1、 ETSI TS 119 134-3 V1.1.1 (2016-06) Electronic Signatures and Infrastructures(ESI); XAdES digital signatures - Testing Conformance and Interoperability; Part 3: Test suites for testing interoperability of extended XAdES signatures TECHNICAL SPECIFICATION ETSI ETSI TS 119 134-3 V1.1.1 (2016-06)2 Refe
2、rence DTS/ESI-0019134-3 Keywords e-commerce, electronic signature, interoperability, profile, security, testing, XAdES ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif
3、 enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the prese
4、nt document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network dri
5、ve within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in th
6、e present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as au
7、thorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2016. All rights reserved. DECTTM,
8、PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Assoc
9、iation. ETSI ETSI TS 119 134-3 V1.1.1 (2016-06)3 Contents Intellectual Property Rights 4g3Foreword . 4g3Modal verbs terminology 4g31 Scope 5g32 References 5g32.1 Normative references . 5g32.2 Informative references 5g33 Definitions, symbols and abbreviations . 6g33.1 Definitions 6g33.2 Abbreviations
10、 . 6g34 Overview 6g35 Test suites for testing interoperability of extended XAdES signatures 7g35.1 Introduction 7g35.2 Testing interoperability of XAdES-E-BES signatures . 7g35.3 Test-suite for testing interoperability of XAdES-E-EPES signatures 9g35.4 Test-suite for testing interoperability of XAdE
11、S-E-T signatures . 11g35.5 Test-suite for testing interoperability of XAdES-E-C signatures . 14g35.6 Test-suite for testing interoperability of XAdES-E-X signatures . 17g35.7 Test-suite for testing interoperability of XAdES-E-X-Long signatures . 20g35.8 Test-suite for testing interoperability of XAd
12、ES-E-X-L signatures . 23g35.9 Test-suite for testing interoperability of XAdES-E-A signatures . 26g36 Test-suite for augmentation of extended XAdES signatures 32g36.1 Introduction 32g36.2 Augmentation to XAdES-E-C signatures . 32g36.3 Augmentation to XAdES-E-X signatures . 34g36.4 Augmentation to XA
13、dES-E-X-L signatures . 36g36.3 Augmentation to XAdES-E-A signatures . 39g37 Test suites with negative test cases 42g37.1 Introduction 42g37.2 Test cases generating non XAdES signatures 42g37.3 Test cases for XAdES-E-BES signatures . 42g37.4 Test cases generating non valid XAdES-E-EPES signatures . 4
14、4g37.5 Test cases generating non valid XAdES-E-T signatures 44g37.6 Test cases generating non valid XAdES-E-A signatures 47g3History 50g3ETSI ETSI TS 119 134-3 V1.1.1 (2016-06)4 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETS
15、I. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is availab
16、le from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000
17、 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI Technical Committee Electronic Signatures and Infrastructures (ESI). The present document is part 3 of a multi-par
18、t deliverable covering XAdES digital signatures - Testing Conformance and Interoperability. Full details of the entire series can be found in part 1 i.1. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “ca
19、nnot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 119 134-3 V1.1.1 (2016-06)5 1 Scope The present document def
20、ines a number of test suites to assess the interoperability between implementations claiming conformance to extended XAdES signatures as specified in ETSI EN 319 132-2 2. The present document defines test suites for each level defined in ETSI EN 319 132-2 2. Test suites also cover augmentation of ex
21、tended XAdES signatures and negative test cases. These test suites are agnostic of the PKI infrastructure. Any PKI infrastructure can be used including the one based on EU Member States Trusted Lists. 2 References 2.1 Normative references References are either specific (identified by date of publica
22、tion and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. Referenced documents which are not found to be publicly available in
