From bc518d4c89588ac6409df3bfc0bc897bcd8f9010 Mon Sep 17 00:00:00 2001 From: Raul Metsma Date: Fri, 19 Jul 2024 11:04:09 +0300 Subject: [PATCH] Use libxml2/xmsec1 for TSL parsing and validation (#604) IB-7947 Signed-off-by: Raul Metsma --- .github/workflows/build.yml | 13 +- CMakeLists.txt | 19 +- debian/control | 2 + .../ts_119612v020101_additionaltypes_xsd.xsd | 43 -- ...119612v020101_additionaltypes_xsd.xsd.orig | 43 -- etc/schema/ts_119612v020101_sie_xsd.xsd | 92 --- etc/schema/ts_119612v020101_sie_xsd.xsd.orig | 92 --- etc/schema/ts_119612v020201_201601xsd.xsd | 457 ------------ .../ts_119612v020201_201601xsd.xsd.orig | 457 ------------ etc/schema/xml.xsd | 117 --- libdigidocpp.wxs | 2 + patches/vcpkg-ports/xmlsec/CMakeLists.txt | 177 +++++ patches/vcpkg-ports/xmlsec/openssl.patch | 11 + .../vcpkg-ports/xmlsec/pkgconfig_fixes.patch | 21 + patches/vcpkg-ports/xmlsec/portfile.cmake | 39 + patches/vcpkg-ports/xmlsec/usage | 17 + patches/vcpkg-ports/xmlsec/vcpkg.json | 23 + .../vcpkg-ports/xmlsec/xmlsec-config.cmake | 10 + prepare_osx_build_environment.sh | 24 +- src/CMakeLists.txt | 42 +- src/Container.cpp | 50 ++ src/XMLDocument.h | 42 +- src/crypto/TSL.cpp | 436 +++++------ src/crypto/TSL.h | 39 +- src/crypto/X509CertStore.cpp | 6 +- src/util/DateTime.cpp | 5 + src/util/DateTime.h | 1 + src/xml/AdditionalInformationType.cpp | 83 --- src/xml/AdditionalInformationType.h | 48 -- src/xml/ExtensionType.cpp | 127 ---- src/xml/ExtensionType.h | 65 -- test/CMakeLists.txt | 14 +- test/data/EE_T-CA-non-qa.xml | 688 ++++++++++++++++++ .../data/EE_T-CA-withdrawn-granted-before.xml | 26 +- test/data/EE_T-CA-withdrawn-granted-later.xml | 26 +- test/data/EE_T-CA-withdrawn.xml | 24 +- vcpkg.json | 4 +- 37 files changed, 1391 insertions(+), 1994 deletions(-) delete mode 100644 etc/schema/ts_119612v020101_additionaltypes_xsd.xsd delete mode 100644 etc/schema/ts_119612v020101_additionaltypes_xsd.xsd.orig delete mode 100644 etc/schema/ts_119612v020101_sie_xsd.xsd delete mode 100644 etc/schema/ts_119612v020101_sie_xsd.xsd.orig delete mode 100644 etc/schema/ts_119612v020201_201601xsd.xsd delete mode 100644 etc/schema/ts_119612v020201_201601xsd.xsd.orig delete mode 100644 etc/schema/xml.xsd create mode 100644 patches/vcpkg-ports/xmlsec/CMakeLists.txt create mode 100644 patches/vcpkg-ports/xmlsec/openssl.patch create mode 100644 patches/vcpkg-ports/xmlsec/pkgconfig_fixes.patch create mode 100644 patches/vcpkg-ports/xmlsec/portfile.cmake create mode 100644 patches/vcpkg-ports/xmlsec/usage create mode 100644 patches/vcpkg-ports/xmlsec/vcpkg.json create mode 100644 patches/vcpkg-ports/xmlsec/xmlsec-config.cmake delete mode 100644 src/xml/AdditionalInformationType.cpp delete mode 100644 src/xml/AdditionalInformationType.h delete mode 100644 src/xml/ExtensionType.cpp delete mode 100644 src/xml/ExtensionType.h create mode 100644 test/data/EE_T-CA-non-qa.xml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e74f3db11..6e9c94ff1 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -5,7 +5,7 @@ permissions: env: BUILD_NUMBER: ${{ github.run_number }} CMAKE_BUILD_PARALLEL_LEVEL: 4 - UBUNTU_DEPS: cmake xsdcxx libxml-security-c-dev libxml2-dev zlib1g-dev + UBUNTU_DEPS: cmake xsdcxx libxml-security-c-dev libxml2-dev libxmlsec1-dev zlib1g-dev jobs: macos: name: Build on macOS for ${{ matrix.target }} @@ -47,6 +47,9 @@ jobs: - name: Build libxml2 if: steps.cache.outputs.cache-hit != 'true' run: ./prepare_osx_build_environment.sh libxml2 ${{ matrix.target }} + - name: Build xmlsec1 + if: steps.cache.outputs.cache-hit != 'true' + run: ./prepare_osx_build_environment.sh xmlasec ${{ matrix.target }} - name: Move to cache if: steps.cache.outputs.cache-hit != 'true' run: | @@ -86,7 +89,7 @@ jobs: - name: Install Deps run: | dnf install -y --setopt=install_weak_deps=False \ - git gcc-c++ cmake rpm-build xml-security-c-devel libxml2-devel zlib-devel doxygen boost-test swig python3-devel java-17-openjdk-devel xsd minizip-devel + git gcc-c++ cmake rpm-build xml-security-c-devel libxml2-devel xmlsec1-openssl-devel libtool-ltdl-devel zlib-devel doxygen boost-test swig python3-devel java-17-openjdk-devel xsd minizip-devel - name: Install CMake if: matrix.container == 39 run: | @@ -113,14 +116,14 @@ jobs: container: ubuntu:${{ matrix.container }} strategy: matrix: - container: ['20.04', '22.04', '23.10', '24.04'] + container: ['20.04', '22.04', '24.04'] env: DEBIAN_FRONTEND: noninteractive DEBFULLNAME: github-actions DEBEMAIL: github-actions@github.com steps: - name: Install dependencies - run: apt update -qq && apt install --no-install-recommends -y git lsb-release build-essential devscripts debhelper ${UBUNTU_DEPS} doxygen swig openjdk-11-jdk-headless libpython3-dev python3-setuptools libboost-test-dev lintian + run: apt update -qq && apt install --no-install-recommends -y git lsb-release build-essential devscripts debhelper lintian pkg-config ${UBUNTU_DEPS} doxygen swig openjdk-11-jdk-headless libpython3-dev python3-setuptools libboost-test-dev - name: Checkout uses: actions/checkout@v4 with: @@ -217,7 +220,7 @@ jobs: cmake -B build -S . cmake --build build --target docs - name: Deploy - uses: peaceiris/actions-gh-pages@v3 + uses: peaceiris/actions-gh-pages@v4 with: github_token: ${{ secrets.GITHUB_TOKEN }} publish_dir: ./build/doc diff --git a/CMakeLists.txt b/CMakeLists.txt index 4164ea2e4..568bf9efc 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -6,8 +6,12 @@ endif() if(POLICY CMP0122) cmake_policy(SET CMP0122 NEW) endif() +if(POLICY CMP0167) + cmake_policy(SET CMP0167 NEW) +endif() project(libdigidocpp VERSION 3.18.0) set(CMAKE_MODULE_PATH ${CMAKE_SOURCE_DIR}/cmake/modules) +list(APPEND CMAKE_PREFIX_PATH ${CMAKE_INSTALL_PREFIX}) include(VersionInfo) include(GNUInstallDirs) @@ -52,9 +56,20 @@ find_package(XmlSecurityC REQUIRED) find_package(XSD 4.0 REQUIRED) find_package(ZLIB REQUIRED) find_package(MiniZip 1 QUIET) -if(UNIX AND NOT APPLE) +add_library(xmlsec INTERFACE) +if(UNIX) find_package(PkgConfig) - pkg_check_modules(MINIZIP minizip IMPORTED_TARGET) + pkg_check_modules(XMLSEC1_OPENSSL xmlsec1-openssl REQUIRED IMPORTED_TARGET) + target_link_libraries(xmlsec INTERFACE PkgConfig::XMLSEC1_OPENSSL) + if(NOT APPLE) + pkg_check_modules(MINIZIP minizip IMPORTED_TARGET) + endif() +else() + find_package(unofficial-xmlsec REQUIRED) + target_link_libraries(xmlsec INTERFACE + unofficial::xmlsec::xmlsec1 + unofficial::xmlsec::xmlsec1-openssl + ) endif() find_package(SWIG) if(SWIG_FOUND) diff --git a/debian/control b/debian/control index f9525a35a..db4a94e21 100644 --- a/debian/control +++ b/debian/control @@ -4,10 +4,12 @@ Priority: optional Maintainer: RIA Build-Depends: debhelper-compat (= 12), + pkg-config, cmake, libxml-security-c-dev, xsdcxx (>= 4.0) | xsd (>= 4.0), libxml2-dev, + libxmlsec1-dev, doxygen, swig, java11-sdk-headless, diff --git a/etc/schema/ts_119612v020101_additionaltypes_xsd.xsd b/etc/schema/ts_119612v020101_additionaltypes_xsd.xsd deleted file mode 100644 index 5df405d70..000000000 --- a/etc/schema/ts_119612v020101_additionaltypes_xsd.xsd +++ /dev/null @@ -1,43 +0,0 @@ - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.3.13 Pointers to other TSLs - -X509CertificateLocation element was specified in TS 102 231 v3.1.2 clause B.4.3 The ServiceDigitalIdentityType. It is now deprecated and is not used - -PublicKeyLocation element was specified in TS 102 231 v3.1.2 clause B.4.3 The ServiceDigitalIdentityType. It is now deprecated and is not used - - Specified in TS 119 612 v2.1.1 clause 5.5.9.2.2.3 OtherCriteria, bullet 1) ExtendedKeyUsage - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.5.9.3 TakenOverBy Extension - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.5.9.2.2.3 OtherCriteria, bullet 2) CertSubjectDNAttribute - - - - - - - diff --git a/etc/schema/ts_119612v020101_additionaltypes_xsd.xsd.orig b/etc/schema/ts_119612v020101_additionaltypes_xsd.xsd.orig deleted file mode 100644 index fb323a033..000000000 --- a/etc/schema/ts_119612v020101_additionaltypes_xsd.xsd.orig +++ /dev/null @@ -1,43 +0,0 @@ - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.3.13 Pointers to other TSLs - -X509CertificateLocation element was specified in TS 102 231 v3.1.2 clause B.4.3 The ServiceDigitalIdentityType. It is now deprecated and is not used - -PublicKeyLocation element was specified in TS 102 231 v3.1.2 clause B.4.3 The ServiceDigitalIdentityType. It is now deprecated and is not used - - Specified in TS 119 612 v2.1.1 clause 5.5.9.2.2.3 OtherCriteria, bullet 1) ExtendedKeyUsage - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.5.9.3 TakenOverBy Extension - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.5.9.2.2.3 OtherCriteria, bullet 2) CertSubjectDNAttribute - - - - - - - diff --git a/etc/schema/ts_119612v020101_sie_xsd.xsd b/etc/schema/ts_119612v020101_sie_xsd.xsd deleted file mode 100644 index 440b006c6..000000000 --- a/etc/schema/ts_119612v020101_sie_xsd.xsd +++ /dev/null @@ -1,92 +0,0 @@ - - - - - Specified in TS 119 612 v2.1.1 clause 5.5.9.2 Qualifications Extension - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.5.9.2.1 QualificationElement - - - - - - - - - - Please first try to use the CriteriaList before doing the OtherCriteria extension point. - - Specified in TS 119 612 v2.1.1 clause 5.5.9.2.2 CriteriaList - - - - - - - - - - - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.5.9.2.3 Qualifier - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.5.9.2.2.2 PolicySet - - - - - - Specified in TS 119 612 v2.1.1 clause 5.5.9.2.2.1 KeyUsage - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/etc/schema/ts_119612v020101_sie_xsd.xsd.orig b/etc/schema/ts_119612v020101_sie_xsd.xsd.orig deleted file mode 100644 index 2c06e3916..000000000 --- a/etc/schema/ts_119612v020101_sie_xsd.xsd.orig +++ /dev/null @@ -1,92 +0,0 @@ - - - - - Specified in TS 119 612 v2.1.1 clause 5.5.9.2 Qualifications Extension - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.5.9.2.1 QualificationElement - - - - - - - - - - Please first try to use the CriteriaList before doing the OtherCriteria extension point. - - Specified in TS 119 612 v2.1.1 clause 5.5.9.2.2 CriteriaList - - - - - - - - - - - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.5.9.2.3 Qualifier - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.5.9.2.2.2 PolicySet - - - - - - Specified in TS 119 612 v2.1.1 clause 5.5.9.2.2.1 KeyUsage - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/etc/schema/ts_119612v020201_201601xsd.xsd b/etc/schema/ts_119612v020201_201601xsd.xsd deleted file mode 100644 index ca8192b33..000000000 --- a/etc/schema/ts_119612v020201_201601xsd.xsd +++ /dev/null @@ -1,457 +0,0 @@ - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.1.4 Language support - - - - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.1.4 Language support - - - - - - - - - - - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.3.5 Scheme operator address - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.3.5.1 Scheme operator postal address - - - - - - - - - - - - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.3.5.2 Scheme operator electronic address - - - - - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.3.17 Scheme extensions - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.1.4 Language support - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.3.18 Trust Service Provider List - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.3 Scheme information - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.3.3 TSL type - - Specified in TS 119 612 v2.1.1 clause 5.3.4 Scheme operator name - - Specified in TS 119 612 v2.1.1 clause 5.3.6 Scheme name - - Specified in TS 119 612 v2.1.1 clause 5.3.7 Scheme information URI - - - - Specified in TS 119 612 v2.1.1 clause 5.3.9 Scheme type/community/rules - - - - - Specified in TS 119 612 v2.1.1 clause 5.3.10 Scheme territory - - - Specified in TS 119 612 v2.1.1 clause 5.3.11 TSL policy/legal notice - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.3.15 Next update - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.3.13 