From c20c25a448c98f9c059cfa71c3589490277fe676 Mon Sep 17 00:00:00 2001
From: Paul Schaub <vanitasvitae@fsfe.org>
Date: Mon, 2 Jun 2025 14:45:51 +0200
Subject: [PATCH] ValidateUserIdImpl: throw CertUserIdNoMatch for unbound
 user-ids

---
 .../src/main/kotlin/org/pgpainless/sop/ValidateUserIdImpl.kt | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pgpainless-sop/src/main/kotlin/org/pgpainless/sop/ValidateUserIdImpl.kt b/pgpainless-sop/src/main/kotlin/org/pgpainless/sop/ValidateUserIdImpl.kt
index 35123109..1949f280 100644
--- a/pgpainless-sop/src/main/kotlin/org/pgpainless/sop/ValidateUserIdImpl.kt
+++ b/pgpainless-sop/src/main/kotlin/org/pgpainless/sop/ValidateUserIdImpl.kt
@@ -8,6 +8,7 @@ import java.io.InputStream
 import java.util.*
 import org.bouncycastle.openpgp.api.OpenPGPCertificate
 import org.pgpainless.PGPainless
+import sop.exception.SOPGPException
 import sop.operation.ValidateUserId
 
 class ValidateUserIdImpl(private val api: PGPainless) : ValidateUserId {
@@ -28,7 +29,9 @@ class ValidateUserIdImpl(private val api: PGPainless) : ValidateUserId {
         return api.readKey().parseCertificates(certs).all { cert ->
             authorities.all { authority ->
                 cert.getUserId(userId)?.getCertificationBy(authority, validateAt)?.isValid == true
-            }
+            } ||
+                throw SOPGPException.CertUserIdNoMatch(
+                    "${cert.keyIdentifier} does not carry valid user-id '$userId'")
         }
     }