It seems like XAdES Conformance Checker is not able to correctly (?) process validation of xades:DataObjectFormat elements, as it expects to have every data-object ds:Reference to be referenced from xades:DataObjectFormat's, while every xades:DataObjectFormat should correspond to one ds:Reference. See errors below:
Location-{CodeTest}:SignedDataObjectProperties/DataObjectFormat[1]/@ObjectReference-{CheckIfDOFPointsToReferenceToSignedObject}
--
The xades:DataObjectFormat does not point any ds:Reference referencing a signed data object. Value found for attribute ObjectReference: ' #r-manifest-1'
and
Location-{CodeTest}:SignedDataObjectProperties-{CheckIfDOFsPointToAllReferencesToSignedObjects}
--
Errors detected when checking that any xades:DataObjectFormat property incorporated to the signature points to one ds:Reference referencing a signed data object AND that each ds:Reference element referencing a signed data object is pointed by one xades:DataObjectFormat property. Not each ds:Reference referencing a signed data object, is pointed by one xades:DataObjectFormat element. ds:Reference elements not pointed: ds:Signature/ds:SignedInfo/ds:Reference[1] (first in sequence is number 1). Not each xades:DataObjectFormat points to one ds:Reference element referencing a signed data object. xades:DataObjectFormat elements that do not point to one of these ds:Reference elements: ds:Signature/ds:Object[1]/xadesv132:QualifyingProperties[1]/xadesv132:SignedProperties[1]/xadesv132:SignedDataObjectProperties[1]/xadesv132:DataObjectFormat[1]., ds:Signature/ds:Object[1]/xadesv132:QualifyingProperties[1]/xadesv132:SignedProperties[1]/xadesv132:SignedDataObjectProperties[1]/xadesv132:DataObjectFormat[2]., ds:Signature/ds:Object[1]/xadesv132:QualifyingProperties[1]/xadesv132:SignedProperties[1]/xadesv132:SignedDataObjectProperties[1]/xadesv132:DataObjectFormat[3]. First in sequence is number 1. Please check that the ds:Reference pointing to the xadesv132:SignedProperties element does have the Type attribute set to "http://uri.etsi.org/01903#SignedProperties". If not the XAdESCC does not recognize it as the ds:Reference referencing xadesv132:SignedProperties and may be the cause of the error
However, the standard explicitly allows to refer a ds:Reference within a signed ds:Manifest element (see "6.3 Requirements on XAdES signature's elements, qualifying properties and services"):
NOTE 8: On DataObjectFormat. Clause 5.2.4 of the present document establishes that this signed property
"qualifies one specific signed data object". This is done by forcing that ObjectReference attribute
refers to a ds:Reference. However, the aforementioned clause does not mandate this ds:Reference
to be a child of ds:SignedInfo; it actually could be a ds:Reference within a signed ds:Manifest,
as the object referenced in this way is also a signed object.
In the meantime, there is the following statement within "5.2.4 The DataObjectFormat qualifying property" which is not 100% clear, whether the ObjectReference attribute shall refer the ds:Manifest itself, or one of its children (similarly to children of ds:SginedInfo):
The ObjectReference attribute shall reference the ds:Reference child of the ds:SignedInfo or a signed
ds:Manifest element referencing the signed data object qualified by this qualifying property.
Also, it is not clear whether the ds:Reference to the Manifest itself shall be referenced from DataObjectFormat, when all children ds:Reference's of ds:Manifest are already referenced? Which does not make a lot of sense IMO.
Please see a test signature in the attachment and please share your opinion whether you find the signature structure valid.
Hello,
It seems like XAdES Conformance Checker is not able to correctly (?) process validation of xades:DataObjectFormat elements, as it expects to have every data-object ds:Reference to be referenced from xades:DataObjectFormat's, while every xades:DataObjectFormat should correspond to one ds:Reference. See errors below:
and
However, the standard explicitly allows to refer a ds:Reference within a signed ds:Manifest element (see "6.3 Requirements on XAdES signature's elements, qualifying properties and services"):
In the meantime, there is the following statement within "5.2.4 The DataObjectFormat qualifying property" which is not 100% clear, whether the ObjectReference attribute shall refer the ds:Manifest itself, or one of its children (similarly to children of ds:SginedInfo):
Also, it is not clear whether the ds:Reference to the Manifest itself shall be referenced from DataObjectFormat, when all children ds:Reference's of ds:Manifest are already referenced? Which does not make a lot of sense IMO.
Please see a test signature in the attachment and please share your opinion whether you find the signature structure valid.
Best regards, Aleksandr.
manifest-signed-xades-baseline-b.zip