All Downloads are FREE. Search and download functionalities are using the official Maven repository.

conf.test_constraint.xml Maven / Gradle / Ivy

Go to download

DigiDoc4j is a Java library for digitally signing documents and creating digital signature containers of signed documents

The newest version!
<ConstraintsParameters Name="QES AdESQC TL based" xmlns="http://dss.esig.europa.eu/validation/policy">
  <Description>RIA customized validation policy</Description>
  <SignatureConstraints>
    <StructuralValidation Level="INFORM"/>
    <AcceptablePolicies Level="FAIL">
      <Id>ANY_POLICY</Id>
      <Id>NO_POLICY</Id>
    </AcceptablePolicies>
    <PolicyAvailable Level="FAIL"/>
    <PolicyHashMatch Level="INFORM"/>
    <AcceptableFormats Level="FAIL">
      <Id>*</Id> <!-- ALL -->
    </AcceptableFormats>
    <BasicSignatureConstraints>
      <ReferenceDataExistence Level="FAIL"/>
      <ReferenceDataIntact Level="FAIL"/>
      <ManifestEntryObjectExistence Level="WARN" />
      <SignatureIntact Level="FAIL"/>
      <SignatureDuplicated Level="FAIL"/>
      <ProspectiveCertificateChain Level="FAIL"/>
      <SignerInformationStore Level="FAIL"/>
      <ByteRange Level="IGNORE" />
      <ByteRangeCollision Level="WARN" />
      <PdfSignatureDictionary Level="IGNORE" />
      <PdfPageDifference Level="IGNORE" />
      <PdfAnnotationOverlap Level="WARN" />
      <PdfVisualDifference Level="WARN" />
      <DocMDP Level="WARN" />
      <FieldMDP Level="WARN" />
      <SigFieldLock Level="WARN" />
      <UndefinedChanges Level="WARN" />
      <SigningCertificate>
        <Recognition Level="FAIL"/>
        <Signature Level="FAIL"/>
        <NotExpired Level="FAIL"/>
        <AuthorityInfoAccessPresent Level="WARN"/>
        <RevocationInfoAccessPresent Level="WARN"/>
        <RevocationDataAvailable Level="FAIL"/>
        <AcceptableRevocationDataFound Level="FAIL"/>
        <CRLNextUpdatePresent Level="WARN"/>
        <RevocationFreshness Level="IGNORE" Unit="DAYS" Value="0" />
        <KeyUsage Level="FAIL">
          <Id>nonRepudiation</Id>
        </KeyUsage>
        <PolicyTree Level="WARN" />
        <NameConstraints Level="WARN" />
        <SupportedCriticalExtensions Level="WARN">
          <Id>2.5.29.15</Id> <!-- keyUsage -->
          <Id>2.5.29.32</Id> <!-- certificatePolicies -->
          <Id>2.5.29.17</Id> <!-- subjectAlternativeName -->
          <Id>2.5.29.19</Id> <!-- basicConstraints -->
          <Id>2.5.29.30</Id> <!-- nameConstraints -->
          <Id>2.5.29.36</Id> <!-- policyConstraints -->
          <Id>2.5.29.37</Id> <!-- extendedKeyUsage -->
          <Id>2.5.29.31</Id> <!-- CRLDistributionPoints -->
          <Id>2.5.29.54</Id> <!-- inhibitAnyPolicy -->
          <Id>1.3.6.1.5.5.7.1.3</Id> <!-- QCStatements -->
          <!-- policyMappings 2.5.29.33 not supported -->
        </SupportedCriticalExtensions>
        <ForbiddenExtensions Level="IGNORE">
          <Id>1.3.6.1.5.5.7.48.1.5</Id> <!-- ocsp_noCheck -->
        </ForbiddenExtensions>
        <IssuerName Level="IGNORE" />
        <SerialNumberPresent Level="FAIL"/>
        <NotRevoked Level="FAIL"/>
        <NotOnHold Level="FAIL"/>
        <RevocationIssuerNotExpired Level="INFORM" />
        <NotSelfSigned Level="FAIL"/>
