From 50d18a45815d2d15b3af01e3d7aa7abbdac120bd Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Sun, 6 Nov 2022 23:00:28 +0100 Subject: [PATCH] Fix NPE when validating signature made by key without keyflags on direct key sigature (Presumably) fixes #332 --- .../pgpainless/signature/consumer/CertificateValidator.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/CertificateValidator.java b/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/CertificateValidator.java index 4c4c6689..c629de2d 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/CertificateValidator.java +++ b/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/CertificateValidator.java @@ -171,7 +171,9 @@ public final class CertificateValidator { if (signingSubkey == primaryKey) { if (!directKeySignatures.isEmpty()) { - if (KeyFlag.hasKeyFlag(SignatureSubpacketsUtil.getKeyFlags(directKeySignatures.get(0)).getFlags(), KeyFlag.SIGN_DATA)) { + PGPSignature directKeySignature = directKeySignatures.get(0); + KeyFlags keyFlags = SignatureSubpacketsUtil.getKeyFlags(directKeySignature); + if (keyFlags != null && KeyFlag.hasKeyFlag(keyFlags.getFlags(), KeyFlag.SIGN_DATA)) { return true; } } @@ -225,7 +227,7 @@ public final class CertificateValidator { } PGPSignature directKeySig = directKeySignatures.get(0); KeyFlags directKeyFlags = SignatureSubpacketsUtil.getKeyFlags(directKeySig); - if (!KeyFlag.hasKeyFlag(directKeyFlags.getFlags(), KeyFlag.SIGN_DATA)) { + if (directKeyFlags == null || !KeyFlag.hasKeyFlag(directKeyFlags.getFlags(), KeyFlag.SIGN_DATA)) { throw new SignatureValidationException("Signature was made by key which is not capable of signing (no keyflags on binding sig, no SIGN flag on direct-key sig)."); } } else if (!KeyFlag.hasKeyFlag(keyFlags.getFlags(), KeyFlag.SIGN_DATA)) {