From: Tony Mack <tmack@cs.princeton.edu>
Date: Mon, 14 Dec 2009 21:31:48 +0000 (+0000)
Subject: check if the ticket was signed by a trusted cert
X-Git-Tag: sfa-0.9-7~140
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=9f9bf919129277b1bc46bfecc9f58b2e744d5a71;p=sfa.git

check if the ticket was signed by a trusted cert
---

diff --git a/sfa/methods/redeem_ticket.py b/sfa/methods/redeem_ticket.py
index 73518692..3aec71d7 100644
--- a/sfa/methods/redeem_ticket.py
+++ b/sfa/methods/redeem_ticket.py
@@ -34,15 +34,9 @@ class redeem_ticket(Method):
         client_gid_str = client_gid.save_to_string(save_parents=True)
         self.api.auth.authenticateGid(client_gid_str, [cred, hrn], request_hash)
         self.api.auth.check(cred, 'redeemticket')
-        
-        ticket = SfaTicket(string=ticket)
-        # XX we should verify the ticket, but we need the privste keys to do that
-        # maybe we should just pass the ticket to the authoriative registry to it 
-        # verify the ticket for us
-        #ticket.verify(pkey)
-        # or 
-        #self.api.registry.verify_ticket(ticket.save_to_string(save_parents=True))
+        self.api.auth.check_ticket(ticket)
 
+        ticket = SfaTicket(string=ticket)
         ticket.decode()
         hrn = ticket.attributes['slivers'][0]['hrn']
         slicename = hrn_to_pl_slicename(hrn)