Implement validate-userid command

sop-java-picocli/src/main/kotlin/sop/cli/picocli/SopCLI.kt

@@ -30,6 +30,7 @@ import sop.exception.SOPGPException
             UpdateKeyCmd::class,
             MergeCertsCmd::class,
             CertifyUserIdCmd::class,
+            ValidateUserIdCmd::class,
             // Messaging subcommands
             SignCmd::class,
             VerifyCmd::class,

sop-java-picocli/src/main/kotlin/sop/cli/picocli/commands/ValidateUserIdCmd.kt

@@ -0,0 +1,74 @@
+// SPDX-FileCopyrightText: 2024 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.cli.picocli.commands
+
+import java.io.IOException
+import picocli.CommandLine.Command
+import picocli.CommandLine.Option
+import picocli.CommandLine.Parameters
+import sop.cli.picocli.SopCLI
+import sop.exception.SOPGPException
+import sop.util.HexUtil.Companion.bytesToHex
+
+@Command(
+    name = "validate-userid",
+    resourceBundle = "msg_validate-userid",
+    exitCodeOnInvalidInput = SOPGPException.MissingArg.EXIT_CODE)
+class ValidateUserIdCmd : AbstractSopCmd() {
+
+    @Option(names = ["--addr-spec-only"]) var addrSpecOnly: Boolean = false
+
+    @Parameters(index = "0", arity = "1", paramLabel = "USERID") lateinit var userId: String
+
+    @Parameters(index = "1..*", arity = "1..*", paramLabel = "CERTS")
+    var authorities: List<String> = listOf()
+
+    override fun run() {
+        val validateUserId =
+            throwIfUnsupportedSubcommand(SopCLI.getSop().validateUserId(), "validate-userid")
+
+        if (addrSpecOnly) {
+            validateUserId.addrSpecOnly()
+        }
+
+        validateUserId.userId(userId)
+
+        for (authority in authorities) {
+            try {
+                getInput(authority).use { validateUserId.authorities(it) }
+            } catch (e: IOException) {
+                throw RuntimeException(e)
+            } catch (b: SOPGPException.BadData) {
+                val errorMsg = getMsg("sop.error.input.not_a_certificate", authority)
+                throw SOPGPException.BadData(errorMsg, b)
+            }
+        }
+
+        try {
+            val valid = validateUserId.subjects(System.`in`)
+
+            if (!valid) {
+                val errorMsg = getMsg("sop.error.runtime.any_cert_user_id_no_match", userId)
+                throw SOPGPException.CertUserIdNoMatch(errorMsg)
+            }
+        } catch (e: SOPGPException.CertUserIdNoMatch) {
+            val errorMsg =
+                if (e.fingerprint != null) {
+                    getMsg(
+                        "sop.error.runtime.cert_user_id_no_match",
+                        bytesToHex(e.fingerprint!!),
+                        userId)
+                } else {
+                    getMsg("sop.error.runtime.any_cert_user_id_no_match", userId)
+                }
+            throw SOPGPException.CertUserIdNoMatch(errorMsg, e)
+        } catch (e: SOPGPException.BadData) {
+            val errorMsg = getMsg("sop.error.input.not_a_certificate", "STDIN")
+            throw SOPGPException.BadData(errorMsg, e)
+        } catch (e: IOException) {
+            throw RuntimeException(e)
+        }
+    }
+}

sop-java-picocli/src/main/resources/msg_sop.properties

@@ -80,6 +80,8 @@ sop.error.runtime.cert_cannot_encrypt=Certificate from input '%s' cannot encrypt
 sop.error.runtime.no_session_key_extracted=Session key not extracted. Feature potentially not supported.
 sop.error.runtime.no_verifiable_signature_found=No verifiable signature found.
 sop.error.runtime.cannot_decrypt_message=Message could not be decrypted.
+sop.error.runtime.cert_user_id_no_match=Certificate '%s' does not contain a valid binding for user id '%s'.
+sop.error.runtime.any_cert_user_id_no_match=Any certificate does not contain a valid binding for user id '%s'.
 ## Usage errors
 sop.error.usage.password_or_cert_required=At least one password file or cert file required for encryption.
 sop.error.usage.argument_required=Argument '%s' is required.

sop-java-picocli/src/main/resources/msg_validate-userid.properties

@@ -0,0 +1,18 @@
+# SPDX-FileCopyrightText: 2024 Paul Schaub <vanitasvitae@fsfe.org>
+#
+# SPDX-License-Identifier: Apache-2.0
+usage.header=Validate a UserID in an OpenPGP certificate
+addr-spec-only=Treat the USERID as an email address, match only against the email address part of each correctly bound UserID
+USERID[0]=UserID
+CERTS[1..*]=Authority OpenPGP certificates
+
+standardInput=CERTS
+standardInputDescription=OpenPGP certificates in which UserID bindings shall be validated
+
+stacktrace=Print stacktrace
+# Generic TODO: Remove when bumping picocli to 4.7.0
+usage.parameterListHeading=%nParameters:%n
+usage.synopsisHeading=Usage:\u0020
+usage.commandListHeading=%nCommands:%n
+usage.optionListHeading=%nOptions:%n
+usage.footerHeading=Powered by picocli%n

sop-java-picocli/src/main/resources/msg_validate-userid_de.properties

@@ -0,0 +1,18 @@
+# SPDX-FileCopyrightText: 2024 Paul Schaub <vanitasvitae@fsfe.org>
+#
+# SPDX-License-Identifier: Apache-2.0
+usage.header=Validiere eine UserID auf OpenPGP Zertifikaten
+addr-spec-only=Behandle die USERID als E-Mail-Adresse, vergleiche sie nur mit dem E-Mail-Adressen-Teil jeder korrekten UserID
+USERID[0]=UserID
+CERTS[1..*]=Autoritäre OpenPGP Zertifikate
+
+standardInput=CERTS
+standardInputDescription=OpenPGP Zertifikate auf denen UserIDs validiert werden sollen
+
+stacktrace=Print stacktrace
+# Generic TODO: Remove when bumping picocli to 4.7.0
+usage.parameterListHeading=%nParameter:%n
+usage.synopsisHeading=Aufruf:\u0020
+usage.commandListHeading=%nBefehle:%n
+usage.optionListHeading=%nOptionen:%n
+usage.footerHeading=Powered by Picocli%n