23、the expected location might be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are necessary for the application of the present docum
24、ent. 1 ETSI EN 319 132-1: “Electronic Signatures and Infrastructures (ESI); XAdES digital signatures; Part 1: Building blocks and XAdES baseline signatures“. 2 ETSI EN 319 132-2: “Electronic Signatures and Infrastructures (ESI); XAdES digital signatures; Part 2: extended XAdES signatures“. 3 ETSI TS
25、 119 134-2: “Electronic Signatures and Infrastructures (ESI); XAdES digital signature -Testing Conformance and Interoperability; Part 2: Test suites for testing Interoperability of XAdES baseline signatures“. 2.2 Informative references References are either specific (identified by date of publicatio
26、n and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. NOTE: While any hyperlinks included in this clause were valid at the tim
27、e of publication, ETSI cannot guarantee their long term validity. The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. i.1 ETSI TR 119 134-1: “Electronic Signatures and Infrastructures (ESI
28、); XAdES digital signatures - Testing Conformance and Interoperability; Part 1: Introduction“. i.2 ETSI TR 119 001: “Electronic Signatures and Infrastructures (ESI); The framework for standardization of signatures; Definitions and abbreviations“. i.3 ETSI TR 119 000: “Electronic Signatures and Infra
29、structures (ESI); The framework for standardization of signatures: overview“. ETSI ETSI TS 119 134-3 V1.1.1 (2016-06)6 i.4 ETSI EN 319 102-1: “Electronic Signatures and Infrastructures (ESI); Procedures for Creation and Validation of AdES Digital Signatures; Part 1: Creation and Validation“. 3 Defin
30、itions, symbols and abbreviations 3.1 Definitions For the purposes of the present document, the terms and definitions given in ETSI TR 119 001 i.2 and the following apply: negative test case: test case either for a signature that is not an extended XAdES signature, or for a signature whose validatio
31、n according to ETSI EN 319 102-1 i.4 would not result in TOTAL_PASSED 3.2 Abbreviations For the purposes of the present document, the abbreviations given in ETSI TR 119 001 i.2 and the following apply: CA Certification Authority CRL Certificate Revocation ListOCSP Online Certificate Status Provider
32、TSA Time-Stamping Authority 4 Overview This clause describes the overall approach used throughout the present document to specify test suites for extended XAdES signatures as specified in ETSI EN 319 132-2 2. ETSI EN 319 132-2 2 defines eight different levels of extended XAdES signatures. The test s
33、uites are defined with different layers reflecting the levels of XAdES signatures specified in ETSI EN 319 132-2 2. Below follows an overview. The test suites for testing interoperability of extended XAdES signatures include: XAdES-E-BES signatures test cases; XAdES-E-EPES signatures test cases; XAd
34、ES-E-T signatures test cases; XAdES-E-C test cases; XAdES-E-X test cases; XAdES-E-X Long test cases; and XAdES-E-A signatures. The test suites including negative test cases for extended XAdES signatures include: Negative test cases for XAdES-E-BES signatures; Negative test cases for XAdES-E-EPES sig
35、natures; Negative test cases for XAdES-E-T signatures; and Negative test cases for XAdES-E-A signatures. ETSI ETSI TS 119 134-3 V1.1.1 (2016-06)7 The test suites for testing augmentation of extended XAdES signatures include: Augmentation to XAdES-E-C signatures; Augmentation to XAdES-E-X signatures;
36、 Augmentation to XAdES-E-XL signatures; and Augmentation to XAdES-E-A signatures. Certain XAdES extended signatures are also XAdES baseline signatures. In consequence, the present document defines test suites for testing interoperability of extended XAdES signatures that include certain test cases a
