1、 ETSI TS 119 134-2 V1.1.1 (2016-06) Electronic Signatures and Infrastructures (ESI); XAdES digital signatures - Testing Conformance and Interoperability; Part 2: Test suites for testing interoperability of XAdES baseline signatures TECHNICAL SPECIFICATION ETSI ETSI TS 119 134-2 V1.1.1 (2016-06)2 Ref
2、erence DTS/ESI-0019134-2 Keywords e-commerce, electronic signature, interoperability, profile, security, testing, XAdES ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucrati
3、f enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the pres
4、ent document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network dr
5、ive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in t
6、he present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as a
7、uthorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2016. All rights reserved. DECTTM,
8、 PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Asso
9、ciation. ETSI ETSI TS 119 134-2 V1.1.1 (2016-06)3 Contents Intellectual Property Rights 4g3Foreword . 4g3Modal verbs terminology 4g31 Scope 5g32 References 5g32.1 Normative references . 5g32.2 Informative references 5g33 Definitions and abbreviations . 6g33.1 Definitions 6g33.2 Abbreviations . 6g34
10、Overview 6g35 Test-suite for testing interoperability of XAdES-B-B signatures 7g36 Test-suite for testing interoperability of XAdES-B-T signatures . 11g37 Test-suite for testing interoperability of XAdES-B-LT signatures 14g38 Test-suite for testing interoperability of XAdES-B-LTA signatures . 19g39
11、Test-suite for augmentation of XAdES baseline signatures . 26g310 Test suites with negative test cases 29g310.1 Introduction 29g310.2 Test cases generating non XAdES baseline signatures 29g310.3 Test cases on XAdES-B-B signatures 31g310.4 Test cases on XAdES-B-T signatures 33g310.5 Test cases on XAd
12、ES-B-LTA signatures . 35g3History 37g3ETSI ETSI TS 119 134-2 V1.1.1 (2016-06)4 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI membe
13、rs and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.
14、org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the
15、present document. Foreword This Technical Specification (TS) has been produced by ETSI Technical Committee Electronic Signatures and Infrastructures (ESI). The present document is part 2 of a multi-part deliverable covering XAdES digital signatures - Testing Conformance and Interoperability. Full de
16、tails of the entire series can be found in part 1 i.3. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for
17、 the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 119 134-2 V1.1.1 (2016-06)5 1 Scope The present document defines a number of test suites to assess the interoperability between implementations claiming confor
18、mance to XAdES baseline signatures as specified in ETSI EN 319 132-1 1. The test suites are defined with four different layers reflecting the four different levels of XAdES baseline signatures: Tests suite addressing interoperability between applications claiming B-B level conformance. Tests suite a
19、ddressing interoperability between applications claiming B-T level conformance. Tests suite addressing interoperability between applications claiming B-LT level conformance. Tests suite addressing interoperability between applications claiming B-LTA level conformance. Test suites also cover augmenta
20、tion of XAdES baseline and negative test cases. These test suites are agnostic of the PKI infrastructure. Any PKI infrastructure can be used including the one based on EU Member States Trusted Lists. 2 References 2.1 Normative references References are either specific (identified by date of publicat
21、ion and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. Referenced documents which are not found to be publicly available in t
22、he expected location might be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are necessary for the application of the present docume
23、nt. 1 ETSI EN 319 132-1: “Electronic Signatures and Infrastructures (ESI); XAdES digital signatures; Part 1: Building blocks and XAdES baseline signatures“. 2.2 Informative references References are either specific (identified by date of publication and/or edition number or version number) or non-sp
24、ecific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long t
25、erm validity. The following referenced documents are not necessary for the applications of the present document but they assist the user with regard to a particular subject area. i.1 ETSI TR 119 001: “Electronic Signatures and Infrastructures (ESI); The framework for standardization of signatures; D
26、efinitions and abbreviations“. i.2 ETSI TR 119 000: “Electronic Signatures and Infrastructures (ESI); The framework for standardization of signatures: overview“. i.3 ETSI TR 119 134-1: “Electronic Signatures and Infrastructures (ESI); XAdES digital signatures -Testing Conformance and Interoperabilit
27、y; Part 1: Overview“. ETSI ETSI TS 119 134-2 V1.1.1 (2016-06)6 i.4 ETSI EN 319 102-1: “Electronic Signatures and Infrastructures (ESI); Procedures for Creation and Validation of AdES Digital Signatures; Part 1: Creation and Validation“. 3 Definitions and abbreviations 3.1 Definitions For the purpose
28、s of the present document, the terms and definitions given in ETSI TR 119 001 i.1 and the following apply: negative test case: test case either for a signature that is not a XAdES baseline signature, or for a signature whose validation according to ETSI EN 319 102-1 i.4 would not result in TOTAL_PAS
29、SED 3.2 Abbreviations For the purposes of the present document, the abbreviations given in ETSI TR 119 001 i.1 and the following apply: CA Certification Authority CRL Certificate Revocation ListOCSP Online Certificate Status Provider TSA Time-Stamping Authority TSA1 Time-Stamping Authority 1TSA2 Tim
30、e-Stamping Authority 24 Overview This clause describes the overall approach used throughout the present document to specify test suites for testing interoperability of XAdES baseline signature a specified in ETSI EN 319 132-1 1. ETSI EN 319 132-1 1 defines four different levels of XAdES baseline sig