        <UsePseudonym Level="INFORM"/>
        <Cryptographic Level="FAIL">
          <AcceptableEncryptionAlgo>
            <Algo>RSA</Algo>
            <Algo>DSA</Algo>
            <Algo>ECDSA</Algo>
          </AcceptableEncryptionAlgo>
          <MiniPublicKeySize>
            <Algo Size="1024">RSA</Algo>
            <Algo Size="128">DSA</Algo>
            <Algo Size="192">ECDSA</Algo>
          </MiniPublicKeySize>
          <AcceptableDigestAlgo>
            <Algo>SHA1</Algo>
            <Algo>SHA224</Algo>
            <Algo>SHA256</Algo>
            <Algo>SHA384</Algo>
            <Algo>SHA512</Algo>
            <Algo>SHA3-224</Algo>
            <Algo>SHA3-256</Algo>
            <Algo>SHA3-384</Algo>
            <Algo>SHA3-512</Algo>
            <Algo>RIPEMD160</Algo>
          </AcceptableDigestAlgo>
        </Cryptographic>
      </SigningCertificate>
      <CACertificate>
        <Signature Level="FAIL"/>
        <NotExpired Level="FAIL"/>
        <RevocationDataAvailable Level="FAIL"/>
        <AcceptableRevocationDataFound Level="IGNORE" />
        <CRLNextUpdatePresent Level="WARN"/>
        <RevocationFreshness Level="IGNORE" Unit="DAYS" Value="0" />
        <CA Level="IGNORE" />
        <MaxPathLength Level="IGNORE" />
        <KeyUsage Level="IGNORE">
          <Id>keyCertSign</Id>
        </KeyUsage>
        <PolicyTree Level="WARN" />
        <NameConstraints Level="WARN" />
        <SupportedCriticalExtensions Level="WARN">
          <Id>2.5.29.15</Id> <!-- keyUsage -->
          <Id>2.5.29.32</Id> <!-- certificatePolicies -->
          <Id>2.5.29.17</Id> <!-- subjectAlternativeName -->
          <Id>2.5.29.19</Id> <!-- basicConstraints -->
          <Id>2.5.29.30</Id> <!-- nameConstraints -->
          <Id>2.5.29.36</Id> <!-- policyConstraints -->
          <Id>2.5.29.37</Id> <!-- extendedKeyUsage -->
          <Id>2.5.29.31</Id> <!-- CRLDistributionPoints -->
          <Id>2.5.29.54</Id> <!-- inhibitAnyPolicy -->
          <Id>1.3.6.1.5.5.7.1.3</Id> <!-- QCStatements -->
          <!-- policyMappings 2.5.29.33 not supported -->
        </SupportedCriticalExtensions>
        <ForbiddenExtensions Level="IGNORE">
          <Id>1.3.6.1.5.5.7.48.1.5</Id> <!-- ocsp_noCheck -->
        </ForbiddenExtensions>
        <IssuerName Level="IGNORE" />
        <NotRevoked Level="FAIL"/>
        <NotOnHold Level="FAIL"/>
        <Cryptographic Level="FAIL">
          <AcceptableEncryptionAlgo>
            <Algo>RSA</Algo>
            <Algo>DSA</Algo>
            <Algo>ECDSA</Algo>
          </AcceptableEncryptionAlgo>
          <MiniPublicKeySize>
            <Algo Size="1024">RSA</Algo>
            <Algo Size="128">DSA</Algo>
            <Algo Size="192">ECDSA</Algo>
          </MiniPublicKeySize>
          <AcceptableDigestAlgo>
            <Algo>SHA1</Algo>
            <Algo>SHA224</Algo>
            <Algo>SHA256</Algo>
            <Algo>SHA384</Algo>
            <Algo>SHA512</Algo>
            <Algo>SHA3-224</Algo>
            <Algo>SHA3-256</Algo>
            <Algo>SHA3-384</Algo>
            <Algo>SHA3-512</Algo>
            <Algo>RIPEMD160</Algo>
          </AcceptableDigestAlgo>
        </Cryptographic>
      </CACertificate>
      <Cryptographic Level="FAIL">
        <AcceptableEncryptionAlgo>
          <Algo>RSA</Algo>
