move process of loading trusted cert files into its own method

[sfa.git] / sfa / trust / auth.py

diff --git a/sfa/trust/auth.py b/sfa/trust/auth.py
index 6688767..7a92959 100644 (file)
--- a/sfa/trust/auth.py
+++ b/sfa/trust/auth.py
@@ -27,9 +27,11 @@ class Auth:
         self.hierarchy = Hierarchy()
         if not config:
             self.config = Config()
-        self.trusted_cert_list = TrustedRootList(self.config.get_trustedroots_dir()).get_list()
-
+        self.load_trusted_certs()
 
+    def load_trusted_certs(self):
+        self.trusted_cert_list = TrustedRootList(self.config.get_trustedroots_dir()).get_list()
+        
     def check(self, cred, operation):
         """
         Check the credential against the peer cert (callerGID included 
@@ -80,17 +82,8 @@ class Auth:
 
     def verifyPeerCert(self, cert, gid):
         # make sure the client_gid matches client's certificate
-        if not cert:
-            peer_cert = self.peer_cert
-        else:
-            peer_cert = cert
-
-        if not gid:
-            peer_gid = self.client_gid
-        else:
-            peer_gid = gid
-        if not peer_cert.is_pubkey(peer_gid.get_pubkey()):
-            raise ConnectionKeyGIDMismatch(peer_gid.get_subject())            
+        if not cert.is_pubkey(gid.get_pubkey()):
+            raise ConnectionKeyGIDMismatch(gid.get_subject()+":"+cert.get_subject())            
 
     def verifyGidRequestHash(self, gid, hash, arglist):
         key = gid.get_pubkey()