>> That's basically defining itself as returning the entity cert. That by >> definition is a single cert, not a chain.
By 'the entity cert' do you mean the certificate containing the validation key, that should be used for signature validation? >> However, I believe there is no order implied by the certs in the >> X509Data, so you should not assume they are in the correct order So the KeyInfo.getX509Certificate() returns the exact right certificate of all the certificates of all X509Elements? Best regards, M.D. >-------- Оригинално писмо -------- >От: Sean Mullan >Относно: Re: XMLDsig and XML Signature API >До: [email protected] >Изпратено на: Четвъртък, 2014, Март 20 17:23:32 EET > > >On 03/20/2014 11:00 AM, M. D. wrote: >> Okay, thanks a lot for your responses! (: >> >> So to sum things up: >> >> 1] It is not a very common usecase to have multiple certificates embedded >> in a document > >I don't think that's true, since that would require the relying party to >be able to discover a chain back to a trusted anchor or root >certificate. I would expect a more common use case is to include the >entire chain including the root or the first cert issued by the root. >However, I believe there is no order implied by the certs in the >X509Data, so you should not assume they are in the correct order. > >--Sean >