          <Algo>DSA</Algo>
          <Algo>ECDSA</Algo>
        </AcceptableEncryptionAlgo>
        <MiniPublicKeySize>
          <Algo Size="1024">RSA</Algo>
          <Algo Size="128">DSA</Algo>
          <Algo Size="192">ECDSA</Algo>
        </MiniPublicKeySize>
        <AcceptableDigestAlgo>
          <Algo>SHA1</Algo>
          <Algo>SHA224</Algo>
          <Algo>SHA256</Algo>
          <Algo>SHA384</Algo>
          <Algo>SHA512</Algo>
          <Algo>SHA3-224</Algo>
          <Algo>SHA3-256</Algo>
          <Algo>SHA3-384</Algo>
          <Algo>SHA3-512</Algo>
          <Algo>RIPEMD160</Algo>
        </AcceptableDigestAlgo>
      </Cryptographic>
    </BasicSignatureConstraints>
    <SignedAttributes>
      <SigningCertificatePresent Level="FAIL"/>
      <UnicitySigningCertificate Level="WARN"/>
      <SigningCertificateRefersCertificateChain Level="WARN" />
      <SigningCertificateDigestAlgorithm Level="WARN" />
      <CertDigestPresent Level="FAIL"/>
      <CertDigestMatch Level="FAIL"/>
      <IssuerSerialMatch Level="WARN"/>
      <KeyIdentifierMatch Level="WARN" />
      <SigningTime Level="FAIL"/>
      <MessageDigestOrSignedPropertiesPresent Level="FAIL" />
      <EllipticCurveKeySize Level="WARN" />
      <!--<ContentType Level="FAIL" value="1.2.840.113549.1.7.1" />
      <ContentHints Level="FAIL" value="*" />
      <CommitmentTypeIndication Level="FAIL">
          <Id>1.2.840.113549.1.9.16.6.1</Id>
          <Id>1.2.840.113549.1.9.16.6.4</Id>
          <Id>1.2.840.113549.1.9.16.6.5</Id>
          <Id>1.2.840.113549.1.9.16.6.6</Id>
      </CommitmentTypeIndication>
      <SignerLocation Level="FAIL" />
      <ContentTimeStamp Level="FAIL" /> -->
    </SignedAttributes>
    <UnsignedAttributes>
      <!--		<CounterSignature Level="IGNORE" /> check presence -->
    </UnsignedAttributes>
  </SignatureConstraints>
  <CounterSignatureConstraints>
    <BasicSignatureConstraints>
      <ReferenceDataExistence Level="FAIL"/>
      <ReferenceDataIntact Level="FAIL"/>
      <SignatureIntact Level="FAIL"/>
      <SignatureDuplicated Level="FAIL" />
      <ProspectiveCertificateChain Level="FAIL"/>
      <SigningCertificate>
        <Recognition Level="FAIL"/>
        <Signature Level="FAIL"/>
        <NotExpired Level="FAIL"/>
        <AuthorityInfoAccessPresent Level="WARN"/>
        <RevocationInfoAccessPresent Level="WARN"/>
        <RevocationDataAvailable Level="FAIL"/>
        <AcceptableRevocationDataFound Level="FAIL" />
        <CRLNextUpdatePresent Level="WARN"/>
        <RevocationFreshness Level="IGNORE" Unit="DAYS" Value="0" />
        <KeyUsage Level="WARN">
          <Id>nonRepudiation</Id>
        </KeyUsage>
        <PolicyTree Level="WARN" />
        <NameConstraints Level="WARN" />
        <SupportedCriticalExtensions Level="WARN">
          <Id>2.5.29.15</Id> <!-- keyUsage -->
          <Id>2.5.29.32</Id> <!-- certificatePolicies -->
          <Id>2.5.29.17</Id> <!-- subjectAlternativeName -->
          <Id>2.5.29.19</Id> <!-- basicConstraints -->
          <Id>2.5.29.30</Id> <!-- nameConstraints -->
          <Id>2.5.29.36</Id> <!-- policyConstraints -->
          <Id>2.5.29.37</Id> <!-- extendedKeyUsage -->
          <Id>2.5.29.31</Id> <!-- CRLDistributionPoints -->
          <Id>2.5.29.54</Id> <!-- inhibitAnyPolicy -->