Pointers to other TSLs - - - - - - - - - - - - - - - - - - pecified in TS 119 612 v2.1.1 clause 5.3.13 Pointers to other TSLs item b) from Format - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.3.13 Pointers to other TSLs item c) from Format - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.3.16 Distribution points - - - Specified in TS 119 612 v2.1.1 clause 5.3.18 Trust Service Provider List - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.4 TSP information - - - - - - - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.4.6 TSP Services (list of services) - - - - - - - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.5 Service information - - - - - - - - - - - - - - - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.5.4 Service current status - - - - - Specified in TS 119 612 v2.1.1 clause 5.5.7 Service supply points - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.5.1 Service type identifier - - - Specified in TS 119 612 v2.1.1 clause 5.5.3 Service digital identity - - - - - - - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.5.10 Service history - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.6 Service history instance - - - - - - - - - - - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.5.9.4 expiredCertsRevocationInfo Extension - - - Specified in TS 119 612 v2.1.1 clause 5.5.9.1 additionalServiceInformation Extension - - - - - - - - - diff --git a/etc/schema/ts_119612v020201_201601xsd.xsd.orig b/etc/schema/ts_119612v020201_201601xsd.xsd.orig deleted file mode 100644 index bd26829c7..000000000 --- a/etc/schema/ts_119612v020201_201601xsd.xsd.orig +++ /dev/null @@ -1,457 +0,0 @@ - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.1.4 Language support - - - - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.1.4 Language support - - - - - - - - - - - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.3.5 Scheme operator address - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.3.5.1 Scheme operator postal address - - - - - - - - - - - - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.3.5.2 Scheme operator electronic address - - - - - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.3.17 Scheme extensions - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.1.4 Language support - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.3.18 Trust Service Provider List - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.3 Scheme information - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.3.3 TSL type - - Specified in TS 119 612 v2.1.1 clause 5.3.4 Scheme operator name - - Specified in TS 119 612 v2.1.1 clause 5.3.6 Scheme name - - Specified in TS 119 612 v2.1.1 clause 5.3.7 Scheme information URI - - - - Specified in TS 119 612 v2.1.1 clause 5.3.9 Scheme type/community/rules - - - - - Specified in TS 119 612 v2.1.1 clause 5.3.10 Scheme territory - - - Specified in TS 119 612 v2.1.1 clause 5.3.11 TSL policy/legal notice - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.3.15 Next update - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.3.13 Pointers to other TSLs - - - - - - - - - - - - - - - - - - pecified in TS 119 612 v2.1.1 clause 5.3.13 Pointers to other TSLs item b) from Format - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.3.13 Pointers to other TSLs item c) from Format - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.3.16 Distribution points - - - Specified in TS 119 612 v2.1.1 clause 5.3.18 Trust Service Provider List - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.4 TSP information - - - - - - - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.4.6 TSP Services (list of services) - - - - - - - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.5 Service information - - - - - - - - - - - - - - - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.5.4 Service current status - - - - - Specified in TS 119 612 v2.1.1 clause 5.5.7 Service supply points - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.5.1 Service type identifier - - - Specified in TS 119 612 v2.1.1 clause 5.5.3 Service digital identity - - - - - - - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.5.10 Service history - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.6 Service history instance - - - - - - - - - - - - - - - - - - - - - Specified in TS 119 612 v2.1.1 clause 5.5.9.4 expiredCertsRevocationInfo Extension - - - Specified in TS 119 612 v2.1.1 clause 5.5.9.1 additionalServiceInformation Extension - - - - - - - - - diff --git a/etc/schema/xml.xsd b/etc/schema/xml.xsd deleted file mode 100644 index 3f4e85417..000000000 --- a/etc/schema/xml.xsd +++ /dev/null @@ -1,117 +0,0 @@ - - - - - - - See http://www.w3.org/XML/1998/namespace.html and - http://www.w3.org/TR/REC-xml for information about this namespace. - - This schema document describes the XML namespace, in a form - suitable for import by other schema documents. - - Note that local names in this namespace are intended to be defined - only by the World Wide Web Consortium or its subgroups. The - following names are currently defined in this namespace and should - not be used with conflicting semantics by any Working Group, - specification, or document instance: - - base (as an attribute name): denotes an attribute whose value - provides a URI to be used as the base for interpreting any - relative URIs in the scope of the element on which it - appears; its value is inherited. This name is reserved - by virtue of its definition in the XML Base specification. - - lang (as an attribute name): denotes an attribute whose value - is a language code for the natural language of the content of - any element; its value is inherited. This name is reserved - by virtue of its definition in the XML specification. - - space (as an attribute name): denotes an attribute whose - value is a keyword indicating what whitespace processing - discipline is intended for the content of the element; its - value is inherited. This name is reserved by virtue of its - definition in the XML specification. - - Father (in any context at all): denotes Jon Bosak, the chair of - the original XML Working Group. This name is reserved by - the following decision of the W3C XML Plenary and - XML Coordination groups: - - In appreciation for his vision, leadership and dedication - the W3C XML Plenary on this 10th day of February, 2000 - reserves for Jon Bosak in perpetuity the XML name - xml:Father - - - - - This schema defines attributes and an attribute group - suitable for use by - schemas wishing to allow xml:base, xml:lang or xml:space attributes - on elements they define. - - To enable this, such a schema must import this schema - for the XML namespace, e.g. as follows: - <schema . . .> - . . . - <import namespace="http://www.w3.org/XML/1998/namespace" - schemaLocation="http://www.w3.org/2001/03/xml.xsd"/> - - Subsequently, qualified reference to any of the attributes - or the group defined below will have the desired effect, e.g. - - <type . . .> - . . . - <attributeGroup ref="xml:specialAttrs"/> - - will define a type which will schema-validate an instance - element with any of those attributes - - - - In keeping with the XML Schema WG's standard versioning - policy, this schema document will persist at - http://www.w3.org/2001/03/xml.xsd. - At the date of issue it can also be found at - http://www.w3.org/2001/xml.xsd. - The schema document at that URI may however change in the future, - in order to remain compatible with the latest version of XML Schema - itself. In other words, if the XML Schema namespace changes, the version - of this document at - http://www.w3.org/2001/xml.xsd will change - accordingly; the version at - http://www.w3.org/2001/03/xml.xsd will not change. - - - - - - In due course, we should install the relevant ISO 2- and 3-letter - codes as the enumerated possible values . . . - - - - - - - - - - - - - - - See http://www.w3.org/TR/xmlbase/ for - information about this attribute. - - - - - - - - - - diff --git a/libdigidocpp.wxs b/libdigidocpp.wxs index 748d0f79a..7d3b605ca 100644 --- a/libdigidocpp.wxs +++ b/libdigidocpp.wxs @@ -55,6 +55,8 @@ + + diff --git a/patches/vcpkg-ports/xmlsec/CMakeLists.txt b/patches/vcpkg-ports/xmlsec/CMakeLists.txt new file mode 100644 index 000000000..dc2e42186 --- /dev/null +++ b/patches/vcpkg-ports/xmlsec/CMakeLists.txt @@ -0,0 +1,177 @@ +cmake_minimum_required (VERSION 3.8) +project (xmlsec1 C) + +option(INSTALL_HEADERS_TOOLS "Install public header files and tools" ON) + +find_package(LibXml2 REQUIRED) +find_package(OpenSSL REQUIRED) +#find_package(Iconv REQUIRED) + +FILE(GLOB SOURCESXMLSEC + src/*.c +) + +FILE(GLOB SOURCESXMLSECOPENSSL + src/openssl/*.c + src/strings.c +) + +# Generate xmlexports with fixed definition of XMLSEC_STATIC +file(READ include/xmlsec/exports.h EXPORTS_H) +if(BUILD_SHARED_LIBS) + string(REPLACE "!defined(XMLSEC_STATIC)" "1" EXPORTS_H "${EXPORTS_H}") +else() + string(REPLACE "!defined(XMLSEC_STATIC)" "0" EXPORTS_H "${EXPORTS_H}") +endif() +file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/exports.h "${EXPORTS_H}") + +message(STATUS "Reading version info from configure.ac") + +file(STRINGS "configure.ac" + _xmlsec_version_defines REGEX "XMLSEC_VERSION_(MAJOR|MINOR|SUBMINOR)=([0-9]+)$") + +foreach(ver ${_xmlsec_version_defines}) + if(ver MATCHES "XMLSEC_VERSION_(MAJOR|MINOR|SUBMINOR)=([0-9]+)$") + set(XMLSEC_VERSION_${CMAKE_MATCH_1} "${CMAKE_MATCH_2}" CACHE INTERNAL "") + endif() +endforeach() + +set(XMLSEC_VERSION ${XMLSEC_VERSION_MAJOR}.${XMLSEC_VERSION_MINOR}.${XMLSEC_VERSION_SUBMINOR}) +math(EXPR XMLSEC_VERSION_INFO_NUMBER + "${XMLSEC_VERSION_MAJOR} + ${XMLSEC_VERSION_MINOR}") +set(XMLSEC_VERSION_INFO ${XMLSEC_VERSION_INFO_NUMBER}:${XMLSEC_VERSION_SUBMINOR}:${XMLSEC_VERSION_MINOR}) + +message(STATUS "XMLSEC_VERSION: ${XMLSEC_VERSION}") +message(STATUS "XMLSEC_VERSION_MAJOR: ${XMLSEC_VERSION_MAJOR}") +message(STATUS "XMLSEC_VERSION_MINOR: ${XMLSEC_VERSION_MINOR}") +message(STATUS "XMLSEC_VERSION_SUBMINOR: ${XMLSEC_VERSION_SUBMINOR}") +message(STATUS "XMLSEC_VERSION_INFO: ${XMLSEC_VERSION_INFO}") + +message(STATUS "Generating version.h") + +configure_file(include/xmlsec/version.h.in include/xmlsec/version.h) + +if(MSVC) + add_compile_options(/wd4130 /wd4127 /wd4152) +endif() + +set(CMAKE_SHARED_LIBRARY_PREFIX "lib") +set(CMAKE_STATIC_LIBRARY_PREFIX "lib") + +add_library(xmlsec1 ${SOURCESXMLSEC}) +add_library(xmlsec1-openssl ${SOURCESXMLSECOPENSSL}) + +include_directories(${CMAKE_CURRENT_BINARY_DIR}/include include) + +target_link_libraries(xmlsec1 PRIVATE + LibXml2::LibXml2 OpenSSL::Crypto +) +target_link_libraries(xmlsec1-openssl PRIVATE + LibXml2::LibXml2 OpenSSL::Crypto xmlsec1 +) + +add_compile_definitions(inline=__inline) +add_compile_definitions(PACKAGE="xmlsec1") +add_compile_definitions(HAVE_STDIO_H) +add_compile_definitions(HAVE_STDLIB_H) +add_compile_definitions(HAVE_STRING_H) +add_compile_definitions(HAVE_CTYPE_H) +add_compile_definitions(HAVE_MALLOC_H) +add_compile_definitions(HAVE_MEMORY_H) +add_compile_definitions(XMLSEC_DEFAULT_CRYPTO="openssl") +add_compile_definitions(XMLSEC_NO_GOST) +add_compile_definitions(XMLSEC_NO_GOST2012) +add_compile_definitions(UNICODE) +add_compile_definitions(_UNICODE) +add_compile_definitions(_MBCS) +add_compile_definitions(_REENTRANT) + +set_target_properties(xmlsec1 xmlsec1-openssl PROPERTIES VERSION ${XMLSEC_VERSION_MAJOR}.