Okay, thanks a lot for your responses! (: So to sum things up:
1] It is not a very common usecase to have multiple certificates embedded in a document 2] This is the reason KeyInfo only has a method getX509Certificate() that returns THE embedded certificate 3] In case multiple certificates are embedded I have to access the X509DataS from the KeyInfo and then iterate through the X509Certificates. Please correct me if I'm wrong Thanks again! Best regards, M.D. >-------- Оригинално писмо -------- >От: Cantor, Scott >Относно: Re: XMLDsig and XML Signature API >До: M. D. , [email protected] >Изпратено на: Четвъртък, 2014, Март 20 16:49:51 EET > > >On 3/20/14, 10:42 AM, "M. D." wrote: >> >>I have read the specification and I'm quite familiar with it. It is said >>that KeyInfo element may contain multiple X509Data element. X509Data >>elements may contain multiple X509Certificate elements. > >So you have your answer. > >>My question is how does >>org.apache.xml.security.keys.KeyInfo.getX509Certificate() behave in such >>a case because we have the whole certificate chain embedded in the >>document. What does the method return? Can I access all certificates from >>the chain? > >Yes, by pulling all of the X509Certificate objects from the X509Data. > >-- Scott > > >
