From d3150a250acf38e75d9c72ef5b27a9047a1f9ad9 Mon Sep 17 00:00:00 2001 From: Tony Mack Date: Tue, 6 Jul 2010 15:34:31 +0000 Subject: [PATCH] merge from geni_api --- sfa/trust/gid.py | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/sfa/trust/gid.py b/sfa/trust/gid.py index 9cab1a51..f891c0e2 100644 --- a/sfa/trust/gid.py +++ b/sfa/trust/gid.py @@ -27,7 +27,6 @@ ### $Id$ ### $URL$ - import xmlrpclib import uuid from sfa.trust.certificate import Certificate @@ -200,22 +199,21 @@ class GID(Certificate): def verify_chain(self, trusted_certs = None): # do the normal certificate verification stuff trusted_root = Certificate.verify_chain(self, trusted_certs) - + + test_gid = None if self.parent: - # make sure the parent's hrn is a prefix of the child's hrn - if not self.get_hrn().startswith(self.parent.get_hrn()): - raise GidParentHrn(self.parent.get_subject()) + test_gid = self.parent else: - # make sure that the trusted root's hrn is a prefix of the child's - trusted_gid = GID(string=trusted_root.save_to_string()) - trusted_type = trusted_gid.get_type() - trusted_hrn = trusted_gid.get_hrn() - if trusted_type == 'authority': - # Could add a check for type == 'authority' - trusted_hrn = trusted_hrn[:trusted_hrn.rindex('.')] - cur_hrn = self.get_hrn() - if not self.get_hrn().startswith(trusted_hrn): - raise GidParentHrn(trusted_hrn + " " + self.get_hrn()) + test_gid = GID(string=trusted_root.save_to_string()) + + test_type = test_gid.get_type() + test_hrn = test_gid.get_hrn() + if test_type == 'authority': + # Could add a check for type == 'authority' + test_hrn = test_hrn[:test_hrn.rindex('.')] + cur_hrn = self.get_hrn() + if not self.get_hrn().startswith(test_hrn): + GidParentHrn(test_hrn + " " + self.get_hrn()) return -- 2.43.0