Kotlin conversion: SelectUserId

pgpainless-core/src/main/kotlin/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.kt

@@ -31,7 +31,9 @@ import org.pgpainless.signature.subpackets.*
 import org.pgpainless.util.Passphrase
 import org.pgpainless.util.selection.userid.SelectUserId
 import java.util.*
+import java.util.function.Predicate
 import javax.annotation.Nonnull
+import kotlin.NoSuchElementException
 
 class SecretKeyRingEditor(
         var secretKeyRing: PGPSecretKeyRing,
@@ -109,14 +111,22 @@ class SecretKeyRingEditor(
         return this
     }
 
+    @Deprecated("Use of SelectUserId class is deprecated.", replaceWith = ReplaceWith("removeUserId(protector, predicate)"))
     override fun removeUserId(selector: SelectUserId, protector: SecretKeyRingProtector): SecretKeyRingEditorInterface {
         return revokeUserIds(selector, protector, RevocationAttributes.createCertificateRevocation()
                 .withReason(RevocationAttributes.Reason.USER_ID_NO_LONGER_VALID)
                 .withoutDescription())
     }
 
+    override fun removeUserId(protector: SecretKeyRingProtector, predicate: (String) -> Boolean): SecretKeyRingEditorInterface {
+        return revokeUserIds(protector, RevocationAttributes.createCertificateRevocation()
+                .withReason(RevocationAttributes.Reason.USER_ID_NO_LONGER_VALID)
+                .withoutDescription(),
+                predicate)
+    }
+
     override fun removeUserId(userId: CharSequence, protector: SecretKeyRingProtector): SecretKeyRingEditorInterface {
-        return removeUserId(SelectUserId.exactMatch(userId), protector)
+        return removeUserId(protector) { uid -> userId == uid }
     }
 
     override fun replaceUserId(oldUserId: CharSequence, newUserId: CharSequence, protector: SecretKeyRingProtector): SecretKeyRingEditorInterface {
@@ -246,21 +256,23 @@ class SecretKeyRingEditor(
     }
 
     override fun revokeUserId(userId: CharSequence, protector: SecretKeyRingProtector, callback: RevocationSignatureSubpackets.Callback?): SecretKeyRingEditorInterface {
-        return revokeUserIds(SelectUserId.exactMatch(sanitizeUserId(userId)), protector, callback)
+        return revokeUserIds(protector, callback, SelectUserId.exactMatch(sanitizeUserId(userId)))
     }
 
-    override fun revokeUserIds(selector: SelectUserId, protector: SecretKeyRingProtector, revocationAttributes: RevocationAttributes?): SecretKeyRingEditorInterface {
-        return revokeUserIds(selector, protector, object : RevocationSignatureSubpackets.Callback {
+    override fun revokeUserIds(protector: SecretKeyRingProtector,
+                               revocationAttributes: RevocationAttributes?,
+                               predicate: (String) -> Boolean): SecretKeyRingEditorInterface {
+        return revokeUserIds(protector, object : RevocationSignatureSubpackets.Callback {
             override fun modifyHashedSubpackets(hashedSubpackets: RevocationSignatureSubpackets) {
-                if (revocationAttributes != null) {
-                    hashedSubpackets.setRevocationReason(revocationAttributes)
-                }
+                if (revocationAttributes != null) hashedSubpackets.setRevocationReason(revocationAttributes)
             }
-        })
+        }, predicate)
     }
 
-    override fun revokeUserIds(selector: SelectUserId, protector: SecretKeyRingProtector, callback: RevocationSignatureSubpackets.Callback?): SecretKeyRingEditorInterface {
-        selector.selectUserIds(secretKeyRing).also {
+    override fun revokeUserIds(protector: SecretKeyRingProtector,
+                               callback: RevocationSignatureSubpackets.Callback?,
+                               predicate: (String) -> Boolean): SecretKeyRingEditorInterface {
+        selectUserIds(predicate).also {
             if (it.isEmpty()) throw NoSuchElementException("No matching user-ids found on the key.")
         }.forEach { userId -> doRevokeUserId(userId, protector, callback) }
         return this
@@ -348,7 +360,7 @@ class SecretKeyRingEditor(
 
     private fun sanitizeUserId(userId: CharSequence): CharSequence =
     // TODO: Further research how to sanitize user IDs.
-            //  eg. what about newlines?
+            //  e.g. what about newlines?
             userId.toString().trim()
 
     private fun callbackFromRevocationAttributes(attributes: RevocationAttributes?) =
@@ -454,6 +466,9 @@ class SecretKeyRingEditor(
                 }.build(secretKeyRing.publicKey)
     }
 
