1 files changed, 23 insertions, 25 deletions

diff --git a/src/mailman_pgp/rules/signature.py b/src/mailman_pgp/rules/signature.py
index 5f5b802..6bac3dc 100644
--- a/src/mailman_pgp/rules/signature.py
+++ b/src/mailman_pgp/rules/signature.py
@@ -18,6 +18,7 @@
 """Signature checking rule for the pgp-posting-chain."""
 
 from mailman.core.i18n import _
+from mailman.interfaces.action import Action
 from mailman.interfaces.rules import IRule
 from mailman.interfaces.usermanager import IUserManager
 from public import public
@@ -30,7 +31,7 @@ from mailman_pgp.model.list import PGPMailingList
 from mailman_pgp.pgp.wrapper import PGPWrapper
 
 
-def _record_action(msgdata, action, sender, reason):
+def record_action(msgdata, action, sender, reason):
     msgdata['moderation_action'] = action
     msgdata['moderation_sender'] = sender
     msgdata.setdefault('moderation_reasons', []).append(reason)
@@ -60,16 +61,16 @@ class Signature:
         # Take unsigned_msg_action if unsigned.
         if not wrapped.is_signed():
             action = enc_list.unsigned_msg_action
-            if action is not None:
-                _record_action(msgdata, action, msg.sender,
+            if action != Action.defer:
+                record_action(msgdata, action, msg.sender,
                                'The message is unsigned.')
                 return True
 
         # Take `inline_pgp_action` if inline signed.
-        if wrapped.is_inline_signed():
+        if wrapped.inline.is_signed():
             action = enc_list.inline_pgp_action
-            if action is not None:
-                _record_action(msgdata, action, msg.sender,
+            if action != Action.defer:
+                record_action(msgdata, action, msg.sender,
                                'Inline PGP is not allowed.')
                 return True
 
@@ -85,33 +86,30 @@ class Signature:
         # See if we have a key.
         key = enc_address.key
         if key is None:
-            # TODO: how to handle this?
             raise ValueError('No key?')
 
-        # Verify, this gives us stuff we need to check.
-        verification = wrapped.verify(key)
-
         # Take the `invalid_sig_action` if the verification failed.
-        if not verification:
+        if not wrapped.verifies(key):
             action = enc_list.invalid_sig_action
-            if action is not None:
-                _record_action(msgdata, action, msg.sender,
+            if action != Action.defer:
+                record_action(msgdata, action, msg.sender,
                                'Signature did not verify.')
                 return True
 
-        # TODO: handle more signatures here?
-        sig_obj = next(verification.good_signatures)
-        sig_key = sig_obj.by
-        sig_sig = sig_obj.signature
 
-        # Take the `expired_sig_action` if either he signature or the key
-        # is expired.
-        if sig_sig.is_expired or sig_key.is_expired:
-            action = enc_list.expired_sig_action
-            if action is not None:
-                _record_action(msgdata, action, msg.sender,
-                               'Signature or key expired.')
-                return True
+        # # TODO: handle more signatures here?
+        # sig_obj = next(verification.good_signatures)
+        # sig_key = sig_obj.by
+        # sig_sig = sig_obj.signature
+        #
+        # # Take the `expired_sig_action` if either he signature or the key
+        # # is expired.
+        # if sig_sig.is_expired or sig_key.is_expired:
+        #     action = enc_list.expired_sig_action
+        #     if action is not None:
+        #         _record_action(msgdata, action, msg.sender,
+        #                        'Signature or key expired.')
+        #         return True
 
         # XXX: we need to track key revocation separately to use it here
         # TODO: check key revocation here