X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Ftrust%2Fauth.py;h=5466189650d14bb7503b813db1e573e3fc0e14ec;hb=3eea82897aba845da0d12c1ba56012e599f58853;hp=b596d8d4ca0c5d740035aa8cd9acae7b09f4ccf6;hpb=eababa96fb603cdd552bc03091813544b099befd;p=sfa.git diff --git a/sfa/trust/auth.py b/sfa/trust/auth.py index b596d8d4..54661896 100644 --- a/sfa/trust/auth.py +++ b/sfa/trust/auth.py @@ -1,10 +1,7 @@ # # SfaAPI authentication # -### $Id$ -### $URL$ -# - +import sys from sfa.trust.certificate import Keypair, Certificate from sfa.trust.credential import Credential @@ -12,9 +9,10 @@ from sfa.trust.trustedroot import TrustedRootList from sfa.util.faults import * from sfa.trust.hierarchy import Hierarchy from sfa.util.config import * -from sfa.util.namespace import * +from sfa.util.xrn import get_authority from sfa.util.sfaticket import * -import sys + +from sfa.util.sfalogging import logger class Auth: """ @@ -38,11 +36,14 @@ class Auth: valid = [] if not isinstance(creds, list): creds = [creds] + logger.debug("Auth.checkCredentials with %d creds"%len(creds)) for cred in creds: try: self.check(cred, operation, hrn) valid.append(cred) except: + cred_obj=Credential(string=cred) + logger.debug("failed to validate credential - dump=%s"%cred_obj.dump_string(dump_parents=True)) error = sys.exc_info()[:2] continue @@ -57,7 +58,7 @@ class Auth: Check the credential against the peer cert (callerGID included in the credential matches the caller that is connected to the HTTPS connection, check if the credential was signed by a - trusted cert and check if the credential is allowd to perform + trusted cert and check if the credential is allowed to perform the specified operation. """ self.client_cred = Credential(string = cred) @@ -78,7 +79,7 @@ class Auth: raise InsufficientRights(operation) if self.trusted_cert_list: - self.client_cred.verify(self.trusted_cert_file_list) + self.client_cred.verify(self.trusted_cert_file_list, self.config.SFA_CREDENTIAL_SCHEMA) else: raise MissingTrustedRoots(self.config.get_trustedroots_dir())