conf.test_constraint.xml Maven / Gradle / Ivy
<ConstraintsParameters Name="QES AdESQC TL based" xmlns="http://dss.esig.europa.eu/validation/policy">
<Description>RIA customized validation policy</Description>
<SignatureConstraints>
<StructuralValidation Level="INFORM"/>
<AcceptablePolicies Level="FAIL">
<Id>ANY_POLICY</Id>
<Id>NO_POLICY</Id>
</AcceptablePolicies>
<PolicyAvailable Level="FAIL"/>
<PolicyHashMatch Level="INFORM"/>
<AcceptableFormats Level="FAIL">
<Id>*</Id> <!-- ALL -->
</AcceptableFormats>
<BasicSignatureConstraints>
<ReferenceDataExistence Level="FAIL"/>
<ReferenceDataIntact Level="FAIL"/>
<SignatureIntact Level="FAIL"/>
<SignatureDuplicated Level="FAIL"/>
<ProspectiveCertificateChain Level="FAIL"/>
<SignerInformationStore Level="FAIL"/>
<SigningCertificate>
<Recognition Level="FAIL"/>
<Signature Level="FAIL"/>
<NotExpired Level="INFORM"/>
<AuthorityInfoAccessPresent Level="WARN"/>
<RevocationInfoAccessPresent Level="WARN"/>
<RevocationDataAvailable Level="FAIL"/>
<RevocationDataNextUpdatePresent Level="WARN"/>
<RevocationDataFreshness Level="FAIL"/>
<KeyUsage Level="FAIL">
<Id>nonRepudiation</Id>
</KeyUsage>
<SerialNumberPresent Level="FAIL"/>
<NotRevoked Level="FAIL"/>
<NotOnHold Level="FAIL"/>
<NotSelfSigned Level="FAIL"/>
<UsePseudonym Level="INFORM"/>
<Cryptographic Level="FAIL">
<AcceptableEncryptionAlgo>
<Algo>RSA</Algo>
<Algo>DSA</Algo>
<Algo>ECDSA</Algo>
</AcceptableEncryptionAlgo>
<MiniPublicKeySize>
<Algo Size="1024">RSA</Algo>
<Algo Size="128">DSA</Algo>
<Algo Size="192">ECDSA</Algo>
</MiniPublicKeySize>
<AcceptableDigestAlgo>
<Algo>SHA1</Algo>
<Algo>SHA224</Algo>
<Algo>SHA256</Algo>
<Algo>SHA384</Algo>
<Algo>SHA512</Algo>
<Algo>SHA3-224</Algo>
<Algo>SHA3-256</Algo>
<Algo>SHA3-384</Algo>
<Algo>SHA3-512</Algo>
<Algo>RIPEMD160</Algo>
</AcceptableDigestAlgo>
</Cryptographic>
</SigningCertificate>
<CACertificate>
<Signature Level="FAIL"/>
<NotExpired Level="FAIL"/>
<RevocationDataAvailable Level="FAIL"/>
<RevocationDataNextUpdatePresent Level="WARN"/>
<RevocationDataFreshness Level="FAIL"/>
<NotRevoked Level="FAIL"/>
<NotOnHold Level="FAIL"/>
<Cryptographic Level="FAIL">
<AcceptableEncryptionAlgo>
<Algo>RSA</Algo>
<Algo>DSA</Algo>
<Algo>ECDSA</Algo>
</AcceptableEncryptionAlgo>
<MiniPublicKeySize>
<Algo Size="1024">RSA</Algo>
<Algo Size="128">DSA</Algo>
<Algo Size="192">ECDSA</Algo>
</MiniPublicKeySize>
<AcceptableDigestAlgo>
<Algo>SHA1</Algo>
<Algo>SHA224</Algo>
<Algo>SHA256</Algo>
<Algo>SHA384</Algo>
<Algo>SHA512</Algo>
<Algo>SHA3-224</Algo>
<Algo>SHA3-256</Algo>
<Algo>SHA3-384</Algo>
<Algo>SHA3-512</Algo>
<Algo>RIPEMD160</Algo>
</AcceptableDigestAlgo>
</Cryptographic>
</CACertificate>
<Cryptographic Level="FAIL">
<AcceptableEncryptionAlgo>
<Algo>RSA</Algo>
<Algo>DSA</Algo>
