(maint) Don't attempt to decrypt empty strings

If a string is null, we can't use System.Convert.FromBase64String to
get a byte array from it. This commit reverts the previous change to
NugetCommon, and instead puts the check in the DefaultEncryptionUtility
to prevent it in any place where we might pass in a null string.

Author: corbob

src/chocolatey/infrastructure.app/nuget/NugetCommon.cs

@@ -219,7 +219,7 @@ public static IEnumerable<SourceRepository> GetRemoteRepositories(ChocolateyConf
                             if (!string.IsNullOrWhiteSpace(machineSource.Certificate))
                             {
                                 "chocolatey".Log().Debug("Using configured certificate for source {0}".FormatWith(source));
-                                sourceClientCertificates.Add(new X509Certificate2(machineSource.Certificate, string.IsNullOrWhiteSpace(machineSource.EncryptedCertificatePassword) ? null : NugetEncryptionUtility.DecryptString(machineSource.EncryptedCertificatePassword)));
+                                sourceClientCertificates.Add(new X509Certificate2(machineSource.Certificate, NugetEncryptionUtility.DecryptString(machineSource.EncryptedCertificatePassword)));
                             }
                         }
                     }

src/chocolatey/infrastructure/cryptography/DefaultEncryptionUtility.cs

@@ -61,6 +61,12 @@ This is can be because the machine keyfile cannot be written as a normal user.
 
         public string DecryptString(string encryptedString)
         {
+            // don't attempt decryption on an empty string.
+            if (string.IsNullOrEmpty(encryptedString))
+            {
+                return encryptedString;
+            }
+
             var encryptedByteArray = Convert.FromBase64String(encryptedString);
             byte[] decryptedByteArray;