ETSI TS 119 134-3 V1.1.1 (2016-06)

ETSI TS 119 134-3 V1.1.1 (2016-06)






TECHNICAL SPECIFICATION
Electronic Signatures and Infrastructures(ESI);
XAdES digital signatures -
Testing Conformance and Interoperability;
Part 3: Test suites for testing interoperability of extended
XAdES signatures

---------------------- Page: 1 ----------------------
2 ETSI TS 119 134-3 V1.1.1 (2016-06)



Reference
DTS/ESI-0019134-3
Keywords
e-commerce, electronic signature,
interoperability, profile, security, testing, XAdES
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the
print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© European Telecommunications Standards Institute 2016.
All rights reserved.

TM TM TM
DECT , PLUGTESTS , UMTS and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members.
TM
3GPP and LTE™ are Trade Marks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.
ETSI

---------------------- Page: 2 ----------------------
3 ETSI TS 119 134-3 V1.1.1 (2016-06)
Contents
Intellectual Property Rights . 4
Foreword . 4
Modal verbs terminology . 4
1 Scope . 5
2 References . 5
2.1 Normative references . 5
2.2 Informative references . 5
3 Definitions, symbols and abbreviations . 6
3.1 Definitions . 6
3.2 Abbreviations . 6
4 Overview . 6
5 Test suites for testing interoperability of extended XAdES signatures . 7
5.1 Introduction . 7
5.2 Testing interoperability of XAdES-E-BES signatures . 7
5.3 Test-suite for testing interoperability of XAdES-E-EPES signatures . 9
5.4 Test-suite for testing interoperability of XAdES-E-T signatures . 11
5.5 Test-suite for testing interoperability of XAdES-E-C signatures . 14
5.6 Test-suite for testing interoperability of XAdES-E-X signatures . 17
5.7 Test-suite for testing interoperability of XAdES-E-X-Long signatures . 20
5.8 Test-suite for testing interoperability of XAdES-E-X-L signatures . 23
5.9 Test-suite for testing interoperability of XAdES-E-A signatures . 26
6 Test-suite for augmentation of extended XAdES signatures. 32
6.1 Introduction . 32
6.2 Augmentation to XAdES-E-C signatures . 32
6.3 Augmentation to XAdES-E-X signatures . 34
6.4 Augmentation to XAdES-E-X-L signatures . 36
6.3 Augmentation to XAdES-E-A signatures . 39
7 Test suites with negative test cases . 42
7.1 Introduction . 42
7.2 Test cases generating non XAdES signatures . 42
7.3 Test cases for XAdES-E-BES signatures . 42
7.4 Test cases generating non valid XAdES-E-EPES signatures . 44
7.5 Test cases generating non valid XAdES-E-T signatures . 44
7.6 Test cases generating non valid XAdES-E-A signatures . 47
History . 50


ETSI

---------------------- Page: 3 ----------------------
4 ETSI TS 119 134-3 V1.1.1 (2016-06)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (https://ipr.etsi.org/).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Foreword
This Technical Specification (TS) has been produced by ETSI Technical Committee Electronic Signatures and
Infrastructures (ESI).
The present document is part 3 of a multi-part deliverable covering XAdES digital signatures - Testing Conformance
and Interoperability. Full details of the entire series can be found in part 1 [i.1].
Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and
"cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of
provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
ETSI

---------------------- Page: 4 ----------------------
5 ETSI TS 119 134-3 V1.1.1 (2016-06)
1 Scope
The present document defines a number of test suites to assess the interoperability between implementations claiming
conformance to extended XAdES signatures as specified in ETSI EN 319 132-2 [2].
The present document defines test suites for each level defined in ETSI EN 319 132-2 [2].
Test suites also cover augmentation of extended XAdES signatures and negative test cases.
These test suites are agnostic of the PKI infrastructure. Any PKI infrastructure can be used including the one based on
EU Member States Trusted Lists.
2 References
2.1 Normative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
http://docbox.etsi.org/Reference.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are necessary for the application of the present document.
[1] ETSI EN 319 132-1: "Electronic Signatures and Infrastructures (ESI); XAdES digital signatures;
Part 1: Building blocks and XAdES baseline signatures".
[2] ETSI EN 319 132-2: "Electronic Signatures and Infrastructures (ESI); XAdES digital signatures;
Part 2: extended XAdES signatures".
[3] ETSI TS 119 134-2: "Electronic Signatures and Infrastructures (ESI); XAdES digital signature -
Testing Conformance and Interoperability; Part 2: Test suites for testing Interoperability of
XAdES baseline signatures".
2.2 Informative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
[i.1] ETSI TR 119 134-1: "Electronic Signatures and Infrastructures (ESI); XAdES digital signatures -
Testing Conformance and Interoperability; Part 1: Introduction".
[i.2] ETSI TR 119 001: "Electronic Signatures and Infrastructures (ESI); The framework for
standardization of signatures; Definitions and abbreviations".
[i.3] ETSI TR 119 000: "Electronic Signatures and Infrastructures (ESI); The framework for
standardization of signatures: overview".
ETSI

---------------------- Page: 5 ----------------------
6 ETSI TS 119 134-3 V1.1.1 (2016-06)
[i.4] ETSI EN 319 102-1: "Electronic Signatures and Infrastructures (ESI); Procedures for Creation and
Validation of AdES Digital Signatures; Part 1: Creation and Validation".
3 Definitions, symbols and abbreviations
3.1 Definitions
For the purposes of the present document, the terms and definitions given in ETSI TR 119 001 [i.2] and the following
apply:
negative test case: test case either for a signature that is not an extended XAdES signature, or for a signature whose
validation according to ETSI EN 319 102-1 [i.4] would not result in TOTAL_PASSED
3.2 Abbreviations
For the purposes of the present document, the abbreviations given in ETSI TR 119 001 [i.2] and the following apply:
CA Certification Authority
CRL Certificate Revocation List
OCSP Online Certificate Status Provider
TSA Time-Stamping Authority
4 Overview
This clause describes the overall approach used throughout the present document to specify test suites for extended
XAdES signatures as specified in ETSI EN 319 132-2 [2].
ETSI EN 319 132-2 [2] defines eight different levels of extended XAdES signatures.
The test suites are defined with different layers reflecting the levels of XAdES signatures specified in ETSI
EN 319 132-2 [2]. Below follows an overview.
The test suites for testing interoperability of extended XAdES signatures include:
• XAdES-E-BES signatures test cases;
• XAdES-E-EPES signatures test cases;
• XAdES-E-T signatures test cases;
• XAdES-E-C test cases;
• XAdES-E-X test cases;
• XAdES-E-X Long test cases; and
• XAdES-E-A signatures.
The test suites including negative test cases for extended XAdES signatures include:
• Negative test cases for XAdES-E-BES signatures;
• Negative test cases for XAdES-E-EPES signatures;
• Negative test cases for XAdES-E-T signatures; and
• Negative test cases for XAdES-E-A signatures.
ETSI

---------------------- Page: 6 ----------------------
7 ETSI TS 119 134-3 V1.1.1 (2016-06)
The test suites for testing augmentation of extended XAdES signatures include:
• Augmentation to XAdES-E-C signatures;
• Augmentation to XAdES-E-X signatures;
• Augmentation to XAdES-E-XL signatures; and
• Augmentation to XAdES-E-A signatures.
Certain XAdES extended signatures are also XAdES baseline signatures. In consequence, the present document defines
test suites for testing interoperability of extended XAdES signatures that include certain test cases already defined in
ETSI TS 119 134-2 [3].
Table 1 shows the prefixes used throughout the present document to refer to specific elements in the XAdES signature
associated to the URIs of the corresponding namespaces.
Table 1: Prefixes used
XML Namespace URI Prefix
http://www.w3.org/2000/09/xmldsig# ds
http://uri.etsi.org/01903/v1.3.2# xades
http://uri.etsi.org/01903/v1.4.1# xadesv141

5 Test suites for testing interoperability of extended
XAdES signatures
5.1 Introduction
Clause 5 presents a test suite for testing interoperability of extended XAdES signatures as specified in in ETSI
EN 319 132-2 [2].
5.2 Testing interoperability of XAdES-E-BES signatures
This clause presents a test suite for testing interoperability of XAdES-E-BES signatures as specified in in ETSI
EN 319 132-2 [2].
The test suite for testing interoperability XAdES-E-BES signatures as specified in ETSI EN 319 132-2 [2] shall include
the test cases defined in ETSI TS 119 134-2 [3], clause 5, Table 2 and the test cases defined in Table 2.

ETSI

---------------------- Page: 7 ----------------------
8 ETSI TS 119 134-3 V1.1.1 (2016-06)
Table 2: Test cases for XAdES-E-BES not covered in ETSI TS 119 134-2 [3] clause 5
TC ID Description Pass criteria Signature qualifying properties
XAdES/EBES/1 XAdES-E-BES signature signing one data object (a text file) and the Positive validation.
• No xades:QualifyingProperties
ds:KeyInfo element, which includes the signing certificate of the
• ds:KeyInfo with signing certificate of
signature.
the signature
The signature does not incorporate the xades:QualifyingProperties
• ds:KeyInfo is also signed by the
container.
signature
NOTE: This test case allows testing how applications process XAdES-E-
BES signatures that do not incorporate the
xades:SigningCertificateV2.
XAdES/EBES/2 XAdES-E-BES signature signing one data object (a text file) and the Positive validation.
• xades:SigningCertificateV2

xades:SignedProperties element.
Incorporates the xades:SigningCertificateV2 qualifying property.
XAdES/EBES/3 XAdES-E-BES signature signing two data objects, the Positive validation
• ds:KeyInfo with signing certificate of
xades:SignedProperties container, and the ds:KeyInfo element, the signature
which includes the signing certificate of the signature.
• ds:KeyInfo is also signed by the
The signature does not incorporate the xades:SigningCertificateV2
signature
qualifying property.
• xades:SigningTime
Incorporates the xades:SigningTime qualifying property.
• xades:DataObjectFormat
Incorporates one xades:DataObjectFormat for one of the signed data
• xades:CommitmentTypeIndication (with
objects.
one xades:ObjectReference element)
Incorporates one xades:CommitmentTypeIndication qualifying
• xades:SignatureProductionPlaceV2
property expressing a commitment for one of the signed data objects.
• xades:SignerRoleV2 (with one
Incorporates one xades:SignatureProductionPlaceV2 qualifying
xades:SignedAssertion element and with
property.
one
Incorporates one X509 Attribute certificate and one signed assertion within
CertifiedRole/X509AttributeCertificate
the xades:SignerRoleV2 qualifying property.
• xades:CounterSignature
Incorporates the xades:SignatureProductionPlaceV2 qualifying
• xades:IndividualDataObjectTimeStamp
property.
Incorporates one xades:CounterSignature qualifying property.
Incorporates one xades:IndividualDataTimeStamp encapsulating a
time-stamp token that time-stamps one of the signed data objects as
specified in ETSI EN 319 132-1 [1] generated by a TSA that is within the
same hierarchy as the signing certificate of the signature.
ETSI

---------------------- Page: 8 ----------------------
9 ETSI TS 119 134-3 V1.1.1 (2016-06)
5.3 Test-suite for testing interoperability of XAdES-E-EPES
signatures
This clause defines one test suite for testing interoperability of XAdES-E-EPES signatures.
The test suite for testing interoperability XAdES-E-EPES signatures as specified in ETSI EN 319 132-2 [2] shall
include the test cases defined in ETSI TS 119 134-2 [3], clause 5, Table 3 and the test cases defined in Table 3.
ETSI

---------------------- Page: 9 ----------------------
10 ETSI TS 119 134-3 V1.1.1 (2016-06)
Table 3: Test cases for XAdES-E-EPES signatures not covered in ETSI TS 119 134-2 [3] clause 5
TC ID Description Pass criteria Signature qualifying properties
XAdES/EEPES/1 XAdES-E-EPES signature signing one data object (a text file), the Positive validation
• ds:KeyInfo with signing certificate of
ds:KeyInfo element, which includes the signing certificate of the the signature
signature, and the xades:SignedProperties container.
• ds:KeyInfo is also signed by the
The signature does not incorporate the xades:SigningCertificateV2 signature
qualifying property.
• xades:SignaturePolicyIdentifier (with
Incorporates one xades:SignaturePolicyIdentifier qualifying xades:SignaturePolicyHash element and
xades:SPURI and xades:UserNotice
property containing a xades:SignaturePolicyHash element and the
qualifiers)
following qualifiers: xades:SPURI, and xades:UserNotice.
XAdES/EEPES/2 XAdES-E-EPES signature signing one data object (a text file), the Positive validation • ds:KeyInfo with signing certificate of
ds:KeyInfo element, which includes the signing certificate of the the signature
signature, and the xades:SignedProperties container.
• ds:KeyInfo is also signed by the
The signature does not incorporate the xades:SigningCertificateV2 signature
qualifying property.
• xades:SignaturePolicyIdentifier (with
Incorporates one xades:SignaturePolicyIdentifier qualifying xades:SignaturePolicyHash element and
xades:SPURI and
property containing a xades:SignaturePolicyHash element and the
xadesv141:SPDocSpecification
following qualifiers: xades:SPURI, and
qualifiers)
xadesv141:SPDocSpecification. This last qualifier specifies how to
compute the digest value of the signature policy document.
NOTE: At the time the present document was produced no technical
specification within ETSI TR 119 000 [i.3] was available
specifying a syntax for defining a signature policy. The test case
is nevertheless incorporated in order it can be used when such
specification(s) are produced.
XAdES/EEPES/3 XAdES-E-EPES signature signing one data object (a text file), the Positive validation
• ds:KeyInfo with signing certificate of
ds:KeyInfo element, which includes the signing certificate of the
the signature
signature, and the xades:SignedProperties container.
• ds:KeyInfo is also signed by the
The signature does not incorporate the xades:SigningCertificateV2 signature
qualifying property. • xades:SignaturePolicyIdentifier (with
Incorporates one xades:SignaturePolicyIdentifier qualifying
xades:SignaturePolicyHash element and
property containing a xades:SignaturePolicyHash element and the xades:SPURI and xades:UserNotice
qualifiers)
following qualifiers: xades:SPURI, and xades:UserNotice.
• xadesv141:SignaturePolicyStore (with
Incorporates one xadesv141:SignaturePolicyStore qualifying
xadesv141:SignaturePolicyDocument
property containing a xadesv141:SignaturePolicyDocument element.
element)

ETSI

---------------------- Page: 10 ----------------------
11 ETSI TS 119 134-3 V1.1.1 (2016-06)
5.4 Test-suite for testing interoperability of XAdES-E-T
signatures
This clause defines one test suite for testing interoperability of XAdES-E-T signatures.
The test suite for testing interoperability XAdES-E-T signatures as specified in ETSI EN 319 132-2 [2] shall include the
test cases defined in ETSI TS 119 134-2 [3], clause 6 and the test cases defined in Table 4.
ETSI

---------------------- Page: 11 ----------------------
12 ETSI TS 119 134-3 V1.1.1 (2016-06)
Table 4: Test cases for XAdES-E-T signatures that are not covered in ETSI TS 119 134-2 [3] clause 6
TC ID Description Pass criteria Signature qualifying properties
XAdES/ET/1 XAdES signature as specified in test case XAdES/EBES/1 with the Positive validation
• ds:KeyInfo with signing certificate of
incorporation of a xades:SignatureTimeStamp qualifying property the signature
encapsulating one time-stamp token generated by a TSA that is within the
• ds:KeyInfo is also signed by the
same hierarchy as the signing certificate of the signature.
signature
• xades:SignatureTimeStamp
(encapsulating one time-stamp token)
XAdES/ET/2 XAdES-E-T signature signing one data object (text file) and the Positive validation
• xades:SigningCertificateV2
xades:IndividualDataObjectsTimeStamp container.
• xades:SignatureTimeStamp (with two
It incorporates the xades:SigningCertificateV2 qualifying property.
time-stamp tokens generated by TSA1
It incorporates a xades:SignatureTimeStamp qualifying property and TSA2)
encapsulating TWO time-stamp tokens. One of them is generated by a
TSA1 that is within the same hierarchy as the signing certificate of the
signature. The other is generated by a TSA2 that is not within the hierarchy
of the signing certificate of the signature.
XAdES/ET/3 XAdES signature as specified in test case XAdES/EBES/1 with the Positive validation
• ds:KeyInfo with signing certificate of
incorporations mentioned below. the signature
Incorporates one xades:IndividualDataObjectsTimeStamp
• ds:KeyInfo is also signed by the
encapsulating a time-stamp token that time-stamps one of the signed data
signature
objects as specified in ETSI EN 319 132-1 [1].
• xades:IndividualDataObjectsTimeStamp
Incorporates a xades:SignatureTimeStamp qualifying property
• xades:SignatureTimeStamp
encapsulating one time-stamp token.
(encapsulating one time-stamp token)
The two time-stamps are generated by the same TSA that is within the
same hierarchy as the signing certificate of the signature.
XAdES/ET/4 XAdES signature as specified in test case XAdES/EBES/1 with the Positive validation • ds:KeyInfo with signing certificate of
incorporations mentioned below.
the signature
Incorporates two xades:SignatureTimeStamp qualifying properties,
• ds:KeyInfo is also signed by the
each one encapsulating one time-stamp token generated by different TSAs.
signature
These TSAs are within different trust hierarchies.
• xades:SignatureTimeStamp
NOTE: This will allow to define test cases for having different
(encapsulating one time-stamp token
xadesv141:TimeStampValidationData qualifying properties
generated by one TSA1)
associated to different xades:SignatureTimeStamp qualifying
• xades:SignatureTimeStamp
properties
(encapsulating one time-stamp token
generated by a TSA2 different from the
previous one, within a different trust
hierarchy)
ETSI

