From 88de47490b32a8c4a8356a5b81269326b4e639c5 Mon Sep 17 00:00:00 2001
From: Paul Schaub <vanitasvitae@fsfe.org>
Date: Wed, 3 May 2023 17:24:16 +0200
Subject: [PATCH] SignatureValidator: Prevent NPE when no EmbeddedSignature
 subpacket is found

---
 .../pgpainless/signature/consumer/SignatureValidator.java  | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java b/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java
index cf0dc1fb..096bb5ee 100644
--- a/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java
@@ -5,6 +5,7 @@
 package org.pgpainless.signature.consumer;
 
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.Date;
 import java.util.Iterator;
 import java.util.List;
@@ -115,6 +116,12 @@ public abstract class SignatureValidator {
 
                 try {
                     PGPSignatureList embeddedSignatures = SignatureSubpacketsUtil.getEmbeddedSignature(signature);
+                    if (embeddedSignatures == null) {
+                        throw new SignatureValidationException(
+                                "Missing primary key binding signature on signing capable subkey " +
+                                        Long.toHexString(subkey.getKeyID()), Collections.emptyMap());
+                    }
+
                     boolean hasValidPrimaryKeyBinding = false;
                     Map<PGPSignature, Exception> rejectedEmbeddedSigs = new ConcurrentHashMap<>();
                     for (PGPSignature embedded : embeddedSignatures) {