Well why not? Having the whole certificate chain embedded to the xml seems reasonable, doesn't it?
So does it mean that santuario does not support having multiple embedded certificates in a document? Best regards, M.D. >-------- Оригинално писмо -------- >От: Colm O hEigeartaigh >Относно: Re: XMLDsig and XML Signature API >До: dev@santuario.apache.org >Изпратено на: Четвъртък, 2014, Март 20 16:06:34 EET > > > >I don't think there is a valid use-case for having two certificates in >the KeyInfo of a Signature. > >Colm. > > >On Thu, Mar 20, 2014 at 1:37 PM, M. D. wrote: > Hello all, > >I'm trying to use the santuario api for signing xml documents. > >Just a quick question - this may sound stupid but according to the w3 spec >http://www.w3.org/TR/xmldsig-core/#sec-X509Data >a KeyInfo tag may contain more than one X509Data elements thus contain more >than one embedded certificate. > >Then how come the org.apache.xml.security.keys.KeyInfo class have a >getX509Certificate() method that returns only one certificate? Do I have a >way of obtaining all embedded certificates in the XML? > >Thanks in advance for your understanding! > >Best regards, >M.D. > > >-- >Colm O hEigeartaigh > >Talend Community Coder >http://coders.talend.com >
