### $URL$
import xmlrpclib
import uuid
+
+from sfa.util.sfalogging import sfa_logger
from sfa.trust.certificate import Certificate
from sfa.util.namespace import *
-from sfa.util.sfalogging import logger
##
# Create a new uuid. Returns the UUID as a string.
Certificate.__init__(self, create, subject, string, filename)
if subject:
- logger.info("subject: %s" % subject)
+ sfa_logger.debug("Creating GID for subject: %s" % subject)
if uuid:
self.uuid = int(uuid)
if hrn:
def verify_chain(self, trusted_certs = None):
# do the normal certificate verification stuff
trusted_root = Certificate.verify_chain(self, trusted_certs)
-
- test_gid = None
+
if self.parent:
- test_gid = self.parent
+ # make sure the parent's hrn is a prefix of the child's hrn
+ if not self.get_hrn().startswith(self.parent.get_hrn()):
+ raise GidParentHrn("This cert HRN %s doesnt start with parent HRN %s" % (self.get_hrn(), self.parent.get_hrn()))
else:
- test_gid = GID(string=trusted_root.save_to_string())
-
- test_type = test_gid.get_type()
- test_hrn = test_gid.get_hrn()
- if test_type == 'authority':
- # Could add a check for type == 'authority'
- test_hrn = test_hrn[:test_hrn.rindex('.')]
- cur_hrn = self.get_hrn()
- if not self.get_hrn().startswith(test_hrn):
- GidParentHrn(test_hrn + " " + self.get_hrn())
+ # make sure that the trusted root's hrn is a prefix of the child's
+ trusted_gid = GID(string=trusted_root.save_to_string())
+ trusted_type = trusted_gid.get_type()
+ trusted_hrn = trusted_gid.get_hrn()
+ #if trusted_type == 'authority':
+ # trusted_hrn = trusted_hrn[:trusted_hrn.rindex('.')]
+ cur_hrn = self.get_hrn()
+ if not self.get_hrn().startswith(trusted_hrn):
+ raise GidParentHrn("Trusted roots HRN %s isnt start of this cert %s" % (trusted_hrn, cur_hrn))
return
-
-
-
-
-