XAdES validation - The signer's certificate can not be identified

[footprint-software]

I am trying to validate a XAdES level LTA signature using the XAdES checker. For unknown reasons the validation cannot identify the signer´s certificate.

I have recalculated the SigningCertificateV2 CertDigest value using the Base64 encoded signer certificate from KeyInfo and get the same value. I have also checked that IssuerSerialV2 is correct.

When validating the same signature using https://ec.europa.eu/cefdigital/DSS/webapp-demo/validation the Signer Certificate is found (I get warnings about the cert chain, but that is expected). So the Signature should be valid and intact.

I dont believe this is a bug in the conformance checker, but since the reports does not contain details of why the signer certificate cannot be found, it is rather difficult to find out where my error is.

The documentation refers to a jar with the XAdESConformanceChecker

java –jar XAdESConformanceChecker –in <inputFile> -outFolder <outputFolder> -testSpec
<referenceXAdESSpecification>  

Is it possible to get access to that jar? Or even better the source code?

That would make it a little bit easier for me to debug my error.

I have attached the failing signature

2020-08-20-13-31_signing_testHtmlSigning.html.xml.txt

Thanks in advance

BR

David Taxgaard

[jccruellas]

Dear David,

I have run an execution with the local copy that I have on my machine where I deal with the different reported issues. It is not the same version than the currently deployed on the ETSI Portal. The tool deployed on the portal is updated from time to time, after processing a set of issues reported by users.

I am pleased to let you know that the local version of the tool has successfully identified the signing certificate and proceeded to check your signature without finding any problem.

I attach a zip file containing the folder with the html reporting pages. For looking at them just open the index.html file. DavidTaxgaard_Issue#1.zip

[jccruellas]

If you agree, I can close this issue. Best regards

Juan Carlos.

[footprint-software]

Hi Juan Carlos

Thank you for your reply.

I am glad to hear that my signature is correct.

Can you tell me when you expect the updated version to be deployed to the portal?

It would help us a great deal to get access to the jar mentioned in the documentation or the source code, but I guess it is not open source.

Yes the issue can be closed.

Once again thanks

Best regards

David

[jccruellas]

Hi David,

Thank you for your reply.

My plans are to update the tools during September.

During the last weeks I have been changing a number of libraries the AdESCC tools rely on, which were old, with the latest versions (BouncyCastle, and Apache xml security). Related to this the most relevant pending issue is to replace the currently used version of pdfbox (which is an old version) with the latest one. I have noticed that the apis of this library have changed and this may imply some work, which I will try to complete, as stated above, during September.

As for the source code, you are right... for the moment is not open source....which does not mean that this will not change in the future, after reworking the code itself.

Regards Juan Carlos.

[jccruellas]

One more thing,

After reading your message I understand that you agree with closing the issue. I will proceed.

Juan Carlos.