${XMLSEC_VERSION_MINOR}) + +if(NOT BUILD_SHARED_LIBS) + set(XMLSEC_CORE_CFLAGS "-DLIBXML_STATIC -DLIBXSLT_STATIC -DXMLSEC_STATIC -DXMLSEC_NO_CRYPTO_DYNAMIC_LOADING") + set(XMLSEC_OPENSSL_CFLAGS ${XMLSEC_CORE_CFLAGS}) +else() + set(XMLSEC_CORE_CFLAGS "-DXMLSEC_DL_WIN32") + set(XMLSEC_OPENSSL_CFLAGS ${XMLSEC_CORE_CFLAGS}) +endif() + +target_compile_definitions(xmlsec1 + PRIVATE ${XMLSEC_CORE_CFLAGS} + PUBLIC XMLSEC_NO_XSLT XMLSEC_CRYPTO_OPENSSL +) +target_compile_definitions(xmlsec1-openssl PRIVATE ${XMLSEC_OPENSSL_CFLAGS}) + +install(TARGETS xmlsec1 xmlsec1-openssl + EXPORT xmlsecExport + RUNTIME DESTINATION bin + LIBRARY DESTINATION lib + ARCHIVE DESTINATION lib +) + +install(EXPORT xmlsecExport + FILE unofficial-xmlsec-config.cmake + NAMESPACE unofficial::xmlsec:: + DESTINATION share/unofficial-xmlsec +) + +if(INSTALL_HEADERS_TOOLS) + file(GLOB PUBLIC_HEADERS + include/xmlsec/*.h + include/xmlsec/openssl/*.h) + list(FILTER PUBLIC_HEADERS EXCLUDE REGEX "exports\\.h$") + + foreach(file IN LISTS PUBLIC_HEADERS) + get_filename_component(dir ${file} DIRECTORY) + file(RELATIVE_PATH rel_dir ${CMAKE_SOURCE_DIR}/xmlsec/${LIB} ${dir}) + install(FILES ${file} DESTINATION "include/${rel_dir}") + endforeach() + + install(FILES ${CMAKE_CURRENT_BINARY_DIR}/include/xmlsec/version.h DESTINATION "include/xmlsec") + install(FILES ${CMAKE_CURRENT_BINARY_DIR}/exports.h DESTINATION "include/xmlsec") + + # xmlsec application + add_executable(xmlsec + apps/crypto.c + apps/cmdline.c + apps/xmlsec.c) + + if(CMAKE_SYSTEM_NAME STREQUAL "Windows" OR CMAKE_SYSTEM_NAME STREQUAL "WindowsStore") + target_link_libraries(xmlsec PRIVATE crypt32.lib) + endif() + + target_link_libraries(xmlsec PRIVATE + ${LIBXML2_LIBRARIES} OpenSSL::SSL xmlsec1 xmlsec1-openssl + ) + #if(NOT Iconv_IS_BUILT_IN) + # target_link_libraries(xmlsec PRIVATE Iconv::Iconv) + #endif() + + if(BUILD_SHARED_LIBS) + target_compile_definitions(xmlsec PRIVATE -DXMLSEC_CRYPTO_DYNAMIC_LOADING) + else() + find_package(Threads REQUIRED) + target_compile_definitions(xmlsec PRIVATE -DLIBXML_STATIC -DLIBXSLT_STATIC -DXMLSEC_STATIC) + target_link_libraries(xmlsec PUBLIC Threads::Threads) + endif() + install(TARGETS xmlsec DESTINATION tools/xmlsec) +endif() + +message(STATUS "Generating pkgconfig files") + +set(prefix ${CMAKE_INSTALL_PREFIX}) +set(exec_prefix ${prefix}) +set(libdir ${prefix}/${CMAKE_INSTALL_LIBDIR}) +set(includedir ${prefix}/${CMAKE_INSTALL_INCLUDEDIR}) +set(VERSION ${XMLSEC_VERSION}) +set(LIBXML_MIN_VERSION ${LIBXML2_VERSION_STRING}) +set(OPENSSL_LIBS "-lssl -lcrypto") +set(XMLSEC_CORE_CFLAGS "${XMLSEC_CORE_CFLAGS} -DXMLSEC_DL_LIBLTDL=1 -I\${includedir}/xmlsec1 -DXMLSEC_CRYPTO_OPENSSL=1") +set(XMLSEC_CORE_LIBS "-lxmlsec1 -lltdl") +set(XMLSEC_OPENSSL_CFLAGS "${XMLSEC_OPENSSL_CFLAGS} -I\${includedir}/xmlsec1") +set(XMLSEC_OPENSSL_LIBS "-L\${libdir} -lxmlsec1-openssl ${XMLSEC_CORE_LIBS} ${OPENSSL_LIBS}") + +configure_file(${PROJECT_SOURCE_DIR}/xmlsec.pc.in ${PROJECT_BINARY_DIR}/xmlsec1.pc @ONLY) +configure_file(${PROJECT_SOURCE_DIR}/xmlsec-openssl.pc.in ${PROJECT_BINARY_DIR}/xmlsec1-openssl.pc @ONLY) +install(FILES ${PROJECT_BINARY_DIR}/xmlsec1.pc DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig/) +install(FILES ${PROJECT_BINARY_DIR}/xmlsec1-openssl.pc DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig/) diff --git a/patches/vcpkg-ports/xmlsec/openssl.patch b/patches/vcpkg-ports/xmlsec/openssl.patch new file mode 100644 index 000000000..fafbd6041 --- /dev/null +++ b/patches/vcpkg-ports/xmlsec/openssl.patch @@ -0,0 +1,11 @@ +diff -U3 -r xmlsec1-1.3.4.orig/src/openssl/x509.c xmlsec1-1.3.4/src/openssl/x509.c +--- xmlsec1-1.3.4.orig/src/openssl/x509.c 2024-04-09 17:46:44 ++++ xmlsec1-1.3.4/src/openssl/x509.c 2024-07-05 10:09:02 +@@ -44,6 +44,7 @@ + #include + + /* Windows overwrites X509_NAME and other things that break openssl */ ++#undef X509_NAME + #include + #include + #include diff --git a/patches/vcpkg-ports/xmlsec/pkgconfig_fixes.patch b/patches/vcpkg-ports/xmlsec/pkgconfig_fixes.patch new file mode 100644 index 000000000..6e5196f59 --- /dev/null +++ b/patches/vcpkg-ports/xmlsec/pkgconfig_fixes.patch @@ -0,0 +1,21 @@ +diff --git a/xmlsec-openssl.pc.in b/xmlsec-openssl.pc.in +index af3ae29..40635cf 100644 +--- a/xmlsec-openssl.pc.in ++++ b/xmlsec-openssl.pc.in +@@ -8,5 +8,4 @@ Version: @VERSION@ + Description: XML Security Library implements XML Signature and XML Encryption standards + Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ @LIBXSLT_PC_FILE_COND@ + Cflags: @XMLSEC_OPENSSL_CFLAGS@ +-Cflags.private: -DXMLSEC_STATIC + Libs: @XMLSEC_OPENSSL_LIBS@ +diff --git a/xmlsec.pc.in b/xmlsec.pc.in +index 2d5a3ad..0f72d68 100644 +--- a/xmlsec.pc.in ++++ b/xmlsec.pc.in +@@ -7,5 +7,5 @@ Name: xmlsec1 + Version: @VERSION@ + Description: XML Security Library implements XML Signature and XML Encryption standards + Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ @LIBXSLT_PC_FILE_COND@ +-Cflags: -DXMLSEC_CRYPTO_DYNAMIC_LOADING=1 @XMLSEC_CORE_CFLAGS@ ++Cflags: @XMLSEC_CORE_CFLAGS@ + Libs: -L${libdir} @XMLSEC_CORE_LIBS@ diff --git a/patches/vcpkg-ports/xmlsec/portfile.cmake b/patches/vcpkg-ports/xmlsec/portfile.cmake new file mode 100644 index 000000000..095dcb894 --- /dev/null +++ b/patches/vcpkg-ports/xmlsec/portfile.cmake @@ -0,0 +1,39 @@ +vcpkg_minimum_required(VERSION 2022-10-12) # for ${VERSION} + +string(REPLACE "." "_" release_tag "xmlsec_${VERSION}") +vcpkg_from_github( + OUT_SOURCE_PATH SOURCE_PATH + REPO lsh123/xmlsec + REF "${release_tag}" + SHA512 f75c84e991ab6aaaa910475c1d90c8cd460c48d3753902eb347005ca5679d75ba2b6a67cd2b6953bfe318e645eaf81b56be9c7e5530b4a2e2de0cefba5cefe85 + HEAD_REF master + PATCHES + pkgconfig_fixes.patch + openssl.patch +) + +file(COPY "${CMAKE_CURRENT_LIST_DIR}/CMakeLists.txt" DESTINATION "${SOURCE_PATH}") + +vcpkg_cmake_configure( + SOURCE_PATH "${SOURCE_PATH}" + OPTIONS_DEBUG -DINSTALL_HEADERS_TOOLS=OFF +) + +vcpkg_cmake_install() +vcpkg_cmake_config_fixup(PACKAGE_NAME unofficial-xmlsec) +vcpkg_fixup_pkgconfig() +vcpkg_copy_pdbs() + +if(VCPKG_LIBRARY_LINKAGE STREQUAL dynamic) + vcpkg_replace_string( + "${CURRENT_PACKAGES_DIR}/include/xmlsec/xmlsec.h" + "ifdef XMLSEC_NO_SIZE_T" + "if 1 //ifdef XMLSEC_NO_SIZE_T" + ) +endif() + +# unofficial legacy usage +file(INSTALL "${CMAKE_CURRENT_LIST_DIR}/xmlsec-config.cmake" DESTINATION "${CURRENT_PACKAGES_DIR}/share/${PORT}") + +file(INSTALL "${CMAKE_CURRENT_LIST_DIR}/usage" DESTINATION "${CURRENT_PACKAGES_DIR}/share/${PORT}") +file(INSTALL "${SOURCE_PATH}/Copyright" DESTINATION "${CURRENT_PACKAGES_DIR}/share/${PORT}" RENAME copyright) diff --git a/patches/vcpkg-ports/xmlsec/usage b/patches/vcpkg-ports/xmlsec/usage new file mode 100644 index 000000000..2192f4ae7 --- /dev/null +++ b/patches/vcpkg-ports/xmlsec/usage @@ -0,0 +1,17 @@ +xmlsec can be imported via CMake FindPkgConfig module: + + find_package(PkgConfig) + # For dynamic loading of xmlsec crypto library + pkg_check_modules(XMLSEC1 REQUIRED IMPORTED_TARGET xmlsec1) + target_link_libraries(main PRIVATE PkgConfig::XMLSEC1) + # For selecting the openssl crypto engine at link time + pkg_check_modules(XMLSEC1_OPENSSL REQUIRED IMPORTED_TARGET xmlsec1-openssl) + target_link_libraries(main PRIVATE PkgConfig::XMLSEC1_OPENSSL) + +vcpkg provides proprietary CMake targets: + + find_package(unofficial-xmlsec CONFIG REQUIRED) + # For dynamic loading of xmlsec crypto library + target_link_libraries(main PRIVATE unofficial::xmlsec::xmlsec1) + # For selecting the openssl crypto engine at link time + target_link_libraries(main PRIVATE unofficial::xmlsec::xmlsec1-openssl) diff --git a/patches/vcpkg-ports/xmlsec/vcpkg.json b/patches/vcpkg-ports/xmlsec/vcpkg.json new file mode 100644 index 000000000..fdf93d613 --- /dev/null +++ b/patches/vcpkg-ports/xmlsec/vcpkg.json @@ -0,0 +1,23 @@ +{ + "name": "xmlsec", + "version": "1.3.4", + "description": "XML Security Library is a C library based on LibXML2. The library supports major XML security standards.", + "homepage": "https://www.aleksey.com/xmlsec/", + "license": "X11 AND MPL-1.1", + "supports": "!xbox & !uwp", + "dependencies": [ + { + "name": "libxml2", + "default-features": false + }, + "openssl", + { + "name": "vcpkg-cmake", + "host": true + }, + { + "name": "vcpkg-cmake-config", + "host": true + } + ] +} diff --git a/patches/vcpkg-ports/xmlsec/xmlsec-config.cmake b/patches/vcpkg-ports/xmlsec/xmlsec-config.cmake new file mode 100644 index 000000000..5c8b6f34b --- /dev/null +++ b/patches/vcpkg-ports/xmlsec/xmlsec-config.cmake @@ -0,0 +1,10 @@ +file(READ "${CMAKE_CURRENT_LIST_DIR}/usage" usage) +message(WARNING "find_package(xmlsec) is deprecated.\n${usage}") +include(CMakeFindDependencyMacro) +find_dependency(unofficial-xmlsec CONFIG REQUIRED) +if(NOT TARGET xmlsec1) + add_library(xmlsec1 ALIAS unofficial::xmlsec::xmlsec1) +endif() +if(NOT TARGET xmlsec1-openssl) + add_library(xmlsec1-openssl ALIAS unofficial::xmlsec::xmlsec1-openssl) +endif() diff --git a/prepare_osx_build_environment.sh b/prepare_osx_build_environment.sh index 813c15c6c..98765a52a 100755 --- a/prepare_osx_build_environment.sh +++ b/prepare_osx_build_environment.sh @@ -6,7 +6,8 @@ XALAN_DIR=xalan_c-1.12 XMLSEC_DIR=xml-security-c-2.0.4 XSD=xsd-4.0.0-i686-macosx OPENSSL_DIR=openssl-3.0.14 -LIBXML2_DIR=libxml2-2.12.5 +LIBXML2_DIR=libxml2-2.12.8 +XMLSEC1_DIR=xmlsec1-1.3.4 ANDROID_NDK=android-ndk-r26d FREETYPE_DIR=freetype-2.10.1 FONTCONFIG_DIR=fontconfig-2.13.1 @@ -247,6 +248,25 @@ function libxml2 { cd - } +function xmlsec { + echo Building ${XMLSEC1_DIR} + if [ ! -f ${XMLSEC1_DIR}.tar.gz ]; then + curl -O -L http://www.aleksey.com/xmlsec/download/${XMLSEC1_DIR}.tar.gz + fi + rm -rf ${XMLSEC1_DIR} + tar xf ${XMLSEC1_DIR}.tar.gz + cd ${XMLSEC1_DIR} + case "${ARGS}" in + *android*) CONF_EXTRA="--without-libxslt --with-libxml=${TARGET_PATH}" ;; + *ios*) CONF_EXTRA="--without-libxslt" ;; + *) ;; + esac + ./configure --prefix=${TARGET_PATH} ${CONFIGURE} ${CONF_EXTRA} --disable-crypto-dl --without-gnutls --disable-apps --with-openssl=${TARGET_PATH} + make -s + sudo make install + cd - +} + function xsd { echo Building ${XSD} #if [ ! -f ${XSD}.tar.bz2 ]; then @@ -419,6 +439,7 @@ case "$@" in *xalan*) xalan ;; *xmlsec*) xml_security ;; *libxml2*) libxml2 ;; +*xmlasec*) xmlsec ;; *xsd*) xsd ;; *openssl*) openssl ;; *freetype*) freetype ;; @@ -430,6 +451,7 @@ case "$@" in xalan xml_security libxml2 + xmlsec ;; *) echo "Usage:" diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 3f8bacaa9..0f654891e 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -42,28 +42,6 @@ XSD_SCHEMA( xsd_SRCS XML_HEADER ${XML_DIR} ${SCHEMA_DIR}/OpenDocument_dsig.xsd --root-element document-signatures --namespace-map urn:oasis:names:tc:opendocument:xmlns:digitalsignature:1.0=digidoc::asic --namespace-map http://www.w3.org/2000/09/xmldsig\#=digidoc::dsig) -XSD_SCHEMA( xsd_SRCS XML_HEADER ${XML_DIR} ${SCHEMA_DIR}/xml.xsd - --root-element-none ) -XSD_SCHEMA( xsd_SRCS XML_HEADER ${XML_DIR} ${SCHEMA_DIR}/ts_119612v020201_201601xsd.xsd - --root-element TrustServiceStatusList - --namespace-map http://uri.etsi.org/02231/v2\#=digidoc::tsl - --namespace-map http://www.w3.org/2000/09/xmldsig\#=digidoc::dsig - --custom-type AdditionalInformationType=/AdditionalInformationTypeBase - --custom-type ExtensionType=/ExtensionTypeBase - --hxx-epilogue \"\#include \" - --hxx-epilogue \"\#include \" ) -XSD_SCHEMA( xsd_SRCS XML_HEADER ${XML_DIR} ${SCHEMA_DIR}/ts_119612v020101_additionaltypes_xsd.xsd - --root-element-none - --namespace-map http://uri.etsi.org/02231/v2\#=digidoc::tsl - --namespace-map http://uri.etsi.org/02231/v2/additionaltypes\#=digidoc::tsl - --namespace-map http://uri.etsi.org/01903/v1.3.2\#=digidoc::xades ) -XSD_SCHEMA( xsd_SRCS XML_HEADER ${XML_DIR} ${SCHEMA_DIR}/ts_119612v020101_sie_xsd.xsd - --root-element-none - --accessor-regex /assert/assert_/ - --modifier-regex /assert/assert_/ - --namespace-map http://uri.etsi.org/02231/v2\#=digidoc::tsl - --namespace-map http://uri.etsi.org/TrstSvc/SvcInfoExt/eSigDir-1999-93-EC-TrustedList/\#=digidoc::tsl - --namespace-map http://uri.etsi.org/01903/v1.3.2\#=digidoc::xades ) file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/tslcerts.h "namespace digidoc {\nstatic const std::vector tslcerts {\n") @@ -82,10 +60,6 @@ set( SCHEMA_FILES ${SCHEMA_DIR}/XAdES01903v132-201601-relaxed.xsd ${SCHEMA_DIR}/XAdES01903v141-201601.xsd ${SCHEMA_DIR}/en_31916201v010101.xsd - ${SCHEMA_DIR}/xml.xsd - ${SCHEMA_DIR}/ts_119612v020201_201601xsd.xsd - ${SCHEMA_DIR}/ts_119612v020101_additionaltypes_xsd.xsd - ${SCHEMA_DIR}/ts_119612v020101_sie_xsd.xsd ${SCHEMA_DIR}/OpenDocument_dsig.xsd ) set( PUBLIC_HEADER @@ -121,9 +95,7 @@ add_library(digidocpp_priv STATIC crypto/TSL.cpp crypto/X509Crypto.cpp util/DateTime.cpp - xml/AdditionalInformationType.cpp xml/AnyType.cpp - xml/ExtensionType.cpp