---------------------- Page: 12 ----------------------
13 ETSI TS 119 134-3 V1.1.1 (2016-06)
TC ID Description Pass criteria Signature qualifying properties
XAdES/ET/5 XAdES signature as specified in test case XAdES/EBES/3 with the Positive validation
• ds:KeyInfo with signing certificate of
incorporations mentioned below.
the signature
Incorporates one xades:SignatureTimeStamp qualifying propertiy
• ds:KeyInfo is also signed by the
encapsulating one time-stamp token generated by a TSA that is within the
signature
same hierarchy as the signing certificate of the signature.
• xades:SigningTime
• xades:DataObjectFormat
• xades:CommitmentTypeIndication (with
one xades:ObjectReference element)
• xades:SignatureProductionPlaceV2
• xades:SignerRoleV2 (with one
xades:SignedAssertion element and with
one
CertifiedRole/X509AttributeCertificate
• xades:CounterSignature
• xades:IndividualDataObjectTimeStamp
• xades:SignatureTimeStamp
(encapsulating one time-stamp token)

ETSI

---------------------- Page: 13 ----------------------
14 ETSI TS 119 134-3 V1.1.1 (2016-06)
5.5 Test-suite for testing interoperability of XAdES-E-C
signatures
This clause defines one test suite for testing interoperability of XAdES-E-C signatures.
The test suite for testing interoperability XAdES-E-C signatures as specified in ETSI EN 319 132-2 [2] shall include the
test cases defined in Table 5.
ETSI

---------------------- Page: 14 ----------------------
15 ETSI TS 119 134-3 V1.1.1 (2016-06)
Table 5: Test cases for XAdES-E-C signatures
TC ID Description Pass criteria Signature qualifying properties
XAdES/EC/1 XAdES-E-C signature signing one data object (a text file) and the Positive validation
• xades:SigningCertificateV2
xades:SignedProperties container.
• xades:SignatureTimeStamp
It incorporates the xades:SigningCertificateV2 qualifying property.
• xadesv141:CompleteCertificateRefsV2
It incorporates the xades:SignatureTimeStamp qualifying property
• xades:CompleteRevocationRefs (with
encapsulating one time-stamp token generated by a TSA that is within the
references to CRLs)
same hierarchy as the signing certificate of the signature.
It incorporates the xadesv141:CompleteCertificateRefsV2 qualifying
property.
It incorporates the xades:CompleteRevocationRefs qualifying property,
containing references to CRLs.
XAdES/EC/2 XAdES-E-C signature signing one data object (a text file) and the Positive validation
• xades:SigningCertificateV2
xades:SignedProperties container.
• xades:SignatureTimeStamp
It incorporates the xades:SigningCertificateV2 qualifying property.
• xadesv141:CompleteCertificateRefsV2
It incorporates the xades:SignatureTimeStamp qualifying property
• xades:CompleteRevocationRefs (with
encapsulating one time-stamp token generated by a TSA that is within the
references to OCSP responses)
same hierarchy as the signing certificate of the signature.
It incorporates the xadesv141:CompleteCertificateRefsV2 qualifying
property.
It incorporates the xades:CompleteRevocationRefs qualifying property,
containing references to OCSP responses.
XAdES/EC/3 XAdES-E-C signature signing one data object (a text file) and the Positive validation
• xades:SigningCertificateV2
xades:SignedProperties container.
• xades:SignerRoleV2 with one
It incorporates one X509 Attribute certificate and one signed assertion within
CertifiedRole/X509AttributeCertificate
the xades:SignerRoleV2 qualifying property.
• xadesv141:CompleteCertificateRefsV2
It incorporates the xades:SigningCertificateV2 qualifying property.
• xadesv141:AttributeCertificateRefsV2
It incorporates the xades:SignatureTimeStamp qualifying property
• xades:CompleteRevocationRefs (with
encapsulating one time-stamp token generated by a TSA that is within the
references to CRLs)
same hierarchy as the signing certificate of the signature.
• xades:AttributeRevocationRefs (with
It incorporates the xadesv141:CompleteCertificateRefsV2 qualifying
references to CRLs)
property.
It incorporates the xadesv141:AttributeCertificateRefsV2
qualify
...