#print "TRUSTED CERT", trusted_cert.dump()
#print "Client is signed by Trusted?", self.is_signed_by_cert(trusted_cert)
if self.is_signed_by_cert(trusted_cert):
- # make sure sure the trusted cert's hrn is a prefix of the
- # signed cert's hrn
- trusted_hrn, _ = urn_to_hrn(trusted_cert.get_subject())
- cur_hrn, _ = urn_to_hrn(self.get_subject())
- if not cur_hrn.startswith(trusted_hrn):
- raise GidParentHrn(trusted_cert.get_subject() + " " + self.get_subject())
#print self.get_subject(), "is signed by a root"
- return
+ return trusted_cert
# if there is no parent, then no way to verify the chain
if not self.parent:
def verify_chain(self, trusted_certs = None):
# do the normal certificate verification stuff
- Certificate.verify_chain(self, trusted_certs)
+ trusted_root = Certificate.verify_chain(self, trusted_certs)
+
if self.parent:
# make sure the parent's hrn is a prefix of the child's hrn
if not self.get_hrn().startswith(self.parent.get_hrn()):
raise GidParentHrn(self.parent.get_subject())
-
+ else:
+ # make sure that the trusted root's hrn is a prefix of the child's
+ trusted_gid = GID(string=trusted_root.save_to_string())
+ trusted_hrn = trusted_gid.get_hrn()
+ cur_hrn = self.get_hrn()
+ if not self.get_hrn().startswith(trusted_hrn):
+ raise GidParentHrn(trusted_hrn + " " + self.get_hrn())
return