Skip to content

(#3765) Don't try to decrypt cert password #3786

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

(#3765) Don't try to decrypt cert password #3786

wants to merge 1 commit into from

Conversation

corbob
Copy link
Member

@corbob corbob commented Sep 9, 2025
edited
Loading

Description Of Changes

When attempting to decrypt a string that is null or empty, instead of attempting to decrypt, return null.

Motivation and Context

It is not possible to decrypt a string that doesn't exist. This also brings the decrypt logic in line with the encrypt logic that already included this check.

Testing

  1. Setup a Repository that accepts a certificate (https://docs.chocolatey.org/en-us/guides/organizations/set-up-certificate-authentication/#using-sonatype-nexus for using Nexus through nginx).
  2. Add the new source with a passwordless certificate
  3. Attempt to use the source

Internal Chocolatey Software testing:

  1. Follow the testing found here. Add to the testing using userNoPassword.pfx as well as userWithPassword.pfx in your testing.

Operating Systems Testing

Windows 11

Change Types Made

  • Bug fix (non-breaking change).
  • Feature / Enhancement (non-breaking change).
  • Breaking change (fix or feature that could cause existing functionality to change).
  • Documentation changes.
  • PowerShell code changes.

Change Checklist

  • Requires a change to the documentation.
  • Documentation has been updated.
  • Tests to cover my changes, have been added.
  • All new and existing tests passed?
  • PowerShell code changes: PowerShell v3 compatibility checked?

Related Issue

@corbob
Copy link
Member Author

corbob commented Sep 9, 2025

I've opened this PR as a draft as I would really like to get some tests around certificate authentication, but need to think a bit on this.

@corbob
Copy link
Member Author

corbob commented Sep 9, 2025

I'm not sure yet, but I think this might be related to #2736 (as in, this fix fixes that issue too). Will need to do more investigating.

@corbob corbob force-pushed the 3765-use-correct-cert-password branch from 8e3fbc0 to 195fb6e Compare September 15, 2025 20:16
@corbob corbob marked this pull request as ready for review September 15, 2025 20:39
@corbob corbob requested a review from gep13 September 15, 2025 20:39
@corbob
Copy link
Member Author

corbob commented Sep 15, 2025

@gep13 I've marked this PR ready for review, and requested the review from you due to the linked testing PR also being assigned to you.

@corbob
(chocolatey#3765) Don't try to decrypt null strings
dd61ec5 
The DefaultEncryptionUtility attempts to decrypt a string without
checking if the string is null or empty. This commit adds a check the
same as in EncryptString whereby we return null if the input string is
null or empty.
@corbob corbob force-pushed the 3765-use-correct-cert-password branch from 195fb6e to dd61ec5 Compare September 23, 2025 13:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gep13 gep13 Awaiting requested review from gep13

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Message about value cannot be null appears when using a locally defined source
1 participant
@corbob