From 6b702c779642db0fe09026588af1729d3b79498b Mon Sep 17 00:00:00 2001
From: Tony Mack <tmack@cs.princeton.edu>
Date: Fri, 23 Oct 2009 00:09:01 +0000
Subject: [PATCH] verifyPeerCert() now requires 2 arguments (certtificate and
 gid). Update auth.check() so that it calls auth.verifyPeerCert() with the
 correct arguments

---
 sfa/trust/auth.py | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/sfa/trust/auth.py b/sfa/trust/auth.py
index bc2a2e33..efbe659a 100644
--- a/sfa/trust/auth.py
+++ b/sfa/trust/auth.py
@@ -48,7 +48,7 @@ class Auth:
        
         # validate the client cert if it exists
         if self.peer_cert:
-            self.verifyPeerCert()                   
+            self.verifyPeerCert(self.peer_cert, self.client_gid)                   
 
         # make sure the client is allowed to perform the operation
         if operation:
@@ -64,11 +64,19 @@ class Auth:
 
         return True
 
-    def verifyPeerCert(self):
+    def verifyPeerCert(self, cert, gid):
         # make sure the client_gid matches client's certificate
-        peer_cert = self.peer_cert
-        if not peer_cert.is_pubkey(self.client_gid.get_pubkey()):
-            raise ConnectionKeyGIDMismatch(self.client_gid.get_subject())            
+        if not cert:
+            peer_cert = self.peer_cert
+        else:
+            peer_cert = cert
+
+        if not gid:
+            peer_gid = self.client_gid
+        else:
+            peer_gid = gid
+        if not peer_cert.is_pubkey(peer_gid.get_pubkey()):
+            raise ConnectionKeyGIDMismatch(peer_gid.get_subject())            
 
     def verifyGidRequestHash(self, gid, hash, arglist):
         key = gid.get_pubkey()
-- 
2.47.0