Implement external variants of new subcommands

external-sop/src/main/kotlin/sop/external/ExternalSOP.kt

@@ -69,6 +69,14 @@ class ExternalSOP(
     override fun changeKeyPassword(): ChangeKeyPassword =
         ChangeKeyPasswordExternal(binaryName, properties)
 
+    override fun updateKey(): UpdateKey = UpdateKeyExternal(binaryName, properties)
+
+    override fun mergeCerts(): MergeCerts = MergeCertsExternal(binaryName, properties)
+
+    override fun certifyUserId(): CertifyUserId = CertifyUserIdExternal(binaryName, properties)
+
+    override fun validateUserId(): ValidateUserId = ValidateUserIdExternal(binaryName, properties)
+
     /**
      * This interface can be used to provide a directory in which external SOP binaries can
      * temporarily store additional results of OpenPGP operations such that the binding classes can
@@ -169,6 +177,18 @@ class ExternalSOP(
                 UnsupportedProfile.EXIT_CODE ->
                     throw UnsupportedProfile(
                         "External SOP backend reported error UnsupportedProfile ($exitCode):\n$errorMessage")
+                NoHardwareKeyFound.EXIT_CODE ->
+                    throw NoHardwareKeyFound(
+                        "External SOP backend reported error NoHardwareKeyFound ($exitCode):\n$errorMessage")
+                HardwareKeyFailure.EXIT_CODE ->
+                    throw HardwareKeyFailure(
+                        "External SOP backend reported error HardwareKeyFalure ($exitCode):\n$errorMessage")
+                PrimaryKeyBad.EXIT_CODE ->
+                    throw PrimaryKeyBad(
+                        "External SOP backend reported error PrimaryKeyBad ($exitCode):\n$errorMessage")
+                CertUserIdNoMatch.EXIT_CODE ->
+                    throw CertUserIdNoMatch(
+                        "External SOP backend reported error CertUserIdNoMatch ($exitCode):\n$errorMessage")
 
                 // Did you forget to add a case for a new exception type?
                 else ->

external-sop/src/main/kotlin/sop/external/operation/CertifyUserIdExternal.kt

@@ -0,0 +1,48 @@
+// SPDX-FileCopyrightText: 2024 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.external.operation
+
+import java.io.InputStream
+import java.util.*
+import sop.Ready
+import sop.external.ExternalSOP
+import sop.operation.CertifyUserId
+
+class CertifyUserIdExternal(binary: String, environment: Properties) : CertifyUserId {
+
+    private val commandList = mutableListOf(binary, "version")
+    private val envList = ExternalSOP.propertiesToEnv(environment).toMutableList()
+
+    private var argCount = 0
+
+    private val keys: MutableList<String> = mutableListOf()
+
+    override fun noArmor(): CertifyUserId = apply { commandList.add("--no-armor") }
+
+    override fun userId(userId: String): CertifyUserId = apply {
+        commandList.add("--userid")
+        commandList.add(userId)
+    }
+
+    override fun withKeyPassword(password: ByteArray): CertifyUserId = apply {
+        commandList.add("--with-key-password=@ENV:KEY_PASSWORD_$argCount")
+        envList.add("KEY_PASSWORD_$argCount=${String(password)}")
+        argCount += 1
+    }
+
+    override fun noRequireSelfSig(): CertifyUserId = apply {
+        commandList.add("--no-require-self-sig")
+    }
+
+    override fun keys(keys: InputStream): CertifyUserId = apply {
+        this.keys.add("@ENV:KEY_$argCount")
+        envList.add("KEY_$argCount=${ExternalSOP.readString(keys)}")
+        argCount += 1
+    }
+
+    override fun certs(certs: InputStream): Ready =
+        ExternalSOP.executeTransformingOperation(
+            Runtime.getRuntime(), commandList.plus(keys), envList, certs)
+}

