【问题标题】:how to get certificate chain (root and intermediates) from an XMLSignature如何从 XMLSignature 获取证书链(根证书和中间证书)
【发布时间】:2011-05-13 18:11:04
【问题描述】:

您好,我刚刚从符合 xmldsig w3c 建议的 xml 构造了一个 org.apache.xml.security.signature.XMLSignature,我可以看到该 xml 包含所有证书链

<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>

元素,但是使用 XMLSignature API 我可以看到我只能访问用户证书和颁发者证书,而不是完整的链,有没有一种直接的方法可以通过 xmlsec API 完成这项工作?

【问题讨论】:

    标签: java security xml-signature


    【解决方案1】:

    我找到了一个解决方案,不是最干净的,但它有效:

    XMLSignature signature = new XMLSignature(sigElement,
                    null);
            KeyInfo keyInfo = signature.getKeyInfo();
            NodeList x509Certificates = keyInfo.getElement().getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "X509Certificate");
    
            ArrayList<X509Certificate> allCertificates = new ArrayList<X509Certificate>();
            for (int i = 0; i < x509Certificates.getLength(); i++) {
                Node x509CertificateElement = x509Certificates.item(i);
                byte[] decodedX509Certificate = Base64.decode(x509CertificateElement.getTextContent());
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(decodedX509Certificate));
                allCertificates.add(x509Certificate);
            }
    
            // now you have all certificates in allCertificates
    

    【讨论】:

      猜你喜欢
      • 2011-05-19
      • 2017-10-08
      • 2019-11-14
      • 2018-06-08
      • 1970-01-01
      • 1970-01-01
      • 2020-07-21
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多