Revised decryption APIs to clarify CredentialResolver/KeyResolver difference.

[shibboleth/cpp-opensaml.git] / saml / saml2 / core / impl / Assertions20Impl.cpp

diff --git a/saml/saml2/core/impl/Assertions20Impl.cpp b/saml/saml2/core/impl/Assertions20Impl.cpp
index f4fe15a..a26a275 100644 (file)
--- a/saml/saml2/core/impl/Assertions20Impl.cpp
+++ b/saml/saml2/core/impl/Assertions20Impl.cpp
@@ -192,12 +192,13 @@ namespace opensaml {
                 }
             }
     
-            XMLObject* decrypt(KeyResolver* KEKresolver, const XMLCh* recipient) const
+            XMLObject* decrypt(const CredentialResolver* KEKresolver, const XMLCh* recipient) const
             {
                 if (!m_EncryptedData)
                     throw DecryptionException("No encrypted data present.");
-                Decrypter decrypter(KEKresolver, new EncryptedKeyResolver(*this, recipient));
-                DOMDocumentFragment* frag = decrypter.decryptData(m_EncryptedData);
+                EncryptedKeyResolver ekr(*this, recipient);
+                Decrypter decrypter(KEKresolver, &ekr);
+                DOMDocumentFragment* frag = decrypter.decryptData(*m_EncryptedData);
                 if (frag->hasChildNodes() && frag->getFirstChild()==frag->getLastChild()) {
                     DOMNode* plaintext=frag->getFirstChild();
                     if (plaintext->getNodeType()==DOMNode::ELEMENT_NODE) {