Skip to content

Comments

(#3765) Don't try to decrypt cert password#3786

Open
corbob wants to merge 1 commit intochocolatey:developfrom
corbob:3765-use-correct-cert-password
Open

(#3765) Don't try to decrypt cert password#3786
corbob wants to merge 1 commit intochocolatey:developfrom
corbob:3765-use-correct-cert-password

Conversation

@corbob
Copy link
Member

@corbob corbob commented Sep 9, 2025
edited
Loading

Description Of Changes

When attempting to decrypt a string that is null or empty, instead of attempting to decrypt, return null.

Motivation and Context

It is not possible to decrypt a string that doesn't exist. This also brings the decrypt logic in line with the encrypt logic that already included this check.

Testing

  1. Setup a Repository that accepts a certificate (https://docs.chocolatey.org/en-us/guides/organizations/set-up-certificate-authentication/#using-sonatype-nexus for using Nexus through nginx).
  2. Add the new source with a passwordless certificate
  3. Attempt to use the source

Internal Chocolatey Software testing:

  1. Follow the testing found here. Add to the testing using userNoPassword.pfx as well as userWithPassword.pfx in your testing.

Operating Systems Testing

Windows 11

Change Types Made

  • Bug fix (non-breaking change).
  • Feature / Enhancement (non-breaking change).
  • Breaking change (fix or feature that could cause existing functionality to change).
  • Documentation changes.
  • PowerShell code changes.

Change Checklist

  • Requires a change to the documentation.
  • Documentation has been updated.
  • Tests to cover my changes, have been added.
  • All new and existing tests passed?
  • PowerShell code changes: PowerShell v3 compatibility checked?

Related Issue

@corbob
Copy link
Member Author

corbob commented Sep 9, 2025

I've opened this PR as a draft as I would really like to get some tests around certificate authentication, but need to think a bit on this.

@corbob
Copy link
Member Author

corbob commented Sep 9, 2025

I'm not sure yet, but I think this might be related to #2736 (as in, this fix fixes that issue too). Will need to do more investigating.

@corbob corbob force-pushed the 3765-use-correct-cert-password branch from 8e3fbc0 to 195fb6e Compare September 15, 2025 20:16
@corbob corbob marked this pull request as ready for review September 15, 2025 20:39
@corbob corbob requested a review from gep13 September 15, 2025 20:39
@corbob
Copy link
Member Author

corbob commented Sep 15, 2025

@gep13 I've marked this PR ready for review, and requested the review from you due to the linked testing PR also being assigned to you.

@corbob
(chocolatey#3765) Don't try to decrypt null strings
dd61ec5 
The DefaultEncryptionUtility attempts to decrypt a string without
checking if the string is null or empty. This commit adds a check the
same as in EncryptString whereby we return null if the input string is
null or empty.
@corbob corbob force-pushed the 3765-use-correct-cert-password branch from 195fb6e to dd61ec5 Compare September 23, 2025 13:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gep13 gep13 Awaiting requested review from gep13

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Message about value cannot be null appears when using a locally defined source

1 participant

@corbob