          <Id>1.3.6.1.5.5.7.1.3</Id> <!-- QCStatements -->
          <!-- policyMappings 2.5.29.33 not supported -->
        </SupportedCriticalExtensions>
        <ForbiddenExtensions Level="FAIL">
          <Id>1.3.6.1.5.5.7.48.1.5</Id> <!-- ocsp_noCheck -->
        </ForbiddenExtensions>
        <IssuerName Level="FAIL" />
        <SerialNumberPresent Level="WARN"/>
        <NotRevoked Level="FAIL"/>
        <NotOnHold Level="FAIL"/>
        <NotSelfSigned Level="FAIL"/>
        <!--				<QcCompliance Level="WARN" /> -->
        <!--				<QcSSCD Level="WARN" /> -->
        <!-- 				<IssuedToNaturalPerson Level="INFORM" /> -->
        <!-- 				<IssuedToLegalPerson Level="INFORM" /> -->
        <UsePseudonym Level="INFORM"/>
        <Cryptographic/>
      </SigningCertificate>
      <CACertificate>
        <Signature Level="FAIL"/>
        <NotExpired Level="FAIL"/>
        <RevocationDataAvailable Level="FAIL"/>
        <AcceptableRevocationDataFound Level="FAIL" />
        <CRLNextUpdatePresent Level="WARN"/>
        <RevocationFreshness Level="IGNORE" Unit="DAYS" Value="0" />
        <CA Level="FAIL" />
        <MaxPathLength Level="FAIL" />
        <KeyUsage Level="FAIL">
          <Id>keyCertSign</Id>
        </KeyUsage>
        <PolicyTree Level="WARN" />
        <NameConstraints Level="WARN" />
        <SupportedCriticalExtensions Level="WARN">
          <Id>2.5.29.15</Id> <!-- keyUsage -->
          <Id>2.5.29.32</Id> <!-- certificatePolicies -->
          <Id>2.5.29.17</Id> <!-- subjectAlternativeName -->
          <Id>2.5.29.19</Id> <!-- basicConstraints -->
          <Id>2.5.29.30</Id> <!-- nameConstraints -->
          <Id>2.5.29.36</Id> <!-- policyConstraints -->
          <Id>2.5.29.37</Id> <!-- extendedKeyUsage -->
          <Id>2.5.29.31</Id> <!-- CRLDistributionPoints -->
          <Id>2.5.29.54</Id> <!-- inhibitAnyPolicy -->
          <Id>1.3.6.1.5.5.7.1.3</Id> <!-- QCStatements -->
          <!-- policyMappings 2.5.29.33 not supported -->
        </SupportedCriticalExtensions>
        <ForbiddenExtensions Level="FAIL">
          <Id>1.3.6.1.5.5.7.48.1.5</Id> <!-- ocsp_noCheck -->
        </ForbiddenExtensions>
        <IssuerName Level="FAIL" />
        <NotRevoked Level="FAIL"/>
        <NotOnHold Level="FAIL"/>
        <Cryptographic/>
      </CACertificate>
      <Cryptographic/>
    </BasicSignatureConstraints>
    <SignedAttributes>
      <SigningCertificatePresent Level="FAIL"/>
      <UnicitySigningCertificate Level="WARN" />
      <SigningCertificateRefersCertificateChain Level="WARN" />
      <SigningCertificateDigestAlgorithm Level="WARN" />
      <CertDigestPresent Level="FAIL"/>
      <CertDigestMatch Level="FAIL"/>
      <IssuerSerialMatch Level="WARN"/>
      <KeyIdentifierMatch Level="WARN" />
      <SigningTime Level="FAIL"/>
      <MessageDigestOrSignedPropertiesPresent Level="FAIL"/>
      <EllipticCurveKeySize Level="WARN" />
      <!--		<ContentType Level="FAIL" value="1.2.840.113549.1.7.1" />
      <ContentHints Level="FAIL" value="*" />
      <CommitmentTypeIndication Level="FAIL">
          <Id>1.2.840.113549.1.9.16.6.1</Id>
          <Id>1.2.840.113549.1.9.16.6.4</Id>
          <Id>1.2.840.113549.1.9.16.6.5</Id>
          <Id>1.2.840.113549.1.9.16.6.6</Id>
      </CommitmentTypeIndication>
      <SignerLocation Level="FAIL" />
      <ContentTimeStamp Level="FAIL" /> -->
    </SignedAttributes>
  </CounterSignatureConstraints>
  <Timestamp>
    <TimestampDelay Level="IGNORE" Unit="DAYS" Value="0"/>
    <RevocationTimeAgainstBestSignatureTime Level="FAIL"/>
    <BestSignatureTimeBeforeExpirationDateOfSigningCertificate Level="FAIL"/>
    <Coherence Level="FAIL"/>
    <BasicSignatureConstraints>
      <ReferenceDataExistence Level="FAIL"/>
      <ReferenceDataIntact Level="FAIL"/>
      <SignatureIntact Level="FAIL"/>
      <ProspectiveCertificateChain Level="FAIL"/>
      <ByteRange Level="IGNORE" />
      <ByteRangeCollision Level="WARN" />
      <PdfSignatureDictionary Level="IGNORE" />
      <PdfPageDifference Level="IGNORE" />
      <PdfAnnotationOverlap Level="WARN" />
      <PdfVisualDifference Level="WARN" />
      <DocMDP Level="WARN" />
      <FieldMDP Level="WARN" />
      <SigFieldLock Level="WARN" />
      <UndefinedChanges Level="WARN" />
      <SigningCertificate>
        <Recognition Level="FAIL"/>
        <Signature Level="FAIL"/>
        <NotExpired Level="FAIL"/>
        <RevocationDataAvailable Level="FAIL"/>
        <AcceptableRevocationDataFound Level="IGNORE" />
        <CRLNextUpdatePresent Level="WARN"/>
        <RevocationFreshness Level="IGNORE" Unit="DAYS" Value="0" />
        <ExtendedKeyUsage Level="FAIL">
          <Id>timeStamping</Id>
        </ExtendedKeyUsage>
        <PolicyTree Level="WARN" />
        <NameConstraints Level="WARN" />
        <SupportedCriticalExtensions Level="WARN">
          <Id>2.5.29.15</Id> <!-- keyUsage -->
          <Id>2.5.29.32</Id> <!-- certificatePolicies -->
          <Id>2.5.29.17</Id> <!-- subjectAlternativeName -->
          <Id>2.5.29.19</Id> <!-- basicConstraints -->
          <Id>2.5.29.30</Id> <!-- nameConstraints -->
          <Id>2.5.29.36</Id> <!-- policyConstraints -->
          <Id>2.5.29.37</Id> <!-- extendedKeyUsage -->
          <Id>2.5.29.31</Id> <!-- CRLDistributionPoints -->
          <Id>2.5.29.54</Id> <!-- inhibitAnyPolicy -->
          <Id>1.3.6.1.5.5.7.1.3</Id> <!-- QCStatements -->
          <!-- policyMappings 2.5.29.33 not supported -->
        </SupportedCriticalExtensions>
        <ForbiddenExtensions Level="IGNORE">
          <Id>1.3.6.1.5.5.7.48.1.5</Id> <!-- ocsp_noCheck -->
        </ForbiddenExtensions>
        <IssuerName Level="IGNORE" />
        <NotRevoked Level="FAIL"/>
        <NotOnHold Level="FAIL"/>
        <NotSelfSigned Level="FAIL"/>
        <Cryptographic Level="FAIL">
          <AcceptableEncryptionAlgo>
            <Algo>RSA</Algo>
            <Algo>DSA</Algo>
            <Algo>ECDSA</Algo>
          </AcceptableEncryptionAlgo>
          <MiniPublicKeySize>
            <Algo Size="1024">RSA</Algo>
            <Algo Size="128">DSA</Algo>
            <Algo Size="256">ECDSA</Algo>
          </MiniPublicKeySize>
          <AcceptableDigestAlgo>
            <Algo>SHA1</Algo>
            <Algo>SHA224</Algo>
            <Algo>SHA256</Algo>
            <Algo>SHA384</Algo>
            <Algo>SHA512</Algo>
            <Algo>SHA3-224</Algo>
            <Algo>SHA3-256</Algo>
            <Algo>SHA3-384</Algo>
            <Algo>SHA3-512</Algo>
            <Algo>RIPEMD160</Algo>