xml/ObjectType.cpp xml/SecureDOMParser.cpp xml/UnsignedSignaturePropertiesType.cpp @@ -152,6 +124,7 @@ target_link_libraries(digidocpp_priv XmlSecurityC::XmlSecurityC ZLIB::ZLIB LibXml2::LibXml2 + xmlsec $<$:Ws2_32> ) @@ -334,7 +307,8 @@ if( FRAMEWORK ) add_custom_target( embedlibs DEPENDS digidocpp $ COMMAND mkdir -p $/Libraries COMMAND ln -s -f Versions/Current/Libraries $ - COMMAND cp ${XmlSecurityC_LIBRARIES} $/Libraries + COMMAND cp ${XmlSecurityC_LIBRARIES} ${XMLSEC1_OPENSSL_LINK_LIBRARIES} $/Libraries + COMMAND rm $/Libraries/*.tbd COMMAND chmod 644 $/Libraries/* COMMAND install_name_tool -id 'libcrypto.dylib' $/Libraries/libcrypto.dylib @@ -357,12 +331,20 @@ if( FRAMEWORK ) -change '${LIBPATH}/libxalan-c.112.dylib' '@loader_path/libxalan-c.dylib' -change '${LIBPATH}/libxalanMsg.112.dylib' '@loader_path/libxalanMsg.dylib' $/Libraries/libxml-security-c.dylib + COMMAND install_name_tool -id 'libxmlsec1.1.dylib' + $/Libraries/libxmlsec1.dylib + COMMAND install_name_tool -id 'libxmlsec1-openssl.dylib' + -change '${LIBPATH}/libcrypto.3.dylib' '@loader_path/libcrypto.dylib' + -change '${LIBPATH}/libxmlsec1.1.dylib' '@loader_path/libxmlsec1.dylib' + $/Libraries/libxmlsec1-openssl.dylib COMMAND install_name_tool -change '${LIBPATH}/libcrypto.3.dylib' '@loader_path/Libraries/libcrypto.dylib' -change '${LIBPATH}/libssl.3.dylib' '@loader_path/Libraries/libssl.dylib' -change '${LIBPATH}/libxerces-c-3.2.dylib' '@loader_path/Libraries/libxerces-c.dylib' -change '${LIBPATH}/libxml-security-c.20.dylib' '@loader_path/Libraries/libxml-security-c.dylib' -change '${LIBPATH}/libxalan-c.112.dylib' '@loader_path/Libraries/libxalan-c.dylib' + -change '${LIBPATH}/libxmlsec1.1.dylib' '@loader_path/Libraries/libxmlsec1.dylib' + -change '${LIBPATH}/libxmlsec1-openssl.1.dylib' '@loader_path/Libraries/libxmlsec1-openssl.dylib' $ ) if(BUILD_TOOLS) @@ -375,6 +357,8 @@ if( FRAMEWORK ) -change '${LIBPATH}/libxerces-c-3.2.dylib' '@executable_path/../Libraries/libxerces-c.dylib' -change '${LIBPATH}/libxml-security-c.20.dylib' '@executable_path/../Libraries/libxml-security-c.dylib' -change '${LIBPATH}/libxalan-c.112.dylib' '@executable_path/../Libraries/libxalan-c.dylib' + -change '${LIBPATH}/libxmlsec1.1.dylib' '@executable_path/../Libraries/libxmlsec1.dylib' + -change '${LIBPATH}/libxmlsec1-openssl.1.dylib' '@executable_path/../Libraries/libxmlsec1-openssl.dylib' $/Resources/digidoc-tool COMMAND touch $ ) diff --git a/src/Container.cpp b/src/Container.cpp index 932351f60..1d61086d5 100644 --- a/src/Container.cpp +++ b/src/Container.cpp @@ -31,6 +31,12 @@ #include "util/log.h" #include +#ifndef XMLSEC_NO_XSLT +#include +#include +#endif +#include +#include DIGIDOCPP_WARNING_PUSH DIGIDOCPP_WARNING_DISABLE_CLANG("-Wnull-conversion") @@ -71,6 +77,9 @@ static string m_appName = "libdigidocpp"; static string m_userAgent = "libdigidocpp"; static vector m_createList {}; static vector (*)(const std::string &path, ContainerOpenCB *cb)> m_openList {}; +#ifndef XMLSEC_NO_XSLT +static xsltSecurityPrefsPtr xsltSecPrefs {}; +#endif } /** @@ -142,6 +151,39 @@ void digidoc::initialize(const string &appInfo, const string &userAgent, initCal } } + LIBXML_TEST_VERSION + xmlLineNumbersDefaultValue = 1; + xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS; + xmlSubstituteEntitiesDefault(1); + xmlIndentTreeOutput = 1; +#ifndef XMLSEC_NO_XSLT + xsltSecPrefs = xsltNewSecurityPrefs(); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); + xsltSetDefaultSecurityPrefs(xsltSecPrefs); +#endif + if(xmlSecInit() < 0) + THROW("Error during initialisation of xmlsec."); + if(xmlSecCheckVersion() != 1) + THROW("Error during initialisation of xmlsec. Loaded xmlsec library version is not compatible"); + + /* Load default crypto engine if we are supporting dynamic + * loading for xmlsec-crypto libraries. Use the crypto library + * name ("openssl", "nss", etc.) to load corresponding + * xmlsec-crypto library. + */ +#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING + if(xmlSecCryptoDLLoadLibrary(nullptr) < 0) + THROW("Error during initialisation of xmlsec. Unable to load default xmlsec-crypto library"); +#endif + if(xmlSecCryptoAppInit(nullptr) < 0) + THROW("Error during initialisation of xmlsec. Crypto initialization failed."); + if(xmlSecCryptoInit() < 0) + THROW("Error during initialisation of xmlsec. xmlsec-crypto initialization failed."); + if(!Conf::instance()) Conf::init(new XmlConfCurrent); @@ -188,6 +230,14 @@ void digidoc::terminate() } catch (...) { // Don't throw on terminate } + + xmlSecCryptoShutdown(); + xmlSecCryptoAppShutdown(); + xmlSecShutdown(); +#ifndef XMLSEC_NO_XSLT + xsltFreeSecurityPrefs(xsltSecPrefs); + xsltCleanupGlobals(); +#endif xmlCleanupParser(); m_createList.clear(); m_openList.clear(); diff --git a/src/XMLDocument.h b/src/XMLDocument.h index b2008899f..b1f4b614f 100644 --- a/src/XMLDocument.h +++ b/src/XMLDocument.h @@ -26,6 +26,10 @@ #include #include // needs to be last to workaround old libxml2 errors +#include +#include +#include + #include #include @@ -162,6 +166,12 @@ struct XMLElem pointer d{}; }; +struct XMLName +{ + std::string_view name = {}; + std::string_view ns = {}; +}; + struct XMLNode: public XMLElem { struct iterator: XMLElem @@ -221,6 +231,11 @@ struct XMLNode: public XMLElem return next; } + operator std::vector() + { + return from_base64(operator sv()); + } + XMLNode& operator=(sv text) noexcept { if(!d) @@ -235,12 +250,11 @@ struct XMLNode: public XMLElem { return find(*begin(), name, ns()); } -}; -struct XMLName -{ - std::string_view name = {}; - std::string_view ns = {}; + constexpr XMLNode operator/(const XMLName &name) const noexcept + { + return find(*begin(), name.name, name.ns); + } }; struct XMLDocument: public unique_xml_t, public XMLNode @@ -263,7 +277,7 @@ struct XMLDocument: public unique_xml_t, public XMLNode } XMLDocument(std::string_view path, const XMLName &n = {}) noexcept - : XMLDocument(xmlParseFile(path.data()), n) + : XMLDocument(path.empty() ? nullptr : xmlParseFile(path.data()), n) {} static XMLDocument openStream(std::istream &is, const XMLName &name = {}, bool hugeFile = false) @@ -368,6 +382,22 @@ struct XMLDocument: public unique_xml_t, public XMLNode return xmlSchemaValidateDoc(validate.get(), get()) == 0; } + static bool verifySignature(XMLNode signature) noexcept + { + auto mngr = make_unique_ptr(xmlSecKeysMngrCreate(), xmlSecKeysMngrDestroy); + if(!mngr) + return false; + if(xmlSecCryptoAppDefaultKeysMngrInit(mngr.get()) < 0) + return false; + auto ctx = make_unique_ptr(xmlSecDSigCtxCreate(mngr.get()), xmlSecDSigCtxDestroy); + if(!ctx) + return false; + ctx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS; + if(xmlSecDSigCtxVerify(ctx.get(), signature.d) < 0) + return false; + return ctx->status == xmlSecDSigStatusSucceeded; + } + static void schemaValidationError(void */*ctx*/, const char *msg, ...) noexcept { va_list args{}; diff --git a/src/crypto/TSL.cpp b/src/crypto/TSL.cpp index 192790950..25c0e89ac 100644 --- a/src/crypto/TSL.cpp +++ b/src/crypto/TSL.cpp @@ -20,37 +20,29 @@ #include "crypto/TSL.h" #include "Conf.h" +#include "XMLDocument.h" #include "crypto/Connect.h" -#include "crypto/Digest.h" #include "util/DateTime.h" #include "util/File.h" -#include "util/log.h" -#include "xml/ts_119612v020201_201601xsd.hxx" - -DIGIDOCPP_WARNING_PUSH -DIGIDOCPP_WARNING_DISABLE_CLANG("-Wnull-conversion") -DIGIDOCPP_WARNING_DISABLE_GCC("-Wunused-parameter") -DIGIDOCPP_WARNING_DISABLE_MSVC(4005) -#include -#include -#include -#include -DIGIDOCPP_WARNING_POP #include -#include +#include #include #include using namespace digidoc; -using namespace digidoc::tsl; using namespace digidoc::util; using namespace std; -using namespace xercesc; -using namespace xml_schema; namespace digidoc { +constexpr string_view TSL_NS {"http://uri.etsi.org/02231/v2#"}; +constexpr string_view ADD_NS {"http://uri.etsi.org/02231/v2/additionaltypes#"}; +constexpr string_view ECC_NS {"http://uri.etsi.org/TrstSvc/SvcInfoExt/eSigDir-1999-93-EC-TrustedList/#"}; +constexpr string_view DSIG_NS {"http://www.w3.org/2000/09/xmldsig#"}; +constexpr string_view XADES_NS {"http://uri.etsi.org/01903/v1.3.2#"}; +constexpr string_view XML_NS {"http://www.w3.org/XML/1998/namespace"}; + constexpr array SCHEMES_URI { "http://uri.etsi.org/TrstSvc/eSigDir-1999-93-EC-TrustedList/TSLType/schemes", "http://uri.etsi.org/TrstSvc/TrustedList/TSLType/EUlistofthelists", @@ -98,7 +90,7 @@ constexpr array SERVICES_SUPPORTED { }; template -constexpr bool find(const C &list, const T &value) +constexpr bool contains(const C &list, const T &value) { return find(list.begin(), list.end(), value) != list.end(); } @@ -107,45 +99,19 @@ constexpr bool find(const C &list, const T &value) -TSL::TSL(string file) - : path(std::move(file)) +TSL::TSL(const string &file) + : XMLDocument(file, {"TrustServiceStatusList", TSL_NS}) + , schemeInformation((*this)/"SchemeInformation") { - try { - if(path.empty() || File::fileSize(path) == 0) - return; - Properties properties; - properties.schema_location("http://uri.etsi.org/02231/v2#", - Conf::instance()->xsdPath() + "/ts_119612v020201_201601xsd.xsd"); - tsl = trustServiceStatusList(path, - Flags::keep_dom|Flags::dont_initialize|Flags::dont_validate, properties); - } - catch(const Parsing &e) - { - stringstream s; - s << e; - WARN("Failed to parse TSL %s %s: %s", territory().c_str(), path.c_str(), s.str().c_str()); - } - catch(const xsd::cxx::exception &e) - { - WARN("Failed to parse TSL %s %s: %s", territory().c_str(), path.c_str(), e.what()); - } - catch(const XMLException &e) - { - try { - string result = xsd::cxx::xml::transcode(e.getMessage()); - WARN("Failed to parse TSL %s %s: %s", territory().c_str(), path.c_str(), result.c_str()); - } catch(const xsd::cxx::xml::invalid_utf16_string & /* ex */) { - WARN("Failed to parse TSL %s %s", territory().c_str(), path.c_str()); - } - } - catch(const Exception &e) - { - WARN("Failed to parse TSL %s %s: %s", territory().c_str(), path.c_str(), e.msg().c_str()); - } - catch(...) + if(file.empty()) + return; + if(get()) { - WARN("Failed to parse TSL %s %s", territory().c_str(), path.c_str()); + static array ids { pcxmlChar("Id"), nullptr }; + xmlSecAddIDs(get(), nullptr, ids.data()); } + else + WARN("Failed to parse configuration: %s", file.c_str()); } bool TSL::activate(const string &territory) @@ -162,31 +128,29 @@ bool TSL::activate(const string &territory) vector TSL::services() const { - if(!find(GENERIC_URI, type()) || !tsl->trustServiceProviderList()) + if(!contains(GENERIC_URI, type())) return {}; vector services; - for(const TSPType &pointer: tsl->trustServiceProviderList()->trustServiceProvider()) + for(auto pointer = (*this)/"TrustServiceProviderList"/"TrustServiceProvider"; pointer; pointer++) { - for(const TSPServiceType &service: pointer.tSPServices().tSPService()) + for(auto service = pointer/"TSPServices"/"TSPService"; service; service++) { - const TSPServiceInformationType &serviceInfo = service.serviceInformation(); - if(!find(SERVICES_SUPPORTED, serviceInfo.serviceTypeIdentifier())) + auto serviceInfo = service/"ServiceInformation"; + string_view type = serviceInfo/"ServiceTypeIdentifier"; + if(!contains(SERVICES_SUPPORTED, type)) continue; Service s; - s.type = serviceInfo.serviceTypeIdentifier(); - s.name = toString(serviceInfo.serviceName()); + s.type = type; + s.name = toString(serviceInfo/"ServiceName"); if(!parseInfo(serviceInfo, s)) continue; - if(service.serviceHistory()) + for(auto history = service/"ServiceHistory"/"ServiceHistoryInstance"; history; history++) { - for(const ServiceHistoryInstanceType &history: service.serviceHistory()->serviceHistoryInstance()) - { - if(history.serviceTypeIdentifier() != serviceInfo.serviceTypeIdentifier()) - DEBUG("History service type is not supported %s", history.serviceTypeIdentifier().c_str()); - else - parseInfo(history, s); - } + if(string_view historyType = history/"ServiceTypeIdentifier"; historyType != s.type) + DEBUG("History service type is not supported %.