X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Ftrust%2Fcredential.py;h=09835d94f63c19bc7890d812f0876acf07c73e55;hb=1db1a879ffde8991aa95dd80142d555551655e88;hp=c4e6982d303624c8fefb41ad1d6a32025b336ed1;hpb=5822ffb68c0d4cc5e29ec945e0dc21125294463f;p=sfa.git diff --git a/sfa/trust/credential.py b/sfa/trust/credential.py index c4e6982d..09835d94 100644 --- a/sfa/trust/credential.py +++ b/sfa/trust/credential.py @@ -26,7 +26,7 @@ # Credentials are signed XML files that assign a subject gid privileges to an object gid ## -import os +import os,sys from types import StringTypes import datetime from StringIO import StringIO @@ -589,13 +589,15 @@ class Credential(object): def updateRefID(self): if not self.parent: - self.set_refid('ref0') + self.set_refid('ref0') return [] refs = [] next_cred = self.parent + while next_cred: + refs.append(next_cred.get_refid()) if next_cred.parent: next_cred = next_cred.parent @@ -834,7 +836,7 @@ class Credential(object): # Verify the gids of this cred and of its parents for cur_cred in self.get_credential_list(): cur_cred.get_gid_object().verify_chain(trusted_cert_objects) - cur_cred.get_gid_caller().verify_chain(trusted_cert_objects) + cur_cred.get_gid_caller().verify_chain(trusted_cert_objects) refs = [] refs.append("Sig_%s" % self.get_refid()) @@ -842,7 +844,6 @@ class Credential(object): parentRefs = self.updateRefID() for ref in parentRefs: refs.append("Sig_%s" % ref) - for ref in refs: # If caller explicitly passed in None that means skip xmlsec1 validation. # Strange and not typical @@ -863,11 +864,10 @@ class Credential(object): msg = verified[mstart:mend] raise CredentialNotVerifiable("xmlsec1 error verifying cred %s using Signature ID %s: %s %s" % (self.get_summary_tostring(), ref, msg, verified.strip())) os.remove(filename) - + # Verify the parents (delegation) if self.parent: self.verify_parent(self.parent) - # Make sure the issuer is the target's authority, and is # itself a valid GID self.verify_issuer(trusted_cert_objects)