Prevent overwrite read only gpg keys (#1713)

It was possible to download the default SCM-Manager gpg keys and overwrite them with the same raw key. This made the new key deletable. This behaviour is not longer possible.

scm-webapp/src/main/java/sonia/scm/security/gpg/PublicKeyStore.java

@@ -71,9 +71,14 @@ public class PublicKeyStore {
     UserPermissions.changePublicKeys(username).check();
 
     if (!rawKey.contains("PUBLIC KEY")) {
-      throw new NotPublicKeyException(ContextEntry.ContextBuilder.entity(RawGpgKey.class, displayName).build(), "The provided key is not a public key");
+      throw new NotPublicKeyException(
+        ContextEntry.ContextBuilder.entity(RawGpgKey.class, displayName).build(),
+        "The provided key is not a public key"
+      );
     }
 
+    preventOverwriteReadOnlyKeys(rawKey);
+
     Keys keys = Keys.resolve(rawKey);
     String master = keys.getMaster();
 
@@ -90,6 +95,17 @@ public class PublicKeyStore {
 
   }
 
+  private void preventOverwriteReadOnlyKeys(String rawKey) {
+    Optional<RawGpgKey> existingReadOnlyKey = store.getAll().values()
+      .stream()
+      .filter(k -> k.getRaw().trim().equals(rawKey.trim()))
+      .filter(RawGpgKey::isReadonly)
+      .findFirst();
+    if (existingReadOnlyKey.isPresent()) {
+      throw new DeletingReadonlyKeyNotAllowedException(existingReadOnlyKey.get().getId());
+    }
+  }
+
   private Set<Person> getContactsFromPublicKey(String rawKey) {
     List<String> userIds = new ArrayList<>();
     PGPPublicKey publicKeyFromRawKey = extractPublicKey(rawKey);