*s", int(historyType.size()), historyType.data()); + else + parseInfo(history, s); } services.push_back(std::move(s)); } @@ -220,24 +184,22 @@ string TSL::fetch(const string &url, const string &path) bool TSL::isExpired() const { - return !tsl || !tsl->schemeInformation().nextUpdate().dateTime() || - date::xsd2time_t(tsl->schemeInformation().nextUpdate().dateTime().get()) < time(nullptr); + return nextUpdate() < date::to_string(time(nullptr)); } -string TSL::issueDate() const +string_view TSL::issueDate() const noexcept { - return !tsl ? string() : date::to_string(tsl->schemeInformation().listIssueDateTime()); + return schemeInformation/"ListIssueDateTime"; } -string TSL::nextUpdate() const +string_view TSL::nextUpdate() const noexcept { - return !tsl || !tsl->schemeInformation().nextUpdate().dateTime() ? - string() : date::to_string(tsl->schemeInformation().nextUpdate().dateTime().get()); + return schemeInformation/"NextUpdate"/"dateTime"; } -string_view TSL::operatorName() const +string_view TSL::operatorName() const noexcept { - return !tsl ? string_view() : toString(tsl->schemeInformation().schemeOperatorName()); + return toString(schemeInformation/"SchemeOperatorName"); } vector TSL::parse() @@ -246,7 +208,7 @@ vector TSL::parse() string cache = CONF(TSLCache); vector cert = CONF(TSLCerts); File::createDirectory(cache); - return parse(url, cert, cache, File::fileName(url)); + return parse(url, cert, cache, string(File::fileName(url))); } vector TSL::parse(const string &url, const vector &certs, @@ -260,7 +222,7 @@ vector TSL::parse(const string &url, const vector &certs vector< future< vector > > futures; for(const TSL::Pointer &p: tsl.pointers()) { - if(!File::fileExists(cache + '/' + p.territory + ".xml")) + if(!File::fileExists(cache + "/" + p.territory + ".xml")) continue; futures.push_back(async(launch::async, [p, cache]{ return parse(p.location, p.certs, cache, p.territory + ".xml"); @@ -290,7 +252,7 @@ TSL TSL::parseTSL(const string &url, const vector &certs, try { TSL tsl(path); tsl.validate(certs); - valid = tsl; + valid = std::move(tsl); DEBUG("TSL %s (%llu) signature is valid", territory.c_str(), tsl.sequenceNumber()); if(valid.isExpired()) @@ -318,7 +280,7 @@ TSL TSL::parseTSL(const string &url, const vector &certs, string etag = fetch(url, tmp); TSL tsl = TSL(tmp); tsl.validate(certs); - valid = tsl; + valid = std::move(tsl); ofstream(File::encodeName(path), ofstream::binary|fstream::trunc) << ifstream(File::encodeName(tmp), fstream::binary).rdbuf(); @@ -329,7 +291,7 @@ TSL TSL::parseTSL(const string &url, const vector &certs, DEBUG("TSL %s (%llu) signature is valid", territory.c_str(), tsl.sequenceNumber()); } catch(const Exception &) { ERR("TSL %s signature is invalid", territory.c_str()); - if(!valid.tsl) + if(!valid) throw; } @@ -339,126 +301,129 @@ TSL TSL::parseTSL(const string &url, const vector &certs, return valid; } -template -bool TSL::parseInfo(const Info &info, Service &s) +bool TSL::parseInfo(XMLNode info, Service &s) { vector qualifiers; - if(info.serviceInformationExtensions()) + for(auto extension = info/"ServiceInformationExtensions"/"Extension"; extension; extension++) { - for(const ExtensionType &extension: info.serviceInformationExtensions()->extension()) + if(extension.property("Critical") == "true") { - if(extension.critical()) + if(auto takenOverByType = extension/"TakenOverByType") + WARN("Found critical extension TakenOverByType '%s'", toString(takenOverByType/"TSPName").data()); + if(extension/"ExpiredCertsRevocationInfo") { - if(extension.takenOverByType()) - WARN("Found critical extension TakenOverByType '%s'", toString(extension.takenOverByType()->tSPName()).data()); - if(extension.expiredCertsRevocationInfo()) - { - WARN("Found critical extension ExpiredCertsRevocationInfo"); - return false; - } + WARN("Found critical extension ExpiredCertsRevocationInfo"); + return false; + } + } + if(auto additional = extension/"AdditionalServiceInformation") + s.additional = additional/"URI"; + for(auto element = extension/XMLName{"Qualifications", ECC_NS}/"QualificationElement"; element; element++) + { + Qualifier &q = qualifiers.emplace_back(); + for(auto qualifier = element/"Qualifiers"/"Qualifier"; qualifier; qualifier++) + { + if(auto uri = qualifier.property("uri"); !uri.empty()) + q.qualifiers.emplace_back(uri); } - if(extension.additionalServiceInformationType()) - s.additional = extension.additionalServiceInformationType()->uRI(); - if(extension.qualificationsType()) + auto criteriaList = element/"CriteriaList"; + q.assert_ = criteriaList.property("assert"); + for(auto criteria: criteriaList) { - for(const QualificationElementType &element: extension.qualificationsType()->qualificationElement()) + if(criteria.name() == "KeyUsage" && criteria.ns() == ECC_NS) { - Qualifier &q = qualifiers.emplace_back(); - for(const QualifierType &qualifier: element.qualifiers().qualifier()) + map &usage = q.keyUsage.emplace_back(); + for(auto bit = criteria/"KeyUsageBit"; bit; bit++) { - if(qualifier.uri()) - q.qualifiers.push_back(qualifier.uri().get()); + auto name = bit.property("name"); + auto value = string_view(bit) == "true"; + if(name == "digitalSignature") + usage[X509Cert::DigitalSignature] = value; + if(name == "nonRepudiation") + usage[X509Cert::NonRepudiation] = value; + if(name == "keyEncipherment") + usage[X509Cert::KeyEncipherment] = value; + if(name == "dataEncipherment") + usage[X509Cert::DataEncipherment] = value; + if(name == "keyAgreement") + usage[X509Cert::KeyAgreement] = value; + if(name == "keyCertSign") + usage[X509Cert::KeyCertificateSign] = value; + if(name == "crlSign") + usage[X509Cert::CRLSign] = value; + if(name == "encipherOnly") + usage[X509Cert::EncipherOnly] = value; + if(name == "decipherOnly") + usage[X509Cert::DecipherOnly] = value; } - const CriteriaListType &criteria = element.criteriaList(); - if(criteria.assert_()) - q.assert_ = criteria.assert_().get(); - for(const KeyUsageType &keyUsage: criteria.keyUsage()) - { - map &usage = q.keyUsage.emplace_back(); - for(const KeyUsageBitType &bit: keyUsage.keyUsageBit()) - { - if(!bit.name()) - continue; - if(bit.name().get() == "digitalSignature") - usage[X509Cert::DigitalSignature] = bit; - if(bit.name().get() == "nonRepudiation") - usage[X509Cert::NonRepudiation] = bit; - if(bit.name().get() == "keyEncipherment") - usage[X509Cert::KeyEncipherment] = bit; - if(bit.name().get() == "dataEncipherment") - usage[X509Cert::DataEncipherment] = bit; - if(bit.name().get() == "keyAgreement") - usage[X509Cert::KeyAgreement] = bit; - if(bit.name().get() == "keyCertSign") - usage[X509Cert::KeyCertificateSign] = bit; - if(bit.name().get() == "crlSign") - usage[X509Cert::CRLSign] = bit; - if(bit.name().get() == "encipherOnly") - usage[X509Cert::EncipherOnly] = bit; - if(bit.name().get() == "decipherOnly") - usage[X509Cert::DecipherOnly] = bit; - } - } - for(const PoliciesListType &policySet: criteria.policySet()) + } + if(criteria.name() == "PolicySet" && criteria.ns() == ECC_NS) + { + vector &policies = q.policySet.emplace_back(); + for(auto policy = criteria/"PolicyIdentifier"; policy; policy++) { - vector &policies = q.policySet.emplace_back(); - policies.reserve(policySet.policyIdentifier().size()); - for(const xades::ObjectIdentifierType &policy: policySet.policyIdentifier()) - policies.push_back(policy.identifier()); + if(string_view identifier = policy/XMLName{"Identifier", XADES_NS}; !identifier.empty()) + policies.emplace_back(identifier); } } } } } + auto certs = serviceDigitalIdentity(info, s.name); + s.certs.insert(s.certs.cend(), make_move_iterator(certs.begin()), make_move_iterator(certs.end())); - for(const DigitalIdentityType &id: info.serviceDigitalIdentity().digitalId()) - { - if(!id.x509Certificate()) - continue; - const Base64Binary &base64 = id.x509Certificate().get(); - s.certs.emplace_back((const unsigned char*)base64.data(), base64.size()); - } - - if(find(SERVICESTATUS_START, info.serviceStatus())) - s.validity.emplace(date::xsd2time_t(info.statusStartingTime()), std::move(qualifiers)); - else if(find(SERVICESTATUS_END, info.serviceStatus())) - s.validity.emplace(date::xsd2time_t(info.statusStartingTime()), nullopt); + if(string_view serviceStatus = info/"ServiceStatus"; contains(SERVICESTATUS_START, serviceStatus)) + s.validity.emplace(info/"StatusStartingTime", std::move(qualifiers)); + else if(contains(SERVICESTATUS_END, serviceStatus)) + s.validity.emplace(info/"StatusStartingTime", nullopt); else - DEBUG("Unknown service status %s", info.serviceStatus().c_str()); + DEBUG("Unknown service status %s", serviceStatus.data()); return true; } +string TSL::path() const +{ + return get() && get()->name ? string(get()->name) : string(); +} + vector TSL::pivotURLs() const { - if(!tsl) + if(!*this) return {}; - string current(File::fileName(path)); - size_t pos = current.find_first_of('.'); - if(current.find("pivot") != string::npos && pos != string::npos) - current.resize(pos); + auto current = File::fileName(path()); + if(size_t pos = current.find_first_of('.'); + current.find("pivot") != string::npos && pos != string::npos) + current = current.substr(0, pos); vector result; - for(const auto &uri: tsl->schemeInformation().schemeInformationURI().uRI()) + for(auto uriNode = schemeInformation/"SchemeInformationURI"/"URI"; uriNode; uriNode++) { - if(uri.lang() == "en" && uri.find("pivot") != string::npos && uri.find(current) == string::npos) - result.push_back(uri); + if(uriNode.property("lang", XML_NS) != "en") + continue; + if(string_view uri = uriNode; uri.find("pivot") != string::npos && uri.find(current) == string::npos) + result.emplace_back(uri); } return result; } vector TSL::pointers() const { - if(!find(SCHEMES_URI, type()) || !tsl->schemeInformation().pointersToOtherTSL()) + if(!contains(SCHEMES_URI, type())) return {}; vector pointer; - for(const OtherTSLPointersType::OtherTSLPointerType &other: - tsl->schemeInformation().pointersToOtherTSL()->otherTSLPointer()) + for(auto other = schemeInformation/"PointersToOtherTSL"/"OtherTSLPointer"; other; other++) { - if(!other.additionalInformation() || - other.additionalInformation()->mimeType() != "application/vnd.etsi.tsl+xml") - continue; Pointer p; - p.territory = other.additionalInformation()->schemeTerritory(); - p.location = string(other.tSLLocation()); + string_view mimeType; + for(auto info = other/"AdditionalInformation"/"OtherInformation"; info; info++) + { + if(auto mime = info/XMLName{"MimeType", ADD_NS}) + mimeType = mime; + if(auto territory = info/"SchemeTerritory") + p.territory = territory; + } + if(mimeType != "application/vnd.etsi.tsl+xml") + continue; + p.location = other/"TSLLocation"; p.certs = serviceDigitalIdentities(other, p.territory); if(!p.certs.empty()) pointer.push_back(std::move(p)); @@ -468,55 +433,53 @@ vector TSL::pointers() const unsigned long long TSL::sequenceNumber() const { - return !tsl ? 0 : tsl->schemeInformation().tSLSequenceNumber(); + unsigned long long value{}; + if(string_view num = schemeInformation/"TSLSequenceNumber"; !num.empty()) + from_chars(num.data(), num.data() + num.size(), value); + return value; } -vector TSL::serviceDigitalIdentities(const tsl::OtherTSLPointerType &other, string_view region) +vector TSL::serviceDigitalIdentity(XMLNode service, string_view ctx) { vector result; - if(!other.serviceDigitalIdentities()) - return result; - for(const auto &service: other.serviceDigitalIdentities()->serviceDigitalIdentity()) + for(auto serviceID = service/"ServiceDigitalIdentity"; serviceID; serviceID++) { - for(const auto &digitalID: service.digitalId()) + for(auto id = serviceID/"DigitalId"; id; id++) { - if(!digitalID.x509Certificate()) + vector cert = id/"X509Certificate"; + if(cert.empty()) continue; - const Base64Binary &base64 = digitalID.x509Certificate().get(); try { - result.emplace_back((const unsigned char*)base64.data(), base64.size()); + result.emplace_back(cert); continue; } catch(const Exception &e) { - DEBUG("Failed to parse %s certificate, Testing also parse as PEM: %s", region.data(), e.msg().c_str()); + DEBUG("Failed to parse %.