<Algo>ECDSA</Algo>
</AcceptableEncryptionAlgo>
<MiniPublicKeySize>
<Algo Size="1024">RSA</Algo>
<Algo Size="128">DSA</Algo>
<Algo Size="192">ECDSA</Algo>
</MiniPublicKeySize>
<AcceptableDigestAlgo>
<Algo>SHA1</Algo>
<Algo>SHA224</Algo>
<Algo>SHA256</Algo>
<Algo>SHA384</Algo>
<Algo>SHA512</Algo>
<Algo>SHA3-224</Algo>
<Algo>SHA3-256</Algo>
<Algo>SHA3-384</Algo>
<Algo>SHA3-512</Algo>
<Algo>RIPEMD160</Algo>
</AcceptableDigestAlgo>
</Cryptographic>
</BasicSignatureConstraints>
<SignedAttributes>
<SigningCertificatePresent Level="FAIL"/>
<UnicitySigningCertificate Level="WARN"/>
<CertDigestPresent Level="FAIL"/>
<CertDigestMatch Level="FAIL"/>
<IssuerSerialMatch Level="WARN"/>
<SigningTime Level="FAIL"/>
<MessageDigestOrSignedPropertiesPresent Level="FAIL" />
<!--<ContentType Level="FAIL" value="1.2.840.113549.1.7.1" />
<ContentHints Level="FAIL" value="*" />
<CommitmentTypeIndication Level="FAIL">
<Id>1.2.840.113549.1.9.16.6.1</Id>
<Id>1.2.840.113549.1.9.16.6.4</Id>
<Id>1.2.840.113549.1.9.16.6.5</Id>
<Id>1.2.840.113549.1.9.16.6.6</Id>
</CommitmentTypeIndication>
<SignerLocation Level="FAIL" />
<ContentTimeStamp Level="FAIL" /> -->
</SignedAttributes>
<UnsignedAttributes>
<!-- <CounterSignature Level="IGNORE" /> check presence -->
</UnsignedAttributes>
</SignatureConstraints>
<CounterSignatureConstraints>
<BasicSignatureConstraints>
<ReferenceDataExistence Level="FAIL"/>
<ReferenceDataIntact Level="FAIL"/>
<SignatureIntact Level="FAIL"/>
<ProspectiveCertificateChain Level="FAIL"/>
<!-- <TrustedServiceTypeIdentifier Level="WARN"> -->
<!-- <Id>http://uri.etsi.org/TrstSvc/Svctype/CA/QC</Id> -->
<!-- </TrustedServiceTypeIdentifier> -->
<!-- <TrustedServiceStatus Level="FAIL"> -->
<!-- <Id>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/undersupervision</Id> -->
<!-- <Id>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/accredited</Id> -->
<!-- <Id>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/supervisionincessation</Id> -->
<!-- <Id>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</Id> -->
<!-- <Id>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/withdrawn</Id> -->
<!-- </TrustedServiceStatus> -->
<SigningCertificate>
<Recognition Level="FAIL"/>
<Signature Level="FAIL"/>
<NotExpired Level="FAIL"/>
<AuthorityInfoAccessPresent Level="WARN"/>
<RevocationInfoAccessPresent Level="WARN"/>
<RevocationDataAvailable Level="FAIL"/>
<RevocationDataNextUpdatePresent Level="WARN"/>
<RevocationDataFreshness Level="FAIL"/>
<KeyUsage Level="WARN">
<Id>nonRepudiation</Id>
</KeyUsage>
<SerialNumberPresent Level="WARN"/>
<NotRevoked Level="FAIL"/>
<NotOnHold Level="FAIL"/>
<NotSelfSigned Level="FAIL"/>
<!-- <IssuedToNaturalPerson Level="INFORM" /> -->
<!-- <IssuedToLegalPerson Level="INFORM" /> -->
