git://git.onelab.eu / sfa.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fixed up URNs in GID creation
[sfa.git] / sfa / trust / certificate.py
diff --git a/sfa/trust/certificate.py b/sfa/trust/certificate.py
index f7dec97..6a5ee2d 100644 (file)
--- a/sfa/trust/certificate.py
+++ b/sfa/trust/certificate.py
@@ -23,6 +23,7 @@ from OpenSSL import crypto
 import M2Crypto
 from M2Crypto import X509
 from tempfile import mkstemp
+from sfa.util.sfalogging import logger
 
 from sfa.util.faults import *
 
@@ -551,6 +552,10 @@ class Certificate:
             #print "TRUSTED CERT", trusted_cert.dump()
             #print "Client is signed by Trusted?", self.is_signed_by_cert(trusted_cert)
             if self.is_signed_by_cert(trusted_cert):
+                # make sure sure the trusted cert's hrn is a prefix of the
+                # signed cert's hrn
+                if not self.get_subject().startswith(trusted_cert.get_subject()):
+                    raise GidParentHrn(trusted_cert.get_subject()) 
                 #print self.get_subject(), "is signed by a root"
                 return
 
sfa