GPGSignatureVerification: better error handling when reading signature

Author: Federico Fissore

arduino-core/src/cc/arduino/contributions/GPGDetachedSignatureVerifier.java

@@ -58,7 +58,16 @@ public boolean verify(File signedFile, File signature, File publicKey) throws IO
       signatureInputStream = new FileInputStream(signature);
       PGPObjectFactory pgpObjectFactory = new PGPObjectFactory(signatureInputStream, new BcKeyFingerprintCalculator());
 
-      PGPSignatureList pgpSignatureList = (PGPSignatureList) pgpObjectFactory.nextObject();
+      Object nextObject;
+      try {
+        nextObject = pgpObjectFactory.nextObject();
+        if (!(nextObject instanceof PGPSignatureList)) {
+          return false;
+        }
+      } catch (IOException e) {
+        return false;
+      }
+      PGPSignatureList pgpSignatureList = (PGPSignatureList) nextObject;
       assert pgpSignatureList.size() == 1;
       PGPSignature pgpSignature = pgpSignatureList.get(0);