santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "M. D." <mo...@abv.bg>
Subject Re: XMLDsig and XML Signature API
Date Thu, 20 Mar 2014 15:00:57 GMT
 Okay, thanks a lot for your responses! (:

So to sum things up:

1] It is not a very common usecase to have multiple certificates embedded in a document
2] This is the reason KeyInfo only has a method getX509Certificate() that returns THE embedded
certificate
3] In case multiple certificates are embedded I have to access the X509DataS from the KeyInfo
and then iterate through the X509Certificates.

Please correct me if I'm wrong

Thanks again!

Best regards,
M.D.





 >-------- Оригинално писмо --------
 >От:   Cantor, Scott  
 >Относно: Re: XMLDsig and XML Signature API
 >До:  M. D.  ,  dev@santuario.apache.org 
	
 >Изпратено на: Четвъртък, 2014, Март 20 16:49:51 EET
 >
 >
 >On 3/20/14, 10:42 AM, &quot;M. D.&quot;  wrote:
 >>
 >>I have read the specification and I'm quite familiar with it. It is said
 >>that KeyInfo element may contain multiple X509Data element. X509Data
 >>elements may contain multiple X509Certificate elements.
 >
 >So you have your answer.
 >
 >>My question is how does
 >>org.apache.xml.security.keys.KeyInfo.getX509Certificate() behave in such
 >>a case because we have the whole certificate chain embedded in the
 >>document. What does the method return? Can I access all certificates from
 >>the chain?
 >
 >Yes, by pulling all of the X509Certificate objects from the X509Data.
 >
 >-- Scott
 >
 >
 >

Mime
View raw message