From 52c8439da5abc36f6995653ba4531e76f8c185c7 Mon Sep 17 00:00:00 2001
From: Paul Schaub <vanitasvitae@fsfe.org>
Date: Sun, 10 Jul 2022 23:02:00 +0200
Subject: [PATCH] Prevent third-party assigned user-ids from being accidentally
 returned as primary user-id

Fixes #293
---
 .../main/java/org/pgpainless/key/info/KeyRingInfo.java | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/pgpainless-core/src/main/java/org/pgpainless/key/info/KeyRingInfo.java b/pgpainless-core/src/main/java/org/pgpainless/key/info/KeyRingInfo.java
index 7999b592..b69e301b 100644
--- a/pgpainless-core/src/main/java/org/pgpainless/key/info/KeyRingInfo.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/key/info/KeyRingInfo.java
@@ -289,16 +289,16 @@ public class KeyRingInfo {
             return null;
         }
 
-        String firstUserId = userIds.get(0);
-        if (userIds.size() == 1) {
-            return firstUserId;
-        }
-
+        String firstUserId = null;
         for (String userId : userIds) {
             PGPSignature certification = signatures.userIdCertifications.get(userId);
             if (certification == null) {
                 continue;
             }
+
+            if (firstUserId == null) {
+                firstUserId = userId;
+            }
             Date creationTime = certification.getCreationTime();
 
             if (certification.getHashedSubPackets().isPrimaryUserID()) {