+    private fun selectUserIds(predicate: Predicate<String>): List<String> =
+            inspectKeyRing(secretKeyRing).validUserIds.filter { predicate.test(it) }
+
     private class WithKeyRingEncryptionSettingsImpl(
             private val editor: SecretKeyRingEditor,
             private val keyId: Long?,

pgpainless-core/src/main/kotlin/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditorInterface.kt

@@ -4,11 +4,7 @@
 
 package org.pgpainless.key.modification.secretkeyring
 
-import org.bouncycastle.openpgp.PGPException
-import org.bouncycastle.openpgp.PGPKeyPair
-import org.bouncycastle.openpgp.PGPPublicKeyRing
-import org.bouncycastle.openpgp.PGPSecretKeyRing
-import org.bouncycastle.openpgp.PGPSignature
+import org.bouncycastle.openpgp.*
 import org.pgpainless.algorithm.KeyFlag
 import org.pgpainless.key.OpenPgpFingerprint
 import org.pgpainless.key.generation.KeySpec
@@ -23,6 +19,7 @@ import java.io.IOException
 import java.security.InvalidAlgorithmParameterException
 import java.security.NoSuchAlgorithmException
 import java.util.*
+import java.util.function.Predicate
 
 interface SecretKeyRingEditorInterface {
 
@@ -82,8 +79,25 @@ interface SecretKeyRingEditorInterface {
      *
      * @throws PGPException in case we cannot generate a revocation signature for the user-id
      */
+    @Deprecated("Use of SelectUserId class is deprecated.",
+            ReplaceWith("removeUserId(protector, predicate)"))
     @Throws(PGPException::class)
-    fun removeUserId(selector: SelectUserId, protector: SecretKeyRingProtector): SecretKeyRingEditorInterface
+    fun removeUserId(selector: SelectUserId, protector: SecretKeyRingProtector) =
+            removeUserId(protector, selector)
+
+    /**
+     * Convenience method to revoke selected user-ids using soft revocation signatures.
+     * The revocation will use [RevocationAttributes.Reason.USER_ID_NO_LONGER_VALID], so that the user-id
+     * can be re-certified at a later point.
+     *
+     * @param protector protector to unlock the primary key
+     * @param predicate predicate to select user-ids for revocation
+     * @return the builder
+     *
+     * @throws PGPException in case we cannot generate a revocation signature for the user-id
+     */
+    @Throws(PGPException::class)
+    fun removeUserId(protector: SecretKeyRingProtector, predicate: (String) -> Boolean): SecretKeyRingEditorInterface
 
     /**
      * Convenience method to revoke a single user-id using a soft revocation signature.
@@ -342,9 +356,32 @@ interface SecretKeyRingEditorInterface {
      * @throws PGPException in case we cannot generate a revocation signature for the user-id
      */
     @Throws(PGPException::class)
+    @Deprecated("Use of SelectUserId class is deprecated.",
+            ReplaceWith("revokeUserIds(protector, revocationAttributes, predicate)"))
     fun revokeUserIds(selector: SelectUserId,
                       protector: SecretKeyRingProtector,
-                      revocationAttributes: RevocationAttributes?): SecretKeyRingEditorInterface
+                      revocationAttributes: RevocationAttributes?) =
+            revokeUserIds(protector, revocationAttributes, selector)
+
+    /**
+     * Revoke all user-ids that match the provided [SelectUserId] filter.
+     * The provided [RevocationAttributes] will be set as reason for revocation in each
+     * revocation signature.
+     *
+     * Note: If you intend to re-certify these user-ids at a later point, make sure to choose
+     * a soft revocation reason. See [RevocationAttributes.Reason] for more information.
+     *
+     * @param protector protector to unlock the primary secret key
+     * @param revocationAttributes revocation attributes
+     * @param predicate to select user-ids for revocation
+     * @return builder
+     *
+     * @throws PGPException in case we cannot generate a revocation signature for the user-id
+     */
+    @Throws(PGPException::class)
+    fun revokeUserIds(protector: SecretKeyRingProtector,
+                      revocationAttributes: RevocationAttributes?,
+                      predicate: (String) -> Boolean): SecretKeyRingEditorInterface
 
