santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "M. D." <>
Subject Re: XMLDsig and XML Signature API
Date Thu, 20 Mar 2014 14:42:38 GMT
 I'm really sorry but you confused me a bit.

I have read the specification and I'm quite familiar with it. It is said that KeyInfo element
may contain multiple X509Data element. X509Data elements may contain multiple X509Certificate

For example:
     <X509Data> <!-- two pointers to certificate-A -->
         <X509IssuerName>CN=TAMURA Kent, OU=TRL, O=IBM, 
           L=Yamato-shi, ST=Kanagawa, C=JP</X509IssuerName>
     <X509Data><!-- single pointer to certificate-B -->
       <X509SubjectName>Subject of Certificate B</X509SubjectName>
     <X509Data> <!-- certificate chain -->
       <!--Signer cert, issuer CN=arbolCA,OU=FVT,O=IBM,C=US, serial 4-->
       <!-- Intermediate cert subject CN=arbolCA,OU=FVT,O=IBM,C=US 
            issuer CN=tootiseCA,OU=FVT,O=Bridgepoint,C=US -->
       <!-- Root cert subject CN=tootiseCA,OU=FVT,O=Bridgepoint,C=US -->

My question is how does behave in
such a case because we have the whole certificate chain embedded in the document. What does
the method return? Can I access all certificates from the chain?

Best regards,

 >-------- Оригинално писмо --------
 >От:   Cantor, Scott  
 >Относно: Re: XMLDsig and XML Signature API
 >Изпратено на: Четвъртък, 2014, Март 20 16:30:55 EET
 >On 3/20/14, 10:12 AM, &quot;M. D.&quot;  wrote:
 >> Well why not? Having the whole certificate chain embedded to the xml
 >>seems reasonable, doesn't it?
 >I believe that's represented by multiple X509Certificate elements, but the
 >spec has an example you can look at.
 >-- Scott

View raw message