You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Carl Darski <da...@hotmail.com> on 2009/08/31 19:46:16 UTC
RetrievalMethod
Hello,
I am testing the RetrievalMethod element for the apache xml encryption
implementation. I am trying to use multiple <ds:RetrievalMethod> elements to
specify multiple encrypted keys.
My experience has been that the DSIGInfoList::loadListFromXML(...) method will
process only the first <ds:RetrievalMethod> encountered. While searching for
transforms, tmpKI becomes NULL, so subsequent processing after the initial
<ds:RetrievalMethod> appears to get skipped.
Is this by design? Reading the xml encryption spec, I was under the
impression that multiple <ds:RetrievalMethod> elements were permitted and
could be intermixed with local <EncryptedKey> elements.
I can submit the test document I am working with if it will help. Please let
me know the best way to do this (if a simple cut and paste is not appropriate
for this mail list).
Thanks in advance,
Carl
RE: RetrievalMethod
Posted by Scott Cantor <ca...@osu.edu>.
Carl Darski wrote on 2009-08-31:
> Hello,
>
> I am testing the RetrievalMethod element for the apache xml encryption
> implementation. I am trying to use multiple <ds:RetrievalMethod>
> elements to specify multiple encrypted keys.
Not 100% sure that's the appropriate syntax, but without getting into
that...
> My experience has been that the DSIGInfoList::loadListFromXML(...)
> method will process only the first <ds:RetrievalMethod> encountered.
> While searching for transforms, tmpKI becomes NULL, so subsequent
> processing after the initial <ds:RetrievalMethod> appears to get skipped.
Sounds like a bug, please file it.
> Is this by design?
There is no real world design underpinning any of that code. I recommend you
implement your own key resolution logic. I certainly have (and I'm the one
stuck maintaining that code now), so don't expect much improvement there.
-- Scott