1、 ETSI TS 119 134-4 V1.1.1 (2016-06) Electronic Signatures and Infrastructures (ESI); XAdES digital signatures - Testing Conformance and Interoperability; Part 4: Testing Conformance of XAdES baseline signatures TECHNICAL SPECIFICATION ETSI ETSI TS 119 134-4 V1.1.1 (2016-06)2 Reference DTS/ESI-001913
2、4-4 Keywords conformance, e-commerce, electronic signature, profile, security, testing, XAdES ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfec
3、ture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be
4、modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretaria
5、t. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, pleas
6、e send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permi
7、ssion of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2016. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand th
8、e ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 119
9、134-4 V1.1.1 (2016-06)3 Contents Intellectual Property Rights 7g3Foreword . 7g3Modal verbs terminology 7g31 Scope 8g32 References 8g32.1 Normative references . 8g32.2 Informative references 9g33 Abbreviations . 9g34 Overview 9g35 Testing conformance to B-B level of XAdES signatures . 11g35.1 General
10、 . 11g35.2 Testing XML Signature elements and containers of XAdES qualifying properties . 12g35.2.1 Testing XML Signature elements . 12g35.2.1.1 Testing ds:Signature element 12g35.2.1.2 Testing ds: Reference element 12g35.2.1.2.1 Test assertions common to XAdES baseline and extended signatures 12g35
11、.2.1.2.2 Testing ds: Transforms element 12g35.2.1.3 Testing ds: Canonicalization element 12g35.2.1.4 Testing ds:SignatureValue element . 13g35.2.1.4.1 Test assertions common to XAdES baseline and extended signatures 13g35.2.1.5 Testing ds: KeyInfo element . 13g35.2.1.5.1 Test assertions common to XA
12、dES baseline and extended signatures 13g35.2.1.5.2 Test assertions specific to XAdES baseline signatures 13g35.2.2 Testing containers of XAdES qualifying properties . 14g35.2.2.1 Testing incorporation of XAdES qualifying properties to the signature . 14g35.2.2.2 Testing xades:QualifyingProperties 14
13、g35.2.2.2.1 Test assertions common to XAdES baseline and extended signatures 14g35.2.2.2.2 Test assertions specific to XAdES baseline signatures 14g35.2.2.3 Testing xades:SignedProperties 15g35.2.2.3.1 Test assertions specific to XAdES baseline signatures 15g35.2.2.4 Testing xades:SignedSignaturePro
14、perties . 15g35.2.2.4.1 Test assertions specific to XAdES baseline signatures 15g35.2.2.5 Testing xades:SignedDataObjectProperties 15g35.2.2.5.1 Test assertions common to XAdES baseline and extended signatures 15g35.2.2.5.2 Test assertions specific to XAdES baseline signatures 16g35.2.2.6 Testing xa
15、des:UnSignedProperties . 16g35.2.2.6.1 Test assertions common to XAdES baseline and extended signatures 16g35.2.2.6.2 Test assertions specific to XAdES baseline signatures 16g35.2.2.7 Testing xades:UnSignedSignatureProperties 16g35.2.2.7.1 Test assertions common to XAdES baseline and extended signat
16、ures 16g35.2.2.7.2 Test assertions specific to XAdES baseline signatures 16g35.2.2.8 Testing xades:UnSignedDataObjectProperties . 17g35.2.2.8.1 Test assertions common to XAdES baseline and extended signatures 17g35.3 Testing XAdES qualifying properties 17g35.3.1 Testing xades:SigningTime element . 1
17、7g35.3.1.1 Test assertions specific to XAdES baseline signatures . 17g35.3.2 Testing xades:SigningCertificateV2 element 17g35.3.2.1 Test assertions common to XAdES baseline and extended signatures 17g35.3.2.2 Test assertions specific to XAdES baseline signatures . 18g35.3.3 Testing xades:CommitmentT
18、ypeIndication element 18g35.3.3.1 Test assertions common to XAdES baseline and extended signatures 18g35.3.4 Testing xades:DataObjectFormat element 18g35.3.4.1 Test assertions common to XAdES baseline and extended signatures 18g35.3.4.2 Test assertions specific to XAdES baseline signatures . 19g3ETS
19、I ETSI TS 119 134-4 V1.1.1 (2016-06)4 5.3.5 Testing xades:SignatureProductionPlaceV2 element . 20g35.3.5.1 Test assertions common to XAdES baseline and extended signatures 20g35.3.6 Testing xades:SignerRoleV2 element . 20g35.3.6.1 Test assertions common to XAdES baseline and extended signatures 20g3
20、5.3.7 Testing xades:CounterSignature element 21g35.3.7.1 Test assertions common to XAdES baseline and extended signatures 21g35.3.8 Testing xades:AllDataObjectsTimeStamp element 21g35.3.8.1 Test assertions common to XAdES baseline and extended signatures 21g35.3.9 Testing xades:IndividualDataObjects
21、TimeStamp element . 22g35.3.9.1 Test assertions common to XAdES baseline and extended signatures 22g35.3.10 Testing xades:SignaturePolicyIdentifier element . 22g35.3.10.1 Test assertions common to XAdES baseline and extended signatures 22g35.3.10.2 Testing xades:SPURI signature policy qualifier . 23
22、g35.3.10.2.1 Test assertions common to XAdES baseline and extended signatures 23g35.3.10.3 Testing xadesv141:SPDocSpecification signature policy qualifier . 23g35.3.10.3.1 Test assertions common to XAdES baseline and extended signatures 23g35.3.11 Testing xadesv141:SignaturePolicyStore . 23g35.3.11.