31、natures. The test suites are defined with different layers reflecting the levels of XAdES signatures specified in ETSI EN 319 132-1 1: Testing XAdES signatures interoperability between applications claiming B-B level conformance. Testing XAdES signatures interoperability between applications claimin
32、g B-T level conformance. . Testing XAdES signatures interoperability between applications claiming B-LT T level conformance. Testing XAdES signatures interoperability between applications claiming B-LTA T level conformance. Table 1 shows the prefixes used throughout the present document to refer to
33、specific elements in the XAdES signature associated to the URIs of the corresponding namespaces. Table 1: Prefixes used XML Namespace URI Prefix http:/www.w3.org/2000/09/xmldsig# dshttp:/uri.etsi.org/01903/v1.3.2# xades http:/uri.etsi.org/01903/v1.4.1 adesv141 ETSI ETSI TS 119 134-2 V1.1.1 (2016-06)
34、7 5 Test-suite for testing interoperability of XAdES-B-B signatures The test cases in this clause have been defined for different combinations of XAdES-B-B signatures properties. Mandatory properties for XAdES-B-B signatures as specified in ETSI EN 319 132-1 1 clause 6.3 shall be present. Table 2 sh
35、ows the test suite for testing interoperability of XAdES-B-B signatures as specified in ETSI EN 319 132-1 1 that do not incorporate xades:SignaturePolicyIdentifier qualifying property. Table 3 shows the test suite for testing interoperability of XAdES-B-B signatures as specified in ETSI EN 319 132-1
36、 1 that do incorporate xades:SignaturePolicyIdentifier and xades:SignaturePolicyDocumentStore qualifying properties. ETSI ETSI TS 119 134-2 V1.1.1 (2016-06)8 Table 2: Test cases for XAdES-B-B signatures that do not incorporate xades:SignaturePolicyIdentifier qualifying property TC ID Description Pas
37、s criteria Signature qualifying properties XAdES/BB/1 This is the simplest test case for XAdES-B-B signatures. XAdES-B-B signature signing one data object (a text file) and the xades:SignedProperties element. The signature only contains the mandatory XAdES properties according to the B-level, namely
38、: xades:SigningTime. xades:SigningCertifiatev2. xades:DataObjectFormat. The xades:DataObjectFormat should point to a ds:Reference whose URI attribute points to the signed simple text file. Positive validation. xades:SigningCertificateV2 xades:SigningTime xades:DataObjectFormat XAdES/BB/2 XAdES-B-B s
39、ignature signing two data objects and the xades:SignedProperties element. This brings the presence of two xades:DataObjectFormat signed properties. Positive validation. xades:SigningCertificateV2 xades:SigningTime xades:DataObjectFormat xades:DataObjectFormat XAdES/BB/3 XAdES-B-B signature signing t
40、wo data objects and the xades:SignedProperties element. Incorporates one xades:CommitmentTypeIndication qualifying property expressing a commitment for all the signed data objects. Positive validation. xades:SigningCertificateV2 xades:SigningTime xades:DataObjectFormat xades:DataObjectFormat xades:C
41、ommitmentTypeIndication (with xades:AllSignedDataObjects element) XAdES/BB/4 XAdES-B-B signature signing two data objects and the xades:SignedProperties element. Incorporates one xades:CommitmentTypeIndication qualifying property expressing a commitment for one of the signed data objects. Positive v
42、alidation. xades:SigningCertificateV2 xades:SigningTime xades:DataObjectFormat xades:DataObjectFormat xades:CommitmentTypeIndication (with one xades:ObjectReference element) XAdES/BB/5 XAdES-B-B signature signing one data object (a text file) and the xades:SignedProperties element. Incorporates one
43、xades:SignatureProductionPlaceV2 qualifying property. Positive validation. xades:SigningCertificateV2 xades:SigningTime xades:DataObjectFormat xades:SignatureProductionPlaceV2 XAdES/BB/6 XAdES-B-B signature signing one data object (a text file) and the xades:SignedProperties element. Incorporates on
44、e X509 Attribute certificate within the xades:SignerRoleV2 qualifying property. Positive validation. xades:SigningCertificateV2 xades:SigningTime xades:DataObjectFormat xades:SignerRoleV2 (with one X509 Attribute certificate within one CertifiedRole/X509AttributeCertificate element) XAdES/BB/7 XAdES
45、-B-B signature signing one data object (a text file) and the xades:SignedProperties element. Incorporates one claimed attribute within the xades:SignerRoleV2 qualifying property. Positive validation. xades:SigningCertificateV2 xades:SigningTime xades:DataObjectFormat xades:SignerRoleV2 (with one xad
46、es:Claimed element) ETSI ETSI TS 119 134-2 V1.1.1 (2016-06)9 TC ID Description Pass criteria Signature qualifying properties XAdES/BB/8 XAdES-B-B signature signing one data object (a text file) and the xades:SignedProperties element. Incorporates one signed assertion within the xades:SignerRoleV2 qu
47、alifying property. Positive validation. xades:SigningCertificateV2 xades:SigningTime xades:DataObjectFormat xades:SignerRoleV2 (with one xades:SignedAssertion element) XAdES/BB/9 XAdES-B-B signature signing one data object (a text file) and the xades:SignedProperties element. Incorporates one X509 A
48、ttribute certificate and one signed assertion within the xades:SignerRoleV2 qualifying property. Positive validation. xades:SigningCertificateV2 xades:SigningTime xades:DataObjectFormat xades:SignerRoleV2 (with one xades:SignedAssertion element and with one CertifiedRole/X509AttributeCertificate ele
49、ment) XAdES/BB/10 XAdES-B-B signature signing one data object (a text file) and the xades:SignedProperties element. Incorporates one xades:CounterSignature qualifying property. Positive validation. xades:SigningCertificateV2 xades:SigningTime xades:DataObjectFormat xades:CounterSignature XAdES/BB/11 XAdES-B-B signature signing two data objects and the xades:SignedProperties element. Incorporates one xades:AllDataObjectsTimeStamp encapsulating a