check peer_cert

author Tony Mack <tmack@cs.princeton.edu>

Thu, 15 Oct 2009 03:03:02 +0000 (03:03 +0000)

committer Tony Mack <tmack@cs.princeton.edu>

Thu, 15 Oct 2009 03:03:02 +0000 (03:03 +0000)
author Tony Mack <tmack@cs.princeton.edu>
Thu, 15 Oct 2009 03:03:02 +0000 (03:03 +0000)
committer Tony Mack <tmack@cs.princeton.edu>
Thu, 15 Oct 2009 03:03:02 +0000 (03:03 +0000)
diff --git a/sfa/methods/get_gid.py b/sfa/methods/get_gid.py

index b6bf56a..c63b1b7 100644 (file)
--- a/sfa/methods/get_gid.py
+++ b/sfa/methods/get_gid.py
@@ -34,6 +34,7 @@ class get_gid(Method):
      
      def call(self, cert, hrn, type, requestHash):
        
+        self.api.auth.verify_object_belongs_to_me(hrn)
          certificate = Certificate(string=cert) 
          table = GeniTable()
          records = table.find({'hrn': hrn, 'type': type})
@@ -43,8 +44,8 @@ class get_gid(Method):
          gidStr = record['gid']
          gid = GID(string=gidStr)
           
-        #if not certificate.is_pubkey(gid.get_pubkey()):
-        #    raise ConnectionKeyGIDMismatch(gid.get_subject())
+        if not certificate.is_pubkey(gid.get_pubkey()):
+            raise ConnectionKeyGIDMismatch(gid.get_subject())
          
          # authenticate the gid
          self.api.auth.authenticateGid(gidStr, [cert, hrn, type], requestHash)
author	Tony Mack <tmack@cs.princeton.edu>
	Thu, 15 Oct 2009 03:03:02 +0000 (03:03 +0000)
committer	Tony Mack <tmack@cs.princeton.edu>
	Thu, 15 Oct 2009 03:03:02 +0000 (03:03 +0000)