From: Tony Mack <tmack@cs.princeton.edu>
Date: Thu, 15 Oct 2009 03:03:02 +0000 (+0000)
Subject: check peer_cert
X-Git-Tag: sfa-0.9-6~183
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=313fb4aa9ac647aa33634d77e7b3b551f59a4e82;p=sfa.git

check peer_cert
---

diff --git a/sfa/methods/get_gid.py b/sfa/methods/get_gid.py
index b6bf56a9..c63b1b77 100644
--- a/sfa/methods/get_gid.py
+++ b/sfa/methods/get_gid.py
@@ -34,6 +34,7 @@ class get_gid(Method):
     
     def call(self, cert, hrn, type, requestHash):
       
+        self.api.auth.verify_object_belongs_to_me(hrn)
         certificate = Certificate(string=cert) 
         table = GeniTable()
         records = table.find({'hrn': hrn, 'type': type})
@@ -43,8 +44,8 @@ class get_gid(Method):
         gidStr = record['gid']
         gid = GID(string=gidStr)
          
-        #if not certificate.is_pubkey(gid.get_pubkey()):
-        #    raise ConnectionKeyGIDMismatch(gid.get_subject())
+        if not certificate.is_pubkey(gid.get_pubkey()):
+            raise ConnectionKeyGIDMismatch(gid.get_subject())
         
         # authenticate the gid
         self.api.auth.authenticateGid(gidStr, [cert, hrn, type], requestHash)