I need to sign a XML with a specific format, I have an example of what I should get but I'm not being able to replicate it

Question

In the correct form of the file there are thee fields coming from the same .pfx certificate and ends with something like this:

<ds:X509Data>
    <ds:X509Certificate>
    MIIHYTCCBkmgAwIBA....
    </ds:X509Certificate>
    <ds:X509Certificate>
    MIIFgzCCA2ugAwIB...
    </ds:X509Certificate>
    <ds:X509Certificate>
    MIIG2jCCBMKgAw...
    </ds:X509Certificate>
</ds:X509Data>

But with my Java code:

XMLSignature sig = new XMLSignature(doc, null, XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512);
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(new FileInputStream(certificado), contraseña);
X509Certificate cert = (X509Certificate) ks.getCertificate(ks.aliases().nextElement());
sig.addKeyInfo(cert);
sig.addKeyInfo(cert.getPublicKey());

<ds:X509Data>
    <ds:X509Certificate>
    MIIHYTCCBkmgAwIBA...
    </ds:X509Certificate>
</ds:X509Data>

Which it's only the first field of the three ones...

Any idea?

[`KeyStore.getCertificate`](https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/security/KeyStore.html#getCertificate(java.lang.String)) returns only the first cert in the specified entry, while usually a privatekeyentry will contain a cert _chain_ (i.e. more than one cert which are logically linked to be used for validation) and to get all of them you **use `getCertificateChain`**. — dave_thompson_085, Apr 25 '23 at 15:45

I need to sign a XML with a specific format, I have an example of what I should get but I'm not being able to replicate it

0 Answers0