def __init__(self, peer_cert = None, config = None ):
self.peer_cert = peer_cert
self.hierarchy = Hierarchy()
- self.trusted_cert_list = TrustedRootList().get_list()
if not config:
- self.config = Config()
-
+ self.config = Config()
+ self.trusted_cert_list = TrustedRootList(self.config.get_trustedroots_dir()).get_list()
+
def check(self, cred, operation):
"""
return True
+
+ def verify_cred_is_me(self, credential):
+ is_me = False
+ cred = Credential(string=credential)
+ caller_gid = cred.get_gid_caller()
+ caller_hrn = caller_gid.get_hrn()
+ if caller_hrn != self.config.SFA_INTERFACE_HRN:
+ raise GeniPermissionError(self.config.SFA_INTEFACE_HRN)
+
+ return
def get_auth_info(self, auth_hrn):
"""
@param auth_name human readable name of authority
"""
+ # get auth info will throw an exception if the authority doesnt exist
self.get_auth_info(name)
@param name human readable name of object
"""
auth_name = self.get_authority(name)
- if not auth_name or name == self.config.SFA_INTERFACE_HRN:
- # the root authority belongs to the registry by default?
- # TODO: is this true?
+ if not auth_name:
+ auth_name = name
+ if name == self.config.SFA_INTERFACE_HRN:
return
self.verify_auth_belongs_to_me(auth_name)
return
if name.startswith(object_hrn + "."):
return
- if name.startswith(get_authority(name)):
- return
+ #if name.startswith(get_authority(name)):
+ #return
raise PermissionError(name)
git://git.onelab.eu / sfa.git / blobdiff