<UsePseudonym Level="INFORM"/>
<Cryptographic/>
</SigningCertificate>
<CACertificate>
<Signature Level="FAIL"/>
<NotExpired Level="FAIL"/>
<RevocationDataAvailable Level="FAIL"/>
<RevocationDataNextUpdatePresent Level="WARN"/>
<RevocationDataFreshness Level="FAIL"/>
<NotRevoked Level="FAIL"/>
<NotOnHold Level="FAIL"/>
<Cryptographic/>
</CACertificate>
<Cryptographic/>
</BasicSignatureConstraints>
<SignedAttributes>
<SigningCertificatePresent Level="FAIL"/>
<CertDigestPresent Level="FAIL"/>
<CertDigestMatch Level="FAIL"/>
<IssuerSerialMatch Level="WARN"/>
<SigningTime Level="FAIL"/>
<MessageDigestOrSignedPropertiesPresent Level="FAIL"/>
<!-- <ContentType Level="FAIL" value="1.2.840.113549.1.7.1" />
<ContentHints Level="FAIL" value="*" />
<CommitmentTypeIndication Level="FAIL">
<Id>1.2.840.113549.1.9.16.6.1</Id>
<Id>1.2.840.113549.1.9.16.6.4</Id>
<Id>1.2.840.113549.1.9.16.6.5</Id>
<Id>1.2.840.113549.1.9.16.6.6</Id>
</CommitmentTypeIndication>
<SignerLocation Level="FAIL" />
<ContentTimeStamp Level="FAIL" /> -->
</SignedAttributes>
</CounterSignatureConstraints>
<Timestamp>
<TimestampDelay Level="IGNORE" Unit="DAYS" Value="0"/>
<RevocationTimeAgainstBestSignatureTime Level="FAIL"/>
<BestSignatureTimeBeforeExpirationDateOfSigningCertificate Level="FAIL"/>
<Coherence Level="FAIL"/>
<BasicSignatureConstraints>
<ReferenceDataExistence Level="FAIL"/>
<ReferenceDataIntact Level="FAIL"/>
<SignatureIntact Level="FAIL"/>
<ProspectiveCertificateChain Level="FAIL"/>
<TrustedServiceTypeIdentifier Level="FAIL">
<Id>http://uri.etsi.org/TrstSvc/Svctype/TSA</Id>
<Id>http://uri.etsi.org/TrstSvc/Svctype/TSA/QTST</Id>
<Id>http://uri.etsi.org/TrstSvc/Svctype/TSA/TSS-QC</Id>
<Id>http://uri.etsi.org/TrstSvc/Svctype/TSA/TSS-AdESQCandQES</Id>
</TrustedServiceTypeIdentifier>
<TrustedServiceStatus Level="FAIL">
<Id>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/undersupervision</Id>
<Id>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/accredited</Id>
<Id>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/supervisionincessation</Id>
<Id>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</Id>
<Id>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/recognisedatnationallevel</Id>
</TrustedServiceStatus>
<SigningCertificate>
<Recognition Level="FAIL"/>
<Signature Level="FAIL"/>
<NotExpired Level="FAIL"/>
<RevocationDataAvailable Level="FAIL"/>
<RevocationDataNextUpdatePresent Level="WARN"/>
<RevocationDataFreshness Level="FAIL"/>
<ExtendedKeyUsage Level="FAIL">
<Id>timeStamping</Id>
</ExtendedKeyUsage>
<NotRevoked Level="FAIL"/>
<NotOnHold Level="FAIL"/>
<NotSelfSigned Level="FAIL"/>
<Cryptographic Level="FAIL">
<AcceptableEncryptionAlgo>
<Algo>RSA</Algo>
<Algo>DSA</Algo>
<Algo>ECDSA</Algo>
