From 9751af132f2104b0bcf45cb7dafbd4957488654b Mon Sep 17 00:00:00 2001
From: Scott Baker <bakers@cs.arizona.edu>
Date: Fri, 10 Apr 2009 18:52:03 +0000
Subject: [PATCH] add functions to sign and verify strings using a key

---
 geni/util/cert.py | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/geni/util/cert.py b/geni/util/cert.py
index 5d4796e0..24b6d895 100644
--- a/geni/util/cert.py
+++ b/geni/util/cert.py
@@ -13,6 +13,7 @@
 
 import os
 import tempfile
+import base64
 from OpenSSL import crypto
 import M2Crypto
 from M2Crypto import X509
@@ -119,23 +120,35 @@ class Keypair:
    def as_pem(self):
       return crypto.dump_privatekey(crypto.FILETYPE_PEM, self.key)
 
-   ##
-   # Return an OpenSSL pkey object
-
    def get_m2_pkey(self):
       if not self.m2key:
          self.m2key = M2Crypto.EVP.load_key_string(self.as_pem())
       return self.m2key
 
    ##
-   # Given another Keypair object, return TRUE if the two keys are the same.
+   # Return an OpenSSL pkey object
 
    def get_openssl_pkey(self):
       return self.key
 
+   ##
+   # Given another Keypair object, return TRUE if the two keys are the same.
+
    def is_same(self, pkey):
       return self.as_pem() == pkey.as_pem()
 
+   def sign_string(self, data):
+      k = self.get_m2_pkey()
+      k.sign_init()
+      k.sign_update(data)
+      return base64.b64encode(k.sign_final())
+
+   def verify_string(self, data, sig):
+      k = self.get_m2_pkey()
+      k.verify_init()
+      k.verify_update(data)
+      return M2Crypto.m2.verify_final(k.ctx, base64.b64decode(sig), k.pkey)
+
 ##
 # The certificate class implements a general purpose X509 certificate, making
 # use of the appropriate pyOpenSSL or M2Crypto abstractions. It also adds
-- 
2.43.0