ETSI TS 119 164-4-2016 Electronic Signatures and Infrastructures (ESI) Associated Signature Containers (ASiC) - Testing Compliance and Interoperability Part 4 Testing Conformance o.pdf

1、 ETSI TS 119 164-4 V1.1.1 (2016-06) Electronic Signatures and Infrastructures (ESI); Associated Signature Containers (ASiC) - Testing Compliance and Interoperability; Part 4: Testing Conformance of ASiC baseline containers TECHNICAL SPECIFICATION ETSI ETSI TS 119 164-4 V1.1.1 (2016-06)2 Reference DT

2、S/ESI-0019164-4 Keywords ASiC, conformance, e-commerce, electronic signature, security, testing ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prf

3、ecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not b

4、e modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretar

5、iat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, ple

6、ase send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written per

7、mission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2016. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand

8、the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 11

9、9 164-4 V1.1.1 (2016-06)3 Contents Intellectual Property Rights 4g3Foreword . 4g3Modal verbs terminology 4g31 Scope 5g32 References 5g32.1 Normative references . 5g32.2 Informative references 5g33 Definitions and abbreviations . 6g33.1 Definitions 6g33.2 Abbreviations . 6g34 ASiC baseline container

10、conformity test specification overview . 6g35 Testing conformance to ASiC-S baseline containers . 7g35.1 Testing ASiC-S baseline containers . 7g35.1.1 Test assertions for ASiC-S baseline container structure . 7g35.1.2 Test assertions for ASiC-S baseline container syntactical conformance 8g35.1.3 Tes

11、t assertions for ASiC-S signature conformance 8g36 Testing conformance to ASiC-E baseline containers . 10g36.1 Testing ASiC-E baseline containers . 10g36.1.1 Test assertions for ASiC-E baseline container structure . 10g36.1.2 ASiC-E test assertions for syntactical conformance . 11g36.1.3 Test assert

12、ions for ASiC-E signature conformance 11g3History 13g3ETSI ETSI TS 119 164-4 V1.1.1 (2016-06)4 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly availabl

13、e for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (

14、https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, e

15、ssential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI Technical Committee Electronic Signatures and Infrastructures (ESI). The present document is part 4 of a multi-part deliverable covering Associated Signature Containers (ASiC) - Testing Conformance

16、 and Interoperability. Full details of the entire series can be found in part 1 i.2. A tool implementing the present document has been developed and is accessible at http:/signatures-conformance-checker.etsi.org/ Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should

17、 not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 1

18、19 164-4 V1.1.1 (2016-06)5 1 Scope The present document defines the set of checks to be performed for testing conformance of ASiC containers against ASiC baseline containers as specified in ETSI EN 319 162-1 1. The present document does not specify checks leading to conclude whether a container is t

19、echnically valid or not (for instance, it does not specify checks for determining whether the cryptographic material present in signatures inside the container may be considered valid or not). In consequence, no conclusion may be inferred regarding the technical validity of a container that has been

20、 successfully tested by any tool conformant to the present document. Checks are exclusively constrained to elements specified by ASiC 1. The present document is intentionally not linked to any software development technology and is also intentionally agnostic on implementation strategies. This is on

21、e of the reasons why the test assertions set specified in the present document includes tests on the correctness of the structure of all the elements specified by ASiC 1. 2 References 2.1 Normative references References are either specific (identified by date of publication and/or edition number or

22、version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected location might be

23、 found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee their long term validity. The following referenced documents are necessary for the application of the present document. 1 ETSI EN 319 162-1: “Elec

24、tronic Signatures and Infrastructures (ESI); Associated Signature Containers (ASiC); Part 1: Building blocks and ASiC baseline containers“. 2 ETSI TS 119 124-4: “Electronic Signatures and Infrastructures (ESI); CAdES digital signatures - Testing Conformance and Interoperability; Part 4: Testing conf

25、ormance of CAdES baseline signatures“. 3 ETSI TS 119 134-4: “Electronic Signatures and Infrastructures (ESI); XAdES digital signatures - Testing Conformance and Interoperability; Part 4: Testing Conformance of XAdES baseline signatures“. 4 ISO/IEC 21320-1: “Information technology - Document Containe

26、r File - Part 1: Core“. 2.2 Informative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced do

27、cument (including any amendments) applies. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are not necessary for the application of the present document but they assist the us

28、er with regard to a particular subject area. i.1 OASIS “Test Assertions Guidelines Version 1.0“, 19 June 2013. OASIS Committee Note 02. NOTE: Available at: http:/docs.oasis-open.org/tag/guidelines/v1.0/cn02/guidelines-v1.0-cn02.html ETSI ETSI TS 119 164-4 V1.1.1 (2016-06)6 i.2 ETSI TR 119 164-1: “El

29、ectronic Signatures and Infrastructures (ESI); Associated Signature Containers (ASiC) - Testing Conformance and Interoperability; Part 1: Overview“. i.3 ETSI TR 119 001: “Electronic Signatures and Infrastructures (ESI); The framework for standardization of signatures; Definitions and abbreviations“.

