From 59433f7d497d845a76cd3f5eeee290a7d1ed866f Mon Sep 17 00:00:00 2001
From: Arthur Chan <arthur.chan@adalogics.com>
Date: Wed, 22 Mar 2023 18:47:22 +0000
Subject: [PATCH 1/2] Add handling for possible empty content for PemObject

Signed-off-by: Arthur Chan <arthur.chan@adalogics.com>
---
 sigstore-java/src/main/java/dev/sigstore/encryption/Keys.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sigstore-java/src/main/java/dev/sigstore/encryption/Keys.java b/sigstore-java/src/main/java/dev/sigstore/encryption/Keys.java
index 27fd4058..16d12228 100644
--- a/sigstore-java/src/main/java/dev/sigstore/encryption/Keys.java
+++ b/sigstore-java/src/main/java/dev/sigstore/encryption/Keys.java
@@ -74,7 +74,7 @@ public static PublicKey parsePublicKey(byte[] keyBytes)
       throw new InvalidKeySpecException("Invalid key, could not parse PEM section");
     }
     // special handling for PKCS1 (rsa) public key
-    if (section == null) {
+    if ((section == null) || (section.getContent() == null)) {
       throw new InvalidKeySpecException("Invalid key");
     }
     if (section.getType().equals("RSA PUBLIC KEY")) {

From 478c8b3846a357d832b8e5778166258ba735eb87 Mon Sep 17 00:00:00 2001
From: Arthur Chan <arthur.chan@adalogics.com>
Date: Wed, 22 Mar 2023 21:07:26 +0000
Subject: [PATCH 2/2] Fix exception description

Signed-off-by: Arthur Chan <arthur.chan@adalogics.com>
---
 sigstore-java/src/main/java/dev/sigstore/encryption/Keys.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sigstore-java/src/main/java/dev/sigstore/encryption/Keys.java b/sigstore-java/src/main/java/dev/sigstore/encryption/Keys.java
index 16d12228..26841c60 100644
--- a/sigstore-java/src/main/java/dev/sigstore/encryption/Keys.java
+++ b/sigstore-java/src/main/java/dev/sigstore/encryption/Keys.java
@@ -75,7 +75,7 @@ public static PublicKey parsePublicKey(byte[] keyBytes)
     }
     // special handling for PKCS1 (rsa) public key
     if ((section == null) || (section.getContent() == null)) {
-      throw new InvalidKeySpecException("Invalid key");
+      throw new InvalidKeySpecException("Invalid key, empty PEM section");
     }
     if (section.getType().equals("RSA PUBLIC KEY")) {
       ASN1Sequence sequence = ASN1Sequence.getInstance(section.getContent());