2 files changed, 34 insertions, 9 deletions

diff --git a/src/mailman_pgp/commands/eml_key.py b/src/mailman_pgp/commands/eml_key.py
index 0d5fa1e..e182451 100644
--- a/src/mailman_pgp/commands/eml_key.py
+++ b/src/mailman_pgp/commands/eml_key.py
@@ -23,7 +23,6 @@ from mailman.interfaces.command import ContinueProcessing, IEmailCommand
 from mailman.interfaces.pending import IPendings
 from mailman.interfaces.subscriptions import ISubscriptionManager
 from mailman.interfaces.usermanager import IUserManager
-from pgpy.constants import KeyFlags
 from public import public
 from zope.component import getUtility
 from zope.interface import implementer
@@ -35,6 +34,7 @@ from mailman_pgp.model.list import PGPMailingList
 from mailman_pgp.pgp.mime import MIMEWrapper
 from mailman_pgp.pgp.wrapper import PGPWrapper
 from mailman_pgp.utils.email import get_email
+from mailman_pgp.utils.pgp import key_usable
 from mailman_pgp.workflows.key_change import (CHANGE_CONFIRM_REQUEST,
                                               KeyChangeModWorkflow,
                                               KeyChangeWorkflow)
@@ -77,10 +77,7 @@ def _cmd_set(pgp_list, mlist, msg, msgdata, arguments, results):
               file=results)
         return ContinueProcessing.no
 
-    usage_flags = key.usage_flags()
-    for subkey in key.subkeys.values():
-        usage_flags |= subkey.usage_flags()
-    if KeyFlags.EncryptCommunications not in usage_flags:
+    if not key_usable(key):
         print('Need a key which can be used to encrypt communications.',
               file=results)
         return ContinueProcessing.no
@@ -231,10 +228,7 @@ def _cmd_change(pgp_list, mlist, msg, msgdata, arguments, results):
               file=results)
         return ContinueProcessing.no
 
-    usage_flags = key.usage_flags()
-    for subkey in key.subkeys.values():
-        usage_flags |= subkey.usage_flags()
-    if KeyFlags.EncryptCommunications not in usage_flags:
+    if not key_usable(key):
         print('Need a key which can be used to encrypt communications.',
               file=results)
         return ContinueProcessing.no
diff --git a/src/mailman_pgp/utils/pgp.py b/src/mailman_pgp/utils/pgp.py
index 621aa02..1dfdc5e 100644
--- a/src/mailman_pgp/utils/pgp.py
+++ b/src/mailman_pgp/utils/pgp.py
@@ -18,6 +18,7 @@
 """Miscellaneous PGP utilities."""
 from pgpy import PGPKey, PGPSignature
 from pgpy.constants import SignatureType
+from pgpy.errors import PGPError
 from pgpy.packet import Packet, Signature
 from pgpy.types import Armorable
 from public import public
@@ -97,3 +98,33 @@ def revoc_from_blob(blob):
     sig = PGPSignature()
     sig |= p
     return sig
+
+
+@public
+def key_usable(key, flags_required):
+    """
+
+    :param key:
+    :type key: pgpy.PGPKey
+    :param flags_required:
+    :return:
+    :rtype: bool
+    """
+    if key.is_expired:
+        return False
+    primary_revocs = (sig for sig in key.self_signatures if
+                      sig.sigtype is SignatureType.KeyRevocation)
+    for revoc in primary_revocs:
+        try:
+            verified = key.verify(key, revoc)
+        except PGPError:
+            continue
+        if bool(verified):
+            return False
+    usage_flags = key.usage_flags()
+    for subkey in key.subkeys.values():
+        usage_flags |= subkey.usage_flags()
+
+    if flags_required not in usage_flags:
+        return False
+    return True