git://git.onelab.eu
/
sfa.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
c106cc0
)
make sure the trusted cert's hrn is a prefix of the signed cert's hrn
author
Tony Mack
<tmack@cs.princeton.edu>
Thu, 29 Apr 2010 02:29:49 +0000
(
02:29
+0000)
committer
Tony Mack
<tmack@cs.princeton.edu>
Thu, 29 Apr 2010 02:29:49 +0000
(
02:29
+0000)
sfa/trust/certificate.py
patch
|
blob
|
history
diff --git
a/sfa/trust/certificate.py
b/sfa/trust/certificate.py
index
9b48835
..
8150ae1
100644
(file)
--- a/
sfa/trust/certificate.py
+++ b/
sfa/trust/certificate.py
@@
-525,6
+525,10
@@
class Certificate:
#print "TRUSTED CERT", trusted_cert.dump()
#print "Client is signed by Trusted?", self.is_signed_by_cert(trusted_cert)
if self.is_signed_by_cert(trusted_cert):
+ # make sure sure the trusted cert's hrn is a prefix of the
+ # signed cert's hrn
+ if not self.get_subject().startswith(trusted_cert.get_subject()):
+ raise GidParentHrn(trusted_cert.get_subject())
#print self.get_subject(), "is signed by a root"
return