From: scantor <scantor@fb386ef7-a10c-0410-8ebf-fd3f8e989ab0>
Date: Wed, 14 Mar 2012 01:30:54 +0000 (+0000)
Subject: https://issues.shibboleth.net/jira/browse/CPPOST-74
X-Git-Tag: 2.5.0~25
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fopensaml2.git;a=commitdiff_plain;h=837fe9f08c83e527b3215985066d15f67eae68ab

https://issues.shibboleth.net/jira/browse/CPPOST-74

git-svn-id: https://svn.shibboleth.net/cpp-opensaml/branches/REL_2@718 fb386ef7-a10c-0410-8ebf-fd3f8e989ab0
---

diff --git a/saml/saml2/metadata/impl/XMLMetadataProvider.cpp b/saml/saml2/metadata/impl/XMLMetadataProvider.cpp
index c97ab3d..c01c496 100644
--- a/saml/saml2/metadata/impl/XMLMetadataProvider.cpp
+++ b/saml/saml2/metadata/impl/XMLMetadataProvider.cpp
@@ -217,6 +217,12 @@ pair<bool,DOMElement*> XMLMetadataProvider::load(bool backup)
         throw MetadataException("Metadata instance failed manual validation checking.");
     }
 
+    const TimeBoundSAMLObject* validityCheck = dynamic_cast<TimeBoundSAMLObject*>(xmlObject.get());
+    if (!validityCheck || !validityCheck->isValid()) {
+        m_log.error("metadata instance was invalid at time of acquisition");
+        throw MetadataException("Metadata instance was invalid at time of acquisition.");
+    }
+
     // This is the best place to take a backup, since it's superficially "correct" metadata.
     string backupKey;
     if (!backup && !m_backing.empty()) {