Java 如何从XMLSignature获取证书链(根和中间层)
您好,我刚刚从一个符合xmldsig w3c建议的xml构建了一个org.apache.xml.security.signature.XMLSignature,我可以看到xml中包含所有证书链Java 如何从XMLSignature获取证书链(根和中间层),java,security,xml-signature,Java,Security,Xml Signature,您好,我刚刚从一个符合xmldsig w3c建议的xml构建了一个org.apache.xml.security.signature.XMLSignature,我可以看到xml中包含所有证书链 <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> 元素,但使用XMLSignature API,我可以看到我只能访问用户证书和颁发者证书,而不能访问整个链,有没有一种简单的方法可以通过xmlsec API实现这一点?我找到
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
元素,但使用XMLSignature API,我可以看到我只能访问用户证书和颁发者证书,而不能访问整个链,有没有一种简单的方法可以通过xmlsec API实现这一点?我找到了一个解决方案,不是最干净的,但它可以工作:
XMLSignature signature = new XMLSignature(sigElement,
null);
KeyInfo keyInfo = signature.getKeyInfo();
NodeList x509Certificates = keyInfo.getElement().getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "X509Certificate");
ArrayList<X509Certificate> allCertificates = new ArrayList<X509Certificate>();
for (int i = 0; i < x509Certificates.getLength(); i++) {
Node x509CertificateElement = x509Certificates.item(i);
byte[] decodedX509Certificate = Base64.decode(x509CertificateElement.getTextContent());
X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(decodedX509Certificate));
allCertificates.add(x509Certificate);
}
// now you have all certificates in allCertificates