</AcceptableEncryptionAlgo>
<MiniPublicKeySize>
<Algo Size="1024">RSA</Algo>
<Algo Size="128">DSA</Algo>
<Algo Size="256">ECDSA</Algo>
</MiniPublicKeySize>
<AcceptableDigestAlgo>
<Algo>SHA1</Algo>
<Algo>SHA224</Algo>
<Algo>SHA256</Algo>
<Algo>SHA384</Algo>
<Algo>SHA512</Algo>
<Algo>SHA3-224</Algo>
<Algo>SHA3-256</Algo>
<Algo>SHA3-384</Algo>
<Algo>SHA3-512</Algo>
<Algo>RIPEMD160</Algo>
</AcceptableDigestAlgo>
</Cryptographic>
</SigningCertificate>
<CACertificate>
<Signature Level="FAIL"/>
<NotExpired Level="FAIL"/>
<RevocationDataAvailable Level="FAIL"/>
<RevocationDataNextUpdatePresent Level="WARN"/>
<RevocationDataFreshness Level="FAIL"/>
<NotRevoked Level="FAIL"/>
<NotOnHold Level="FAIL"/>
<Cryptographic Level="FAIL">
<AcceptableEncryptionAlgo>
<Algo>RSA</Algo>
<Algo>DSA</Algo>
<Algo>ECDSA</Algo>
</AcceptableEncryptionAlgo>
<MiniPublicKeySize>
<Algo Size="1024">RSA</Algo>
<Algo Size="128">DSA</Algo>
<Algo Size="256">ECDSA</Algo>
</MiniPublicKeySize>
<AcceptableDigestAlgo>
<Algo>SHA1</Algo>
<Algo>SHA224</Algo>
<Algo>SHA256</Algo>
<Algo>SHA384</Algo>
<Algo>SHA512</Algo>
<Algo>SHA3-224</Algo>
<Algo>SHA3-256</Algo>
<Algo>SHA3-384</Algo>
<Algo>SHA3-512</Algo>
<Algo>RIPEMD160</Algo>
</AcceptableDigestAlgo>
</Cryptographic>
</CACertificate>
<Cryptographic Level="FAIL">
<AcceptableEncryptionAlgo>
<Algo>RSA</Algo>
<Algo>DSA</Algo>
<Algo>ECDSA</Algo>
</AcceptableEncryptionAlgo>
<MiniPublicKeySize>
<Algo Size="128">DSA</Algo>
<Algo Size="1024">RSA</Algo>
<Algo Size="192">ECDSA</Algo>
</MiniPublicKeySize>
<AcceptableDigestAlgo>
<Algo>SHA1</Algo>
<Algo>SHA224</Algo>
<Algo>SHA256</Algo>
<Algo>SHA384</Algo>
<Algo>SHA512</Algo>
<Algo>SHA3-224</Algo>
<Algo>SHA3-256</Algo>
<Algo>SHA3-384</Algo>
<Algo>SHA3-512</Algo>
<Algo>RIPEMD160</Algo>
</AcceptableDigestAlgo>
</Cryptographic>
</BasicSignatureConstraints>
<SignedAttributes>
<SigningCertificatePresent Level="WARN"/>
<UnicitySigningCertificate Level="WARN"/>
<CertDigestPresent Level="WARN"/>
<CertDigestMatch Level="WARN"/>
<IssuerSerialMatch Level="WARN"/>
</SignedAttributes>
</Timestamp>
<Revocation>
<RevocationFreshness Level="IGNORE" Unit="DAYS" Value="0"/>
<UnknownStatus Level="FAIL" />
<BasicSignatureConstraints>
<ReferenceDataExistence Level="FAIL"/>
<ReferenceDataIntact Level="FAIL"/>
<SignatureIntact Level="FAIL"/>
<ProspectiveCertificateChain Level="FAIL"/>
<TrustedServiceTypeIdentifier Level="FAIL">
<Id>http://uri.etsi.org/TrstSvc/Svctype/CA/QC</Id>
<Id>http://uri.etsi.org/TrstSvc/Svctype/Certstatus/OCSP</Id>
<Id>http://uri.etsi.org/TrstSvc/Svctype/Certstatus/OCSP/QC</Id>
</TrustedServiceTypeIdentifier>
<TrustedServiceStatus Level="FAIL">
<Id>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/undersupervision</Id>
