Sibling EncryptedKey element is not resolved for decryption.
Basics
Technical
Logistics
Basics
Technical
Logistics
Description
If the EncryptedKey element is a sibling of the EncryptedData element, the key isn't located by the standard decryption routines.
There are two problems: the wrong version of EncrytedKeyResolver is created in the decrypt method, it's the base class xmltooling version and not the modified opensaml version which knows about sibling elements. But the opensaml version only processes siblings if the Recipient attribute matches a recipient input parameter.
We should fix the EKR class type, modify it to return the first sibling with an absent Recipient. We may also be able to add RetrievalMethod support to the base class version.
If the EncryptedKey element is a sibling of the EncryptedData element, the key isn't located by the standard decryption routines.
There are two problems: the wrong version of EncrytedKeyResolver is created in the decrypt method, it's the base class xmltooling version and not the modified opensaml version which knows about sibling elements. But the opensaml version only processes siblings if the Recipient attribute matches a recipient input parameter.
We should fix the EKR class type, modify it to return the first sibling with an absent Recipient. We may also be able to add RetrievalMethod support to the base class version.