+ self.trusted_cert_list = \
+ TrustedRoots(self.config.get_trustedroots_dir()).get_list()
+ self.trusted_cert_file_list = \
+ TrustedRoots(self.config.get_trustedroots_dir()).get_file_list()
+
+ # this convenience methods extracts speaking_for_xrn
+ # from the passed options using 'geni_speaking_for'
+ def checkCredentialsSpeaksFor (self, *args, **kwds):
+ if 'options' not in kwds:
+ logger.error ("checkCredentialsSpeaksFor was not passed options=options")
+ return
+ # remove the options arg
+ options = kwds['options']; del kwds['options']
+ # compute the speaking_for_xrn arg and pass it to checkCredentials
+ if options is None: speaking_for_xrn = None
+ else: speaking_for_xrn = options.get('geni_speaking_for', None)
+ kwds['speaking_for_xrn'] = speaking_for_xrn
+ return self.checkCredentials(*args, **kwds)
+
+ # do not use mutable as default argument
+ # http://docs.python-guide.org/en/latest/writing/gotchas/#mutable-default-arguments
+ def checkCredentials(self, creds, operation, xrns=None,
+ check_sliver_callback=None,
+ speaking_for_xrn=None):
+ if xrns is None: xrns = []
+ error = (None, None)
+ def log_invalid_cred(cred):
+ if not isinstance (cred, StringType):
+ logger.info("cannot validate credential %s - expecting a string"%cred)
+ error = ('TypeMismatch',
+ "checkCredentials: expected a string, received {} -- {}"
+ .format(type(cred), cred))
+ else:
+ cred_obj = Credential(string=cred)
+ logger.info("failed to validate credential - dump=%s"%\
+ cred_obj.dump_string(dump_parents=True))
+ error = sys.exc_info()[:2]
+ return error
+
+ # if xrns are specified they cannot be None or empty string
+ if xrns:
+ for xrn in xrns:
+ if not xrn:
+ raise BadArgs("Invalid urn or hrn")