30、 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the terms and definitions given in ETSI TR 119 001 i.3 and in the Test Assertions Guidelines i.1 apply. In case of contrast the former prevails. 3.2 Abbreviations For the purposes of the present document, the

31、abbreviations given in ETSI TR 119 001 i.3 and the following apply: CS Container Structure PKI Public Key Infrastructure SC Syntactical ConformanceSTV Signature Time-stamp token Value TA Test Assertion NOTE: Refer to i.1. TAL Test Assertion List NOTE: Refer to i.1. TC Test Case URI Uniform Resource

32、Identifier 4 ASiC baseline container conformity test specification overview The present clause describes the main aspects of the technical approach used for specifying the whole set of checks to be performed for testing conformance to ASiC baseline containers 1. ASiC 1 defines different containers f

33、orms grouped in Simple (ASiC-S) and Extended (ASiC-E). In order to test conformity against ASiC 1, for each ASiC form, tests are specified as belonging to one of three layers: The first layer is based on test assertions on the conformance of the container structure: the presence of certain files in

34、the container with specific names. Entities testing conformance can obtain specific information to identify potential container conformance problems. The second layer is based on test assertions on the syntactical conformance and/or properties of files relevant to ASiC form under test: specific info

35、rmation to identify potential conformance issues related to ASiC file syntax or properties can be obtained. The third layer is based on assertions on conformance of the CAdES or XAdES signatures contained in the specific ASiC form under test: specific information to identify potential conformance is

36、sues caused by lack of conformance in signatures contained in ASiC containers can be obtained. All layer tests shall be performed to complete testing. No tests are included testing the technical validity of the cryptographic material that might be present in the signature or to be used for its verif

37、ication (status of certificates for instance). ETSI ETSI TS 119 164-4 V1.1.1 (2016-06)7 The test definitions are based on test assertions work produced by OASIS in “Test Assertions Guidelines Version 1.0“ i.1. Each test assertion includes the following information: 1) Unique identifier for further r

38、eferencing. 2) Reference to the Normative source for the test. 3) The Target of the assertion. 4) The Prerequisite specifies the conditions under which the TA is applicable/can be performed 5) Predicate fully and unambiguously defining the assertion to be tested. 6) Prescription level: Three levels

39、are defined: mandatory, recommended and optional, whose semantics is to be interpreted as described in clause 3.1.2 of i.1. 7) Tag: information on the element tested by the assertion. 5 Testing conformance to ASiC-S baseline containers 5.1 Testing ASiC-S baseline containers 5.1.1 Test assertions for

40、 ASiC-S baseline container structure All the test assertions related to the first conformance layer, the container structure, are grouped in a Test Assertion List defined as follows: TA List id: TAL/ASiC-S/CS List Description: all TAs describing container structure requirements for ASiC-S containers

41、 to the following Clauses in ASiC 1: 5.3.1, 5.3.2.1, 5.3.2.2, 5.3.2.3 List Members: TA/ASiC-S/CS/1 . 5 The Test Assertions that belong to this Test Assertion List are specified as follows: TA id: TA/ASiC-S/CS/1 Normative Source: ASiC 1 Clause 5.3.1 Target: ASiC generator claiming conformance to ASiC

42、-S baseline containers 1 Predicate: The container shall be compliant with ISO/IEC 21320-1 6 Prescription Level: mandatory Tag: conformance layer = 1 (container structure); Container type=Simple (ASiC-S) TA id: TA/ASiC-S/CS/2 Normative Source: ASiC 1 Clause 5.3.2.1 Table 2 row 1 Target: ASiC generato

43、r claiming conformance to ASiC-S baseline containers 1 Predicate: ASiC File extension is “.asics”. Prescription Level: mandatory Tag: conformance layer = 1 (container structure); Container type=Simple (ASiC-S) TA id: TA/ASiC-S/CS/3 Normative Source: ASiC 1 Clause 5.3.2.1 Table 2 row 2 Target: ASiC g

44、enerator claiming conformance to ASiC-S baseline containers 1 Predicate: mimetype is encoded as specified in ASiC 1 Clauses 4.3.3.1, point 2) b) and A.1 Prescription Level: optional Tag: conformance layer = 1 (container structure); Container type=Simple (ASiC-S) TA id: TA/ASiC-S/CS/4 Normative Sourc

45、e: ASiC 1 Clause 4.3.3.2 item 3 and either 4b or 4c Target: ASiC generator claiming conformance to ASiC-S baseline containers 1 Predicate: META-INF folder is present and contains one file named signature.p7s or signatures.xml. Prescription Level: mandatory Tag: conformance layer = 1 (container struc

46、ture); Container type=Simple (ASiC-S) ETSI ETSI TS 119 164-4 V1.1.1 (2016-06)8 TA id: TA/ASiC-S/CS/5 Normative Source: ASiC 1 Clause 5.3.2.1 Table 2 row 3 Target: ASiC generator claiming conformance to ASiC-S baseline containers 1 Predicate: a single data object, in addition to the optional mimetype

47、, is present in the root folder. Prescription Level: mandatory Tag: conformance layer = 1 (container structure); Container type=Simple (ASiC-S) 5.1.2 Test assertions for ASiC-S baseline container syntactical conformance All the test assertions related to the second conformance layer, the syntactical

48、 conformance, are grouped in a Test Assertion List defined as follows: TA List id: TAL/ASiC-S/SC List Description: all TAs describing container structure requirements for ASiC-S containers to the following Clauses in ASiC 1: 5.3.1, 5.3.2.1, 5.3.2.2, 5.3.2.3 List Members: TA/ASiC-S/SC/1 . 4 The Test

49、Assertions that belong to this Test Assertion List are specified as follows: TA id: TA/ASiC-S/SC/1 Normative Source: ASiC 1 Clause 5.3.2.2 Table 3 Target: ASiC generator claiming conformance to ASiC-S with CAdES 1 Prerequisite: the expected input is ASiC-S with CAdES. Predicate: signature.p7s is present and contains a CAdES baseline signature whose conformance shall be tested according to Conformance Testing for CAdES baseline signatures specification 4, clause 5.2. Prescription