merge from geni_api

diff --git a/sfa/trust/gid.py b/sfa/trust/gid.py
index 9cab1a5..f891c0e 100644 (file)
--- a/sfa/trust/gid.py
+++ b/sfa/trust/gid.py
@@ -27,7 +27,6 @@
 
 ### $Id$
 ### $URL$
-
 import xmlrpclib
 import uuid
 from sfa.trust.certificate import Certificate
@@ -200,22 +199,21 @@ class GID(Certificate):
     def verify_chain(self, trusted_certs = None):
         # do the normal certificate verification stuff
         trusted_root = Certificate.verify_chain(self, trusted_certs)        
-       
+
+        test_gid = None
         if self.parent:
-            # make sure the parent's hrn is a prefix of the child's hrn
-            if not self.get_hrn().startswith(self.parent.get_hrn()):
-                raise GidParentHrn(self.parent.get_subject())
+            test_gid = self.parent
         else:
-            # make sure that the trusted root's hrn is a prefix of the child's
-            trusted_gid = GID(string=trusted_root.save_to_string())
-            trusted_type = trusted_gid.get_type()
-            trusted_hrn = trusted_gid.get_hrn()
-            if trusted_type == 'authority':
-                # Could add a check for type == 'authority'
-                trusted_hrn = trusted_hrn[:trusted_hrn.rindex('.')]
-            cur_hrn = self.get_hrn()
-            if not self.get_hrn().startswith(trusted_hrn):
-                raise GidParentHrn(trusted_hrn + " " + self.get_hrn())
+            test_gid = GID(string=trusted_root.save_to_string())
+
+        test_type = test_gid.get_type()
+        test_hrn = test_gid.get_hrn()
+        if test_type == 'authority':
+            # Could add a check for type == 'authority'
+            test_hrn = test_hrn[:test_hrn.rindex('.')]
+        cur_hrn = self.get_hrn()
+        if not self.get_hrn().startswith(test_hrn):
+            GidParentHrn(test_hrn + " " + self.get_hrn())
 
         return