Add sign/verify to keymanager's openpgp.

2 files changed, 74 insertions, 3 deletions

diff --git a/src/leap/common/keymanager/openpgp.py b/src/leap/common/keymanager/openpgp.py
index e2ffe76..0fd314a 100644
--- a/src/leap/common/keymanager/openpgp.py
+++ b/src/leap/common/keymanager/openpgp.py
@@ -25,7 +25,7 @@ import re
 import tempfile
 import shutil
 
-from leap.common.check import leap_assert
+from leap.common.check import leap_assert, leap_assert_type
 from leap.common.keymanager.errors import (
     KeyNotFound,
     KeyAlreadyExists,
@@ -42,7 +42,7 @@ from leap.common.keymanager.gpg import GPGWrapper
 
 
 #
-# Utility functions
+# API functions
 #
 
 def encrypt_sym(data, passphrase):
@@ -175,6 +175,49 @@ def is_encrypted_asym(data):
 
     return _safe_call(_is_encrypted_cb)
 
+def sign(data, key):
+    """
+    Sign C{data} with C{key}.
+
+    @param data: The data to be signed.
+    @type data: str
+    @param key: The key to be used to sign.
+    @type key: OpenPGPKey
+
+    @return: The ascii-armored signed data.
+    @rtype: str
+    """
+    leap_assert_type(key, OpenPGPKey)
+    leap_assert(key.private == True)
+
+    def _sign_cb(gpg):
+        return gpg.sign(data, keyid=key.key_id).data
+
+    return _safe_call(_sign_cb, key.key_data)
+
+def verify(data, key):
+    """
+    Verify signed C{data} with C{key}.
+
+    @param data: The data to be verified.
+    @type data: str
+    @param key: The key to be used on verification.
+    @type key: OpenPGPKey
+
+    @return: The ascii-armored signed data.
+    @rtype: str
+    """
+    leap_assert_type(key, OpenPGPKey)
+    leap_assert(key.private == False)
+
+    def _verify_cb(gpg):
+        return gpg.verify(data).valid
+
+    return _safe_call(_verify_cb, key.key_data)
+
+#
+# Helper functions
+#
 
 def _build_key_from_gpg(address, key, key_data):
     """
diff --git a/src/leap/common/tests/test_keymanager.py b/src/leap/common/tests/test_keymanager.py
index 1d7a382..d3dee40 100644
--- a/src/leap/common/tests/test_keymanager.py
+++ b/src/leap/common/tests/test_keymanager.py
@@ -169,7 +169,7 @@ class KeyManagerWithSoledadTestCase(BaseLeapTest):
 
 class OpenPGPCryptoTestCase(KeyManagerWithSoledadTestCase):
 
-    def test_openpgp_gen_key(self):
+    def _test_openpgp_gen_key(self):
         pgp = openpgp.OpenPGPScheme(self._soledad)
         self.assertRaises(KeyNotFound, pgp.get_key, 'user@leap.se')
         key = pgp.gen_key('user@leap.se')
@@ -363,6 +363,34 @@ class KeyManagerKeyManagementTestCase(
             'leap@leap.se'
         )
 
+    def test_verify_with_private_raises(self):
+        km = self._key_manager()
+        km._wrapper_map[OpenPGPKey].put_key_raw(PRIVATE_KEY)
+        data = 'data'
+        privkey = km.get_key(ADDRESS, OpenPGPKey, private=True)
+        signed = openpgp.sign(data, privkey)
+        self.assertRaises(
+            AssertionError,
+            openpgp.verify, signed, privkey)
+
+    def test_sign_with_public_raises(self):
+        km = self._key_manager()
+        km._wrapper_map[OpenPGPKey].put_key_raw(PUBLIC_KEY)
+        data = 'data'
+        pubkey = km.get_key(ADDRESS, OpenPGPKey, private=False)
+        self.assertRaises(
+            AssertionError,
+            openpgp.sign, data, pubkey)
+
+    def test_sign_verify(self):
+        km = self._key_manager()
+        km._wrapper_map[OpenPGPKey].put_key_raw(PRIVATE_KEY)
+        data = 'data'
+        privkey = km.get_key(ADDRESS, OpenPGPKey, private=True)
+        signed = openpgp.sign(data, privkey)
+        pubkey = km.get_key(ADDRESS, OpenPGPKey, private=False)
+        self.assertTrue(openpgp.verify(signed, pubkey))
+
 
 # Key material for testing
 KEY_FINGERPRINT = "E36E738D69173C13D709E44F2F455E2824D18DDF"