From: Josh Karlin <jkarlin@bbn.com>
Date: Mon, 12 Jul 2010 15:10:18 +0000 (+0000)
Subject: updated namespace to remove authority type from urn when converting to hrn
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;ds=sidebyside;h=deab04ffb88b2636072b9f113d7f6ef607585632;p=sfa.git

updated namespace to remove authority type from urn when converting to hrn
---

diff --git a/sfa/trust/gid.py b/sfa/trust/gid.py
index f891c0e2..c2f63bfa 100644
--- a/sfa/trust/gid.py
+++ b/sfa/trust/gid.py
@@ -196,28 +196,26 @@ class GID(Certificate):
     # for a principal that is not a member of that authority. For example,
     # planetlab.us.arizona cannot sign a GID for planetlab.us.princeton.foo.
 
+
     def verify_chain(self, trusted_certs = None):
         # do the normal certificate verification stuff
         trusted_root = Certificate.verify_chain(self, trusted_certs)        
-
-        test_gid = None
+       
         if self.parent:
-            test_gid = self.parent
+            # make sure the parent's hrn is a prefix of the child's hrn
+            if not self.get_hrn().startswith(self.parent.get_hrn()):
+                print self.get_hrn(), " ", self.parent.get_hrn()
+                raise GidParentHrn(self.parent.get_subject())
         else:
-            test_gid = GID(string=trusted_root.save_to_string())
-
-        test_type = test_gid.get_type()
-        test_hrn = test_gid.get_hrn()
-        if test_type == 'authority':
-            # Could add a check for type == 'authority'
-            test_hrn = test_hrn[:test_hrn.rindex('.')]
-        cur_hrn = self.get_hrn()
-        if not self.get_hrn().startswith(test_hrn):
-            GidParentHrn(test_hrn + " " + self.get_hrn())
+            # make sure that the trusted root's hrn is a prefix of the child's
+            trusted_gid = GID(string=trusted_root.save_to_string())
+            trusted_type = trusted_gid.get_type()
+            trusted_hrn = trusted_gid.get_hrn()
+            if trusted_type == 'authority':
+                # Could add a check for type == 'authority'
+                trusted_hrn = trusted_hrn[:trusted_hrn.rindex('.')]
+            cur_hrn = self.get_hrn()
+            if not self.get_hrn().startswith(trusted_hrn):
+                raise GidParentHrn(trusted_hrn + " " + self.get_hrn())
 
         return
-
-
-
-
-
diff --git a/sfa/util/namespace.py b/sfa/util/namespace.py
index e898f3ca..c771d717 100644
--- a/sfa/util/namespace.py
+++ b/sfa/util/namespace.py
@@ -75,8 +75,9 @@ def urn_to_hrn(urn):
     # join list elements using '.'
     hrn = '.'.join([part.replace(':', '.') for part in hrn_parts if part]) 
     
+    # Remove the authority name (e.g. '.sa')
     if type == 'authority':
-        hrn = hrn.replace ('.sa', '')
+        hrn = hrn[:hrn.rindex('.')]        
    
     return str(hrn), str(type)