X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Ftrust%2Fcertificate.py;fp=sfa%2Ftrust%2Fcertificate.py;h=76b99db572d5ff299bf0ec8e1c97b99132e3cd3e;hb=f3d825457ff4881b8c9658967f8ed159a01dfcaa;hp=9b488357f4a082002ebfb53c9bbdbfe8e89fc579;hpb=7928eda8ae331272276237740075e23c6fcfb63f;p=sfa.git

diff --git a/sfa/trust/certificate.py b/sfa/trust/certificate.py
index 9b488357..76b99db5 100644
--- a/sfa/trust/certificate.py
+++ b/sfa/trust/certificate.py
@@ -327,7 +327,7 @@ class Certificate:
              self.issuerReq = req
        if cert:
           # if a cert was supplied, then get the subject from the cert
-          subject = cert.cert.get_issuer()
+          subject = cert.cert.get_subject()
        assert(subject)
        self.issuerSubject = subject
 
@@ -525,6 +525,10 @@ class Certificate:
             #print "TRUSTED CERT", trusted_cert.dump()
             #print "Client is signed by Trusted?", self.is_signed_by_cert(trusted_cert)
             if self.is_signed_by_cert(trusted_cert):
+                # make sure sure the trusted cert's hrn is a prefix of the
+                # signed cert's hrn
+                if not self.get_subject().startswith(trusted_cert.get_subject()):
+                    raise GidParentHrn(trusted_cert.get_subject()) 
                 #print self.get_subject(), "is signed by a root"
                 return