Re-certify expired user-ids when changing key expiration date

pgpainless-core/src/main/java/org/pgpainless/key/info/KeyRingInfo.java

@@ -349,6 +349,38 @@ public class KeyRingInfo {
         return valid;
     }
 
+    /**
+     * Return a list of all user-ids that were valid at some point, but might be expired by now.
+     *
+     * @return bound user-ids
+     */
+    public List<String> getBoundButPossiblyExpiredUserIds() {
+        List<String> probablyExpired = new ArrayList<>();
+        List<String> userIds = getUserIds();
+
+        for (String userId : userIds) {
+            PGPSignature certification = signatures.userIdCertifications.get(userId);
+            PGPSignature revocation = signatures.userIdRevocations.get(userId);
+
+            // Not revoked -> valid
+            if (revocation == null) {
+                probablyExpired.add(userId);
+                continue;
+            }
+
+            // Hard revocation -> invalid
+            if (SignatureUtils.isHardRevocation(revocation)) {
+                continue;
+            }
+
+            // Soft revocation -> valid if certification is newer than revocation (revalidation)
+            if (certification.getCreationTime().after(revocation.getCreationTime())) {
+                probablyExpired.add(userId);
+            }
+        }
+        return probablyExpired;
+    }
+
     /**
      * Return true if the provided user-id is valid.
      *
@@ -371,7 +403,6 @@ public class KeyRingInfo {
         PGPSignature certification = signatures.userIdCertifications.get(userId);
         PGPSignature revocation = signatures.userIdRevocations.get(userId);
 
-        // If user-id is expired, certification will be null.
         if (certification == null) {
             return false;
         }

pgpainless-core/src/main/java/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.java

@@ -146,15 +146,12 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
 
         // Determine previous key expiration date
         PGPPublicKey primaryKey = secretKeyRing.getSecretKey().getPublicKey();
-        /*
         KeyRingInfo info = PGPainless.inspectKeyRing(secretKeyRing);
         String primaryUserId = info.getPrimaryUserId();
         PGPSignature signature = primaryUserId == null ?
                 info.getLatestDirectKeySelfSignature() : info.getLatestUserIdCertification(primaryUserId);
         final Date previousKeyExpiration = signature == null ? null :
             SignatureSubpacketsUtil.getKeyExpirationTimeAsDate(signature, primaryKey);
-         */
-        final Date previousKeyExpiration = null;
 
         // Add new primary user-id signature
         addUserId(
@@ -173,8 +170,8 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
                 protector);
 
         // unmark previous primary user-ids to be non-primary
-        KeyRingInfo info = PGPainless.inspectKeyRing(secretKeyRing);
-        for (String otherUserId : info.getValidUserIds()) {
+        info = PGPainless.inspectKeyRing(secretKeyRing);
+        for (String otherUserId : info.getBoundButPossiblyExpiredUserIds()) {
             if (userId.toString().equals(otherUserId)) {
                 continue;
             }