          </AcceptableDigestAlgo>
        </Cryptographic>
      </SigningCertificate>
      <CACertificate>
        <Signature Level="FAIL"/>
        <NotExpired Level="FAIL"/>
        <RevocationDataAvailable Level="FAIL"/>
        <AcceptableRevocationDataFound Level="WARN" />
        <CRLNextUpdatePresent Level="WARN"/>
        <RevocationFreshness Level="IGNORE" Unit="DAYS" Value="0" />
        <CA Level="IGNORE" />
        <MaxPathLength Level="IGNORE" />
        <KeyUsage Level="IGNORE">
          <Id>keyCertSign</Id>
        </KeyUsage>
        <PolicyTree Level="WARN" />
        <NameConstraints Level="WARN" />
        <SupportedCriticalExtensions Level="WARN">
          <Id>2.5.29.15</Id> <!-- keyUsage -->
          <Id>2.5.29.32</Id> <!-- certificatePolicies -->
          <Id>2.5.29.17</Id> <!-- subjectAlternativeName -->
          <Id>2.5.29.19</Id> <!-- basicConstraints -->
          <Id>2.5.29.30</Id> <!-- nameConstraints -->
          <Id>2.5.29.36</Id> <!-- policyConstraints -->
          <Id>2.5.29.37</Id> <!-- extendedKeyUsage -->
          <Id>2.5.29.31</Id> <!-- CRLDistributionPoints -->
          <Id>2.5.29.54</Id> <!-- inhibitAnyPolicy -->
          <Id>1.3.6.1.5.5.7.1.3</Id> <!-- QCStatements -->
          <!-- policyMappings 2.5.29.33 not supported -->
        </SupportedCriticalExtensions>
        <ForbiddenExtensions Level="IGNORE">
          <Id>1.3.6.1.5.5.7.48.1.5</Id> <!-- ocsp_noCheck -->
        </ForbiddenExtensions>
        <IssuerName Level="IGNORE" />
        <NotRevoked Level="FAIL"/>
        <NotOnHold Level="FAIL"/>
        <Cryptographic Level="FAIL">
          <AcceptableEncryptionAlgo>
            <Algo>RSA</Algo>
            <Algo>DSA</Algo>
            <Algo>ECDSA</Algo>
          </AcceptableEncryptionAlgo>
          <MiniPublicKeySize>
            <Algo Size="1024">RSA</Algo>
            <Algo Size="128">DSA</Algo>
            <Algo Size="256">ECDSA</Algo>
          </MiniPublicKeySize>
          <AcceptableDigestAlgo>
            <Algo>SHA1</Algo>
            <Algo>SHA224</Algo>
            <Algo>SHA256</Algo>
            <Algo>SHA384</Algo>
            <Algo>SHA512</Algo>
            <Algo>SHA3-224</Algo>
            <Algo>SHA3-256</Algo>
            <Algo>SHA3-384</Algo>
            <Algo>SHA3-512</Algo>
            <Algo>RIPEMD160</Algo>
          </AcceptableDigestAlgo>
        </Cryptographic>
      </CACertificate>
      <Cryptographic Level="FAIL">
        <AcceptableEncryptionAlgo>
          <Algo>RSA</Algo>
          <Algo>DSA</Algo>
          <Algo>ECDSA</Algo>
        </AcceptableEncryptionAlgo>
        <MiniPublicKeySize>
          <Algo Size="128">DSA</Algo>
          <Algo Size="1024">RSA</Algo>
          <Algo Size="192">ECDSA</Algo>
        </MiniPublicKeySize>
        <AcceptableDigestAlgo>
          <Algo>SHA1</Algo>
          <Algo>SHA224</Algo>
          <Algo>SHA256</Algo>
          <Algo>SHA384</Algo>
          <Algo>SHA512</Algo>
          <Algo>SHA3-224</Algo>
          <Algo>SHA3-256</Algo>
          <Algo>SHA3-384</Algo>
          <Algo>SHA3-512</Algo>
          <Algo>RIPEMD160</Algo>
        </AcceptableDigestAlgo>
      </Cryptographic>
    </BasicSignatureConstraints>
    <SignedAttributes>
      <SigningCertificatePresent Level="WARN"/>
