X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-opensaml.git;a=blobdiff_plain;f=saml%2Fsaml2%2Fmetadata%2Fimpl%2FAbstractMetadataProvider.cpp;h=4440fb409da3d79cedf7e5ce5479bcb8e796d689;hp=d59e8e2c43ee4f16f0e23a99c16b7fa8cb47a116;hb=f3a43f14f9dd53428f9e879bb489d6a4cf2674a8;hpb=38ec6425a33c32f3532a20aa85fd03f95f5ff472

diff --git a/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp b/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp
index d59e8e2..4440fb4 100644
--- a/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp
+++ b/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp
@@ -251,6 +251,19 @@ bool AbstractMetadataProvider::matches(const pair<const XMLCh*,Credential*>& cre
         else if (criteria->getUsage()==CredentialCriteria::ENCRYPTION_CREDENTIAL && XMLString::equals(cred.first,KeyDescriptor::KEYTYPE_SIGNING))
             return false;
 
+        const char* alg = criteria->getKeyAlgorithm();
+        if (alg && *alg) {
+            const char* alg2 = cred.second->getAlgorithm();
+            if (alg2 && *alg2) {
+                if (!XMLString::equals(alg,alg2))
+                    return false;
+            }
+        }
+        if (criteria->getKeySize()>0 && cred.second->getKeySize()>0) {
+            if (criteria->getKeySize() != cred.second->getKeySize())
+                return false;
+        }
+
         if (cred.second->getPublicKey()) {
             // See if we have to match a specific key.
             auto_ptr<Credential> critcred(