RetrievalMethod

[Carl Darski <da...@hotmail.com>]

Hello,

I am testing the RetrievalMethod element for the apache xml encryption 
implementation.  I am trying to use multiple <ds:RetrievalMethod> elements to 
specify multiple encrypted keys.

My experience has been that the DSIGInfoList::loadListFromXML(...) method will 
process only the first <ds:RetrievalMethod> encountered.  While searching for 
transforms, tmpKI becomes NULL, so subsequent processing after the initial 
<ds:RetrievalMethod> appears to get skipped.

Is this by design?  Reading the xml encryption spec, I was under the 
impression that multiple <ds:RetrievalMethod> elements were permitted and 
could be intermixed with local <EncryptedKey> elements.

I can submit the test document I am working with if it will help.  Please let 
me know the best way to do this (if a simple cut and paste is not appropriate 
for this mail list).

Thanks in advance,

Carl

RE: RetrievalMethod

[Scott Cantor <ca...@osu.edu>]

Carl Darski wrote on 2009-08-31:
> Hello,
> 
> I am testing the RetrievalMethod element for the apache xml encryption
> implementation.  I am trying to use multiple <ds:RetrievalMethod>
> elements to specify multiple encrypted keys.

Not 100% sure that's the appropriate syntax, but without getting into
that...

> My experience has been that the DSIGInfoList::loadListFromXML(...)
> method will process only the first <ds:RetrievalMethod> encountered. 
> While searching for transforms, tmpKI becomes NULL, so subsequent
> processing after the initial <ds:RetrievalMethod> appears to get skipped.

Sounds like a bug, please file it.

> Is this by design?

There is no real world design underpinning any of that code. I recommend you
implement your own key resolution logic. I certainly have (and I'm the one
stuck maintaining that code now), so don't expect much improvement there.

-- Scott