RetrievalMethod

Hello,

I am testing the RetrievalMethod element for the apache xml encryption
implementation.  I am trying to use multiple <ds:RetrievalMethod> elements to
specify multiple encrypted keys.

My experience has been that the DSIGInfoList::loadListFromXML(...) method will
process only the first <ds:RetrievalMethod> encountered.  While searching for
transforms, tmpKI becomes NULL, so subsequent processing after the initial
<ds:RetrievalMethod> appears to get skipped.

Is this by design?  Reading the xml encryption spec, I was under the
impression that multiple <ds:RetrievalMethod> elements were permitted and
could be intermixed with local <EncryptedKey> elements.

I can submit the test document I am working with if it will help.  Please let
me know the best way to do this (if a simple cut and paste is not appropriate
for this mail list).

Thanks in advance,

Carl

Carl Darski wrote on 2009-08-31:
> Hello,
>
> I am testing the RetrievalMethod element for the apache xml encryption
> implementation.  I am trying to use multiple <ds:RetrievalMethod>
> elements to specify multiple encrypted keys.

Not 100% sure that's the appropriate syntax, but without getting into
that...

> My experience has been that the DSIGInfoList::loadListFromXML(...)
> method will process only the first <ds:RetrievalMethod> encountered.
> While searching for transforms, tmpKI becomes NULL, so subsequent
> processing after the initial <ds:RetrievalMethod> appears to get skipped.

Sounds like a bug, please file it.

> Is this by design?

There is no real world design underpinning any of that code. I recommend you
implement your own key resolution logic. I certainly have (and I'm the one
stuck maintaining that code now), so don't expect much improvement there.

-- Scott