Add missing key to the exception information

core/src/main/java/org/wildfly/channel/Channel.java

@@ -231,14 +231,14 @@ public Builder() {
 
         public Builder(Channel from) {
             this.name = from.getName();
-            this.repositories = new ArrayList<>(from.getRepositories());
+            this.repositories = from.getRepositories() == null ? null : new ArrayList<>(from.getRepositories());
             this.manifestCoordinate = from.getManifestCoordinate();
             this.blocklistCoordinate = from.getBlocklistCoordinate();
             this.strategy = from.getNoStreamStrategy();
             this.description = from.getDescription();
             this.vendor = from.getVendor();
             this.gpgCheck = from._isGpgCheck();
-            this.gpgUrls = new ArrayList<>(from.getGpgUrls());
+            this.gpgUrls = from.getGpgUrls() == null ? null : new ArrayList<>(from.getGpgUrls());
         }
 
         public Channel build() {

core/src/main/java/org/wildfly/channel/spi/SignatureResult.java

@@ -50,8 +50,8 @@ public static SignatureResult noSignature(ArtifactIdentifier resource) {
         return new SignatureResult(Result.NO_SIGNATURE, resource, null, null);
     }
 
-    public static SignatureResult invalid(ArtifactIdentifier resource) {
-        return new SignatureResult(Result.INVALID, resource, null, null);
+    public static SignatureResult invalid(ArtifactIdentifier resource, String keyID) {
+        return new SignatureResult(Result.INVALID, resource, keyID, null);
     }
 
     public enum Result {OK, NO_MATCHING_CERT, REVOKED, EXPIRED, NO_SIGNATURE, INVALID;}

core/src/main/java/org/wildfly/channel/spi/SignatureValidator.java

@@ -48,19 +48,30 @@ SignatureResult validateSignature(ArtifactIdentifier artifactId, InputStream art
      */
     class SignatureException extends RuntimeException {
         private final SignatureResult signatureResult;
+        private String missingSignature;
 
         public SignatureException(String message, Throwable cause, SignatureResult signatureResult) {
-            super(message, cause);
+            super(buildErrorMessage(message, signatureResult), cause);
             this.signatureResult = signatureResult;
+            this.missingSignature = signatureResult.getKeyId();
         }
 
         public SignatureException(String message, SignatureResult signatureResult) {
-            super(message);
+            super(buildErrorMessage(message, signatureResult));
             this.signatureResult = signatureResult;
+            this.missingSignature = signatureResult.getKeyId();
+        }
+
+        private static String buildErrorMessage(String message, SignatureResult signatureResult) {
+            return String.format("%s: %s%s", message, signatureResult.getResult(), signatureResult.getMessage() == null ? "" : signatureResult.getResult());
         }
 
         public SignatureResult getSignatureResult() {
             return signatureResult;
         }
+
+        public String getMissingSignature() {
+            return missingSignature;
+        }
     }
 }

core/src/test/java/org/wildfly/channel/SignedVersionResolverWrapperTest.java

@@ -92,7 +92,7 @@ public void invalidSignatureCausesError() throws Exception {
         when(resolver.resolveArtifact("test.channels", "base-manifest",
                 ChannelManifest.EXTENSION + SIGNATURE_FILE_SUFFIX, ChannelManifest.CLASSIFIER, "1.0.0"))
                 .thenReturn(tempDir.resolve("test-manifest.yaml.asc").toFile());
-        when(signatureValidator.validateSignature(any(), any(), any(), any())).thenReturn(SignatureResult.invalid(mock(ArtifactIdentifier.class)));
+        when(signatureValidator.validateSignature(any(), any(), any(), any())).thenReturn(SignatureResult.invalid(mock(ArtifactIdentifier.class), "abcd"));
         assertThrows(SignatureValidator.SignatureException.class,
                 () -> signedResolver.resolveChannelMetadata(List.of(new ChannelManifestCoordinate("test.channels", "base-manifest", "1.0.0"))));
     }
@@ -154,7 +154,7 @@ public void failedSignatureValidationThrowsException() throws Exception {
                 ARTIFACT.classifier, ARTIFACT.version))
                 .thenReturn(signatureFile);
         when(signatureValidator.validateSignature(eq(ARTIFACT),
-                any(), any(), any())).thenReturn(SignatureResult.invalid(ARTIFACT));
+                any(), any(), any())).thenReturn(SignatureResult.invalid(ARTIFACT, "abcd"));
 
         assertThrows(SignatureValidator.SignatureException.class, () -> signedResolver.resolveArtifact(ARTIFACT.groupId,
                 ARTIFACT.artifactId, ARTIFACT.extension, ARTIFACT.classifier, ARTIFACT.version));

