https://issues.shibboleth.net/jira/browse/SSPCPP-153

author Scott Cantor <cantor.2@osu.edu>

Tue, 11 Nov 2008 04:14:45 +0000 (04:14 +0000)

committer Scott Cantor <cantor.2@osu.edu>

Tue, 11 Nov 2008 04:14:45 +0000 (04:14 +0000)
author Scott Cantor <cantor.2@osu.edu>
Tue, 11 Nov 2008 04:14:45 +0000 (04:14 +0000)
committer Scott Cantor <cantor.2@osu.edu>
Tue, 11 Nov 2008 04:14:45 +0000 (04:14 +0000)
diff --git a/xmltooling/security/impl/FilesystemCredentialResolver.cpp b/xmltooling/security/impl/FilesystemCredentialResolver.cpp

index d9bcd86..0bd090a 100644 (file)
--- a/xmltooling/security/impl/FilesystemCredentialResolver.cpp
+++ b/xmltooling/security/impl/FilesystemCredentialResolver.cpp
@@ -551,6 +551,13 @@ FilesystemCredentialResolver::~FilesystemCredentialResolver()
  
  Credential* FilesystemCredentialResolver::getCredential()
  {
+    // First, verify that the key and certificate match.
+    if (m_key.key && !m_certs.empty()) {
+        auto_ptr<XSECCryptoKey> temp(m_certs.front().certs.front()->clonePublicKey());
+        if (!SecurityHelper::matches(m_key.key, temp.get()))
+            throw XMLSecurityException("FilesystemCredentialResolver given mismatched key/certificate, check for consistency.");
+    }
+
      // We (unfortunately) need to duplicate all the objects and put them in one set of arrays
      // in order to create the credential wrapper.
      FilesystemCredential* credential=NULL;
author	Scott Cantor <cantor.2@osu.edu>
	Tue, 11 Nov 2008 04:14:45 +0000 (04:14 +0000)
committer	Scott Cantor <cantor.2@osu.edu>
	Tue, 11 Nov 2008 04:14:45 +0000 (04:14 +0000)