+ // Check for ds11:DEREncodedKeyValue
+ const vector<DEREncodedKeyValue*>& derValues = keyInfo->getDEREncodedKeyValues();
+ for (indirect_iterator<vector<DEREncodedKeyValue*>::const_iterator> j = make_indirect_iterator(derValues.begin());
+ j != make_indirect_iterator(derValues.end()); ++j) {
+ log.debug("resolving ds11:DEREncodedKeyValue");
+ m_key = SecurityHelper::fromDEREncoding(j->getValue());
+ if (m_key)
+ return true;
+ log.warn("failed to resolve ds11:DEREncodedKeyValue");
+ }
+
+
+ if (followRefs) {
+ // Check for KeyInfoReference.
+ const XMLCh* fragID=nullptr;
+ const XMLObject* treeRoot=nullptr;
+ const vector<KeyInfoReference*>& refs = keyInfo->getKeyInfoReferences();
+ for (indirect_iterator<vector<KeyInfoReference*>::const_iterator> ref = make_indirect_iterator(refs.begin());
+ ref != make_indirect_iterator(refs.end()); ++ref) {
+ fragID = ref->getURI();
+ if (!fragID || *fragID != chPound || !*(fragID+1)) {
+ log.warn("skipping ds11:KeyInfoReference with an empty or non-local reference");
+ continue;
+ }
+ if (!treeRoot) {
+ treeRoot = keyInfo;
+ while (treeRoot->getParent())
+ treeRoot = treeRoot->getParent();
+ }
+ keyInfo = dynamic_cast<const KeyInfo*>(XMLHelper::getXMLObjectById(*treeRoot, fragID+1));
+ if (!keyInfo) {
+ log.warn("skipping ds11:KeyInfoReference, local reference did not resolve to a ds:KeyInfo");
+ continue;
+ }
+ if (resolveKey(keyInfo, false))
+ return true;
+ }
+ }
+