fix null pointer exception when using public only keys (#3143) (#3144)

Co-authored-by: Greg Renda <greg@renda.org>
2025-08-29 13:27:46 +00:00 · 2024-07-30 11:31:10 -07:00 · 2024-07-30 11:31:10 -07:00 · b5b7f746df
commit b5b7f746df
parent 1ae6cc4c8f
2 changed files with 37 additions and 1 deletions
--- a/crypto/pgpainless/src/main/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandler.kt
+++ b/crypto/pgpainless/src/main/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandler.kt
@ -54,7 +54,7 @@ public class PGPainlessCryptoHandler @Inject constructor() :
        }
        val keyringCollection =
          keys
-            .map { key -> PGPainless.readKeyRing().secretKeyRing(key.contents) }
+            .mapNotNull { key -> PGPainless.readKeyRing().secretKeyRing(key.contents) }
            .run(::PGPSecretKeyRingCollection)
        val protector = SecretKeyRingProtector.unlockAnyKeyWith(Passphrase.fromPassword(passphrase))
        val decryptionStream =
--- a/crypto/pgpainless/src/test/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandlerTest.kt
+++ b/crypto/pgpainless/src/test/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandlerTest.kt
@ -181,4 +181,40 @@ class PGPainlessCryptoHandlerTest {
    assertTrue { cryptoHandler.canHandle("example.com.gpg") }
    assertFalse { cryptoHandler.canHandle("example.com.asc") }
  }
+
+  @Test
+  fun decryptWithPublicKeys() {
+    val alice =
+      PGPainless.generateKeyRing().modernKeyRing("Alice <owner@example.com>", KEY_PASSPHRASE)
+    val bob = PGPainless.generateKeyRing().modernKeyRing("Bob <owner@example.com>", KEY_PASSPHRASE)
+    val bobCertificate = PGPainless.extractCertificate(bob)
+    val aliceKey = PGPKey(PGPainless.asciiArmor(alice).encodeToByteArray())
+    val bobPublicKey = PGPKey(PGPainless.asciiArmor(bobCertificate).encodeToByteArray())
+    val ciphertextStream = ByteArrayOutputStream()
+    val encryptRes =
+      cryptoHandler.encrypt(
+        listOf(aliceKey, bobPublicKey),
+        PLAIN_TEXT.byteInputStream(Charsets.UTF_8),
+        ciphertextStream,
+        PGPEncryptOptions.Builder().withAsciiArmor(true).build(),
+      )
+    assertTrue(encryptRes.isOk)
+    val message = ciphertextStream.toByteArray().decodeToString()
+    val info = MessageInspector.determineEncryptionInfoForMessage(message)
+    assertTrue(info.isEncrypted)
+    assertEquals(2, info.keyIds.size)
+    assertFalse(info.isSignedOnly)
+
+    val ciphertextStreamCopy = message.byteInputStream()
+    val plaintextStream = ByteArrayOutputStream()
+    val res =
+      cryptoHandler.decrypt(
+        listOf(aliceKey, bobPublicKey),
+        KEY_PASSPHRASE,
+        ciphertextStreamCopy,
+        plaintextStream,
+        PGPDecryptOptions.Builder().build(),
+      )
+    assertTrue(res.isOk)
+  }
 }