X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fsaml2%2Fmetadata%2FMetadataCredentialCriteria.h;h=7d5781088fe5bc9ea4c1a16b682a82cc8148716b;hb=9247fd98448d17c495f1d811ac1ba82571f7ef98;hp=910b6f0cf58890d7420f42ef7d5053e0d9fb3d03;hpb=b1614d3c1fc1f4230ab2a123f43994127c25462c;p=shibboleth%2Fcpp-opensaml.git

diff --git a/saml/saml2/metadata/MetadataCredentialCriteria.h b/saml/saml2/metadata/MetadataCredentialCriteria.h
index 910b6f0..7d57810 100644
--- a/saml/saml2/metadata/MetadataCredentialCriteria.h
+++ b/saml/saml2/metadata/MetadataCredentialCriteria.h
@@ -20,29 +20,34 @@
  * Metadata-based CredentialCriteria subclass.
  */
 
-#ifndef __saml_metacred_h__
-#define __saml_metacred_h__
+#ifndef __saml_metacrit_h__
+#define __saml_metacrit_h__
 
 #include <saml/base.h>
+#include <saml/saml2/metadata/MetadataCredentialContext.h>
 #include <xmltooling/security/CredentialCriteria.h>
 
 namespace opensaml {
     namespace saml2md {
         
-        class SAML_API RoleDescriptor;
-        
         /**
          * Metadata-based CredentialCriteria subclass.
          */
         class SAML_API MetadataCredentialCriteria : public xmltooling::CredentialCriteria
         {
         public:
-            /*
+            /**
              * Constructor.
              *
              * @param role      source of metadata-supplied credentials
              */
-            MetadataCredentialCriteria(const RoleDescriptor& role) : m_role(role) {}
+            MetadataCredentialCriteria(const RoleDescriptor& role) : m_role(role) {
+                const EntityDescriptor* entity = dynamic_cast<const EntityDescriptor*>(role.getParent());
+                if (entity) {
+                    xmltooling::auto_ptr_char name(entity->getEntityID());
+                    setPeerName(name.get());
+                }
+            }
     
             virtual ~MetadataCredentialCriteria() {}
             
@@ -55,10 +60,24 @@ namespace opensaml {
                 return m_role;
             }
 
+            bool matches(const xmltooling::Credential& credential) const {
+                const MetadataCredentialContext* context = dynamic_cast<const MetadataCredentialContext*>(credential.getCredentalContext());
+                if (context) {
+                    // Check for a usage mismatch.
+                    if ((getUsage() | (xmltooling::Credential::SIGNING_CREDENTIAL & xmltooling::Credential::TLS_CREDENTIAL)) &&
+                            XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_ENCRYPTION))
+                        return false;
+                    else if ((getUsage() | xmltooling::Credential::ENCRYPTION_CREDENTIAL) &&
+                            XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_SIGNING))
+                        return false;
+                }
+                return CredentialCriteria::matches(credential);
+            }
+
         private:
             const RoleDescriptor& m_role;
         };
     };
 };
 
-#endif /* __saml_metacred_h__ */
+#endif /* __saml_metacrit_h__ */