      <UnicitySigningCertificate Level="WARN"/>
      <SigningCertificateRefersCertificateChain Level="IGNORE" />
      <!-- <SigningCertificateDigestAlgorithm Level="WARN" /> TODO : too strict to enforce now -->
      <CertDigestPresent Level="WARN"/>
      <CertDigestMatch Level="WARN"/>
      <IssuerSerialMatch Level="WARN"/>
    </SignedAttributes>
    <TSAGeneralNameContentMatch Level="IGNORE" />
  </Timestamp>
  <Revocation>
    <UnknownStatus Level="FAIL" />
    <OCSPResponderIdMatch Level="IGNORE" />
    <SelfIssuedOCSP Level="WARN" />
    <BasicSignatureConstraints>
      <ReferenceDataExistence Level="FAIL"/>
      <ReferenceDataIntact Level="FAIL"/>
      <SignatureIntact Level="FAIL"/>
      <ProspectiveCertificateChain Level="FAIL"/>
      <SigningCertificate>
        <Recognition Level="FAIL"/>
        <Signature Level="FAIL"/>
        <NotExpired Level="FAIL"/>
        <RevocationDataAvailable Level="FAIL"/>
        <AcceptableRevocationDataFound Level="IGNORE" />
        <CRLNextUpdatePresent Level="WARN"/>
        <RevocationFreshness Level="IGNORE" Unit="DAYS" Value="0"/>
        <PolicyTree Level="WARN" />
        <NameConstraints Level="WARN" />
        <SupportedCriticalExtensions Level="WARN">
          <Id>2.5.29.15</Id> <!-- keyUsage -->
          <Id>2.5.29.32</Id> <!-- certificatePolicies -->
          <Id>2.5.29.17</Id> <!-- subjectAlternativeName -->
          <Id>2.5.29.19</Id> <!-- basicConstraints -->
          <Id>2.5.29.30</Id> <!-- nameConstraints -->
          <Id>2.5.29.36</Id> <!-- policyConstraints -->
          <Id>2.5.29.37</Id> <!-- extendedKeyUsage -->
          <Id>2.5.29.31</Id> <!-- CRLDistributionPoints -->
          <Id>2.5.29.54</Id> <!-- inhibitAnyPolicy -->
          <Id>1.3.6.1.5.5.7.1.3</Id> <!-- QCStatements -->
          <Id>1.3.6.1.5.5.7.48.1.5</Id> <!-- ocsp_noCheck -->
          <!-- policyMappings 2.5.29.33 not supported -->
        </SupportedCriticalExtensions>
        <IssuerName Level="IGNORE" />
        <NotRevoked Level="FAIL"/>
        <NotOnHold Level="FAIL"/>
        <Cryptographic Level="WARN">
          <AcceptableEncryptionAlgo>
            <Algo>RSA</Algo>
            <Algo>DSA</Algo>
            <Algo>ECDSA</Algo>
          </AcceptableEncryptionAlgo>
          <MiniPublicKeySize>
            <Algo Size="1024">RSA</Algo>
            <Algo Size="128">DSA</Algo>
            <Algo Size="256">ECDSA</Algo>
          </MiniPublicKeySize>
          <AcceptableDigestAlgo>
            <Algo>SHA1</Algo>
            <Algo>SHA224</Algo>
            <Algo>SHA256</Algo>
            <Algo>SHA384</Algo>
            <Algo>SHA512</Algo>
            <Algo>SHA3-224</Algo>
            <Algo>SHA3-256</Algo>
            <Algo>SHA3-384</Algo>
            <Algo>SHA3-512</Algo>
            <Algo>RIPEMD160</Algo>
          </AcceptableDigestAlgo>
        </Cryptographic>
      </SigningCertificate>
      <CACertificate>
        <Signature Level="FAIL"/>
        <NotExpired Level="FAIL"/>
        <RevocationDataAvailable Level="FAIL"/>
        <AcceptableRevocationDataFound Level="WARN" />
        <CRLNextUpdatePresent Level="WARN"/>
        <RevocationFreshness Level="IGNORE" Unit="DAYS" Value="0" />
        <CA Level="IGNORE" />
        <MaxPathLength Level="IGNORE" />
