/*
- * Copyright 2001-2008 Internet2
+ * Copyright 2001-2009 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
/**
* FilesystemCredentialResolver.cpp
*
- * Supplies credentials from local files
+ * Supplies credentials from local files.
*/
#include "internal.h"
#include "security/KeyInfoResolver.h"
#include "security/OpenSSLCredential.h"
#include "security/SecurityHelper.h"
+#include "security/XSECCryptoX509CRL.h"
#include "util/NDC.h"
#include "util/PathResolver.h"
+#include "util/Threads.h"
#include "util/XMLHelper.h"
+#include <algorithm>
#include <sys/types.h>
#include <sys/stat.h>
#include <openssl/pkcs12.h>
using namespace xmltooling;
using namespace std;
+using xercesc::DOMElement;
+using xercesc::chLatin_f;
+using xercesc::chDigit_0;
+
namespace xmltooling {
// The ManagedResource classes handle memory management, loading of the files
Credential* FilesystemCredentialResolver::getCredential()
{
+ // First, verify that the key and certificate match.
+ if (m_key.key && !m_certs.empty()) {
+ auto_ptr<XSECCryptoKey> temp(m_certs.front().certs.front()->clonePublicKey());
+ if (!SecurityHelper::matches(*m_key.key, *temp.get()))
+ throw XMLSecurityException("FilesystemCredentialResolver given mismatched key/certificate, check for consistency.");
+ }
+
// We (unfortunately) need to duplicate all the objects and put them in one set of arrays
// in order to create the credential wrapper.
FilesystemCredential* credential=NULL;