Fix NPE when using Passphrase.emptyPassphrase in withPassphrase() method

pgpainless-core/src/main/java/org/pgpainless/key/generation/KeyRingBuilder.java

@@ -236,7 +236,7 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
 
         @Override
         public Build withoutPassphrase() {
-            KeyRingBuilder.this.passphrase = null;
+            KeyRingBuilder.this.passphrase = Passphrase.emptyPassphrase();
             return new BuildImpl();
         }
 
@@ -338,7 +338,7 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
             }
 
             private PBESecretKeyEncryptor buildSecretKeyEncryptor() {
-                PBESecretKeyEncryptor encryptor = passphrase == null ?
+                PBESecretKeyEncryptor encryptor = passphrase.isEmpty() ?
                         null : // unencrypted key pair, otherwise AES-256 encrypted
                         new JcePBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, digestCalculator)
                                 .setProvider(ProviderFactory.getProvider())
@@ -347,7 +347,7 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
             }
 
             private PBESecretKeyDecryptor buildSecretKeyDecryptor() throws PGPException {
-                PBESecretKeyDecryptor decryptor = passphrase == null ?
+                PBESecretKeyDecryptor decryptor = passphrase.isEmpty() ?
                         null :
                         new JcePBESecretKeyDecryptorBuilder()
                         .build(passphrase.getChars());

pgpainless-core/src/main/java/org/pgpainless/util/Passphrase.java

@@ -91,6 +91,17 @@ public class Passphrase {
         }
     }
 
+    /**
+     * Returns true if the user specified an empty passphrase, eg. using {@link #emptyPassphrase()}.
+     *
+     * @return true if empty.
+     */
+    public boolean isEmpty() {
+        synchronized (lock) {
+            return valid && chars == null;
+        }
+    }
+
     /**
      * Represents a {@link Passphrase} instance that represents no password.
      *

pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateKeyWithPassphraseEmptyPassphraseTest.java

@@ -0,0 +1,48 @@
+/*
+ * Copyright 2020 Paul Schaub.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.pgpainless.key.generation;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+
+import org.bouncycastle.openpgp.PGPException;
+import org.junit.Test;
+import org.pgpainless.PGPainless;
+import org.pgpainless.key.generation.type.ECDSA;
+import org.pgpainless.key.generation.type.curve.EllipticCurve;
+import org.pgpainless.util.Passphrase;
+
+/**
+ * Reproduce behavior of https://github.com/pgpainless/pgpainless/issues/16
+ * and verify that the fix is working.
+ *
+ * The issue is that the implementation of {@link Passphrase#emptyPassphrase()} would set the underlying
+ * char array to null, which caused an NPE later on.
+ */
+public class GenerateKeyWithPassphraseEmptyPassphraseTest {
+
+    @Test
+    public void generateKeyWithPassphrase_Passphrase_emptyPassphrase_throwsNoNpe()
+            throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
+        PGPainless.generateKeyRing()
+                .withMasterKey(KeySpec.getBuilder(ECDSA.fromCurve(EllipticCurve._P256))
+                .withDefaultKeyFlags()
+                .withDefaultAlgorithms())
+                .withPrimaryUserId("thisWould@throw.npe")
+                .withPassphrase(Passphrase.emptyPassphrase())
+                .build();
+    }
+}