eSignature validation test cases

Test cases for assessing an implementation of eSignature validation, currently mainly focusing on qualified electronic signatures (and seals)

Test cases packages

2. Processing the TLs

1.None

ID Description Expected result
2.1.1 TL signature is not authorized, TL is ignored AdESig
2.1.2 TL signature crypto failure, TL is ignored AdESig
2.1.3 TL has expired (NextUpdate) QESig

3. Matching SDI + Sti/aSI + status

1.0 matching service

ID Description Expected result
3.1.1 No matching SDI AdESig
3.1.2 No matching CA/QC AdESig
3.1.3 No matching Sie:aSI AdESig
3.1.4 Service Withdrawn AdESig
3.1.5 Supervision ceased/..., before eIDAS AdESig
3.1.6 Accreditation revoked/..., before eIDAS AdESig

2.1 matching service

ID Description Expected result
3.2.1 Standard case QESig
3.2.2 No matching TSP Name / trade name QESig

3.Incoherences in TL

ID Description Expected result
3.3.1 Several entries matching (simple case) N/A

4. QC / notQC

1.notQC based on sigCert content

ID Description Expected result
4.1.1 Signing certificate not declared as QC AdESig
4.1.2 Cert policy before eIDAS (QCP+) QESig
4.1.3 Cert policy before eIDAS (QSCD/QCP) QESig
4.1.4 Cert policy before eIDAS (QCP) AdESig-QC
4.1.5 Cert policy after eIDAS (eSig/QCP) AdESig
4.1.6 Cert policy after eIDAS (eSig/QCP_N_QSCD) AdESig
4.1.7 Cert policy before eIDAS, QCP and QCP+ QESig

2.Overrule to notQC by Sie:Q in TL

ID Description Expected result
4.2.1 Overrule to notQC by Sie:Q in TL (Catching) AdESeal
4.2.2 Overrule to notQC by Sie:Q in TL (Not catching -> type) AdESig-QC
4.2.3 Overrule to notQC by Sie:Q in TL (Not catching -> criteria) AdESig-QC

3.Overrule to QC by Sie:Q in TL

ID Description Expected result
4.3.1 Overrule to QC by Sie:Q in TL (Catching, although sigCert content is notQC) AdESig-QC
4.3.2 Catching, although sigCert content is notQC and no QcType Indeterminate AdESig-QC
4.3.3 Catching with Sie:Asi = eSig & eSeal, although sigCert content is notQC and no QcType Indeterminate QES?
4.3.4 Catching with additional QcForESig, although sigCert content is notQC and no QcType AdESig-QC
4.3.5 Overrule to QC by Sie:Q in TL (Not catching because of type) AdESeal
4.3.6 Overrule to QC by Sie:Q in TL (Not catching because of criteria) AdESeal

4.Overrule to QC with complex catching logic

ID Description Expected result
4.4.1 None of a list of policies in a PolicySet QESig
4.4.2 None of a list of policies in a PolicySet, but catching one QESig
4.4.3 None of a list of policies in a PolicySet, but catching all AdESig
4.4.4 None of a list of PolicySet singletons QESig
4.4.5 None of a list of PolicySet singletons, but catching one AdESig
4.4.6 AtLeastOne of one KeyUsage and one PolicySet, catching first QESig
4.4.7 AtLeastOne of one KeyUsage and one PolicySet, catching second QESig
4.4.8 All of one KeyUsage and one PolicySet QESig
4.4.9 All of one KeyUsage and one PolicySet, halfy catching AdESig
4.4.10 Depth 2: All of (KeyUsage and (atLeastOne of 2 PolicySet)) AdESig
4.4.11 Depth 2: All of 2 CriteriaList of (none of 1 PolicySet) AdESig
4.4.12 Depth 3: All of (KeyUsage and all of (atLeastOne of 2 PolicySet)) AdESig
4.4.13 2 <Qualifications> Service information extensions QESig
4.4.14 2 <Qualifications> Service information extensions, 1 catching AdESig-QC
4.4.15 2 <QualificationElement> in 1 <Qualifications> QESig
4.4.16 2 <QualificationElement> in 1 <Qualifications>, 1 catching AdESig-QC
4.4.17 2 <Qualifier>, atLeastOne of 2 <PolicySet> with 2 <PolicyIdentifier> QESig
4.4.18 2 <Qualifier>, atLeastOne of 2 <PolicySet> with 2 <PolicyIdentifier>, not catching AdESig
4.4.19 2 <Qualifier>, atLeastOne of 2 <KeyUsage> with 2 <KeyUsageBits> QESig
4.4.20 2 <Qualifier>, atLeastOne of 2 <KeyUsage> with 2 <KeyUsageBits>, not catching AdESig
4.4.21 2 <QualificationElement> in 1 <Qualifications> AdESig

5.Incoherences in TL

ID Description Expected result
4.5.1 NotQualified + QcStatement, as 2 <Qualifier> N/A
4.5.2 NotQualified + QcStatement, in 2 <Qualifications> Service information extensions N/A
4.5.3 NotQualified + QcStatement, in 2 <QualificationElement> N/A
4.5.4 Cert policy before eIDAS, service current status = supervision N/A

5. Type

1.No overrule. Based on sigCert content

ID Description Expected result
5.1.1 Standard case for seal QESeal
5.1.2 Use of WSA in an AdES Not AdES
5.1.3 Multiple Sie:aSI:ForXX QESig
5.1.4 Absence of type in sigCert QESig
5.1.5 Multiple QcTypes, QC Indeterminate AdES?-QC
5.1.6 Multiple QcTypes, notQC Indeterminate AdES?

2.Overrule of type by Sie:Q in TL

ID Description Expected result
5.2.2 Not catching because notQC AdESeal
5.2.3 Not catching because overruled to notQC Indeterminate AdES?
5.2.4 Catching because overrule of QC QESig
5.2.1 Standard overrule, so ignore QcTypes QESig

3.Incoherences in TL

ID Description Expected result
5.3.1 Sie:Q:QcForXX not aligned with Sie:aSI:ForXX N/A
5.3.2 2 overruled types N/A
5.3.3 2 conflicting TL entries (1 overrule) N/A

6. QSCD / no QSCD

1.Certificate policies in sigCert

ID Description Expected result
6.1.1 Cert policy before eIDAS (QCP) AdESig-QC
6.1.2 Cert policy before eIDAS (QCP+) QESig
6.1.3 Cert policy after eIDAS (eSig/QCP_N_QSCD) AdESig

2.Overrule to QSCD by Sie:Q in TL

ID Description Expected result
6.2.1 Not catching AdESig-QC
6.2.2 Not catching because notQC AdESig
6.2.3 Not catching because overruled to notQC AdESig
6.2.4 SSCD, before eIDAS QESig
6.2.5 QSCD, after eIDAS QESig

3.Overrule to no QSCD by Sie:Q in TL

ID Description Expected result
6.3.1 Not catching QESig
6.3.2 no QSCD, before eIDAS AdESig-QC
6.3.3 no QSCD, after eIDAS AdESig-QC
6.3.4 QSCD managed on behalf QESig

4.Incoherences in TL

ID Description Expected result
6.4.1 QCWithQSCD + QCNoQSCD N/A
6.4.2 QCWithSSCD + QCNoSSCD N/A
6.4.3 QCQSCDStatusAsInCert + ? N/A
6.4.4 QCSSCDStatusAsInCert + ? N/A
6.4.5 QCWithQSCD before eIDAS N/A
6.4.6 QCWithSSCD after eIDAS N/A
6.4.7 QCNoQSCD before eIDAS N/A
6.4.8 QCNoSSCD after eIDAS N/A

7. Discrepancy betw. time of issuance & time of signing

1.QC / notQC

ID Description Expected result
7.1.1 QC for eSig at t-o-i, notQC for eSig at t-o-s AdESig
7.1.2 NotQC for eSig at t-o-i, QC for eSig at t-o-s AdESig

2.Type

ID Description Expected result
7.2.1 QC for eSig at t-o-i, QC for eSeal at t-o-s N/A

3.QSCD / no QSCD

ID Description Expected result
7.3.1 No QSCD at t-o-i, QSCD at t-o-s QESig
7.3.2 QSCD at t-o-i, no QSCD at t-o-s AdESig-QC

4.Before / after eIDAS

ID Description Expected result
7.4.1 Before eIDAS at t-o-i, after eIDAS at t-o-s QESig