        <KeyUsage Level="IGNORE">
          <Id>keyCertSign</Id>
        </KeyUsage>
        <PolicyTree Level="WARN" />
        <NameConstraints Level="WARN" />
        <SupportedCriticalExtensions Level="WARN">
          <Id>2.5.29.15</Id> <!-- keyUsage -->
          <Id>2.5.29.32</Id> <!-- certificatePolicies -->
          <Id>2.5.29.17</Id> <!-- subjectAlternativeName -->
          <Id>2.5.29.19</Id> <!-- basicConstraints -->
          <Id>2.5.29.30</Id> <!-- nameConstraints -->
          <Id>2.5.29.36</Id> <!-- policyConstraints -->
          <Id>2.5.29.37</Id> <!-- extendedKeyUsage -->
          <Id>2.5.29.31</Id> <!-- CRLDistributionPoints -->
          <Id>2.5.29.54</Id> <!-- inhibitAnyPolicy -->
          <Id>1.3.6.1.5.5.7.1.3</Id> <!-- QCStatements -->
          <!-- policyMappings 2.5.29.33 not supported -->
        </SupportedCriticalExtensions>
        <ForbiddenExtensions Level="IGNORE">
          <Id>1.3.6.1.5.5.7.48.1.5</Id> <!-- ocsp_noCheck -->
        </ForbiddenExtensions>
        <IssuerName Level="IGNORE" />
        <NotRevoked Level="FAIL"/>
        <NotOnHold Level="FAIL"/>
        <Cryptographic Level="FAIL">
          <AcceptableEncryptionAlgo>
            <Algo>RSA</Algo>
            <Algo>DSA</Algo>
            <Algo>ECDSA</Algo>
          </AcceptableEncryptionAlgo>
          <MiniPublicKeySize>
            <Algo Size="1024">RSA</Algo>
            <Algo Size="128">DSA</Algo>
            <Algo Size="256">ECDSA</Algo>
          </MiniPublicKeySize>
          <AcceptableDigestAlgo>
            <Algo>SHA1</Algo>
            <Algo>SHA224</Algo>
            <Algo>SHA256</Algo>
            <Algo>SHA384</Algo>
            <Algo>SHA512</Algo>
            <Algo>SHA3-224</Algo>
            <Algo>SHA3-256</Algo>
            <Algo>SHA3-384</Algo>
            <Algo>SHA3-512</Algo>
            <Algo>RIPEMD160</Algo>
          </AcceptableDigestAlgo>
        </Cryptographic>
      </CACertificate>
      <Cryptographic Level="FAIL">
        <AcceptableEncryptionAlgo>
          <Algo>RSA</Algo>
          <Algo>DSA</Algo>
          <Algo>ECDSA</Algo>
        </AcceptableEncryptionAlgo>
        <MiniPublicKeySize>
          <Algo Size="128">DSA</Algo>
          <Algo Size="1024">RSA</Algo>
          <Algo Size="192">ECDSA</Algo>
        </MiniPublicKeySize>
        <AcceptableDigestAlgo>
          <Algo>SHA1</Algo>
          <Algo>SHA224</Algo>
          <Algo>SHA256</Algo>
          <Algo>SHA384</Algo>
          <Algo>SHA512</Algo>
          <Algo>SHA3-224</Algo>
          <Algo>SHA3-256</Algo>
          <Algo>SHA3-384</Algo>
          <Algo>SHA3-512</Algo>
          <Algo>RIPEMD160</Algo>
        </AcceptableDigestAlgo>
      </Cryptographic>
    </BasicSignatureConstraints>
  </Revocation>
  <EvidenceRecord>
    <DataObjectExistence Level="FAIL" />
    <DataObjectIntact Level="FAIL" />
    <DataObjectFound Level="FAIL" />
    <DataObjectGroup Level="WARN" />
    <Cryptographic />
  </EvidenceRecord>
  <Model Value="SHELL"/>
  <!-- eIDAS REGL 910/EU/2014 -->
  <eIDAS>
    <TLFreshness Level="WARN" Unit="HOURS" Value="6" />
    <TLNotExpired Level="FAIL" />
    <TLWellSigned Level="WARN" />
    <TLVersion Level="FAIL" value="5" />
  </eIDAS>
</ConstraintsParameters>




© 2015 - 2024 Weber Informatics LLC | Privacy Policy