Do not fail abruptly if signature verification fails

If the package_index.json signature is not valid, a dialog box asking
the user to "update" the index is shown. Previously a java-exception
was printed if running from terminal or the IDE would not start at
all (with no apparent reason) if lanched from GUI.

arduino-core/src/cc/arduino/contributions/SignatureVerificationFailedException.java

@@ -1,46 +0,0 @@
-/*
- * This file is part of Arduino.
- *
- * Copyright 2015 Arduino LLC (http://www.arduino.cc/)
- *
- * Arduino is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
- *
- * As a special exception, you may use this file as part of a free software
- * library without restriction.  Specifically, if other files instantiate
- * templates or use macros or inline functions from this file, or you compile
- * this file and link it with other files to produce an executable, this
- * file does not by itself cause the resulting executable to be covered by
- * the GNU General Public License.  This exception does not however
- * invalidate any other reasons why the executable file might be covered by
- * the GNU General Public License.
- */
-
-package cc.arduino.contributions;
-
-import processing.app.I18n;
-
-import static processing.app.I18n.tr;
-
-@SuppressWarnings("serial")
-public class SignatureVerificationFailedException extends Exception {
-
-  public SignatureVerificationFailedException(String filename) {
-    super(I18n.format(tr("{0} file signature verification failed"), filename));
-  }
-
-  public SignatureVerificationFailedException(String filename, Throwable cause) {
-    super(I18n.format(tr("{0} file signature verification failed"), filename), cause);
-  }
-}

arduino-core/src/cc/arduino/contributions/packages/ContributionsIndexer.java

@@ -31,13 +31,14 @@ package cc.arduino.contributions.packages;
 
 import cc.arduino.Constants;
 import cc.arduino.contributions.DownloadableContribution;
-import cc.arduino.contributions.SignatureVerificationFailedException;
 import cc.arduino.contributions.SignatureVerifier;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.module.mrbean.MrBeanModule;
 import org.apache.commons.compress.utils.IOUtils;
+
+import processing.app.BaseNoGui;
 import processing.app.Platform;
 import processing.app.PreferencesData;
 import processing.app.debug.TargetPackage;
@@ -86,15 +87,21 @@ public class ContributionsIndexer {
     File defaultIndexFile = getIndexFile(Constants.DEFAULT_INDEX_FILE_NAME);
     if (defaultIndexFile.exists()) {
       // Check main index signature
-      if (!signatureVerifier.isSigned(defaultIndexFile)) {
-        if (PreferencesData.areInsecurePackagesAllowed()) {
-          System.err.println(format(tr("Warning: forced trusting untrusted contributions")));
-        } else {
-          throw new SignatureVerificationFailedException(Constants.DEFAULT_INDEX_FILE_NAME);
-        }
+      if (signatureVerifier.isSigned(defaultIndexFile)) {
+        mergeContributions(defaultIndexFile);
+      } else if (PreferencesData.areInsecurePackagesAllowed()) {
+        System.err.println(format(tr("Warning: forced trusting untrusted contributions")));
+        mergeContributions(defaultIndexFile);
+      } else {
+        BaseNoGui
+            .showWarning(Constants.DEFAULT_INDEX_FILE_NAME,
+                              tr("A package index has an invalid signature and needs to be updated.\n"
+                                 + "Please open the Board Manager from the menu\n"
+                                 + "\n" //
+                                 + "      Tools -> Board -> Board Manager\n"
+                                 + "\nto update it"),
+                              null);
       }
-
-      mergeContributions(defaultIndexFile);
     }
 
     // Set main and bundled indexes as trusted

arduino-core/src/processing/app/BaseNoGui.java

@@ -2,7 +2,6 @@ package processing.app;
 
 import cc.arduino.Constants;
 import cc.arduino.contributions.GPGDetachedSignatureVerifier;
-import cc.arduino.contributions.SignatureVerificationFailedException;
 import cc.arduino.contributions.VersionComparator;
 import cc.arduino.contributions.libraries.LibrariesIndexer;
 import cc.arduino.contributions.packages.ContributedPlatform;
@@ -482,7 +481,7 @@ public class BaseNoGui {
 
     try {
       indexer.parseIndex();
-    } catch (JsonProcessingException | SignatureVerificationFailedException e) {
+    } catch (JsonProcessingException e) {
       File indexFile = indexer.getIndexFile(Constants.DEFAULT_INDEX_FILE_NAME);
       File indexSignatureFile = indexer.getIndexFile(Constants.DEFAULT_INDEX_FILE_NAME + ".sig");
       indexFile.delete();