gpg-validator/pom.xml

@@ -3,7 +3,7 @@
     <parent>
         <artifactId>channel-parent</artifactId>
         <groupId>org.wildfly.channel</groupId>
-        <version>1.2.1.Final-SNAPSHOT</version>
+        <version>1.2.2.Final-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

gpg-validator/src/main/java/org/wildfly/channel/gpg/GpgSignatureValidator.java

@@ -105,7 +105,7 @@ public SignatureResult validateSignature(ArtifactIdentifier artifactId, InputStr
             return SignatureResult.noSignature(artifactId);
         }
 
-        final String keyID = Long.toHexString(pgpSignature.getKeyID()).toUpperCase(Locale.ROOT);
+        final String keyID = getKeyID(pgpSignature);
         if (LOG.isTraceEnabled()) {
             LOG.tracef("The signature was created using public key %s.", keyID);
         }
@@ -134,7 +134,7 @@ public SignatureResult validateSignature(ArtifactIdentifier artifactId, InputStr
                 }
             } catch (PGPException | IOException e) {
                 throw new SignatureException("Unable to parse the certificate downloaded from keyserver", e,
-                        SignatureResult.noSignature(artifactId));
+                        SignatureResult.noMatchingCertificate(artifactId, keyID));
             }
 
             if (key == null) {
@@ -146,7 +146,7 @@ public SignatureResult validateSignature(ArtifactIdentifier artifactId, InputStr
                         pgpPublicKeys = downloadPublicKey(gpgUrl);
                     } catch (IOException e) {
                         throw new SignatureException("Unable to parse the certificate downloaded from " + gpgUrl, e,
-                                SignatureResult.noSignature(artifactId));
+                                SignatureResult.noMatchingCertificate(artifactId, keyID));
                     }
                     if (pgpPublicKeys.stream().anyMatch(k -> k.getKeyID() == pgpSignature.getKeyID())) {
                         key = pgpPublicKeys.stream().filter(k -> k.getKeyID() == pgpSignature.getKeyID()).findFirst().get();
@@ -193,7 +193,7 @@ public SignatureResult validateSignature(ArtifactIdentifier artifactId, InputStr
             pgpSignature.init(new BcPGPContentVerifierBuilderProvider(), publicKey);
         } catch (PGPException e) {
             throw new SignatureException("Unable to verify the signature using key " + keyID, e,
-                    SignatureResult.invalid(artifactId));
+                    SignatureResult.invalid(artifactId, keyID));
         }
         final SignatureResult result = verifyFile(artifactId, artifactStream, pgpSignature);
 
@@ -241,7 +241,7 @@ private SignatureResult checkRevoked(ArtifactIdentifier artifactId, String keyID
         final Iterator<PGPSignature> subKeys = publicKey.getSignaturesOfType(PGPSignature.SUBKEY_BINDING);
         while (subKeys.hasNext()) {
             final PGPSignature subKeySignature = subKeys.next();
-            final PGPPublicKey subKey = keystore.get(Long.toHexString(subKeySignature.getKeyID()).toUpperCase(Locale.ROOT));
+            final PGPPublicKey subKey = keystore.get(getKeyID(subKeySignature));
             if (subKey.hasRevocation()) {
                 if (LOG.isTraceEnabled()) {
                     LOG.tracef("Sub-key %s has been revoked.", Long.toHexString(subKey.getKeyID()).toUpperCase(Locale.ROOT));
@@ -285,16 +285,20 @@ private static SignatureResult verifyFile(ArtifactIdentifier artifactSource, Inp
         // Verify the signature
         try {
             if (!pgpSignature.verify()) {
-                return SignatureResult.invalid(artifactSource);
+                return SignatureResult.invalid(artifactSource, getKeyID(pgpSignature));
             } else {
                 return SignatureResult.ok();
             }
         } catch (PGPException e) {
             throw new SignatureException("Unable to verify the file signature", e,
-                    SignatureResult.invalid(artifactSource));
+                    SignatureResult.invalid(artifactSource, getKeyID(pgpSignature)));
         }
     }
 
+    private static String getKeyID(PGPSignature pgpSignature) {
+        return Long.toHexString(pgpSignature.getKeyID()).toUpperCase(Locale.ROOT);
+    }
+
     private static PGPSignature readSignatureFile(InputStream signatureStream) throws IOException {
         PGPSignature pgpSignature = null;
         try (InputStream decoderStream = PGPUtil.getDecoderStream(signatureStream)) {