All of the features that you mention are actually supported in the JDK
(Java SE) 5.0, and not the Apache XML Security API specifically. See the
following references for more information:
http://java.sun.com/j2se/1.5.0/docs/guide/security/certpath/CertPathProgGuide.html
http://java.sun.com/j2se/1.5.0/docs/guide/security/time-of-signing.html
http://java.sun.com/j2se/1.5.0/docs/guide/security/pki-tiger.html
The Apache XML Security API (and JSR 105 which will be included with
version 1.4) both are extensible to allow you to add the features that
you mention below for building/validating certificate chains contained
in XML Signature KeyInfo elements, but you will need to do a little bit
of coding (using the JDK APIs mentioned above) to add that
functionality. See for example the following classes that you can extend:
Apache XML Security:
org.apache.xml.security.keys.keyresolver.KeyResolver/KeyResolverSpi
JSR 105:
http://download.java.net/jdk6/docs/api/javax/xml/crypto/KeySelector.html
--Sean
Filip Van Gool wrote:
Hi,
As we are considering choosing for the xml security api, some questions
remain open for us:
-Does the xml apache security api in Java supports or implements OCSP
and CRL checking?
-Does the xml apache security api in Java supports certificate path
validation?
-Does the xml apache security api in Java supports time stamping ?
Regards,
Filip Van Gool
CONFIDENTIALITY NOTICE
This e-mail and any attachment is confidential. All rights are reserved
by Intesi Group Belgium. This e-mail is intended only for the addressee.
Although Intesi Group Belgium reasonably scans e-mails sent from e-mail
addresses under its control for known viruses, Intesi Group Belgium
disclaims, to the maximum extent possible under applicable laws, any
liability for any damage caused by any virus transmitted by this or any
other e-mail.
