2 files changed, 68 insertions, 1 deletions

diff --git a/src/mailman_pgp/commands/eml_key.py b/src/mailman_pgp/commands/eml_key.py
index a2fb4d5..9df6065 100644
--- a/src/mailman_pgp/commands/eml_key.py
+++ b/src/mailman_pgp/commands/eml_key.py
@@ -30,6 +30,7 @@ from mailman_pgp.model.address import PGPAddress
 from mailman_pgp.model.list import PGPMailingList
 from mailman_pgp.pgp.wrapper import PGPWrapper
 from mailman_pgp.workflows.base import CONFIRM_REQUEST
+from mailman_pgp.workflows.key_change import KeyChangeWorkflow
 
 
 def _get_email(msg):
@@ -130,7 +131,30 @@ def _cmd_confirm(pgp_list, mlist, msg, msgdata, arguments, results):
 def _cmd_change(pgp_list, mlist, msg, msgdata, arguments, results):
     # New public key in attachment, requires to be signed with current
     # key
-    pass
+    wrapped = PGPWrapper(msg)
+    if not wrapped.has_keys():
+        print('No keys attached? Send a key.', file=results)
+        return ContinueProcessing.no
+
+    keys = list(wrapped.keys())
+    if len(keys) != 1:
+        print('More than one key! Send only one key.', file=results)
+        return ContinueProcessing.no
+
+    email = _get_email(msg)
+    if not email:
+        print('No email to change key of.', file=results)
+        return ContinueProcessing.no
+
+    pgp_address = PGPAddress.for_email(email)
+    if pgp_address is None:
+        print('A pgp enabled address not found.', file=results)
+        return ContinueProcessing.no
+
+    workflow = KeyChangeWorkflow(mlist, pgp_address, keys.pop())
+    list(workflow)
+    print('Key change request received.', file=results)
+    return ContinueProcessing.no
 
 
 def _cmd_revoke(pgp_list, mlist, msg, msgdata, arguments, results):
diff --git a/src/mailman_pgp/commands/tests/test_key.py b/src/mailman_pgp/commands/tests/test_key.py
index 48ca3c9..fe75a6a 100644
--- a/src/mailman_pgp/commands/tests/test_key.py
+++ b/src/mailman_pgp/commands/tests/test_key.py
@@ -365,3 +365,46 @@ class TestPreSubscription(unittest.TestCase):
 
         self.assertIn('Message not signed, ignoring.',
                       results_msg.get_payload())
+
+
+class TestAfterSubscription(unittest.TestCase):
+    layer = PGPConfigLayer
+
+    def setUp(self):
+        self.mlist = create_list('test@example.com', style_name='pgp-default')
+        self.pgp_list = PGPMailingList.for_list(self.mlist)
+        self.pgp_list.key = load_key('ecc_p256.priv.asc')
+
+    def test_key_change(self):
+        bart = getUtility(IUserManager).create_address('bart@example.com',
+                                                       'Bart Person')
+        bart_key = load_key('rsa_1024.priv.asc')
+        bart_new_key = load_key('ecc_p256.priv.asc')
+
+        with transaction() as t:
+            pgp_address = PGPAddress(bart)
+            pgp_address.key = bart_key.pubkey
+            pgp_address.key_confirmed = True
+            t.add(pgp_address)
+
+        message = _create_mixed('bart@example.com', 'test@example.com',
+                                'key change')
+        wrapped_message = MIMEWrapper(message)
+        message = wrapped_message.attach_key(bart_new_key.pubkey)
+
+        mm_config.switchboards['command'].enqueue(message,
+                                                  listid='test.example.com')
+        make_testable_runner(CommandRunner, 'command').run()
+
+        items = get_queue_messages('virgin', expected_count=2)
+        if items[0].msg['Subject'] == 'The results of your email commands':
+            results = items[0].msg
+            confirm_request = items[1].msg
+        else:
+            results = items[1].msg
+            confirm_request = items[0].msg
+
+        self.assertIn('Key change request received.', results.get_payload())
+
+        confirm_wrapped = PGPWrapper(confirm_request)
+        self.assertTrue(confirm_wrapped.is_encrypted())