Xerces 3 revisions.

[shibboleth/cpp-xmltooling.git] / xmltooling / security / impl / FilesystemCredentialResolver.cpp

diff --git a/xmltooling/security/impl/FilesystemCredentialResolver.cpp b/xmltooling/security/impl/FilesystemCredentialResolver.cpp
index d9bcd86..d995180 100644 (file)
--- a/xmltooling/security/impl/FilesystemCredentialResolver.cpp
+++ b/xmltooling/security/impl/FilesystemCredentialResolver.cpp
@@ -43,6 +43,10 @@ using namespace xmltooling::logging;
 using namespace xmltooling;
 using namespace std;
 
+using xercesc::DOMElement;
+using xercesc::chLatin_f;
+using xercesc::chDigit_0;
+
 namespace xmltooling {
 
     // The ManagedResource classes handle memory management, loading of the files
@@ -551,6 +555,13 @@ FilesystemCredentialResolver::~FilesystemCredentialResolver()
 
 Credential* FilesystemCredentialResolver::getCredential()
 {
+    // First, verify that the key and certificate match.
+    if (m_key.key && !m_certs.empty()) {
+        auto_ptr<XSECCryptoKey> temp(m_certs.front().certs.front()->clonePublicKey());
+        if (!SecurityHelper::matches(m_key.key, temp.get()))
+            throw XMLSecurityException("FilesystemCredentialResolver given mismatched key/certificate, check for consistency.");
+    }
+
     // We (unfortunately) need to duplicate all the objects and put them in one set of arrays
     // in order to create the credential wrapper.
     FilesystemCredential* credential=NULL;