3 files changed, 40 insertions, 9 deletions

diff --git a/src/mailman_pgp/commands/eml_key.py b/src/mailman_pgp/commands/eml_key.py
index 7b7782d..2f7a7e7 100644
--- a/src/mailman_pgp/commands/eml_key.py
+++ b/src/mailman_pgp/commands/eml_key.py
@@ -31,7 +31,8 @@ from mailman_pgp.model.address import PGPAddress
 from mailman_pgp.model.list import PGPMailingList
 from mailman_pgp.pgp.wrapper import PGPWrapper
 from mailman_pgp.workflows.base import CONFIRM_REQUEST
-from mailman_pgp.workflows.key_change import KeyChangeWorkflow
+from mailman_pgp.workflows.key_change import (CHANGE_CONFIRM_REQUEST,
+                                              KeyChangeWorkflow)
 
 
 def _get_email(msg):
@@ -128,9 +129,12 @@ def _cmd_confirm(pgp_list, mlist, msg, msgdata, arguments, results):
         print('Wrong token.', file=results)
         return ContinueProcessing.no
 
-    # TODO differentiate between key change and subscription here.
+    if pendable.get('type') == KeyChangeWorkflow.pendable_class().PEND_TYPE:
+        expecting = CHANGE_CONFIRM_REQUEST.format(pendable.get('fingerprint'),
+                                                  token)
+    else:
+        expecting = CONFIRM_REQUEST.format(pgp_address.key_fingerprint, token)
 
-    expecting = CONFIRM_REQUEST.format(pgp_address.key_fingerprint, token)
     for sig_subject in wrapped.get_signed():
         if expecting in sig_subject:
             ISubscriptionManager(mlist).confirm(token)
@@ -143,6 +147,11 @@ def _cmd_confirm(pgp_list, mlist, msg, msgdata, arguments, results):
 def _cmd_change(pgp_list, mlist, msg, msgdata, arguments, results):
     # New public key in attachment, requires to be signed with current
     # key
+    if len(arguments) != 1:
+        print('Extraneous argument/s: ' + ','.join(arguments[1:]),
+              file=results)
+        return ContinueProcessing.no
+
     wrapped = PGPWrapper(msg)
     if not wrapped.has_keys():
         print('No keys attached? Send a key.', file=results)
diff --git a/src/mailman_pgp/commands/tests/test_key.py b/src/mailman_pgp/commands/tests/test_key.py
index 64f8ae6..4f62b11 100644
--- a/src/mailman_pgp/commands/tests/test_key.py
+++ b/src/mailman_pgp/commands/tests/test_key.py
@@ -37,6 +37,7 @@ from mailman_pgp.pgp.tests.base import load_key
 from mailman_pgp.pgp.wrapper import PGPWrapper
 from mailman_pgp.testing.layers import PGPConfigLayer
 from mailman_pgp.workflows.base import CONFIRM_REQUEST
+from mailman_pgp.workflows.key_change import CHANGE_CONFIRM_REQUEST
 from mailman_pgp.workflows.subscription import OpenSubscriptionPolicy
 
 
@@ -423,5 +424,23 @@ class TestAfterSubscription(unittest.TestCase):
         else:
             confirm_request = items[0].msg
         request_wrapped = PGPWrapper(confirm_request)
-        request_wrapped.decrypt(bart_new_key)
-        # TODO finish this
+        decrypted = request_wrapped.decrypt(bart_new_key)
+
+        subj = decrypted['subject']
+        token = subj.split(' ')[-1]
+
+        confirm_message = _create_plain('bart@example.com', 'test@example.com',
+                                        decrypted['subject'],
+                                        CHANGE_CONFIRM_REQUEST.format(
+                                                bart_new_key.fingerprint,
+                                                token))
+        wrapped_confirm = MIMEWrapper(confirm_message)
+        confirm = wrapped_confirm.sign(bart_key)
+
+        mm_config.switchboards['command'].enqueue(confirm,
+                                                  listid='test.example.com')
+        make_testable_runner(CommandRunner, 'command').run()
+
+        pgp_address = PGPAddress.for_address(bart)
+        self.assertEqual(pgp_address.key_fingerprint, bart_new_key.fingerprint)
+        self.assertTrue(pgp_address.key_confirmed)
diff --git a/src/mailman_pgp/workflows/key_change.py b/src/mailman_pgp/workflows/key_change.py
index 8831d28..a67edbb 100644
--- a/src/mailman_pgp/workflows/key_change.py
+++ b/src/mailman_pgp/workflows/key_change.py
@@ -25,6 +25,7 @@ from public import public
 from zope.component import getUtility
 from zope.interface import implementer
 
+from mailman_pgp.database import transaction
 from mailman_pgp.model.address import PGPAddress
 from mailman_pgp.pgp.utils import copy_headers
 from mailman_pgp.pgp.wrapper import PGPWrapper
@@ -84,11 +85,12 @@ class KeyChangeWorkflow(Workflow):
         pendings = getUtility(IPendings)
         pendable = KeyChangeWorkflow.pendable_class()(
                 email=self.pgp_address.email,
-                pubkey=str(self.pubkey)
+                pubkey=str(self.pubkey),
+                fingerprint=self.pubkey.fingerprint
         )
         self.token = pendings.add(pendable)
 
-        self.push('receive_key_confirmation')
+        self.push('receive_confirmation')
         self.save()
         request_address = self.mlist.request_address
         email_address = self.pgp_address.email
@@ -106,8 +108,9 @@ class KeyChangeWorkflow(Workflow):
         raise StopIteration
 
     def _step_receive_confirmation(self):
-        self.pgp_address.key = self.pubkey
-        self.pgp_address.key_confirmed = True
+        with transaction():
+            self.pgp_address.key = self.pubkey
+            self.pgp_address.key_confirmed = True
 
         pendings = getUtility(IPendings)
         if self.token is not None: