1、 ETSI TS 119 134-5 V2.1.1 (2016-06) Electronic Signatures and Infrastructures (ESI); XAdES digital signatures - Testing Conformance and Interoperability; Part 5: Testing Conformance of extended XAdES signatures TECHNICAL SPECIFICATION ETSI ETSI TS 119 134-5 V2.1.1 (2016-06)2 Reference RTS/ESI-001913
2、4-5 Keywords conformance, e-commerce, electronic signature, profile, security, testing, XAdES ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfec
3、ture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be
4、modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretaria
5、t. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, pleas
6、e send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permi
7、ssion of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2016. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand th
8、e ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 119
9、134-5 V2.1.1 (2016-06)3 Contents Intellectual Property Rights 6g3Foreword . 6g3Modal verbs terminology 6g31 Scope 7g32 References 7g32.1 Normative references . 7g32.2 Informative references 8g33 Abbreviations . 8g34 Overview 8g35 Testing conformance to E-BES level of extended XAdES signatures . 9g35
10、.1 Introduction 9g35.2 Testing XML Signature elements and containers of XAdES qualifying properties . 9g35.2.1 Testing XML Signature elements . 9g35.2.1.1 Testing ds:Signature element 9g35.2.1.2 Testing ds:KeyInfo element 10g35.2.2 Testing containers of XAdES qualifying properties and references to
11、containers of XAdES qualifying properties . 10g35.2.2.1 Testing incorporation of XAdES qualifying properties to the signature . 10g35.2.2.2 Testing xades:QualifyingPropertiesReference 11g35.2.2.3 Testing xades:QualifyingProperties 11g35.2.2.4 Testing xades:SignedProperties 11g35.2.2.5 Testing xades:
12、SignedSignatureProperties . 12g35.2.2.6 Testing xades:SignedDataObjectProperties 12g35.2.2.7 Testing xades:UnSignedProperties . 12g35.2.2.8 Testing xades:UnSignedSignatureProperties 12g35.2.2.9 Testing xades:UnSignedDataObjectProperties . 13g35.3 Testing XAdES qualifying properties 13g35.3.1 Testing
13、 xades:SigningTime element . 13g35.3.2 Testing xades:SigningCertificateV2 element 13g35.3.3 Testing xades:CommitmentTypeIndication element 13g35.3.4 Testing xades:DataObjectFormat element 13g35.3.5 Testing xades:SignatureProductionPlaceV2 element . 14g35.3.6 Testing xades:SignerRoleV2 element . 14g3
14、5.3.7 Testing xades:CounterSignature element 14g35.3.8 Testing xades:AllDataObjectsTimeStamp element 14g35.3.9 Testing xades:IndividualDataObjectsTimeStamp element . 14g35.3.10 Testing properties from upper levels 14g36 Testing conformance to E-EPES level of extended XAdES signatures . 16g36.1 Intro
15、duction 16g36.2 Testing xades:SignaturePolicyIdentifier element . 16g36.2.1 General requirements 16g36.2.2 Test assertions specific to E-EPES level . 16g36.2.3 Testing xades:SPURI signature policy qualifier . 16g36.2.4 Testing xades:SPUserNotice signature policy qualifier 16g36.2.5 Testing xadesv141
16、:SPDocSpecification signature policy qualifier 16g36.3 Testing xadesv141:SignaturePolicyStore element . 16g36.4 Testing properties of upper levels 17g37 Testing conformance to E-T level of extended XAdES signatures 17g37.1 Introduction 17g37.2 Testing xades:SignatureTimeStamp element . 17g37.2.1 Gen
17、eral requirements 17g37.2.2 Test assertions specific to E-T level . 17g3ETSI ETSI TS 119 134-5 V2.1.1 (2016-06)4 7.3 Testing properties from upper levels 17g38 Testing conformance to E-C level of extended XAdES signatures 18g38.1 Introduction 18g38.2 Testing xadesv141:CompleteCertificateRefsV2 eleme
18、nt . 18g38.2.1 General requirements 18g38.2.2 Test assertions specific to E-C level . 18g38.2.3 Test assertions no specific to E-C level 18g38.3 Testing xadesv141:AttributeCertificateRefsV2 element 19g38.4 Testing xades:CompleteRevocationRefs element 19g38.4.1 General requirements 19g38.4.2 Test ass
19、ertions specific to E-C level . 19g38.4.3 Test assertions no specific to E-C level 19g38.5 Testing xades:AttributeRevocationRefs element . 20g38.6 Testing properties from upper levels 20g39 Testing conformance to E-X level of extended XAdES signatures . 20g39.1 Introduction 20g39.2 Testing xadesv141
20、:SigAndRefsTimeStampV2 element 20g39.2.1 General requirements 20g39.2.2 Test assertions specific to E-X level . 21g39.2.3 Test assertions no specific to E-X level 21g39.3 Testing xadesv141:RefsOnlyTimeStampV2 element . 21g39.3.1 General requirements 21g39.3.2 Test assertions specific to E-X level .
21、21g39.3.3 Test assertions no specific to E-X level 21g39.4 Testing properties from upper levels 22g310 Testing conformance to E-X-L level of extended XAdES signatures 22g310.1 Introduction 22g310.2 Testing xades:CertificateValues element . 22g310.3 Testing xades:RevocationValues element 23g310.4 Tes
22、ting xades:AttrAuthoritiesCertValues element . 23g310.4.1 General requirements 23g310.4.2 Test assertions specific to the E-X-L and E-X-Long levels 23g310.4.3 Test assertions no specific to the E-X-L and E-X-Long levels . 23g310.5 Testing xades:AttributeRevocationValues element 24g310.5.1 General re
23、quirements 24g310.5.2 Test assertions specific to the E-X-L and E-X-Long levels 24g310.5.3 Test assertions no specific to the E-X-L and E-X-Long levels . 24g310.6 Testing properties from upper levels 24g311 Testing conformance to E-X-Long level of extended XAdES signatures 24g311.1 General requireme
24、nts . 24g311.2 Test assertions for qualifying properties specific of the level 25g311.3 Testing properties from upper levels 25g312 Testing conformance to E-A level of extended XAdES signatures . 25g312.1 Introduction 25g312.2 Testing xadesv141:TimeStampValidationData element 25g312.2.1 General requ
25、irements 25g312.2.2 Test assertions specific to E-A level . 26g312.3 Testing xadesv141:ArchiveTimeStamp element 26g312.3.1 General requirements 26g312.3.2 Test assertions specific to E-A level . 26g312.3.3 Test assertions no specific to E-A level 26g312.4 Testing xadesv141:RenewedDigests element. 26
26、g312.4.1 General requirements 26g312.4.2 Test assertions specific to E-A level . 26g3Annex A (normative): Test assertions derived from XML Schema 27g3A.1 Introduction 27g3ETSI ETSI TS 119 134-5 V2.1.1 (2016-06)5 A.2 Testing xades:QualifyingPropertiesReference . 27g3History 28g3ETSI ETSI TS 119 134-5
27、 V2.1.1 (2016-06)6 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “In
28、tellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, in
29、cluding IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS)
30、 has been produced by ETSI Technical Committee Electronic Signatures and Infrastructures (ESI). The present document is part 5 of a multi-part deliverable covering XAdES digital signatures testing conformance and interoperability. Full details of the entire series can be found in part 1 i.2. Modal v
31、erbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT
32、allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 119 134-5 V2.1.1 (2016-06)7 1 Scope The present document defines the sets of checks required for testing conformance of XAdES signatures against extended XAdES signatures as specified ETSI EN 319 132-2 2. It defines only
33、the checks that are specific to extended XAdES signatures. The set of checks that are common to both extended and baseline XAdES signatures, are defined in ETSI TS 119 134-4 4. The complete set of checks to be performed by any tool on XAdES extended signatures is the union of the sets defined within
34、 the present document and the set of common checks for testing conformance against ETSI EN 319 132-1 1 and ETSI EN 319 132-2 2 defined in ETSI TS 119 134-4 4, as indicated in the normative clauses of the present document. The present document does not specify checks leading to conclude whether a sig
35、nature is technically valid or not (for instance, it does not specify checks for determining whether the cryptographic material present in the signature may be considered valid or not). In consequence no conclusion may be inferred regarding the technical validity of a signature that has been success
36、fully tested by any tool conformant to the present document. The only possible inferences are the ones explicitly mentioned in the second paragraph of the present clause. Checks specified by the present document are exclusively constrained to elements specified by ETSI EN 319 132-1 1 and to certain
37、elements specified by XMLSig 3 that are re-used in XAdES schema definition (like ds:keyInfo). Regarding XAdES properties, the present document does not addresses the structural requirements that are defined by the XAdES XML Schema that are suitably addressed in ETSI TS 119 134-4 4. The present docum
38、ent does not address either requirements that are common to both XAdES signatures as specified in ETSI EN 319 132-1 1 and ETSI EN 319 132-2 2. The present document is intentionally not linked to any software development technology and is also intentionally agnostic on implementation strategies. This
39、 is one of the reasons why the test assertions set specified in the present document includes tests on the correctness of the structure of all the elements specified by XAdES 1. 2 References 2.1 Normative references References are either specific (identified by date of publication and/or edition num
40、ber or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected location m
41、ight be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are necessary for the application of the present document. 1 ETSI EN 319 132-
42、1: “Electronic Signatures and Infrastructures (ESI); XAdES digital signatures; Part 1: Building blocks and XAdES baseline signatures“. 2 ETSI EN 319 132-2: “Electronic Signatures and Infrastructures (ESI); XAdES digital signatures; Part 2: Extended XAdES signatures“. 3 W3C Recommendation (2008): “XM
43、L-Signature Syntax and Processing (Second Edition)“. 4 ETSI TS 119 134-4: “Electronic Signatures and Infrastructures (ESI); XAdES digital signatures -Testing Conformance and Interoperability; Part 4: Testing Conformance of XAdES baseline signatures“. 5 IETF RFC 5035: “Enhanced Security Services (ESS
44、) Update: Adding CertID Algorithm Agility“. ETSI ETSI TS 119 134-5 V2.1.1 (2016-06)8 2.2 Informative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non
45、-specific references, the latest version of the referenced document (including any amendments) applies. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are not necessary for t
46、he application of the present document but they assist the user with regard to a particular subject area. i.1 OASIS Standard: “Test Assertions Model Version 1.0“. i.2 ETSI TR 119 134-1: “Electronic Signatures and Infrastructures (ESI); XAdES digital signatures - Testing Conformance and Interoperabil
47、ity; Part 1: Overview“. 3 Abbreviations For the purposes of the present document, the following abbreviations apply: BER Basic Encoding Rules CER Canonical Encoding Rules DER Distinguished Encoding Rules HTTP Hyper Text Transfer Protocol OCSP Online Certificate Status Protocol OID Object IDentifier
48、PER Packed Encoding Rules TSP Trusted Service Providers URI Uniform Resource Identifier URN Uniform Resource Name XER XML Encoding RulesXML eXtensible Markup Language XMLDSIG eXtensible Markup Language Digital SIGnature 4 Overview The present clause describes the main aspects of the technical approa
49、ch used for specifying the whole set of tests to be performed for testing conformance to ETSI EN 319 132-2 2. In order to test conformance against the aforementioned specification, several types of tests are identified, namely: 1) Tests on the signature structure that are directly derived from the part of the XML Schema specified in ETSI EN 319 132-1 1 that defines elements that are specific to extended XAdES signatures and not incorporated into XAdES baseline signatures. These tests are specified in annex A. 2) Tests on the signature