X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Ftrust%2Fauth.py;h=a68f2e7b0e0373de0d52ab4331252e8a4779be05;hb=1c8efd5f2f2865cd6bdfa0dfe50d798f9ab65342;hp=b1db32aae571bb03c8a558c5ef2f1c5bdc4def61;hpb=2d55f658dce789be7a310f397d4096a8491955f5;p=sfa.git

diff --git a/sfa/trust/auth.py b/sfa/trust/auth.py
index b1db32aa..a68f2e7b 100644
--- a/sfa/trust/auth.py
+++ b/sfa/trust/auth.py
@@ -15,6 +15,7 @@ from sfa.trust.hierarchy import Hierarchy
 from sfa.util.config import *
 from sfa.util.misc import *
 from sfa.trust.gid import GID
+from sfa.util.sfaticket import *
 
 class Auth:
     """
@@ -60,9 +61,23 @@ class Auth:
                 self.client_gid.verify_chain(self.trusted_cert_list)
             if self.object_gid:
                 self.object_gid.verify_chain(self.trusted_cert_list)
+        else:
+           raise MissingTrustedRoots(self.config.get_trustedroots_dir())
 
         return True
 
+    def check_ticket(self, ticket):
+        """
+        Check if the tickt was signed by a trusted cert
+        """
+        if self.trusted_cert_list:
+            client_ticket = SfaTicket(string=ticket)
+            client_ticket.verify_chain(self.trusted_cert_list)
+        else:
+           raise MissingTrustedRoots(self.config.get_trustedroots_dir())
+
+        return True 
+
     def verifyPeerCert(self, cert, gid):
         # make sure the client_gid matches client's certificate
         if not cert:
@@ -238,8 +253,8 @@ class Auth:
             rl.add("resolve")
             rl.add("info")
 
-        elif type == "component":
-            r1.add("operator")
+        elif type == "node":
+            rl.add("operator")
 
         return rl