开发者

how to get certificate chain (root and intermediates) from an XMLSignature

问答 作者:

Hi I just have contructed an org.apache.xml.security.signature.XMLSignature from a xml that complies with xmldsig w3c recommendation, and I can see that the xml contains all certificate chain in 

<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>

elements, but using the XMLSignatur开发者_如何学运维e API I can see that I can only access the user certificate and the issuer one, but not the complete chain, is there an straightforward way to get this done through xmlsec API?

I found a solution for this, not the most clean, but it works: 

XMLSignature signature = new XMLSignature(sigElement,
                null);
        KeyInfo keyInfo = signature.getKeyInfo();
        NodeList x509Certificates = keyInfo.getElement().getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "X509Certificate");

        ArrayList<X509Certificate> allCertificates = new ArrayList<X509Certificate>();
        for (int i = 0; i < x509Certificates.getLength(); i++) {
            Node x509CertificateElement = x509Certificates.item(i);
            byte[] decodedX509Certificate = Base64.decode(x509CertificateElement.getTextContent());
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(decodedX509Certificate));
            allCertificates.add(x509Certificate);
        }

        // now you have all certificates in allCertificates

继续阅读:securityxml-signature

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9