-
- # Ensure that the signer of the root credential is the target_authority
- target_authority = hrn_to_urn(target_authority, 'authority')
-
- if root_issuer != target_authority:
- raise CredentialNotVerifiable("issuer (%s) != authority of target (%s) for target (%s)" \
- % (root_issuer, target_authority, self.get_gid_object().get_urn()))
+ return list
+
+ ##
+ # Make sure the credential's target gid was signed by the same entity that signed
+ # the original credential.
+ def verify_issuer(self):
+ root_cred = self.get_credential_list()[-1]
+ root_target_gid = root_cred.get_gid_object()
+ root_cred_signer = root_cred.get_signature().get_issuer_gid()
+
+ if not root_target_gid.is_signed_by_cert(root_cred_signer):
+ raise CredentialNotVerifiable("Signer of credential (%s) is not the same as the issuer of the target object (%s)" \
+ % (root_cred_signer.get_urn(), root_target_gid.get_urn()))
+