# validate the client cert if it exists
if self.peer_cert:
- self.verifyPeerCert()
+ self.verifyPeerCert(self.peer_cert, self.client_gid)
# make sure the client is allowed to perform the operation
if operation:
return True
- def verifyPeerCert(self):
+ def verifyPeerCert(self, cert, gid):
# make sure the client_gid matches client's certificate
- peer_cert = self.peer_cert
- if not peer_cert.is_pubkey(self.client_gid.get_pubkey()):
- raise ConnectionKeyGIDMismatch(self.client_gid.get_subject())
+ if not cert:
+ peer_cert = self.peer_cert
+ else:
+ peer_cert = cert
+
+ if not gid:
+ peer_gid = self.client_gid
+ else:
+ peer_gid = gid
+ if not peer_cert.is_pubkey(peer_gid.get_pubkey()):
+ raise ConnectionKeyGIDMismatch(peer_gid.get_subject())
def verifyGidRequestHash(self, gid, hash, arglist):
key = gid.get_pubkey()
if object_gid:
object_gid.verify_chain(self.trusted_cert_list)
- def authenticateGid(self, gidStr, argList, requestHash):
+ def authenticateGid(self, gidStr, argList, requestHash=None):
gid = GID(string = gidStr)
self.validateGid(gid)
- self.verifyGidRequestHash(gid, requestHash, argList)
+ # request_hash is optional
+ if requestHash:
+ self.verifyGidRequestHash(gid, requestHash, argList)
return gid
- def authenticateCred(self, credStr, argList, requestHash):
+ def authenticateCred(self, credStr, argList, requestHash=None):
cred = Credential(string = credStr)
self.validateCred(cred)
- self.verifyCredRequestHash(cred, requestHash, argList)
+ # request hash is optional
+ if requestHash:
+ self.verifyCredRequestHash(cred, requestHash, argList)
return cred
def authenticateCert(self, certStr, requestHash):