From fa184b582e872d5f4551104be39af1a023afc337 Mon Sep 17 00:00:00 2001
From: erikn69 <erikn_69@hotmail.com>
Date: Fri, 2 Jun 2023 05:31:11 -0500
Subject: [PATCH] check the certificate (#50)

---
 src/PDFDoc.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/PDFDoc.php b/src/PDFDoc.php
index 0ad1a3b..7441b33 100644
--- a/src/PDFDoc.php
+++ b/src/PDFDoc.php
@@ -296,8 +296,8 @@ public function set_signature_certificate($certfile, $certpass = null) {
             // If a password is provided, we'll try to decode the private key
             if (openssl_pkey_get_private($certificate["pkey"]) === false)
                 return p_error("invalid private key");
-
-            // TODO: check the certificate
+            if (! openssl_x509_check_private_key($certificate["cert"], $certificate["pkey"]))
+                return p_error("private key doesn't corresponds to certificate");
         } else {
             $certfilecontent = file_get_contents($certfile);
             if ($certfilecontent === false)