23、1 Test assertions common to XAdES baseline and extended signatures 23g35.3.12 Testing xadesv141:CompleteCertificateRefsV2 element . 24g35.3.12.1 Test assertions common to XAdES baseline and extended signatures 24g35.3.12.2 Test assertions specific to XAdES baseline signatures . 24g35.3.13 Testing xa
24、desv141:AttributeCertificateRefsV2 element 25g35.3.13.1 Test assertions common to XAdES baseline and extended signatures 25g35.3.13.2 Test assertions specific to XAdES baseline signatures . 25g35.3.14 Testing xades:CompleteRevocationRefs element . 26g35.3.14.1 Test assertions common to XAdES baselin
25、e and extended signatures 26g35.3.14.2 Test assertions specific to XAdES baseline signatures . 27g35.3.15 Testing xades:AttributeRevocationRefs element 27g35.3.15.1 Test assertions common to XAdES baseline and extended signatures 27g35.3.15.2 Test assertions specific to XAdES baseline signatures . 2
26、8g35.3.16 Testing xadesv141:SigAndRefsTimeStampV2 element . 28g35.3.16.1 Test assertions common to XAdES baseline and extended signatures 28g35.3.16.2 Test assertions specific to XAdES baseline signatures . 29g35.3.17 Testing xadesv141:RefsOnlyTimeStampV2 element . 29g35.3.17.1 Test assertions commo
27、n to XAdES baseline and extended signatures 29g35.3.17.2 Test assertions specific to XAdES baseline signatures . 30g36 Testing conformance to B-T level of XAdES signatures . 30g36.1 General requirements . 30g36.2 Testing xades:SignatureTimeStamp element . 30g36.2.1 Test assertions common to XAdES ba
28、seline and extended signatures . 30g36.2.2 Test assertions specific to XAdES baseline signatures . 31g37 Testing conformance to B-LT level of XAdES signatures. 31g37.1 General requirements . 31g37.1.1 Core requirements . 31g37.1.2 Test assertions for testing properties containing references to valid
29、ation data . 31g37.1.3 Test assertions for testing properties from upper levels 32g37.2 Testing xades:CertificateValues element . 33g37.2.1 Test assertions common to XAdES baseline and extended signatures . 33g37.2.2 Test assertions specific to XAdES baseline signatures . 33g37.3 Testing xades:Revoc
30、ationValues element 33g37.3.1 Test assertions common to XAdES baseline and extended signatures . 33g37.3.2 Test assertions specific to XAdES baseline signatures . 34g37.4 Testing xades:AttrAuthoritiesCertValues element . 34g37.4.1 Test assertions common to XAdES baseline and extended signatures . 34
31、g37.4.2 Test assertions specific to XAdES baseline signatures . 34g37.5 Testing xades:AttributeRevocationValues element 35g37.5.1 Test assertions common to XAdES baseline and extended signatures . 35g37.5.2 Test assertions specific to XAdES baseline signatures . 35g37.6 Testing xadesv141:TimeStampVa
32、lidationData element 35g37.6.1 Test assertions common to XAdES baseline and extended signatures . 35g3ETSI ETSI TS 119 134-4 V1.1.1 (2016-06)5 8 Testing conformance to B-LTA level of XAdES signatures 36g38.1 General requirements . 36g38.2 Testing xadesv141:ArchiveTimeStamp element 37g38.2.1 Common t
33、ests for distributed and not distributed cases 37g38.2.1.1 Test assertions common to XAdES baseline and extended signatures 37g38.2.1.2 Test assertions specific to XAdES baseline signatures . 37g38.3 Testing xadesv141:RenewedDigests element. 37g38.3.1 Test assertions common to XAdES baseline and ext
34、ended signatures . 37g38.3.2 Test assertions specific to XAdES baseline signatures . 38g3Annex A (normative): Test assertions derived from XML Schema 39g3A.0 Introduction 39g3A.1 Testing auxiliary types contents . 40g3A.1.1 Introduction 40g3A.1.2 Testing xades:ObjectIdentifierType instances 40g3A.1.
