[DSS-4.6.0] [XAdES-LT] TimeStampValidationData RevocationValues (CRL and OCSP)

10/05/2016

Hi,

while trying to validate XAdES-LT I noticed that XAdESCRLSource does not parse CRL from TSValidationData. The reason is that XPath that is suppose to parse the values is wrong.

 

./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades141:TimeStampValidationData/xades:CRLValues/xades:EncapsulatedCRLValue

 

CRLValues (and OCSPValues as well) are suppose to be subelements of xades:RevocationValues and not directly under xades141:TimeStampValidationData.

 

I also have a side question that concerns XAdES-LT validation and that is validation of whether certificate chain can be built till the trust anchor. If we are validating LT signature and using its CertificateValues then there will be no trusted certificates/anchors. Is there somekind of solution or is it just a point of changing validation policy? Default policy fails if the trusted chain can´t be built and throws NO_CERTIFICATE_CHAIN_FOUND.

 

Component

Code

Category

bug
The content of this field is kept private and will not be shown publicly.