From 611f75026f4ad9e37b501b4d3cd228ed8d017f19 Mon Sep 17 00:00:00 2001
From: Jakub Onderka <jakub.onderka@gmail.com>
Date: Sun, 20 Mar 2022 14:13:00 +0100
Subject: [PATCH] fix: [UI] Do not log exception for invalid key

---
 app/Model/CryptographicKey.php | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/app/Model/CryptographicKey.php b/app/Model/CryptographicKey.php
index 95c0b94ed..2251b0bac 100644
--- a/app/Model/CryptographicKey.php
+++ b/app/Model/CryptographicKey.php
@@ -24,7 +24,8 @@ class CryptographicKey extends AppModel
 
     const ERROR_MALFORMED_SIGNATURE = 'Malformed signature',
         ERROR_INVALID_SIGNATURE = 'Invalid signature',
-        ERROR_WRONG_KEY = 'Wrong key';
+        ERROR_WRONG_KEY = 'Wrong key',
+        ERROR_INVALID_KEY = 'Invalid key';
 
     public $validTypes = [
         'pgp'
@@ -135,25 +136,29 @@ class CryptographicKey extends AppModel
     {
         $this->error = false;
         $fingerprint = $this->__extractPGPKeyData($key);
+        if ($fingerprint === false) {
+            $this->error = self::ERROR_INVALID_KEY;
+            return false;
+        }
         $data = preg_replace("/\s+/", "", $data);
         try {
             $verifiedSignature = $this->gpg->verify($data, $signature);
         } catch (Exception $e) {
-            $this->error = $this::ERROR_WRONG_KEY;
+            $this->error = self::ERROR_WRONG_KEY;
             return false;
         }
         if (empty($verifiedSignature)) {
-            $this->error = $this::ERROR_MALFORMED_SIGNATURE;
+            $this->error = self::ERROR_MALFORMED_SIGNATURE;
             return false;
         }
         if (!$verifiedSignature[0]->isValid()) {
-            $this->error = $this::ERROR_INVALID_SIGNATURE;
+            $this->error = self::ERROR_INVALID_SIGNATURE;
             return false;
         }
         if ($verifiedSignature[0]->getKeyFingerprint() === $fingerprint) {
             return true;
         } else {
-            $this->error = $this::ERROR_WRONG_KEY;
+            $this->error = self::ERROR_WRONG_KEY;
             return false;
         }
     }
@@ -168,19 +173,22 @@ class CryptographicKey extends AppModel
 
     }
 
+    /**
+     * @param string $data
+     * @return string|false Primary key fingerprint or false of key is invalid
+     */
     private function __extractPGPKeyData($data)
     {
         try {
             $gpgTool = new GpgTool($this->gpg);
         } catch (Exception $e) {
             $this->logException("GPG couldn't be initialized, GPG encryption and signing will be not available.", $e, LOG_NOTICE);
-            return '';
+            return false;
         }
         try {
             return $gpgTool->validateGpgKey($data);
         } catch (Exception $e) {
-            $this->logException("Could not validate PGP key.", $e, LOG_NOTICE);
-            return '';
+            return false;
         }
     }