如何从XMLSignature获取证书链(根和中间人)

时间:2011-05-13 18:11:04

标签: java security xml-signature

您好我刚刚从符合xmldsig w3c建议的xml构建了一个org.apache.xml.security.signature.XMLSignature,我可以看到xml包含所有证书链

<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>

元素,但是使用XMLSignature API我可以看到我只能访问用户证书和发行者,但不是完整的链,是否有通过xmlsec API完成此操作的简单方法?

1 个答案:

答案 0 :(得分:0)

我为此找到了一个解决方案,而不是最干净,但它确实有效:

XMLSignature signature = new XMLSignature(sigElement,
                null);
        KeyInfo keyInfo = signature.getKeyInfo();
        NodeList x509Certificates = keyInfo.getElement().getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "X509Certificate");

        ArrayList<X509Certificate> allCertificates = new ArrayList<X509Certificate>();
        for (int i = 0; i < x509Certificates.getLength(); i++) {
            Node x509CertificateElement = x509Certificates.item(i);
            byte[] decodedX509Certificate = Base64.decode(x509CertificateElement.getTextContent());
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(decodedX509Certificate));
            allCertificates.add(x509Certificate);
        }

        // now you have all certificates in allCertificates