From: Tony Mack <tmack@cs.princeton.edu>
Date: Wed, 14 Oct 2009 00:34:52 +0000 (+0000)
Subject: move peer_vert verificaiton code into its own method
X-Git-Tag: sfa-0.9-6~192
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=3a38cab925c552ff5ab0592f488332e9097822ca;p=sfa.git

move peer_vert verificaiton code into its own method
---

diff --git a/sfa/trust/auth.py b/sfa/trust/auth.py
index 19bdd6e6..611a9bac 100644
--- a/sfa/trust/auth.py
+++ b/sfa/trust/auth.py
@@ -46,11 +46,6 @@ class Auth:
         if not self.client_gid:
             raise MissingCallerGID(self.client_cred.get_subject())
 
-        # make sure the client_gid matches client's certificate
-        peer_cert = self.peer_cert
-        if peer_cert and not peer_cert.is_pubkey(self.client_gid.get_pubkey()):
-            raise ConnectionKeyGIDMismatch(self.client_gid.get_subject())
-
         # make sure the client is allowed to perform the operation
         if operation:
             if not self.client_cred.can_perform(operation):
@@ -65,6 +60,11 @@ class Auth:
 
         return True
 
+    def verifyPeerCert(self):
+        # make sure the client_gid matches client's certificate
+        peer_cert = self.peer_cert
+        if not peer_cert.is_pubkey(self.client_gid.get_pubkey()):
+            raise ConnectionKeyGIDMismatch(self.client_gid.get_subject()            
 
     def verifyGidRequestHash(self, gid, hash, arglist):
         key = gid.get_pubkey()