<Id>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/accredited</Id>
<Id>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/supervisionincessation</Id>
<Id>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</Id>
</TrustedServiceStatus>
<SigningCertificate>
<Recognition Level="FAIL"/>
<Signature Level="FAIL"/>
<NotExpired Level="FAIL"/>
<RevocationDataAvailable Level="FAIL"/>
<RevocationDataNextUpdatePresent Level="WARN"/>
<RevocationDataFreshness Level="FAIL"/>
<NotRevoked Level="FAIL"/>
<NotOnHold Level="FAIL"/>
<Cryptographic Level="WARN">
<AcceptableEncryptionAlgo>
<Algo>RSA</Algo>
<Algo>DSA</Algo>
<Algo>ECDSA</Algo>
</AcceptableEncryptionAlgo>
<MiniPublicKeySize>
<Algo Size="1024">RSA</Algo>
<Algo Size="128">DSA</Algo>
<Algo Size="256">ECDSA</Algo>
</MiniPublicKeySize>
<AcceptableDigestAlgo>
<Algo>SHA1</Algo>
<Algo>SHA224</Algo>
<Algo>SHA256</Algo>
<Algo>SHA384</Algo>
<Algo>SHA512</Algo>
<Algo>SHA3-224</Algo>
<Algo>SHA3-256</Algo>
<Algo>SHA3-384</Algo>
<Algo>SHA3-512</Algo>
<Algo>RIPEMD160</Algo>
</AcceptableDigestAlgo>
</Cryptographic>
</SigningCertificate>
<CACertificate>
<Signature Level="FAIL"/>
<NotExpired Level="FAIL"/>
<RevocationDataAvailable Level="FAIL"/>
<RevocationDataNextUpdatePresent Level="WARN"/>
<RevocationDataFreshness Level="FAIL"/>
<NotRevoked Level="FAIL"/>
<NotOnHold Level="FAIL"/>
<Cryptographic Level="FAIL">
<AcceptableEncryptionAlgo>
<Algo>RSA</Algo>
<Algo>DSA</Algo>
<Algo>ECDSA</Algo>
</AcceptableEncryptionAlgo>
<MiniPublicKeySize>
<Algo Size="1024">RSA</Algo>
<Algo Size="128">DSA</Algo>
<Algo Size="256">ECDSA</Algo>
</MiniPublicKeySize>
<AcceptableDigestAlgo>
<Algo>SHA1</Algo>
<Algo>SHA224</Algo>
<Algo>SHA256</Algo>
<Algo>SHA384</Algo>
<Algo>SHA512</Algo>
<Algo>SHA3-224</Algo>
<Algo>SHA3-256</Algo>
<Algo>SHA3-384</Algo>
<Algo>SHA3-512</Algo>
<Algo>RIPEMD160</Algo>
</AcceptableDigestAlgo>
</Cryptographic>
</CACertificate>
<Cryptographic Level="FAIL">
<AcceptableEncryptionAlgo>
<Algo>RSA</Algo>
<Algo>DSA</Algo>
<Algo>ECDSA</Algo>
</AcceptableEncryptionAlgo>
<MiniPublicKeySize>
<Algo Size="128">DSA</Algo>
<Algo Size="1024">RSA</Algo>
<Algo Size="192">ECDSA</Algo>
</MiniPublicKeySize>
<AcceptableDigestAlgo>
<Algo>SHA1</Algo>
<Algo>SHA224</Algo>
<Algo>SHA256</Algo>
<Algo>SHA384</Algo>
<Algo>SHA512</Algo>
<Algo>SHA3-224</Algo>
<Algo>SHA3-256</Algo>
<Algo>SHA3-384</Algo>
<Algo>SHA3-512</Algo>
<Algo>RIPEMD160</Algo>
</AcceptableDigestAlgo>
</Cryptographic>
</BasicSignatureConstraints>
</Revocation>
<Model Value="SHELL"/>
<!-- eIDAS REGL 910/EU/2014 -->
<eIDAS>
<TLFreshness Level="WARN" Unit="HOURS" Value="6" />
<TLNotExpired Level="FAIL" />
<TLWellSigned Level="WARN" />
<TLVersion Level="FAIL" value="5" />
</eIDAS>
</ConstraintsParameters>
© 2015 - 2025 Weber Informatics LLC | Privacy Policy