#
# SfaAPI authentication
#
-### $Id$
-### $URL$
-#
-
+import sys
from sfa.trust.certificate import Keypair, Certificate
from sfa.trust.credential import Credential
from sfa.util.faults import *
from sfa.trust.hierarchy import Hierarchy
from sfa.util.config import *
-from sfa.util.namespace import *
+from sfa.util.namespace import get_authority
from sfa.util.sfaticket import *
-from sfa.util.sfalogging import logger
-import sys
+from sfa.util.sfalogging import sfa_logger
class Auth:
"""
valid = []
if not isinstance(creds, list):
creds = [creds]
+ sfa_logger().debug("Auth.checkCredentials with %d creds"%len(creds))
for cred in creds:
try:
self.check(cred, operation, hrn)
valid.append(cred)
except:
+ cred_obj=Credential(string=cred)
+ sfa_logger().debug("failed to validate credential - dump="+cred_obj.dump_string(dump_parents=True))
error = sys.exc_info()[:2]
continue
Check the credential against the peer cert (callerGID included
in the credential matches the caller that is connected to the
HTTPS connection, check if the credential was signed by a
- trusted cert and check if the credential is allowd to perform
+ trusted cert and check if the credential is allowed to perform
the specified operation.
"""
self.client_cred = Credential(string = cred)
verify_cancreate_credential()
"""
- rl = RightList()
+ rl = Rights()
type = record['type']
def get_authority(self, hrn):
return get_authority(hrn)
+
+ def filter_creds_by_caller(self, creds, caller_hrn):
+ """
+ Returns a list of creds who's gid caller matches the
+ specified caller hrn
+ """
+ if not isinstance(creds, list):
+ creds = [creds]
+ creds = []
+ for cred in creds:
+ try:
+ tmp_cred = Credential(string=cred)
+ if tmp_cred.get_gid_caller().get_hrn() == caller_hrn:
+ creds.append(cred)
+ except: pass
+ return creds
+