- def call(self, cred, hrn, rspec, request_hash=None):
- self.api.auth.authenticateCred(cred, [cred, hrn, rspec], request_hash)
- self.api.auth.check(cred, "getticket")
- self.api.auth.verify_object_belongs_to_me(hrn)
- self.api.auth.verify_object_permission(name)
-
- # XXX much of this code looks like get_credential... are they so similar
- # that they should be combined?
-
- auth_hrn = self.api.auth.get_authority(hrn)
- if not auth_hrn:
- auth_hrn = hrn
- auth_info = self.api.auth.get_auth_info(auth_hrn)
- record = None
- table = self.api.auth.get_auth_table(auth_hrn)
- record = table.resolve('slice', hrn)
-
- object_gid = record.get_gid_object()
- new_ticket = SfaTicket(subject = object_gid.get_subject())
- new_ticket.set_gid_caller(self.client_gid)
- new_ticket.set_gid_object(object_gid)
- new_ticket.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
- new_ticket.set_pubkey(object_gid.get_pubkey())
+ def call(self, cred, hrn, rspec, origin_hrn=None):
+ user_cred = Credential(string=cred)