1 files changed, 76 insertions, 3 deletions

diff --git a/src/mailman_pgp/commands/eml_key.py b/src/mailman_pgp/commands/eml_key.py
index b958b93..e38e96d 100644
--- a/src/mailman_pgp/commands/eml_key.py
+++ b/src/mailman_pgp/commands/eml_key.py
@@ -16,6 +16,7 @@
 # this program.  If not, see <http://www.gnu.org/licenses/>.
 
 """The key email command."""
+import copy
 from email.mime.text import MIMEText
 
 from mailman.email.message import UserNotification
@@ -24,6 +25,7 @@ from mailman.interfaces.pending import IPendings
 from mailman.interfaces.subscriptions import ISubscriptionManager
 from mailman.interfaces.usermanager import IUserManager
 from pgpy.constants import KeyFlags
+from pgpy.errors import PGPError
 from public import public
 from zope.component import getUtility
 from zope.interface import implementer
@@ -209,6 +211,14 @@ def _cmd_change(pgp_list, mlist, msg, msgdata, arguments, results):
         print('A pgp enabled address not found.', file=results)
         return ContinueProcessing.no
 
+    if pgp_address.key is None:
+        print("You currently don't have a key set.", file=results)
+        return ContinueProcessing.no
+
+    if not pgp_address.key_confirmed:
+        print('Your key is currently not confirmed.', file=results)
+        return ContinueProcessing.no
+
     wrapped = PGPWrapper(msg)
     if wrapped.is_encrypted():
         decrypted = wrapped.try_decrypt(pgp_list.key)
@@ -243,9 +253,72 @@ def _cmd_change(pgp_list, mlist, msg, msgdata, arguments, results):
 
 
 def _cmd_revoke(pgp_list, mlist, msg, msgdata, arguments, results):
-    # Current key revocation certificate in attachment, restarts the
-    # subscription process, or rather only it's key setup part.
-    pass
+    if len(arguments) != 1:
+        print('Extraneous argument/s: ' + ','.join(arguments[1:]),
+              file=results)
+        return ContinueProcessing.no
+
+    email = get_email(msg)
+    if not email:
+        print('No email to change key of.', file=results)
+        return ContinueProcessing.no
+
+    pgp_address = PGPAddress.for_email(email)
+    if pgp_address is None:
+        print('A pgp enabled address not found.', file=results)
+        return ContinueProcessing.no
+
+    key = pgp_address.key
+    if key is None:
+        print("You currently don't have a key set.", file=results)
+        return ContinueProcessing.no
+
+    if not pgp_address.key_confirmed:
+        print('Your key is currently not confirmed.', file=results)
+        return ContinueProcessing.no
+
+    wrapped = PGPWrapper(msg)
+    if wrapped.is_encrypted():
+        decrypted = wrapped.try_decrypt(pgp_list.key)
+        wrapped = PGPWrapper(decrypted)
+
+    if not wrapped.has_revocs():
+        print('No key revocations attached? Send a key revocation.',
+              file=results)
+        return ContinueProcessing.no
+
+    key_copy = copy.copy(key)
+
+    revocs = list(wrapped.revocs())
+    for revoc in revocs:
+        try:
+            verified = key_copy.verify(key_copy, revoc)
+            if verified:
+                key_copy |= revoc
+                continue
+        except PGPError:
+            pass
+
+        for subkey in key_copy.subkeys.values():
+            try:
+                verified = subkey.verify(subkey, revoc)
+                if verified:
+                    subkey |= revoc
+            except PGPError:
+                pass
+        # No match?
+        print('Revocation found for not-found key.', file=results)
+
+    if not key_usable(key_copy,
+                      {KeyFlags.EncryptCommunications, KeyFlags.Sign}):
+        pass
+        # Start reset process.
+    else:
+        # Just update key.
+        with transaction():
+            pgp_address.key = key_copy
+        print('Key succesfully updated.', file=results)
+    return ContinueProcessing.yes
 
 
 def _cmd_sign(pgp_list, mlist, msg, msgdata, arguments, results):