35、3 Testing xades:EncapsulatedPKIDataType instances 41g3A.1.4 Testing xades:XAdESTimeStampType instances 42g3A.1.4.1 Introduction. 42g3A.1.4.2 Testing xades:IncludeType instances 42g3A.1.5 Testing Lists of references to certificates. 43g3A.1.5.1 Testing xades:CertIDListV2Type instances . 43g3A.1.5.2 T
36、esting xades:CertIDTypeV2 instances 43g3A.1.5.3 Testing xades:DigestAlgAndValueType instances . 44g3A.1.5.4 Testing xades:IssuerSerialV2 element 45g3A.2 Testing containers for XAdES signatures 45g3A.2.1 Testing xades:QualifyingProperties . 45g3A.2.1.1 Testing xades:QualifyingProperties element 45g3A
37、.2.1.2 Testing xades:SignedProperties 46g3A.2.1.2.1 Testing xades:SignedProperties element . 46g3A.2.1.2.2 Testing xades:SignedSignatureProperties . 46g3A.2.1.2.3 Testing xades:SignedDataObjectProperties 46g3A.2.1.3 Testing xades:UnsignedProperties 47g3A.2.1.3.1 Testing xades:UnsignedProperties elem
38、ent . 47g3A.2.1.3.2 Testing xades:UnsignedSignatureProperties . 47g3A.2.1.3.3 Testing xades:UnsignedDataObjectProperties 47g3A.3 Testing XAdES qualifying properties 48g3A.3.1 Introduction 48g3A.3.2 Testing xades:SigningTime 48g3A.3.3 Testing xades:SigningCertificateV2 . 48g3A.3.4 Testing xades:Commi
39、tmentTypeIndication . 48g3A.3.5 Testing xades:DataObjectFormat . 50g3A.3.6 Testing xades:SignatureProductionPlaceV2 element . 51g3A.3.7 Testing xades:SignerRoleV2 element 51g3A.3.8 Testing xades:CounterSignature . 52g3A.3.9 Testing xades:AllDataObjectsTimeStamp . 52g3A.3.10 Testing xades:IndividualD
40、ataObjectsTimeStamp 53g3A.3.11 Testing xades:SignaturePolicyIdentifier . 53g3A.3.11.1 Testing xades:SignaturePolicyIdentifier element . 53g3A.3.11.2 Testing xades:SPURI qualifier . 54g3A.3.11.3 Testing xades:SPUserNotice qualifier 54g3A.3.11.4 Testing xadesv141:SPDocSpecification qualifier . 56g3A.3
41、.12 Testing xadesv141:SignaturePolicyStore . 56g3A.3.13 Testing xades:SignatureTimeStamp . 57g3A.3.14 Testing xadesv141:CompleteCertificateRefsTypeV2 and xadesv141: AttributeCertificateRefsV2 content 57g3A.3.15 Testing xades:CompleteRevocationRefsType content . 57g3A.3.15.1 Testing root element . 57
42、g3A.3.15.2 Testing xades:CRLRefs 58g3A.3.15.3 Testing xades:OCSPRefs 59g3ETSI ETSI TS 119 134-4 V1.1.1 (2016-06)6 A.3.15.4 Testing xades:OtherRefs . 61g3A.3.16 Testing xadesv141:SigAndRefsTimeStampV2 62g3A.3.17 Testing xadesv141:RefsOnlyTimeStampV2 62g3A.3.18 Testing xades:CertificateValuesType cont
43、ent 62g3A.3.19 Testing xades:RevocationValuesType content . 62g3A.3.20 Testing xadesv141:TimeStampValidationData 63g3A.3.21 Testing xadesv141:ArchiveTimeStamp . 64g3A.3.22 Testing xadesv141:RenewedDigests 64g3History 65g3ETSI ETSI TS 119 134-4 V1.1.1 (2016-06)7 Intellectual Property Rights IPRs esse
44、ntial or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentia
45、lly Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No gu
46、arantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI Technical Committee Electronic
47、 Signatures and Infrastructures (ESI). The present document is part 4 of a multi-part deliverable covering XAdES digital signatures - Testing Conformance and Interoperability. Full details of the entire series can be found in part 1 i.2. A tool implementing the present document has been developed an
48、d is accessible at http:/signatures-conformance-checker.etsi.org/. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verb
49、al forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 119 134-4 V1.1.1 (2016-06)8 1 Scope The present document defines the set of checks to be performed for testing conformance of XAdES signatures against XAdES baseline signatures as specified ETSI EN 319 132-1 1. The present document does not specify checks leading to conclude whether a signature is technically valid or not (for instance, it does not specify checks for determining whether the cryptographic material present
