Nitos: channels now have component_id (urn), which is used to address them into Lease...

[sfa.git] / sfa / trust / auth.py

diff --git a/sfa/trust/auth.py b/sfa/trust/auth.py
index d72c3f8..d217b1c 100644 (file)
--- a/sfa/trust/auth.py
+++ b/sfa/trust/auth.py
@@ -4,7 +4,8 @@
 import sys
 
 from sfa.util.faults import InsufficientRights, MissingCallerGID, MissingTrustedRoots, PermissionError, \
-    BadRequestHash, ConnectionKeyGIDMismatch, SfaPermissionDenied, CredentialNotVerifiable, Forbidden
+    BadRequestHash, ConnectionKeyGIDMismatch, SfaPermissionDenied, CredentialNotVerifiable, Forbidden, \
+    BadArgs
 from sfa.util.sfalogging import logger
 from sfa.util.config import Config
 from sfa.util.xrn import Xrn, get_authority
@@ -35,6 +36,13 @@ class Auth:
         self.trusted_cert_file_list = TrustedRoots(self.config.get_trustedroots_dir()).get_file_list()
 
     def checkCredentials(self, creds, operation, xrns=[], check_sliver_callback=None):
+        # if xrns are specified they cannot be None or empty string
+        if xrns:
+            for xrn in xrns:
+                if not xrn:
+                    raise BadArgs("Invalid urn or hrn")
+
+        
         if not isinstance(xrns, list):
             xrns = [xrns]
 
@@ -71,10 +79,7 @@ class Auth:
             check_sliver_callback(valid, sliver_xrns)
                 
         if not len(valid):
-            msg = "Valid credential not found for method: %s" % operation
-            if xrns:
-                msg += " target: %s" % xrns 
-            raise Forbidden(msg)
+            raise Forbidden("Invalid credential")
         
         return valid