37、lready defined in ETSI TS 119 134-2 3. Table 1 shows the prefixes used throughout the present document to refer to specific elements in the XAdES signature associated to the URIs of the corresponding namespaces. Table 1: Prefixes used XML Namespace URI Prefix http:/www.w3.org/2000/09/xmldsig# dshttp
38、:/uri.etsi.org/01903/v1.3.2# xades http:/uri.etsi.org/01903/v1.4.1 adesv141 5 Test suites for testing interoperability of extended XAdES signatures 5.1 Introduction Clause 5 presents a test suite for testing interoperability of extended XAdES signatures as specified in in ETSI EN 319 132-2 2. 5.2 Te
39、sting interoperability of XAdES-E-BES signatures This clause presents a test suite for testing interoperability of XAdES-E-BES signatures as specified in in ETSI EN 319 132-2 2. The test suite for testing interoperability XAdES-E-BES signatures as specified in ETSI EN 319 132-2 2 shall include the t
40、est cases defined in ETSI TS 119 134-2 3, clause 5, Table 2 and the test cases defined in Table 2. ETSI ETSI TS 119 134-3 V1.1.1 (2016-06)8 Table 2: Test cases for XAdES-E-BES not covered in ETSI TS 119 134-2 3 clause 5 TC ID Description Pass criteria Signature qualifying properties XAdES/EBES/1 XAd
41、ES-E-BES signature signing one data object (a text file) and the ds:KeyInfo element, which includes the signing certificate of the signature. The signature does not incorporate the xades:QualifyingProperties container. NOTE: This test case allows testing how applications process XAdES-E-BES signatur
42、es that do not incorporate the xades:SigningCertificateV2. Positive validation. No xades:QualifyingProperties ds:KeyInfo with signing certificate of the signature ds:KeyInfo is also signed by the signature XAdES/EBES/2 XAdES-E-BES signature signing one data object (a text file) and the xades:SignedP
43、roperties element. Incorporates the xades:SigningCertificateV2 qualifying property. Positive validation. xades:SigningCertificateV2 XAdES/EBES/3 XAdES-E-BES signature signing two data objects, the xades:SignedProperties container, and the ds:KeyInfo element, which includes the signing certificate of
44、 the signature. The signature does not incorporate the xades:SigningCertificateV2 qualifying property. Incorporates the xades:SigningTime qualifying property. Incorporates one xades:DataObjectFormat for one of the signed data objects. Incorporates one xades:CommitmentTypeIndication qualifying proper
45、ty expressing a commitment for one of the signed data objects. Incorporates one xades:SignatureProductionPlaceV2 qualifying property. Incorporates one X509 Attribute certificate and one signed assertion within the xades:SignerRoleV2 qualifying property. Incorporates the xades:SignatureProductionPlac
46、eV2 qualifying property. Incorporates one xades:CounterSignature qualifying property. Incorporates one xades:IndividualDataTimeStamp encapsulating a time-stamp token that time-stamps one of the signed data objects as specified in ETSI EN 319 132-1 1 generated by a TSA that is within the same hierarc
47、hy as the signing certificate of the signature. Positive validation ds:KeyInfo with signing certificate of the signature ds:KeyInfo is also signed by the signature xades:SigningTime xades:DataObjectFormat xades:CommitmentTypeIndication (with one xades:ObjectReference element) xades:SignatureProducti
48、onPlaceV2 xades:SignerRoleV2 (with one xades:SignedAssertion element and with one CertifiedRole/X509AttributeCertificate xades:CounterSignature xades:IndividualDataObjectTimeStamp ETSI ETSI TS 119 134-3 V1.1.1 (2016-06)9 5.3 Test-suite for testing interoperability of XAdES-E-EPES signatures This cla
49、use defines one test suite for testing interoperability of XAdES-E-EPES signatures. The test suite for testing interoperability XAdES-E-EPES signatures as specified in ETSI EN 319 132-2 2 shall include the test cases defined in ETSI TS 119 134-2 3, clause 5, Table 3 and the test cases defined in Table 3. ETSI ETSI TS 119 134-3 V1.1.1 (2016-06)10 Table 3: Test cases for XAdES-E-EPES signatures not covered in ETSI TS 119 134-2 3 clause 5 TC ID Description Pass criteria
