https://issues.shibboleth.net/jira/browse/CPPOST-28

diff --git a/saml/saml2/metadata/MetadataCredentialCriteria.h b/saml/saml2/metadata/MetadataCredentialCriteria.h
index 7d57810..5d3a1c7 100644 (file)
--- a/saml/saml2/metadata/MetadataCredentialCriteria.h
+++ b/saml/saml2/metadata/MetadataCredentialCriteria.h
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2007 Internet2
+ *  Copyright 2001-2009 Internet2
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -64,10 +64,10 @@ namespace opensaml {
                 const MetadataCredentialContext* context = dynamic_cast<const MetadataCredentialContext*>(credential.getCredentalContext());
                 if (context) {
                     // Check for a usage mismatch.
-                    if ((getUsage() | (xmltooling::Credential::SIGNING_CREDENTIAL & xmltooling::Credential::TLS_CREDENTIAL)) &&
+                    if ((getUsage() & (xmltooling::Credential::SIGNING_CREDENTIAL | xmltooling::Credential::TLS_CREDENTIAL)) &&
                             XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_ENCRYPTION))
                         return false;
-                    else if ((getUsage() | xmltooling::Credential::ENCRYPTION_CREDENTIAL) &&
+                    else if ((getUsage() & xmltooling::Credential::ENCRYPTION_CREDENTIAL) &&
                             XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_SIGNING))
                         return false;
                 }