santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "M. D." <mo...@abv.bg>
Subject Re: XMLDsig and XML Signature API
Date Thu, 20 Mar 2014 14:12:45 GMT
 Well why not? Having the whole certificate chain embedded to the xml seems reasonable, doesn't
it?

So does it mean that santuario does not support having multiple embedded certificates in a
document?

Best regards,
M.D.




 >-------- Оригинално писмо --------
 >От:  Colm O hEigeartaigh 
 >Относно: Re: XMLDsig and XML Signature API
 >До:  dev@santuario.apache.org  
 >Изпратено на: Четвъртък, 2014, Март 20 16:06:34 EET
 >
 >
 >
 >I don&#39;t think there is a valid use-case for having two certificates in the KeyInfo
of a Signature.
 >
 >Colm.
 >
 >
 >On Thu, Mar 20, 2014 at 1:37 PM, M. D.  wrote:
 > Hello all,
 >
 >I&#39;m trying to use the santuario api for signing xml documents.
 >
 >Just a quick question - this may sound stupid but according to the w3 spec http://www.w3.org/TR/xmldsig-core/#sec-X509Data
 >a KeyInfo tag may contain more than one X509Data elements thus contain more than one
embedded certificate.
 >
 >Then how come the org.apache.xml.security.keys.KeyInfo class have a getX509Certificate()
method that returns only one certificate? Do I have a way of obtaining all embedded certificates
in the XML?
 >
 >Thanks in advance for your understanding!
 >
 >Best regards,
 >M.D.
 >
 >
 >-- 
 >Colm O hEigeartaigh
 >
 >Talend Community Coder
 >http://coders.talend.com
 >

Mime
View raw message