check if the ticket was signed by a trusted cert

author Tony Mack <tmack@cs.princeton.edu>

Mon, 14 Dec 2009 21:31:48 +0000 (21:31 +0000)

committer Tony Mack <tmack@cs.princeton.edu>

Mon, 14 Dec 2009 21:31:48 +0000 (21:31 +0000)
author Tony Mack <tmack@cs.princeton.edu>
Mon, 14 Dec 2009 21:31:48 +0000 (21:31 +0000)
committer Tony Mack <tmack@cs.princeton.edu>
Mon, 14 Dec 2009 21:31:48 +0000 (21:31 +0000)
diff --git a/sfa/methods/redeem_ticket.py b/sfa/methods/redeem_ticket.py

index 7351869..3aec71d 100644 (file)
--- a/sfa/methods/redeem_ticket.py
+++ b/sfa/methods/redeem_ticket.py
@@ -34,15 +34,9 @@ class redeem_ticket(Method):
          client_gid_str = client_gid.save_to_string(save_parents=True)
          self.api.auth.authenticateGid(client_gid_str, [cred, hrn], request_hash)
          self.api.auth.check(cred, 'redeemticket')
-        
-        ticket = SfaTicket(string=ticket)
-        # XX we should verify the ticket, but we need the privste keys to do that
-        # maybe we should just pass the ticket to the authoriative registry to it 
-        # verify the ticket for us
-        #ticket.verify(pkey)
-        # or 
-        #self.api.registry.verify_ticket(ticket.save_to_string(save_parents=True))
+        self.api.auth.check_ticket(ticket)
  
+        ticket = SfaTicket(string=ticket)
          ticket.decode()
          hrn = ticket.attributes['slivers'][0]['hrn']
          slicename = hrn_to_pl_slicename(hrn)
author	Tony Mack <tmack@cs.princeton.edu>
	Mon, 14 Dec 2009 21:31:48 +0000 (21:31 +0000)
committer	Tony Mack <tmack@cs.princeton.edu>
	Mon, 14 Dec 2009 21:31:48 +0000 (21:31 +0000)