X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Ftrust%2Fauth.py;h=3952272734bf42362c0e4a3b2686c1fb326ac150;hb=dbce495b6f2e7d8dccbfb18c5507907d784c143b;hp=f8d09b46b3e59beff07734929345a385dfde6895;hpb=700e9d9a5ff1e3ad34ca7c92744a0e66e7b1a05a;p=sfa.git

diff --git a/sfa/trust/auth.py b/sfa/trust/auth.py
index f8d09b46..39522727 100644
--- a/sfa/trust/auth.py
+++ b/sfa/trust/auth.py
@@ -1,21 +1,18 @@
 #
 # SfaAPI authentication 
 #
-### $Id$
-### $URL$
-#
-
+import sys
 
+from sfa.trust.certificate import Keypair, Certificate
 from sfa.trust.credential import Credential
 from sfa.trust.trustedroot import TrustedRootList
 from sfa.util.faults import *
 from sfa.trust.hierarchy import Hierarchy
 from sfa.util.config import *
-from sfa.util.namespace import *
+from sfa.util.namespace import get_authority
 from sfa.util.sfaticket import *
-from sfa.util.sfalogging import logger
 
-import sys
+from sfa.util.sfalogging import sfa_logger
 
 class Auth:
     """
@@ -39,11 +36,14 @@ class Auth:
         valid = []
         if not isinstance(creds, list):
             creds = [creds]
+        sfa_logger().debug("Auth.checkCredentials with %d creds"%len(creds))
         for cred in creds:
             try:
                 self.check(cred, operation, hrn)
                 valid.append(cred)
             except:
+                cred_obj=Credential(string=cred)
+                sfa_logger().debug("failed to validate credential - dump="+cred_obj.dump_string(dump_parents=True))
                 error = sys.exc_info()[:2]
                 continue
             
@@ -58,7 +58,7 @@ class Auth:
         Check the credential against the peer cert (callerGID included 
         in the credential matches the caller that is connected to the 
         HTTPS connection, check if the credential was signed by a 
-        trusted cert and check if the credential is allowd to perform 
+        trusted cert and check if the credential is allowed to perform 
         the specified operation.    
         """
         self.client_cred = Credential(string = cred)
@@ -238,7 +238,7 @@ class Auth:
         verify_cancreate_credential()
         """
 
-        rl = RightList()
+        rl = Rights()
         type = record['type']
 
 
@@ -302,3 +302,20 @@ class Auth:
 
     def get_authority(self, hrn):
         return get_authority(hrn)
+
+    def filter_creds_by_caller(self, creds, caller_hrn):
+        """
+        Returns a list of creds who's gid caller matches the 
+        specified caller hrn
+        """
+        if not isinstance(creds, list):
+            creds = [creds]
+        creds = []
+        for cred in creds:
+            try:
+                tmp_cred = Credential(string=cred)
+                if tmp_cred.get_gid_caller().get_hrn() == caller_hrn:
+                    creds.append(cred)
+            except: pass
+        return creds
+