ETSI TS 119 134-4 V1.1.1 (2016-06)

ETSI TS 119 134-4 V1.1.1 (2016-06)






TECHNICAL SPECIFICATION
Electronic Signatures and Infrastructures (ESI);
XAdES digital signatures -
Testing Conformance and Interoperability;
Part 4: Testing Conformance of XAdES baseline signatures

---------------------- Page: 1 ----------------------
2 ETSI TS 119 134-4 V1.1.1 (2016-06)



Reference
DTS/ESI-0019134-4
Keywords
conformance, e-commerce, electronic signature,
profile, security, testing, XAdES
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the
print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© European Telecommunications Standards Institute 2016.
All rights reserved.

TM TM TM
DECT , PLUGTESTS , UMTS and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members.
TM
3GPP and LTE™ are Trade Marks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.
ETSI

---------------------- Page: 2 ----------------------
3 ETSI TS 119 134-4 V1.1.1 (2016-06)
Contents
Intellectual Property Rights . 7
Foreword . 7
Modal verbs terminology . 7
1 Scope . 8
2 References . 8
2.1 Normative references . 8
2.2 Informative references . 9
3 Abbreviations . 9
4 Overview . 9
5 Testing conformance to B-B level of XAdES signatures . 11
5.1 General . 11
5.2 Testing XML Signature elements and containers of XAdES qualifying properties . 12
5.2.1 Testing XML Signature elements . 12
5.2.1.1 Testing ds:Signature element . 12
5.2.1.2 Testing ds: Reference element . 12
5.2.1.2.1 Test assertions common to XAdES baseline and extended signatures . 12
5.2.1.2.2 Testing ds: Transforms element . 12
5.2.1.3 Testing ds: Canonicalization element. 12
5.2.1.4 Testing ds:SignatureValue element . 13
5.2.1.4.1 Test assertions common to XAdES baseline and extended signatures . 13
5.2.1.5 Testing ds: KeyInfo element . 13
5.2.1.5.1 Test assertions common to XAdES baseline and extended signatures . 13
5.2.1.5.2 Test assertions specific to XAdES baseline signatures. 13
5.2.2 Testing containers of XAdES qualifying properties . 14
5.2.2.1 Testing incorporation of XAdES qualifying properties to the signature . 14
5.2.2.2 Testing xades:QualifyingProperties . 14
5.2.2.2.1 Test assertions common to XAdES baseline and extended signatures . 14
5.2.2.2.2 Test assertions specific to XAdES baseline signatures. 14
5.2.2.3 Testing xades:SignedProperties . 15
5.2.2.3.1 Test assertions specific to XAdES baseline signatures. 15
5.2.2.4 Testing xades:SignedSignatureProperties . 15
5.2.2.4.1 Test assertions specific to XAdES baseline signatures. 15
5.2.2.5 Testing xades:SignedDataObjectProperties . 15
5.2.2.5.1 Test assertions common to XAdES baseline and extended signatures . 15
5.2.2.5.2 Test assertions specific to XAdES baseline signatures. 16
5.2.2.6 Testing xades:UnSignedProperties . 16
5.2.2.6.1 Test assertions common to XAdES baseline and extended signatures . 16
5.2.2.6.2 Test assertions specific to XAdES baseline signatures. 16
5.2.2.7 Testing xades:UnSignedSignatureProperties . 16
5.2.2.7.1 Test assertions common to XAdES baseline and extended signatures . 16
5.2.2.7.2 Test assertions specific to XAdES baseline signatures. 16
5.2.2.8 Testing xades:UnSignedDataObjectProperties . 17
5.2.2.8.1 Test assertions common to XAdES baseline and extended signatures . 17
5.3 Testing XAdES qualifying properties . 17
5.3.1 Testing xades:SigningTime element . 17
5.3.1.1 Test assertions specific to XAdES baseline signatures . 17
5.3.2 Testing xades:SigningCertificateV2 element . 17
5.3.2.1 Test assertions common to XAdES baseline and extended signatures . 17
5.3.2.2 Test assertions specific to XAdES baseline signatures . 18
5.3.3 Testing xades:CommitmentTypeIndication element . 18
5.3.3.1 Test assertions common to XAdES baseline and extended signatures . 18
5.3.4 Testing xades:DataObjectFormat element . 18
5.3.4.1 Test assertions common to XAdES baseline and extended signatures . 18
5.3.4.2 Test assertions specific to XAdES baseline signatures . 19
ETSI

---------------------- Page: 3 ----------------------
4 ETSI TS 119 134-4 V1.1.1 (2016-06)
5.3.5 Testing xades:SignatureProductionPlaceV2 element . 20
5.3.5.1 Test assertions common to XAdES baseline and extended signatures . 20
5.3.6 Testing xades:SignerRoleV2 element . 20
5.3.6.1 Test assertions common to XAdES baseline and extended signatures . 20
5.3.7 Testing xades:CounterSignature element . 21
5.3.7.1 Test assertions common to XAdES baseline and extended signatures . 21
5.3.8 Testing xades:AllDataObjectsTimeStamp element . 21
5.3.8.1 Test assertions common to XAdES baseline and extended signatures . 21
5.3.9 Testing xades:IndividualDataObjectsTimeStamp element . 22
5.3.9.1 Test assertions common to XAdES baseline and extended signatures . 22
5.3.10 Testing xades:SignaturePolicyIdentifier element . 22
5.3.10.1 Test assertions common to XAdES baseline and extended signatures . 22
5.3.10.2 Testing xades:SPURI signature policy qualifier . 23
5.3.10.2.1 Test assertions common to XAdES baseline and extended signatures . 23
5.3.10.3 Testing xadesv141:SPDocSpecification signature policy qualifier . 23
5.3.10.3.1 Test assertions common to XAdES baseline and extended signatures . 23
5.3.11 Testing xadesv141:SignaturePolicyStore . 23
5.3.11.1 Test assertions common to XAdES baseline and extended signatures . 23
5.3.12 Testing xadesv141:CompleteCertificateRefsV2 element . 24
5.3.12.1 Test assertions common to XAdES baseline and extended signatures . 24
5.3.12.2 Test assertions specific to XAdES baseline signatures . 24
5.3.13 Testing xadesv141:AttributeCertificateRefsV2 element . 25
5.3.13.1 Test assertions common to XAdES baseline and extended signatures . 25
5.3.13.2 Test assertions specific to XAdES baseline signatures . 25
5.3.14 Testing xades:CompleteRevocationRefs element . 26
5.3.14.1 Test assertions common to XAdES baseline and extended signatures . 26
5.3.14.2 Test assertions specific to XAdES baseline signatures . 27
5.3.15 Testing xades:AttributeRevocationRefs element . 27
5.3.15.1 Test assertions common to XAdES baseline and extended signatures . 27
5.3.15.2 Test assertions specific to XAdES baseline signatures . 28
5.3.16 Testing xadesv141:SigAndRefsTimeStampV2 element . 28
5.3.16.1 Test assertions common to XAdES baseline and extended signatures . 28
5.3.16.2 Test assertions specific to XAdES baseline signatures . 29
5.3.17 Testing xadesv141:RefsOnlyTimeStampV2 element . 29
5.3.17.1 Test assertions common to XAdES baseline and extended signatures . 29
5.3.17.2 Test assertions specific to XAdES baseline signatures . 30
6 Testing conformance to B-T level of XAdES signatures . 30
6.1 General requirements . 30
6.2 Testing xades:SignatureTimeStamp element . 30
6.2.1 Test assertions common to XAdES baseline and extended signatures . 30
6.2.2 Test assertions specific to XAdES baseline signatures . 31
7 Testing conformance to B-LT level of XAdES signatures. 31
7.1 General requirements . 31
7.1.1 Core requirements . 31
7.1.2 Test assertions for testing properties containing references to validation data . 31
7.1.3 Test assertions for testing properties from upper levels . 32
7.2 Testing xades:CertificateValues element . 33
7.2.1 Test assertions common to XAdES baseline and extended signatures . 33
7.2.2 Test assertions specific to XAdES baseline signatures . 33
7.3 Testing xades:RevocationValues element . 33
7.3.1 Test assertions common to XAdES baseline and extended signatures . 33
7.3.2 Test assertions specific to XAdES baseline signatures . 34
7.4 Testing xades:AttrAuthoritiesCertValues element . 34
7.4.1 Test assertions common to XAdES baseline and extended signatures . 34
7.4.2 Test assertions specific to XAdES baseline signatures . 34
7.5 Testing xades:AttributeRevocationValues element . 35
7.5.1 Test assertions common to XAdES baseline and extended signatures . 35
7.5.2 Test assertions specific to XAdES baseline signatures . 35
7.6 Testing xadesv141:TimeStampValidationData element . 35
7.6.1 Test assertions common to XAdES baseline and extended signatures . 35
ETSI

---------------------- Page: 4 ----------------------
5 ETSI TS 119 134-4 V1.1.1 (2016-06)
8 Testing conformance to B-LTA level of XAdES signatures . 36
8.1 General requirements . 36
8.2 Testing xadesv141:ArchiveTimeStamp element . 37
8.2.1 Common tests for distributed and not distributed cases . 37
8.2.1.1 Test assertions common to XAdES baseline and extended signatures . 37
8.2.1.2 Test assertions specific to XAdES baseline signatures . 37
8.3 Testing xadesv141:RenewedDigests element. 37
8.3.1 Test assertions common to XAdES baseline and extended signatures . 37
8.3.2 Test assertions specific to XAdES baseline signatures . 38
Annex A (normative): Test assertions derived from XML Schema . 39
A.0 Introduction . 39
A.1 Testing auxiliary types contents . 40
A.1.1 Introduction . 40
A.1.2 Testing xades:ObjectIdentifierType insta nce s . 40
A.1.3 Testing xades:EncapsulatedPKIDataType instances . 41
A.1.4 Testing xades:XAdESTimeStampType instances . 42
A.1.4.1 Introduction. 42
A.1.4.2 Testing xades:IncludeType instances. 42
A.1.5 Testing Lists of references to certificates. . 43
A.1.5.1 Testing xades:CertIDListV2Type instances . 43
A.1.5.2 Testing xades:CertIDTypeV2 instances . 43
A.1.5.3 Testing xades:DigestAlgAndValueType instances . 44
A.1.5.4 Testing xades:IssuerSerialV2 element . 45
A.2 Testing containers for XAdES signatures . 45
A.2.1 Testing xades:QualifyingProperties . 45
A.2.1.1 Testing xades:QualifyingProperties element . 45
A.2.1.2 Testing xades:SignedProperties . 46
A.2.1.2.1 Testing xades:SignedProperties element . 46
A.2.1.2.2 Testing xades:SignedSignatureProperties . 46
A.2.1.2.3 Testing xades:SignedDataObjectProperties . 46
A.2.1.3 Testing xades:UnsignedProperties . 47
A.2.1.3.1 Testing xades:UnsignedProperties element . 47
A.2.1.3.2 Testing xades:UnsignedSignatureProperties . 47
A.2.1.3.3 Testing xades:UnsignedDataObjectProperties . 47
A.3 Testing XAdES qualifying properties . 48
A.3.1 Introduction . 48
A.3.2 Testing xades:SigningTime . 48
A.3.3 Testing xades:SigningCertificateV2 . 48
A.3.4 Testing xades:CommitmentTypeIndication . 48
A.3.5 Testing xades:DataObjectFormat . 50
A.3.6 Testing xades:SignatureProductionPlaceV2 element . 51
A.3.7 Testing xades:SignerRoleV2 element . 51
A.3.8 Testing xades:CounterSignature . 52
A.3.9 Testing xades:AllDataObjectsTimeStamp . 52
A.3.10 Testing xades:IndividualDataObjectsTimeStamp . 53
A.3.11 Testing xades:SignaturePolicyIdentifier . 53
A.3.11.1 Testing xades:SignaturePolicyIdentifier element . 53
A.3.11.2 Testing xades:SPURI qualifier . 54
A.3.11.3 Testing xades:SPUserNotice qualifier . 54
A.3.11.4 Testing xadesv141:SPDocSpecification qualifier . 56
A.3.12 Testing xadesv141:SignaturePolicyStore . 56
A.3.13 Testing xades:SignatureTimeStamp . 57
A.3.14 Testing xadesv141:CompleteCertificateRefsTypeV2 and xadesv141: AttributeCertificateRefsV2
content . 57
A.3.15 Testing xades:CompleteRevocationRefsType content . 57
A.3.15.1 Testing root element . 57
A.3.15.2 Testing xades:CRLRefs . 58
A.3.15.3 Testing xades:OCSPRefs . 59
ETSI

---------------------- Page: 5 ----------------------
6 ETSI TS 119 134-4 V1.1.1 (2016-06)
A.3.15.4 Testing xades:OtherRefs . 61
A.3.16 Testing xadesv141:SigAndRefsTimeStampV2 . 62
A.3.17 Testing xadesv141:RefsOnlyTimeStampV2 . 62
A.3.18 Testing xades:CertificateValuesType content . 62
A.3.19 Testing xades:RevocationValuesType content . 62
A.3.20 Testing xadesv141:TimeStampValidationData . 63
A.3.21 Testing xadesv141:ArchiveTimeStamp . 64
A.3.22 Testing xadesv141:RenewedDigests . 64
History . 65

ETSI

---------------------- Page: 6 ----------------------
7 ETSI TS 119 134-4 V1.1.1 (2016-06)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (https://ipr.etsi.org/).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not refe
...