1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-11-20 03:12:05 +01:00

SignatureValidator: Prevent NPE when no EmbeddedSignature subpacket is found

This commit is contained in:
Paul Schaub 2023-05-03 17:24:16 +02:00
parent 005b9d477a
commit 88de47490b
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311

View file

@ -5,6 +5,7 @@
package org.pgpainless.signature.consumer; package org.pgpainless.signature.consumer;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collections;
import java.util.Date; import java.util.Date;
import java.util.Iterator; import java.util.Iterator;
import java.util.List; import java.util.List;
@ -115,6 +116,12 @@ public abstract class SignatureValidator {
try { try {
PGPSignatureList embeddedSignatures = SignatureSubpacketsUtil.getEmbeddedSignature(signature); PGPSignatureList embeddedSignatures = SignatureSubpacketsUtil.getEmbeddedSignature(signature);
if (embeddedSignatures == null) {
throw new SignatureValidationException(
"Missing primary key binding signature on signing capable subkey " +
Long.toHexString(subkey.getKeyID()), Collections.emptyMap());
}
boolean hasValidPrimaryKeyBinding = false; boolean hasValidPrimaryKeyBinding = false;
Map<PGPSignature, Exception> rejectedEmbeddedSigs = new ConcurrentHashMap<>(); Map<PGPSignature, Exception> rejectedEmbeddedSigs = new ConcurrentHashMap<>();
for (PGPSignature embedded : embeddedSignatures) { for (PGPSignature embedded : embeddedSignatures) {