external-sop/src/main/kotlin/sop/external/operation/MergeCertsExternal.kt

@@ -0,0 +1,30 @@
+// SPDX-FileCopyrightText: 2024 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.external.operation
+
+import java.io.InputStream
+import java.util.*
+import sop.Ready
+import sop.external.ExternalSOP
+import sop.operation.MergeCerts
+
+class MergeCertsExternal(binary: String, environment: Properties) : MergeCerts {
+
+    private val commandList = mutableListOf(binary, "version")
+    private val envList = ExternalSOP.propertiesToEnv(environment).toMutableList()
+
+    private var argCount = 0
+
+    override fun noArmor(): MergeCerts = apply { commandList.add("--no-armor") }
+
+    override fun updates(updateCerts: InputStream): MergeCerts = apply {
+        commandList.add("@ENV:CERT_$argCount")
+        envList.add("CERT_$argCount=${ExternalSOP.readString(updateCerts)}")
+        argCount += 1
+    }
+
+    override fun baseCertificates(certs: InputStream): Ready =
+        ExternalSOP.executeTransformingOperation(Runtime.getRuntime(), commandList, envList, certs)
+}

external-sop/src/main/kotlin/sop/external/operation/UpdateKeyExternal.kt

@@ -0,0 +1,41 @@
+// SPDX-FileCopyrightText: 2024 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.external.operation
+
+import java.io.InputStream
+import java.util.*
+import sop.Ready
+import sop.external.ExternalSOP
+import sop.operation.UpdateKey
+
+class UpdateKeyExternal(binary: String, environment: Properties) : UpdateKey {
+
+    private val commandList = mutableListOf(binary, "update-key")
+    private val envList = ExternalSOP.propertiesToEnv(environment).toMutableList()
+
+    private var argCount = 0
+
+    override fun noArmor(): UpdateKey = apply { commandList.add("--no-armor") }
+
+    override fun signingOnly(): UpdateKey = apply { commandList.add("--signing-only") }
+
+    override fun noNewMechanisms(): UpdateKey = apply { commandList.add("--no-new-mechanisms") }
+
+    override fun withKeyPassword(password: ByteArray): UpdateKey = apply {
+        commandList.add("--with-key-password=@ENV:KEY_PASSWORD_$argCount")
+        envList.add("KEY_PASSWORD_$argCount=${String(password)}")
+        argCount += 1
+    }
+
+    override fun mergeCerts(certs: InputStream): UpdateKey = apply {
+        commandList.add("--merge-certs")
+        commandList.add("@ENV:CERT_$argCount")
+        envList.add("CERT_$argCount=${ExternalSOP.readString(certs)}")
+        argCount += 1
+    }
+
+    override fun key(key: InputStream): Ready =
+        ExternalSOP.executeTransformingOperation(Runtime.getRuntime(), commandList, envList, key)
+}

external-sop/src/main/kotlin/sop/external/operation/ValidateUserIdExternal.kt

@@ -0,0 +1,38 @@
+// SPDX-FileCopyrightText: 2024 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.external.operation
+
+import java.io.InputStream
+import java.util.*
+import sop.external.ExternalSOP
+import sop.operation.ValidateUserId
+
+class ValidateUserIdExternal(binary: String, environment: Properties) : ValidateUserId {
+
+    private val commandList = mutableListOf(binary, "version")
+    private val envList = ExternalSOP.propertiesToEnv(environment).toMutableList()
+
+    private var argCount = 0
+
+    private var userId: String? = null
+    private val authorities: MutableList<String> = mutableListOf()
+
+    override fun addrSpecOnly(): ValidateUserId = apply { commandList.add("--addr-spec-only") }
+
+    override fun userId(userId: String): ValidateUserId = apply { this.userId = userId }
+
+    override fun authorities(certs: InputStream): ValidateUserId = apply {
+        this.authorities.add("@ENV:CERT_$argCount")
+        envList.add("CERT_$argCount=${ExternalSOP.readString(certs)}")
+        argCount += 1
+    }
+
+    override fun subjects(certs: InputStream): Boolean {
+        ExternalSOP.executeTransformingOperation(
+                Runtime.getRuntime(), commandList.plus(userId!!).plus(authorities), envList, certs)
+            .bytes
+        return true
+    }
+}