From 88de47490b32a8c4a8356a5b81269326b4e639c5 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Wed, 3 May 2023 17:24:16 +0200 Subject: [PATCH] SignatureValidator: Prevent NPE when no EmbeddedSignature subpacket is found --- .../pgpainless/signature/consumer/SignatureValidator.java | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java b/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java index cf0dc1fb..096bb5ee 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java +++ b/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java @@ -5,6 +5,7 @@ package org.pgpainless.signature.consumer; import java.util.Arrays; +import java.util.Collections; import java.util.Date; import java.util.Iterator; import java.util.List; @@ -115,6 +116,12 @@ public abstract class SignatureValidator { try { PGPSignatureList embeddedSignatures = SignatureSubpacketsUtil.getEmbeddedSignature(signature); + if (embeddedSignatures == null) { + throw new SignatureValidationException( + "Missing primary key binding signature on signing capable subkey " + + Long.toHexString(subkey.getKeyID()), Collections.emptyMap()); + } + boolean hasValidPrimaryKeyBinding = false; Map rejectedEmbeddedSigs = new ConcurrentHashMap<>(); for (PGPSignature embedded : embeddedSignatures) {