer() {
 
         mavenSession = mock(MavenSession.class);
         when(mavenSession.getSettings()).thenReturn(mock(Settings.class));
-
     }
 
     @AfterClass(alwaysRun = true)