Security header generation using WSSecSignature

Question

I'm using WSSecSignature to generate security header here is the code for that.

public static SOAPMessage signSoapMessage1(SOAPMessage message, PrivateKey signingKey, X509Certificate signingCert, char[] password) throws WSSecurityException {
    final String alias = "alias";
    WSSConfig config = new WSSConfig();
    config.setWsiBSPCompliant(false);
    WSSecSignature builder = new WSSecSignature();
    builder.setX509Certificate(signingCert);
    builder.setUserInfo(alias, new String(password));
    builder.setUseSingleCertificate(false);
    builder.setKeyIdentifierType(WSConstants.BST);
    builder.setSigCanonicalization(WSConstants.C14N_EXCL_OMIT_COMMENTS);
    try {
        Document document = toDocument(message);
        WSSecHeader secHeader = new WSSecHeader();
        secHeader.insertSecurityHeader(document);
        List<WSEncryptionPart> parts = new ArrayList<WSEncryptionPart>();
        WSEncryptionPart bodyPart = new WSEncryptionPart(WSConstants.ELEM_BODY, WSConstants.URI_SOAP11_ENV, "");
        parts.add(bodyPart);
        builder.setParts(parts);
        Properties properties = new Properties();
        properties.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
        Crypto crypto = CryptoFactory.getInstance(properties);
        KeyStore keystore = KeyStore.getInstance("PKCS12");
        FileInputStream fis = new FileInputStream("certFile.p12");
        InputStream is = fis;
        keystore.load(is, password);
        ((Merlin) crypto).setKeyStore(keystore);
        crypto.loadCertificate(new ByteArrayInputStream(signingCert.getEncoded()));
        document = builder.build(document, crypto, secHeader);
        System.out.println(docToString(document));
        return message;
    } catch (Exception e) {
        e.printStackTrace();
        return null;
    }
}

In this, what is the significance of builder.setUseSingleCertificate(false); I tried giving true and false, but there is no change I could find.

Pardon me if my understanding is wrong.

Answer 1

After long day research found the answer. setUseSingleCertificate will decide the Token types in Binary security token,

• if it is true, the value will be http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
• Else http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1

More information available at http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0.pdf

in section 3.1