     /**
      * Revoke all user-ids that match the provided [SelectUserId] filter.
@@ -364,9 +401,34 @@ interface SecretKeyRingEditorInterface {
      * @throws PGPException in case we cannot generate a revocation signature for the user-id
      */
     @Throws(PGPException::class)
+    @Deprecated("Use of SelectUserId class is deprecated.",
+            ReplaceWith("revokeUserIds(protector, callback, predicate)"))
     fun revokeUserIds(selector: SelectUserId,
                       protector: SecretKeyRingProtector,
-                      callback: RevocationSignatureSubpackets.Callback?): SecretKeyRingEditorInterface
+                      callback: RevocationSignatureSubpackets.Callback?) =
+            revokeUserIds(protector, callback, selector)
+
+    /**
+     * Revoke all user-ids that match the provided [SelectUserId] filter.
+     * The provided [RevocationSignatureSubpackets.Callback] will be used to modify the
+     * revocation signatures subpackets.
+     *
+     * Note: If you intend to re-certify these user-ids at a later point, make sure to set
+     * a soft revocation reason in the revocation signatures hashed subpacket area using the callback.
+     *
+     * See [RevocationAttributes.Reason] for more information.
+     *
+     * @param protector protector to unlock the primary secret key
+     * @param callback callback to modify the revocations subpackets
+     * @param predicate to select user-ids for revocation
+     * @return builder
+     *
+     * @throws PGPException in case we cannot generate a revocation signature for the user-id
+     */
+    @Throws(PGPException::class)
+    fun revokeUserIds(protector: SecretKeyRingProtector,
+                      callback: RevocationSignatureSubpackets.Callback?,
+                      predicate: (String) -> Boolean): SecretKeyRingEditorInterface
 
     /**
      * Set the expiration date for the primary key of the key ring.

pgpainless-core/src/main/kotlin/org/pgpainless/util/selection/userid/SelectUserId.kt

@@ -0,0 +1,104 @@
+// SPDX-FileCopyrightText: 2023 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package org.pgpainless.util.selection.userid
+
+import org.bouncycastle.openpgp.PGPKeyRing
+import org.pgpainless.PGPainless
+import java.util.function.Predicate
+
+abstract class SelectUserId : Predicate<String>, (String) -> Boolean {
+
+    /**
+     * Legacy glue code to forward accept() calls to invoke() instead.
+     */
+    @Deprecated("Use invoke() instead.", ReplaceWith("invoke(userId)"))
+    protected fun accept(userId: String): Boolean = invoke(userId)
+
+    override fun test(userId: String): Boolean = invoke(userId)
+
+    companion object {
+
+        /**
+         * Filter for user-ids which match the given [query] exactly.
+         *
+         * @param query query
+         * @return filter
+         */
+        @JvmStatic
+        fun exactMatch(query: CharSequence) = object : SelectUserId() {
+            override fun invoke(userId: String): Boolean =
+                    userId == query
+        }
+
+        /**
+         * Filter for user-ids which start with the given [substring].
+         *
+         * @param substring substring
+         * @return filter
+         */
+        @JvmStatic
+        fun startsWith(substring: CharSequence) = object : SelectUserId() {
+            override fun invoke(userId: String): Boolean =
+                    userId.startsWith(substring)
+        }
+
+        /**
+         * Filter for user-ids which contain the given [substring].
+         *
+         * @param substring query
+         * @return filter
+         */
+        @JvmStatic
+        fun containsSubstring(substring: CharSequence) = object : SelectUserId() {
+            override fun invoke(userId: String): Boolean =
+                    userId.contains(substring)
+        }
+
+        /**
+         * Filter for user-ids which contain the given [email] address.
+         * Note: This only accepts user-ids which properly have the email address surrounded by angle brackets.
+         *
+         * The argument [email] can both be a plain email address (`foo@bar.baz`),
+         * or surrounded by angle brackets (`<foo@bar.baz>`), the result of the filter will be the same.
+         *
+         * @param email email address
+         * @return filter
+         */
+        @JvmStatic
+        fun containsEmailAddress(email: CharSequence) =
+                if (email.startsWith('<') && email.endsWith('>'))
+                    containsSubstring(email)
+                else
+                    containsSubstring("<$email>")
+
+        @JvmStatic
+        fun byEmail(email: CharSequence) = or(exactMatch(email), containsEmailAddress(email))
+
+        @JvmStatic
+        fun validUserId(keyRing: PGPKeyRing) = object : SelectUserId() {
+            private val info = PGPainless.inspectKeyRing(keyRing)
+            override fun invoke(userId: String): Boolean =
+                    info.isUserIdValid(userId)
+        }
+
+        @JvmStatic
+        fun and(vararg filters: SelectUserId) = object : SelectUserId() {
+            override fun invoke(userId: String): Boolean =
+                    filters.all { it.invoke(userId) }
+        }
+
+        @JvmStatic
+        fun or(vararg filters: SelectUserId) = object : SelectUserId() {
+            override fun invoke(userId: String): Boolean =
+                    filters.any { it.invoke(userId) }
+        }
+
+        @JvmStatic
+        fun not(filter: SelectUserId) = object : SelectUserId() {
+            override fun invoke(userId: String): Boolean =
+                    !filter.invoke(userId)
+        }
+    }
+}