From 3b360cb82aabb5529c8640e2ab811ea545726156 Mon Sep 17 00:00:00 2001 From: Tony Mack Date: Fri, 9 Jul 2010 15:16:40 +0000 Subject: [PATCH] reverting last checkin --- sfa/trust/gid.py | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/sfa/trust/gid.py b/sfa/trust/gid.py index f891c0e2..9cab1a51 100644 --- a/sfa/trust/gid.py +++ b/sfa/trust/gid.py @@ -27,6 +27,7 @@ ### $Id$ ### $URL$ + import xmlrpclib import uuid from sfa.trust.certificate import Certificate @@ -199,21 +200,22 @@ class GID(Certificate): def verify_chain(self, trusted_certs = None): # do the normal certificate verification stuff trusted_root = Certificate.verify_chain(self, trusted_certs) - - test_gid = None + if self.parent: - test_gid = self.parent + # make sure the parent's hrn is a prefix of the child's hrn + if not self.get_hrn().startswith(self.parent.get_hrn()): + raise GidParentHrn(self.parent.get_subject()) else: - test_gid = GID(string=trusted_root.save_to_string()) - - test_type = test_gid.get_type() - test_hrn = test_gid.get_hrn() - if test_type == 'authority': - # Could add a check for type == 'authority' - test_hrn = test_hrn[:test_hrn.rindex('.')] - cur_hrn = self.get_hrn() - if not self.get_hrn().startswith(test_hrn): - GidParentHrn(test_hrn + " " + self.get_hrn()) + # make sure that the trusted root's hrn is a prefix of the child's + trusted_gid = GID(string=trusted_root.save_to_string()) + trusted_type = trusted_gid.get_type() + trusted_hrn = trusted_gid.get_hrn() + if trusted_type == 'authority': + # Could add a check for type == 'authority' + trusted_hrn = trusted_hrn[:trusted_hrn.rindex('.')] + cur_hrn = self.get_hrn() + if not self.get_hrn().startswith(trusted_hrn): + raise GidParentHrn(trusted_hrn + " " + self.get_hrn()) return -- 2.43.0