PGPainless/pgpainless
PGPainless
/
pgpainless
mirror of https://github.com/pgpainless/pgpainless.git
1
0
Fork 0
Code Issues Releases Wiki Activity

SignatureValidator: Prevent NPE when no EmbeddedSignature subpacket is found

This commit is contained in:
Paul Schaub 2023-05-03 17:24:16 +02:00
parent 005b9d477a
commit 88de47490b
Signed by: vanitasvitae
GPG Key ID: 62BEE9264BF17311
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java
View File

@ -5,6 +5,7 @@
package org.pgpainless.signature.consumer;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
@ -115,6 +116,12 @@ public abstract class SignatureValidator {
try {
PGPSignatureList embeddedSignatures = SignatureSubpacketsUtil.getEmbeddedSignature(signature);
if (embeddedSignatures == null) {
throw new SignatureValidationException(
"Missing primary key binding signature on signing capable subkey " +
Long.toHexString(subkey.getKeyID()), Collections.emptyMap());
}
boolean hasValidPrimaryKeyBinding = false;
Map<PGPSignature, Exception> rejectedEmbeddedSigs = new ConcurrentHashMap<>();
for (PGPSignature embedded : embeddedSignatures) {