From: Josh Karlin <jkarlin@bbn.com>
Date: Mon, 26 Apr 2010 16:45:36 +0000 (+0000)
Subject: verify_issuer updated to also allow the target gid to equal the credential signer... 
X-Git-Tag: geni-apiv1-totrunk~33
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=d2723560cdb75ef57cb3bda3c86e674bcd260731;p=sfa.git

verify_issuer updated to also allow the target gid to equal the credential signer's gid
---

diff --git a/sfa/trust/credential.py b/sfa/trust/credential.py
index 761d61f8..127b5122 100644
--- a/sfa/trust/credential.py
+++ b/sfa/trust/credential.py
@@ -677,16 +677,18 @@ class Credential(object):
         return list
     
     ##
-    # Make sure the credential's target gid was signed by the same entity that signed
-    # the original credential.
+    # Make sure the credential's target gid was signed by (or is the same) as the entity that signed
+    # the original credential.  
     def verify_issuer(self):                
         root_cred = self.get_credential_list()[-1]
         root_target_gid = root_cred.get_gid_object()
         root_cred_signer = root_cred.get_signature().get_issuer_gid()
         
-        if not root_target_gid.is_signed_by_cert(root_cred_signer):
-            raise CredentialNotVerifiable("Signer of credential (%s) is not the same as the issuer of the target object (%s)" \
-                                            % (root_cred_signer.get_urn(), root_target_gid.get_urn()))
+        if root_target_gid.is_signed_by_cert(root_cred_signer) or \
+            root_target_gid.save_to_string() == root_cred_signer.save_to_string():
+            pass
+        else:            
+            raise CredentialNotVerifiable("Could not verify credential signer")
         
 
     ##