Support for RetrievalMethod with Id reference.

CHANGELOG.txt

@@ -11,6 +11,7 @@ Features:
   XMLSecurityKey::getRawThumbprint($cert))
 - Return signature element node from XMLSecurityDSig::insertSignature() and 
   XMLSecurityDSig::appendSignature() methods
+- Support for <ds:RetrievalMethod> with simple URI Id reference.
 
 Bug Fixes:
 - Change split() to explode() as split is now depreciated

tests/retrievalmethod-findkey.phpt

@@ -0,0 +1,29 @@
+--TEST--
+Test for ds:RetrievalMethod.
+--FILE--
+<?php
+require(dirname(__FILE__) . '/../xmlseclibs.php');
+
+$doc = new DOMDocument();
+$doc->load(dirname(__FILE__) . "/retrievalmethod-findkey.xml");
+
+$objenc = new XMLSecEnc();
+$encData = $objenc->locateEncryptedData($doc);
+if (! $encData) {
+	throw new Exception("Cannot locate Encrypted Data");
+}
+$objenc->setNode($encData);
+$objenc->type = $encData->getAttribute("Type");
+$objKey = $objenc->locateKey();
+
+$objKeyInfo = $objenc->locateKeyInfo($objKey);
+
+if (!$objKeyInfo->isEncrypted) {
+	throw new Exception('Expected $objKeyInfo to refer to an encrypted key by now.');
+}
+
+echo "OK\n";
+
+?>
+--EXPECTF--
+OK

tests/retrievalmethod-findkey.xml

@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Root>
+  <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Content">
+    <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
+    <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+      <dsig:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" URI="#KeyNodeId" />
+    </dsig:KeyInfo>
+    <xenc:CipherData>
+      <xenc:CipherValue>aYHfjPwZQ5HSmWLPzSOLYxFlg/MV+SVzvV4SOyELa/rhIwwC5qpbfYFumtLQJkZ9swJ0hURLAt9R86xm+lt+oA==</xenc:CipherValue>
+    </xenc:CipherData>
+  </xenc:EncryptedData>
+  <OtherChild>
+    <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="KeyNodeId">
+      <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
+      <xenc:CipherData>
+        <xenc:CipherValue>TgU99QwvzrqXNLy4xWTRete62Sx8MwHveRFbZn+JnScUrqZxBxjE1HvX52Y6Z+2EX1EVTaDbORzFIYuGX08JtXA1lI4cACCwdbjIsVh+YYwVvyhoLwjXbPMybBqJ7QswDxM+6977MiGgJ3U/P4VAPdo6ic/KDDu8FH2z4/CqnFGRRKpSt73Q+5BDdQXBWj+9U0iAUp0UWRFu/dMFzi2RWnFPkbWc0POysaDyxqlD0/DY0XpdZk82LMrLq8cy/mOq3eZm476d6xTwv6JOuamuHxR+I1HGAbqa/z1i4f6L+I0Q8HdWo4Kk/Us0On3CghOD8JYhntqYPHpPZcXsu1bxmw==</xenc:CipherValue>
+      </xenc:CipherData>
+    </xenc:EncryptedKey>
+  </OtherChild>
+</Root>

xmlseclibs.php

@@ -1641,8 +1641,25 @@ static function staticLocateKeyInfo($objBaseKey=NULL, $node=NULL) {
                     }
                     break;
                 case 'RetrievalMethod':
-                    /* Not currently supported */
-                    break;
+                    $type = $child->getAttribute('Type');
+                    if ($type !== 'http://www.w3.org/2001/04/xmlenc#EncryptedKey') {
+                        /* Unsupported key type. */
+                        break;
+                    }
+                    $uri = $child->getAttribute('URI');
+                    if ($uri[0] !== '#') {
+                        /* URI not a reference - unsupported. */
+                        break;
+                    }
+                    $id = substr($uri, 1);
+
+                    $query = "//xmlsecenc:EncryptedKey[@Id='$id']";
+                    $keyElement = $xpath->query($query)->item(0);
+                    if (!$keyElement) {
+                        throw new Exception("Unable to locate EncryptedKey with @Id='$id'.");
+                    }
+
+                    return XMLSecurityKey::fromEncryptedKeyElement($keyElement);
                 case 'EncryptedKey':
                     return XMLSecurityKey::fromEncryptedKeyElement($child);
                 case 'X509Data':