*s certificate, Testing also parse as PEM: %s", int(ctx.size()), ctx.data(), e.msg().c_str()); } try { - result.emplace_back((const unsigned char*)base64.data(), base64.size(), X509Cert::Pem); + result.emplace_back(cert, X509Cert::Pem); } catch(const Exception &e) { - DEBUG("Failed to parse %s certificate as PEM: %s", region.data(), e.msg().c_str()); + DEBUG("Failed to parse %.*s certificate as PEM: %s", int(ctx.size()), ctx.data(), e.msg().c_str()); } } } return result; } +vector TSL::serviceDigitalIdentities(XMLNode other, string_view ctx) +{ + return serviceDigitalIdentity(other/"ServiceDigitalIdentities", ctx); +} + X509Cert TSL::signingCert() const { - if(!tsl || - !tsl->signature() || - !tsl->signature()->keyInfo() || - tsl->signature()->keyInfo()->x509Data().empty() || - tsl->signature()->keyInfo()->x509Data().front().x509Certificate().empty()) - return X509Cert(); - const Base64Binary &base64 = tsl->signature()->keyInfo()->x509Data().front().x509Certificate().front(); - return X509Cert((const unsigned char*)base64.data(), base64.size()); + vector cert = (*this)/XMLName{"Signature", DSIG_NS}/"KeyInfo"/"X509Data"/"X509Certificate"; + return cert.empty() ? X509Cert() : X509Cert(cert); } vector TSL::signingCerts() const { vector result; - if(!tsl || !tsl->schemeInformation().pointersToOtherTSL()) - return result; - for(const auto &other: tsl->schemeInformation().pointersToOtherTSL()->otherTSLPointer()) + for(auto other = schemeInformation/"PointersToOtherTSL"/"OtherTSLPointer"; other; other++) { vector certs = serviceDigitalIdentities(other, "pivot"); result.insert(result.cend(), make_move_iterator(certs.begin()), make_move_iterator(certs.end())); @@ -524,80 +487,38 @@ vector TSL::signingCerts() const return result; } -string TSL::territory() const +string_view TSL::territory() const noexcept { - return !tsl || !tsl->schemeInformation().schemeTerritory() ? - string() : tsl->schemeInformation().schemeTerritory().get(); + return schemeInformation/"SchemeTerritory"; } -string_view TSL::toString(const InternationalNamesType &obj, string_view lang) +string_view TSL::toString(XMLNode obj, string_view lang) noexcept { - for(const InternationalNamesType::NameType &name: obj.name()) - if(name.lang() == lang) - return name; - return obj.name().front(); + for(auto n = obj/"Name"; n; n++) + if(n.property("lang", XML_NS) == lang) + return n; + return obj/"Name"; } -string_view TSL::type() const +string_view TSL::type() const noexcept { - return !tsl ? string_view() : tsl->schemeInformation().tSLType(); + return schemeInformation/"TSLType"; } -string TSL::url() const +string_view TSL::url() const noexcept { - if(!tsl) - return {}; - const TSLSchemeInformationType &info = tsl->schemeInformation(); - if(!info.distributionPoints() || info.distributionPoints().get().uRI().empty()) - return {}; - return info.distributionPoints().get().uRI().front(); + return schemeInformation/"DistributionPoints"/"URI"; } -void TSL::validate(const X509Cert &cert) const +void TSL::validate() const { - if(!tsl) + if(!*this) THROW("Failed to parse XML"); - if(!cert) - THROW("TSL empty signing certificate"); - - try { - XSECProvider prov; - auto deleteSig = [&](DSIGSignature *s) { prov.releaseSignature(s); }; - unique_ptr sig(prov.newSignatureFromDOM(tsl->_node()->getOwnerDocument()), deleteSig); - sig->setSigningKey(OpenSSLCryptoX509(cert.handle()).clonePublicKey()); - sig->registerIdAttributeName((const XMLCh*)u"ID"); - sig->setIdByAttributeName(true); - sig->load(); - if(!sig->verify()) - { - try { - string result = xsd::cxx::xml::transcode(sig->getErrMsgs()); - THROW("TSL %s Signature is invalid: %s", territory().c_str(), result.c_str()); - } catch(const xsd::cxx::xml::invalid_utf16_string & /* ex */) { - THROW("TSL %s Signature is invalid", territory().c_str()); - } - } - } - catch(const XSECException &e) - { - try { - string result = xsd::cxx::xml::transcode(e.getMsg()); - THROW("TSL %s Signature is invalid: %s", territory().c_str(), result.c_str()); - } catch(const xsd::cxx::xml::invalid_utf16_string & /* ex */) { - THROW("TSL %s Signature is invalid", territory().c_str()); - } - } - catch(const xsd::cxx::xml::invalid_utf16_string & /* ex */) { - THROW("Failed to parse XML."); - } - catch(const Exception &) - { - throw; - } - catch(...) - { - THROW("TSL %s Signature is invalid", territory().c_str()); - } + auto signature = (*this)/XMLName{"Signature", DSIG_NS}; + if(!signature) + THROW("TSL %s Failed to verify signature", territory().data()); + if(!XMLDocument::verifySignature(signature)) + THROW("TSL %s Signature is invalid", territory().data()); } void TSL::validate(const vector &certs, int recursion) const @@ -606,21 +527,20 @@ void TSL::validate(const vector &certs, int recursion) const THROW("PIVOT TSL recursion parsing limit"); if(certs.empty()) THROW("TSL trusted signing certificates empty"); - X509Cert cert = signingCert(); - if(find(certs.cbegin(), certs.cend(), cert) != certs.cend()) + if(contains(certs, signingCert())) { - validate(cert); + validate(); return; } vector urls = pivotURLs(); if(urls.empty()) - THROW("TSL %s Signature is signed with untrusted certificate", territory().c_str()); + THROW("TSL %s Signature is signed with untrusted certificate", territory().data()); // https://ec.europa.eu/tools/lotl/pivot-lotl-explanation.html string path = File::path(CONF(TSLCache), File::fileName(urls[0])); TSL pivot(path); - if(!pivot.tsl) + if(!pivot) { string etag = fetch(urls[0], path); ofstream(File::encodeName(path + ".etag"), ofstream::trunc) << etag; @@ -654,7 +574,7 @@ bool TSL::validateETag(const string &url) return validateRemoteDigest(url); DEBUG("Remote ETag: %s", it->second.c_str()); - ifstream is(File::encodeName(path + ".etag")); + ifstream is(File::encodeName(path() + ".etag")); if(!is.is_open()) THROW("Cached ETag does not exist"); string etag(it->second.size(), 0); @@ -696,7 +616,7 @@ bool TSL::validateRemoteDigest(const string &url) Digest sha(URI_RSA_SHA256); array buf{}; - ifstream is(path, ifstream::binary); + ifstream is(path(), ifstream::binary); while(is) { is.read((char*)buf.data(), streamsize(buf.size())); @@ -705,6 +625,6 @@ bool TSL::validateRemoteDigest(const string &url) } if(!digest.empty() && digest != sha.result()) - THROW("TSL %s remote digest does not match local. TSL might be outdated", territory().c_str()); + THROW("TSL %s remote digest does not match local. TSL might be outdated", territory().data()); return true; } diff --git a/src/crypto/TSL.h b/src/crypto/TSL.h index 9ee0b00f8..ac5029fe2 100644 --- a/src/crypto/TSL.h +++ b/src/crypto/TSL.h @@ -21,34 +21,36 @@ #include "X509Cert.h" +#include "XMLDocument.h" + #include #include namespace digidoc { +struct XMLNode; class Exception; -namespace tsl { class TrustStatusListType; class InternationalNamesType; class OtherTSLPointerType; } -class TSL +class TSL: private XMLDocument { public: struct Qualifier { std::vector qualifiers; std::vector> policySet; std::vector> keyUsage; std::string assert_; }; using Qualifiers = std::optional>; - struct Service { std::vector certs; std::map validity; std::string type, additional, name; }; + struct Service { std::vector certs; std::map validity; std::string type, additional, name; }; struct Pointer { std::string territory, location; std::vector certs; }; - TSL(std::string file = {}); + TSL(const std::string &file = {}); bool isExpired() const; - void validate(const X509Cert &cert) const; + void validate() const; void validate(const std::vector &certs, int recursion = 0) const; - std::string_view type() const; - std::string_view operatorName() const; - std::string territory() const; + std::string_view type() const noexcept; + std::string_view operatorName() const noexcept; + std::string_view territory() const noexcept; unsigned long long sequenceNumber() const; - std::string issueDate() const; - std::string nextUpdate() const; - std::string url() const; + std::string_view issueDate() const noexcept; + std::string_view nextUpdate() const noexcept; + std::string_view url() const noexcept; std::vector pointers() const; std::vector services() const; @@ -57,6 +59,7 @@ class TSL static std::vector parse(); private: + std::string path() const; std::vector pivotURLs() const; X509Cert signingCert() const; std::vector signingCerts() const; @@ -68,14 +71,12 @@ class TSL static std::vector parse(const std::string &url, const std::vector &certs, const std::string &cache, const std::string &territory); static TSL parseTSL(const std::string &url, const std::vector &certs, - const std::string &cache, const std::string &territory); - template - static bool parseInfo(const Info &info, Service &s); - static std::vector serviceDigitalIdentities(const tsl::OtherTSLPointerType &other, - std::string_view region); - static std::string_view toString(const tsl::InternationalNamesType &obj, std::string_view lang = "en"); + const std::string &cache, const std::string &territory) ; + static bool parseInfo(XMLNode info, Service &s); + static std::vector serviceDigitalIdentity(XMLNode other, std::string_view ctx); + static std::vector serviceDigitalIdentities(XMLNode other, std::string_view ctx); + static std::string_view toString(XMLNode obj, std::string_view lang = "en") noexcept; - std::shared_ptr tsl; - std::string path; + XMLNode schemeInformation; }; } diff --git a/src/crypto/X509CertStore.cpp b/src/crypto/X509CertStore.cpp index 36e11953e..083b49c87 100644 --- a/src/crypto/X509CertStore.cpp +++ b/src/crypto/X509CertStore.cpp @@ -24,7 +24,6 @@ #include "crypto/OpenSSLHelpers.h" #include "crypto/TSL.h" #include "util/DateTime.h" -#include "util/File.h" #include "util/log.h" #include @@ -32,7 +31,6 @@ #include #include -#include using namespace digidoc; using namespace std; @@ -80,7 +78,7 @@ X509CertStore::~X509CertStore() = default; void X509CertStore::activate(const X509Cert &cert) const { - if(std::max(TSL::activate(cert.issuerName("C")), TSL::activate(cert.subjectName("C")))) + if(std::max(TSL::activate(cert.issuerName("C")), TSL::activate(cert.subjectName("C")))) d->update(); } @@ -197,7 +195,7 @@ int X509CertStore::validate(int ok, X509_STORE_CTX *ctx, const Type &type) X509_VERIFY_PARAM *param = X509_STORE_CTX_get0_param(ctx); if(!(X509_VERIFY_PARAM_get_flags(param) & X509_V_FLAG_USE_CHECK_TIME) || s.validity.empty()) return 1; - auto current = X509_VERIFY_PARAM_get_time(param); + auto current = util::date::to_string(X509_VERIFY_PARAM_get_time(param)); for(auto i = s.validity.crbegin(), end = s.validity.crend(); i != end; ++i) { if(current >= i->first) diff --git a/src/util/DateTime.cpp b/src/util/DateTime.cpp index 45b0a0f67..4aff7acd5 100644 --- a/src/util/DateTime.cpp +++ b/src/util/DateTime.cpp @@ -50,6 +50,11 @@ time_t date::mkgmtime(struct tm &t) #endif } +string date::to_string(time_t t) +{ + return to_string(gmtime(t)); +} + string date::to_string(const tm &date) { static const tm zero{}; diff --git a/src/util/DateTime.h b/src/util/DateTime.h index b58c9c202..6a8146cdb 100644 --- a/src/util/DateTime.h +++ b/src/util/DateTime.h @@ -33,6 +33,7 @@ namespace digidoc public: static struct tm gmtime(time_t t); static time_t mkgmtime(struct tm &t); + static std::string to_string(time_t t); static std::string to_string(const tm &date); static std::string to_string(const xml_schema::DateTime &time); static time_t xsd2time_t(const xml_schema::DateTime &time); diff --git a/src/xml/AdditionalInformationType.cpp b/src/xml/AdditionalInformationType.cpp deleted file mode 100644 index 2e771e390..000000000 --- a/src/xml/AdditionalInformationType.cpp +++ /dev/null @@ -1,83 +0,0 @@ -/* - * libdigidocpp - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - * - */ - -#include "AdditionalInformationType.h" - -#include -#include - -using namespace digidoc::tsl; -using namespace std; -using namespace xercesc; -using namespace xml_schema; - -AdditionalInformationType::AdditionalInformationType() - : AdditionalInformationTypeBase() -{ -} - -AdditionalInformationType::AdditionalInformationType(const AdditionalInformationType &x, Flags f, Container *c) - : AdditionalInformationTypeBase(x, f, c) -{ -} - -AdditionalInformationType::AdditionalInformationType(const DOMElement &e, Flags f, Container *c) - : AdditionalInformationTypeBase(e, f, c) -{ - xsd::cxx::xml::dom::parser p(e, true, false, true); - for (; p.more_content(); p.next_content(false)) - { - const DOMElement &i(p.cur_element()); - const xsd::cxx::xml::qualified_name n(xsd::cxx::xml::dom::name(i)); - if(n.name() == "OtherInformation" && n.namespace_() == "http://uri.etsi.org/02231/v2#") - { - DOMElement *elem = i.getFirstElementChild(); - const xsd::cxx::xml::qualified_name n2(xsd::cxx::xml::dom::name(*elem)); - if(n2.name() == "MimeType")// && n.namespace_() == "http://uri.etsi.org/02231/v2/additionaltypes#") - mimeType_ = xsd::cxx::xml::transcode(elem->getTextContent()); - if(n2.name() == "SchemeTerritory") - schemeTerritory_ = xsd::cxx::xml::transcode(elem->getTextContent()); - } - } -} - -AdditionalInformationType::~AdditionalInformationType() -{ -} - -AdditionalInformationType* AdditionalInformationType::_clone(Flags f, Container *c) const -{ - return new class AdditionalInformationType(*this, f, c); -} - -std::string AdditionalInformationType::mimeType() const -{ - return mimeType_; -} - -std::string AdditionalInformationType::schemeTerritory() const -{ - return schemeTerritory_; -} - -void digidoc::tsl::operator<< (DOMElement &e, const AdditionalInformationType &i) -{ - e << static_cast(i); -} - diff --git a/src/xml/AdditionalInformationType.h b/src/xml/AdditionalInformationType.h deleted file mode 100644 index 4717e3bb7..000000000 --- a/src/xml/AdditionalInformationType.h +++ /dev/null @@ -1,48 +0,0 @@ -/* - * libdigidocpp - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - * - */ - -#pragma once - -#include "xml/ts_119612v020201_201601xsd.hxx" - -namespace digidoc { -namespace tsl { - -class AdditionalInformationType: public AdditionalInformationTypeBase -{ -public: - AdditionalInformationType(); - AdditionalInformationType(const xercesc::DOMElement &e, xml_schema::Flags f = 0, xml_schema::Container *c = 0); - AdditionalInformationType(const AdditionalInformationType &x, xml_schema::Flags f = 0, xml_schema::Container *c = 0); - virtual ~AdditionalInformationType(); - - virtual AdditionalInformationType* _clone(xml_schema::Flags f = 0, xml_schema::Container *c = 0) const; - - std::string mimeType() const; - std::string schemeTerritory() const; - -private: - std::string mimeType_; - std::string schemeTerritory_; -}; - -void operator<< (xercesc::DOMElement&, const AdditionalInformationType&); - -} -} diff --git a/src/xml/ExtensionType.cpp b/src/xml/ExtensionType.cpp deleted file mode 100644 index 26e0ebf65..000000000 --- a/src/xml/ExtensionType.cpp +++ /dev/null @@ -1,127 +0,0 @@ -/* - * libdigidocpp - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - * - */ - -#include "ExtensionType.h" - -#include -#include - -using namespace digidoc::tsl; -using namespace xercesc; -using namespace xml_schema; -using namespace xsd::cxx::xml; -using namespace xsd::cxx::xml::dom; - -#ifdef _WIN32 -#pragma warning( disable: 4355 ) -#endif - -ExtensionType::ExtensionType(const CriticalType &x) - : ExtensionTypeBase(x) - , ExpiredCertsRevocationInfo_(this) - , TakenOverByType_(this) - , QualificationsType_(this) - , AdditionalServiceInformationType_(this) -{ -} - -ExtensionType::ExtensionType(const ExtensionType &x, Flags f, Container *c) - : ExtensionTypeBase(x, f, c) - , ExpiredCertsRevocationInfo_(x.ExpiredCertsRevocationInfo_, f, this) - , TakenOverByType_(x.TakenOverByType_, f, this) - , QualificationsType_(x.QualificationsType_, f, this) - , AdditionalServiceInformationType_(x.AdditionalServiceInformationType_, f, this) -{ -} - -ExtensionType::ExtensionType(const DOMElement &e, Flags f, Container *c) - : ExtensionTypeBase(e, f | Flags::base, c) - , ExpiredCertsRevocationInfo_(this) - , TakenOverByType_(this) - , QualificationsType_(this) - , AdditionalServiceInformationType_(this) -{ - parser p(e, true, false, true); - for (; p.more_content(); p.next_content(false)) - { - const DOMElement &i(p.cur_element()); - const qualified_name n(name(i)); - - if(n.name() == "ExpiredCertsRevocationInfo" && n.namespace_() == "http://uri.etsi.org/02231/v2#") - { - std::unique_ptr r(ExpiredCertsRevocationInfoTraits::create(i, f, this)); - if(!this->ExpiredCertsRevocationInfo_.present()) - this->ExpiredCertsRevocationInfo_.set(std::move(r)); - continue; - } - - if(n.name() == "TakenOverBy" && n.namespace_() == "http://uri.etsi.org/02231/v2/additionaltypes#") - { - std::unique_ptr r(TakenOverByTypeTraits::create(i, f, this)); - if(!this->TakenOverByType_.present()) - this->TakenOverByType_.set(std::move(r)); - continue; - } - - if(n.name() == "Qualifications" && n.namespace_() == "http://uri.etsi.org/TrstSvc/SvcInfoExt/eSigDir-1999-93-EC-TrustedList/#") - { - std::unique_ptr r(QualificationsTypeTraits::create(i, f, this)); - if(!this->QualificationsType_.present()) - this->QualificationsType_.set(std::move(r)); - continue; - } - - if(n.name() == "AdditionalServiceInformation" && n.namespace_() == "http://uri.etsi.org/02231/v2#") - { - std::unique_ptr r(AdditionalServiceInformationTypeTraits::create(i, f, this)); - if(!this->AdditionalServiceInformationType_.present()) - this->AdditionalServiceInformationType_.set(std::move(r)); - continue; - } - - break; - } -} - -ExtensionType::~ExtensionType() = default; - -ExtensionType* ExtensionType::_clone(Flags f, Container *c) const -{ - return new class ExtensionType(*this, f, c); -} - -const ExtensionType::ExpiredCertsRevocationInfoOptional& ExtensionType::expiredCertsRevocationInfo() const -{ - return ExpiredCertsRevocationInfo_; -} - -const ExtensionType::TakenOverByOptional& ExtensionType::takenOverByType() const -{ - return TakenOverByType_; -} - -const ExtensionType::QualificationsOptional& ExtensionType::qualificationsType() const -{ - return QualificationsType_; -} - -const ExtensionType::AdditionalServiceInformationOptional& ExtensionType::additionalServiceInformationType() const -{ - return AdditionalServiceInformationType_; -} diff --git a/src/xml/ExtensionType.h b/src/xml/ExtensionType.h deleted file mode 100644 index 888fa9a0c..000000000 --- a/src/xml/ExtensionType.h +++ /dev/null @@ -1,65 +0,0 @@ -/* - * libdigidocpp - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - * - */ - -#pragma once - -#include "xml/ts_119612v020201_201601xsd.hxx" -#include "xml/ts_119612v020101_additionaltypes_xsd.hxx" -#include "xml/ts_119612v020101_sie_xsd.hxx" - -namespace digidoc { -namespace tsl { - -class ExtensionType: public ExtensionTypeBase -{ -public: - typedef ::xml_schema::DateTime ExpiredCertsRevocationInfo; - - typedef ::xsd::cxx::tree::optional ExpiredCertsRevocationInfoOptional; - typedef ::xsd::cxx::tree::traits ExpiredCertsRevocationInfoTraits; - const ExpiredCertsRevocationInfoOptional& expiredCertsRevocationInfo() const; - - typedef ::xsd::cxx::tree::optional TakenOverByOptional; - typedef ::xsd::cxx::tree::traits TakenOverByTypeTraits; - const TakenOverByOptional& takenOverByType() const; - - typedef ::xsd::cxx::tree::optional QualificationsOptional; - typedef ::xsd::cxx::tree::traits QualificationsTypeTraits; - const QualificationsOptional& qualificationsType() const; - - typedef ::xsd::cxx::tree::optional AdditionalServiceInformationOptional; - typedef ::xsd::cxx::tree::traits AdditionalServiceInformationTypeTraits; - const AdditionalServiceInformationOptional& additionalServiceInformationType() const; - - ExtensionType(const CriticalType &x); - ExtensionType(const xercesc::DOMElement& e, xml_schema::Flags f = 0, xml_schema::Container* c = 0); - ExtensionType(const ExtensionType& x, xml_schema::Flags f = 0, xml_schema::Container* c = 0); - virtual ~ExtensionType(); - - virtual ExtensionType* _clone(xml_schema::Flags f = 0, xml_schema::Container* c = 0) const; - -protected: - ExpiredCertsRevocationInfoOptional ExpiredCertsRevocationInfo_; - TakenOverByOptional TakenOverByType_; - QualificationsOptional QualificationsType_; - AdditionalServiceInformationOptional AdditionalServiceInformationType_; -}; - -} -} diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index 4252b8267..5f96be6ee 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -29,15 +29,15 @@ add_test(NAME TSLTest_CA-non-qa WORKING_DIRECTORY ${CMAKE_BINARY_DIR}/src ) add_test(NAME TSLTest_CA-withdrawn - COMMAND ${CMAKE_CURRENT_BINARY_DIR}/TSLTests -- EE_T-CA-withdrawn.xml good ${CMAKE_CURRENT_SOURCE_DIR}/data + COMMAND ${CMAKE_CURRENT_BINARY_DIR}/TSLTests -- EE_T-CA-withdrawn.xml bad ${CMAKE_CURRENT_SOURCE_DIR}/data WORKING_DIRECTORY ${CMAKE_BINARY_DIR}/src ) add_test(NAME TSLTest_CA-withdrawn-granted-before COMMAND ${CMAKE_CURRENT_BINARY_DIR}/TSLTests -- EE_T-CA-withdrawn-granted-before.xml good ${CMAKE_CURRENT_SOURCE_DIR}/data WORKING_DIRECTORY ${CMAKE_BINARY_DIR}/src ) -add_test(NAME TSLTest_CA-withdrawn-granted-after - COMMAND ${CMAKE_CURRENT_BINARY_DIR}/TSLTests -- EE_T-CA-withdrawn-granted-after.xml bad ${CMAKE_CURRENT_SOURCE_DIR}/data +add_test(NAME TSLTest_CA-withdrawn-granted-later + COMMAND ${CMAKE_CURRENT_BINARY_DIR}/TSLTests -- EE_T-CA-withdrawn-granted-later.xml bad ${CMAKE_CURRENT_SOURCE_DIR}/data WORKING_DIRECTORY ${CMAKE_BINARY_DIR}/src ) add_test(NAME TSLTest_OCSP-invalid-type @@ -52,8 +52,8 @@ add_test(NAME TSLTest_OCSP-withdrawn-granted-before COMMAND ${CMAKE_CURRENT_BINARY_DIR}/TSLTests -- EE_T-OCSP-withdrawn-granted-before.xml good ${CMAKE_CURRENT_SOURCE_DIR}/data WORKING_DIRECTORY ${CMAKE_BINARY_DIR}/src ) -add_test(NAME TSLTest_OCSP-withdrawn-granted-after - COMMAND ${CMAKE_CURRENT_BINARY_DIR}/TSLTests -- EE_T-OCSP-withdrawn-granted-after.xml bad ${CMAKE_CURRENT_SOURCE_DIR}/data +add_test(NAME TSLTest_OCSP-withdrawn-granted-later + COMMAND ${CMAKE_CURRENT_BINARY_DIR}/TSLTests -- EE_T-OCSP-withdrawn-granted-later.xml bad ${CMAKE_CURRENT_SOURCE_DIR}/data WORKING_DIRECTORY ${CMAKE_BINARY_DIR}/src ) add_test(NAME TSLTest_TSA-invalid-type @@ -68,8 +68,8 @@ add_test(NAME TSLTest_TSA-withdrawn-granted-before COMMAND ${CMAKE_CURRENT_BINARY_DIR}/TSLTests -- EE_T-TSA-withdrawn-granted-before.xml good ${CMAKE_CURRENT_SOURCE_DIR}/data WORKING_DIRECTORY ${CMAKE_BINARY_DIR}/src ) -add_test(NAME TSLTest_TSA-withdrawn-granted-after - COMMAND ${CMAKE_CURRENT_BINARY_DIR}/TSLTests -- EE_T-TSA-withdrawn-granted-after.xml bad ${CMAKE_CURRENT_SOURCE_DIR}/data +add_test(NAME TSLTest_TSA-withdrawn-granted-later + COMMAND ${CMAKE_CURRENT_BINARY_DIR}/TSLTests -- EE_T-TSA-withdrawn-granted-later.xml bad ${CMAKE_CURRENT_SOURCE_DIR}/data WORKING_DIRECTORY ${CMAKE_BINARY_DIR}/src ) add_test(NAME TSLTest_EE_T-no_QCStatement diff --git a/test/data/EE_T-CA-non-qa.xml b/test/data/EE_T-CA-non-qa.xml new file mode 100644 index 000000000..801fe0d5f --- /dev/null +++ b/test/data/EE_T-CA-non-qa.xml @@ -0,0 +1,688 @@ + + + 5 + 8 + http://uri.etsi.org/TrstSvc/TrustedList/TSLType/EUgeneric + + Information System Authority + + + + + 139A Pärnu mnt + Tallinn + Harjumaa + 15169 + EE + + + + mailto:ria@ria.ee + https://www.ria.ee + + + + EE:Supervision/Accreditation Status List of test certification services + + + https://open-eid.github.io/test-TL/ + + http://uri.etsi.org/TrstSvc/TrustedList/TSLType/StatusDetn/EUappropriate + + http://uri.etsi.org/TrstSvc/TrustedList/schemerules/EUcommon + http://uri.etsi.org/TrstSvc/TrustedList/schemerules/EE + + EE_T + + The present TSL implementation of test certificates is not applicable to any legal frameworks + + 65535 + + + + + + MIIEvDCCAqQCCQC/HGif/u6k6TANBgkqhkiG9w0BAQUFADAgMQswCQYDVQQGEwJFRTERMA8GA1UEAxMIVGVzdCBUU0wwHhcNMTQwNjI1MDkxMDMwWhcNMTUwNjI1MDkxMDMwWjAgMQswCQYDVQQGEwJFRTERMA8GA1UEAxMIVGVzdCBUU0wwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDCU3NdeUa4xMF78VfYPGDDGC4yd2bYboF4C2R7mfUcoaIGOZ4VCShl9ojjQY0a4/7QEI5FPDwvziydN9UFlCRYmb7YrANXL1WS71aLapLM9KuT6e0siFgh1HLeZA0YcdL7opRCVAKxejHuWShuRdvJsNXiv/nKg35I6NPW5OP7IM4HR71CqGcWgtlFkL7sqs943vccpLZa23XQcAfngW0VdPSxuz4R/kzNkIFXBjrPSpjR74006e9csrKxJmebKfGqIIOu0waFVmXsWbj46p05PLpfsVX+lJ8O9CVtq0p4R4BzcUHh4zLJpUDZlRcK0t64EjTSnH4OgEP+qH/zhBxDb8maCRqyZT7iY6e/VBbfwub7ZhNzAnPYd7yGbBz7PIBWEqDNLtTBVq7rlYd63ap2TEvXKczh50IJEM8DTdAWpHG6iRcB17nqxI3U8iq/bPVhcT/OW4Dhb9ZdEllJzCgvpDpv/yBZ/F1tggQwrtjZ4cvZ6AXt+Bb5j5vZpcxbl1Q/2a4dcFMCXfxuuoboXPlFY1ElQGiF3oOV/iVRBNn6gnv0b3+qB1sQlLii4nS/fxwAehsH5z3m4fuLgZKfT9AcpR1e8jJQLJne0dTX0spc1yOVi8nv/PvpZGh3OI/rZfGP2pUU4RQnV96Fw/VBeYFv48+mcwMta+HpaaNTNvmzhQIDAQABMA0GCSqGSIb3DQEBBQUAA4ICAQB9gBvNxbsw/iGCXlbqrqZMjvvMqJVEsSIYe7Hb3mBiPAw50zxBTVXPY9nq5P2nD1hWK/sQMLVTbhQ/rSbiiEzMizEEhMAj5NzLrGm5qDFJeJjvqvsV+IehO9E4sKZ5GI9lhbuOcPo5N1YGSDrtqJpPPKhSv4TeOtl7Y1uCSMq8R9Y3XjNBqv0BsdlnMq6ugBQ74eiOwrIdy2jCIbzNn9ZJtbTiOnVSlaywMiaRkjslkajnFDvMj3pmh9R9/r+/cGMosCVMEqxFYcNjn2CU1S9mslnZb2U/LBYm/WhHF3V1PDN56NaIgBVJAXOJgeQGKvDKHddDMjavSanXQbZeEaikH8znON+HiasNVG/Y7ZBMQTcoWJZ23q07tDQSXCDfgl1AhhaAxgsCnf+yfwWaxHjhygx40VzJnEiBTzAVnqDGW0cezpRnP8huueen38ptKjI46JFR+CgW0ckyFpNtE5AaR0vJuJl8lSpAkXtmIC6iGxsnszV519MXZxpXI0QXAhZQmkw7HPvy/aWxqmX8yyy5Yh2en25631GHt5LtSc1iiGpX0/x+rAiRjDcU5AAEOB4XWF3+NSc7Tyl09trfisQcWp9vCEFSIAwhiErpMvmP+yK/Emh7nZwqU4ueAj3OvggqPsg0Soaixr/UQC9T+rIwifv1Bh2q+VXGqdLG62Ay5Q== + + + + + MIIEvDCCAqQCCQCL/COUVyiGjTANBgkqhkiG9w0BAQUFADAgMQswCQYDVQQGEwJFRTERMA8GA1UEAwwIVGVzdCBUU0wwHhcNMTgxMTE1MTI1MjU1WhcNMjgxMTEyMTI1MjU1WjAgMQswCQYDVQQGEwJFRTERMA8GA1UEAwwIVGVzdCBUU0wwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDfFK0fYeGrdngMZXZndDEpcl9pjGGNpbie3+ch5mDqObUe+OL45b4+SfPapriVRNBa+m5T1TuijP7Kb8sTNS9U3WQYvY8bEstPZnaEvdQSSVRf4j9eVg+RTJ8Y4jjZ02GbLwrpELD2Qs+ohCl8e64G29qutchv6nJqOdbL5U+d6DKyrzSpZyMRPA+UmB78KsBTs0o3wME7IA9J37YgtpUZifcC4LdgTWrX2eBICGPqi7GGKzdnI5LDhCJZnHwzva+6lBwa8fW5aXQG69uPTFmd/pNNF6+8f2FcYGljQiD6FYVKAUfYRBlw9ymKaIbNmyh9bs71ezPrI4ltOLjmZLZFRouSIaeExfzj2FkWERNG/iAuEIRolyyXjqjiQIuiEi8uo6sg1cPrD59EuWtTcMzTxuhVU8Ra37F6DrMEipqh84zQcnT0i/RNk4K723aB9uWwHJgJ5Y2/6cbta7ZkYsfQfjBC4nBRVyUlBCpEFYNePbKttYF5Cf5FraMlGzAY0W/MSIUxvRmlkjCzBod4LA+K/hQxEiw7Xa8OAZfw9l9lmSnia+fgRz3fLKxg3yklw6rA/2aISb83uVRvxgqKym3EeJ/+CsOQpwOblEBxWfQizah1Ct4NhsuKLmBbopxAXLqz25E+3BvvsM4nuwWVfoyvTVXYQ+k4V/hj2iS5buJ5twIDAQABMA0GCSqGSIb3DQEBBQUAA4ICAQAGTw5MJurTeeWy+jQikGfivrxt9lzqt+uSV8D6V1GBzBAl8m4SqSY0U8KM/gtqh9bhmQwm0qgx/mKcDKzCUKajXPKm/NbR+pjZD9Lcx4Iy0iqi9rsxSKECGM2dYAmm7GXnXvz9QUxZjteTgYoRP2s6GfosvTQiUEr/cIrYAU3wC0/94pRb9/FLVVon/aVdsh+Dqb4j7BhKLzXNCNjkv1Sv/YL1zpe/2SPxe0Bfymys97lcu1DB01e/MLfqQJThYOblMte/zGNZO24HcvROIkyoUtYy5/H4F5rsamSGMNdBfauTtYxz7lOT7qQoDNyGMN9bfjWnkVi/lV2CVooeiHIs7wLWEhYmU9DiAzcmODU9uMRRBlGOWK8UQg05exc518heICmudSbgSyQLGqzVoI4kybhmBA3w93KEXJSXlnU7hBzoYDP2d1g46Ay59UtvLycS1kxe0jVjxxRnh/f9aPbMwUYBzEC0naUzMeJtElHLHgW4HT6PLgFImgLLFh8dnYJUzn35wz10g3YBA61YUJuODpapKHixn/2X/t/8Vf1vqr/VwiwUglNQj+P78Fdb3T56JsYRG1bdf6nz5dvv4qtLoG+OjPI/tiLjh2ktqaMjeVmlQFchy/C5Lr48d9IGmo+x2ECYSWVvwzxI7PIbYBI4oaPjh2zKIrz/AlY2RmqMMA== + + + + https://open-eid.github.io/test-TL/tl-mp-test-EE.xml + + + http://uri.etsi.org/TrstSvc/TrustedList/TSLType/EUlistofthelists + + + + Information System Authority + + + + + http://uri.etsi.org/TrstSvc/TrustedList/schemerules/EUlistofthelists + + + + EE + + + application/vnd.etsi.tsl+xml + + + + + 2024-07-08T14:06:07Z + + 2027-08-20T21:00:00Z + + + https://open-eid.github.io/test-TL/EE_T.xml + + + + + + + AS Sertifitseerimiskeskus + + + SK + + + + + Pärnu mnt 141 + Tallinn + Harjumaa + 11314 + EE + + + + http://www.sk.ee + mailto:info@sk.ee + + + + http://www.sk.ee/en/repository/CPS + + + + + + http://uri.etsi.org/TrstSvc/Svctype/CA/PKC + + TEST of ESTEID-SK 2011: Test certificates for Estonian ID-card, the residence permit card, digital personal identification document + + + + MIIEuzCCA6OgAwIBAgIQSxRID7FoIaNNdNhBeucLvDANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMTEwMzA3MTMwNjA5WhcNMjMwOTA3MTIwNjA5WjBsMQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEfMB0GA1UEAwwWVEVTVCBvZiBFU1RFSUQtU0sgMjAxMTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0SMr+A2QGMJuNpu60MgqKG0yLL7JfvjNtgs2hqWADDn1AQeD79o+8r4SRYp9kowSFA8E1v38XXTHRq3nSZeToOC5DMAWjsKlm4x8hwwp31BXCs/Hrl9VmikIgAlaHvv3Z+MzS6qeLdzyYi/glPVrY42A6/kBApOJlOVLvAFdySNmFkY+Ky7MZ9jbBr+Nx4py/V7xm9VD62Oe1lku4S4qd+VYcQ5jftbr4OFjBp9Nn58/5svQxrLjv3B67i19d7sNh7UPnMiO6BeBb6yb3P1lqdHofE1lElStIPViJlzjPOh4puxWadHDvVYUCJgW2aM58mTfjFhZbVfcrVn5OyIiTQIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwgZkGA1UdIASBkTCBjjCBiwYKKwYBBAHOHwMBATB9MFgGCCsGAQUFBwICMEweSgBBAGkAbgB1AGwAdAAgAHQAZQBzAHQAaQBtAGkAcwBlAGsAcwAuACAATwBuAGwAeQAgAGYAbwByACAAdABlAHMAdABpAG4AZwAuMCEGCCsGAQUFBwIBFhVodHRwczovL3d3dy5zay5lZS9DUFMwHQYDVR0OBBYEFEG2/sWxsbRTE4z6+mLQNG1tIjQKMB8GA1UdIwQYMBaAFLU0Cp2lLxDF5yEOvsSxZUcbA3b+MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvcnkvY3Jscy90ZXN0X2VlY2NyY2EuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQBdh5R23K7qkrO78j51xN6CR2qwxUcK/cgcTLWv0obPmJ7jRax3PX0pFhaUE6EhAR0dgS4u6XZrjPgVrt/mwq1h8lJP1MF2ueAHKyS0SGj7aFLkcC+ULwu1k6yiortFJ0Ds49ZGA+ioGzYWPQ+g1Zl4wSDIz52ot0cHUijnf39Szq7E2z7MDfZkYg8HZeHrO493EFghXcnSH7J7z47cgP3GWFNUKv1V2c0eVE4OxRulZ3KmBLPWbJKZ0TyGa/Aooc+TorEjxz//WzcF/Sklp4FeD0MU39UURIlg7LfEcm832bPzZzVGFd4drBd5Dy0Uquu63kW7RDqr+wQFSxKr9DIH + + + 1.2.840.113549.1.9.1=#1609706b6940736b2e6565,CN=TEST of ESTEID-SK 2011,O=AS Sertifitseerimiskeskus,C=EE + + + http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted + 2011-03-08T22:00:00Z + + http://sk.ee/en/repository/CP/ + + + + + + + + + + + true + + + true + + This service issues qualified certificates for e-signing and e-authentication within the same process. The Relying Party shall make distinction by inspection of keyUsage field contents - e-signature certificates have nonRepudation bit set exclusively. Any certificate issued under the CA/QC Sdi certificate and is issued as a QC (i.e. containing a QcCompliance statement) and that has either its nR or its dS bit set is to be considered as supported by an SSCD + + + + + + + + + true + + + + + + + + http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/ForeSignatures + + + + + + + + http://uri.etsi.org/TrstSvc/Svctype/CA/QC + + TEST of ESTEID-SK 2015: Test certificates for Estonian ID-card, the residence permit card, digital personal identification document + + + + MIIGgzCCBWugAwIBAgIQEDb9gCZi4PdWc7IoNVIbsTANBgkqhkiG9w0BAQwFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwIBcNMTUxMjE4MDcxMzQ0WhgPMjAzMDEyMTcyMzU5NTlaMGsxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEfMB0GA1UEAwwWVEVTVCBvZiBFU1RFSUQtU0sgMjAxNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMTeAFvLxmAeaOsRKaf+hlkOhW+CdEilmUIKWs+qCWVq+w8E8PA/TohAZdUcO4KFXothmPDmfOCb0ExXcnOPCr2NndavzB39htlyYKYxkOkZi3pLz8bZg/HvpBoy8KIg0sYdbhVPYHf6i7fuJjDac4zN1vKdVQXA6Tv5wS/e90/ZyF955vycxdNLticdozm5yCDMNgsEji6QNA1zIi3+C2YmnDXx6VyxhuC2R3q0xNkwtJ4ezs1RZGxWokTNPzQc3ilGhEJlVsS8vP624hUHwufQnwrKWpc3+D+plMIO0j3E+hmh46gIadDRweFR/dzb+CIBHRaFh0LEBjd/cDFQlBI+E8vpkhqeWp6rp1xwnhCL201M3E1E1Mw+51Xqj7WOfY0TzjOmQJy8WJPEwU2m44KxW1SnpeEBVkgb4XYFeQHAllc7J7JDv50BoIPpecgaqn1vKR7l//wDsL0MN1tDlBhl3x7TJ/fwMnwB1E3zVZR74TUZh5J49CAcFrfM4RmP/0hcDW8+4wNWMg2Qgst2qmPZmHCI/OJt5yMt0Ud5yPF8AWxVot3TxOBGjMiM8m6WsksFsQxp5WtA0DANGXIIfydTaTV16Mg+KpYVqFKxkvFBmfVp6xApMaFl3dY/m56O9JHEqFpBDF+uDQIMjFJxJ4Pt7Mdk40zfL4PSw9Qco2T3AgMBAAGjggINMIICCTAfBgNVHSMEGDAWgBS1NAqdpS8QxechDr7EsWVHGwN2/jAdBgNVHQ4EFgQUScDyRDll1ZtGOw04YIOx1i0ohqYwDgYDVR0PAQH/BAQDAgEGMGYGA1UdIARfMF0wMQYKKwYBBAHOHwMBATAjMCEGCCsGAQUFBwIBFhVodHRwczovL3d3dy5zay5lZS9DUFMwDAYKKwYBBAHOHwMBAjAMBgorBgEEAc4fAwEDMAwGCisGAQQBzh8DAQQwEgYDVR0TAQH/BAgwBgEB/wIBADBBBgNVHR4EOjA4oTYwBIICIiIwCocIAAAAAAAAAAAwIocgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJwYDVR0lBCAwHgYIKwYBBQUHAwkGCCsGAQUFBwMCBggrBgEFBQcDBDCBiQYIKwYBBQUHAQEEfTB7MCUGCCsGAQUFBzABhhlodHRwOi8vZGVtby5zay5lZS9jYV9vY3NwMFIGCCsGAQUFBzAChkZodHRwOi8vd3d3LnNrLmVlL2NlcnRzL1RFU1Rfb2ZfRUVfQ2VydGlmaWNhdGlvbl9DZW50cmVfUm9vdF9DQS5kZXIuY3J0MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvcnkvY3Jscy90ZXN0X2VlY2NyY2EuY3JsMA0GCSqGSIb3DQEBDAUAA4IBAQDBOYTpbbQuoJKAmtDPpAomDd9mKZCarIPxAH8UXphSndMqOmIUA4oQMrLcZ6a0rMyCFR8x4NX7abc8T81cvgUAWjfNFn8+bi6+DgbjhYY+wZ010MHHdUo2xPajfog8cDWJPkmz+9PAdyjzhb1eYoEnm5D6o4hZQCiRyPnOKp7LZcpsVz1IFXsqP7M5WgHk0SqY1vs+Yhu7zWPSNYFIzNNXGoUtfKhhkHiRWFX/wdzr3fqeaQ3gs/PyD53YuJXRzFrktgJJoJWnHEYIhEwbai9+OeKr4L4kTkxvPKTyjjpLKcjUk0Y0cxg7BuzwevonyBtL72b/FVs6XsXJJqCa3W4T + + + CN=TEST of ESTEID-SK 2015,2.5.4.97=#0c0e4e545245452d3130373437303133,O=AS Sertifitseerimiskeskus,C=EE + + + http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted + 2015-12-18T07:13:44Z + + http://sk.ee/en/repository/CP/ + + + + + + + + + + + true + + + true + + This service issues qualified certificates for e-signing and e-authentication within the same process. The Relying Party shall make distinction by inspection of keyUsage field contents - e-signature certificates have nonRepudation bit set exclusively. Any certificate issued under the CA/QC Sdi certificate and is issued as a QC (i.e. containing a QcCompliance statement) and that has either its nR or its dS bit set is to be considered as supported by an SSCD + + + + + + + + + true + + + + + + + + http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/ForeSignatures + + + + + + + + http://uri.etsi.org/TrstSvc/Svctype/CA/QC + + TEST of EID-SK 2016 qualified certificates for electronic signatures + + + + MIIG+DCCBeCgAwIBAgIQUkCP5k8r59RXxWzfbx+GsjANBgkqhkiG9w0BAQwFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwIBcNMTYwODMwMTEyNDE1WhgPMjAzMDEyMTcyMzU5NTlaMGgxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEcMBoGA1UEAwwTVEVTVCBvZiBFSUQtU0sgMjAxNjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOrKOByrJqS1QsKD4tXhqkZafPMd5sfxem6iVbMAAHKpvOs4Ia2oXdSvJ2FjrMl5szeT4lpHyzfECzO3nx7pvRLKHufi6lMwMGjtSI6DK8BiH9z7Lm+kNLunNFdIir0hPijjbIkjg9iwfaeST9Fi5502LsK7duhKuCnH7O0uMrS/MynJ4StANGY13X2FvPW4qkrtbwsmhdN0Btro72O6/3O+0vbnq/yCWtcQrBGv3+8XEBdCqH5S/Rt0EugKX4UlVy5l0QUc8IrjGtdMsr9KDtvmVwlefXYKoLqkC7guMGOUNf6Y4AYGsPqfY4dG3N5YNp5FHDL7IO93h7TpRV3gyR38LiJsPHk5nES5mdPkNuEkCyg0zEKI7uJ4LUuBbjzZPp2gP7PN8Iqi9GP7V2NCz8vUVN3WpHvctsf0DMvZdV5pxqLY5ojyfhMsU4aMcGSQA9EK8ES3O1zBK1DW+btjbQjUFW1SIwCkB2yofFxge+vvzZGbvt2UGOE8oAL8/JzNxi9FbjTAbycrGWgEMQ0sM1fKc+OsvoaSy9m3ZQGph0+dbsouQpl3kpJvjDMzxxkrMqxdhlVMreLKGCMMxJMAGQEwVS5P93Nnmz8UbkmeomUJr3NrBo4+V9L5S4Kx1vTvD0p72xRYFyfifLOjs8qs7lR3yhkcBPQI78ERqxv31FWDAgMBAAGjggKFMIICgTAfBgNVHSMEGDAWgBS1NAqdpS8QxechDr7EsWVHGwN2/jAdBgNVHQ4EFgQUrrDq4Tb4JqulzAtmVf46HQK/ErQwDgYDVR0PAQH/BAQDAgEGMIHEBgNVHSAEgbwwgbkwPAYHBACL7EABAjAxMC8GCCsGAQUFBwIBFiNodHRwczovL3d3dy5zay5lZS9yZXBvc2l0b29yaXVtL0NQUzA8BgcEAIvsQAEAMDEwLwYIKwYBBQUHAgEWI2h0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvb3JpdW0vQ1BTMDsGBgQAj3oBAjAxMC8GCCsGAQUFBwIBFiNodHRwczovL3d3dy5zay5lZS9yZXBvc2l0b29yaXVtL0NQUzASBgNVHRMBAf8ECDAGAQH/AgEAMCcGA1UdJQQgMB4GCCsGAQUFBwMJBggrBgEFBQcDAgYIKwYBBQUHAwQwfAYIKwYBBQUHAQEEcDBuMCAGCCsGAQUFBzABhhRodHRwOi8vb2NzcC5zay5lZS9DQTBKBggrBgEFBQcwAoY+aHR0cDovL3d3dy5zay5lZS9jZXJ0cy9FRV9DZXJ0aWZpY2F0aW9uX0NlbnRyZV9Sb290X0NBLmRlci5jcnQwQQYDVR0eBDowOKE2MASCAiIiMAqHCAAAAAAAAAAAMCKHIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCUGCCsGAQUFBwEDBBkwFzAVBggrBgEFBQcLAjAJBgcEAIvsSQEBMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvcnkvY3Jscy90ZXN0X2VlY2NyY2EuY3JsMA0GCSqGSIb3DQEBDAUAA4IBAQAiw1VNxp1Ho7FwcPlFqlLl6zb225IvpNelFX2QMbq1SPe41LuBW7WRZIV4b6bRQug55k8lAm8eX3zEXL9I+4Bzai/IBlMSTYNpqAQGNVImQVwMa64uN8DWo8LNWSYNYYxQzO7sTnqsqxLPWeKZRMkREI0RaVNoIPsciJvid9iBKTcGnMVkbrgyLzlXblLMU4I0pL2RWlfs2tr+XtCtWAvJPFskM2QZ2NnLjW8WroZr8TooocRA1vl/ruIAPC3FxW7zebKcA2B66j4tW7uyF2kPx4WWA3xgR5QZnn4ePEAYjJdu1eWd9KbeAbxPCfFOST43t0fm20HfV2Wp2PMEq4b2 + + + CN=TEST of EID-SK 2016,2.5.4.97=#130e4e545245452d3130373437303133,O=AS Sertifitseerimiskeskus,C=EE + + + http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted + 2016-12-21T10:00:00Z + + https://sk.ee/repositoorium/CP/ + https://sk.ee/en/repository/CP/ + + + + + + + + + + + + true + + + + 1.3.6.1.4.1.10015.17.2 + + + All certificates issued under this CA/QC service that have nonRepudiation bit set exclusively are issued as qualified certificates + + + + + + + + http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/ForeSignatures + + + + + + + + http://uri.etsi.org/TrstSvc/Svctype/CA/PKC + + TEST of NQ-SK 2016 advanced certificates for electronic signatures + + + + MIIGijCCBXKgAwIBAgIQOjiPZGsWs2VXxW0gWA+mAzANBgkqhkiG9w0BAQwFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwIBcNMTYwODMwMTEyNTIwWhgPMjAzMDEyMTcyMzU5NTlaMGcxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBOUS1TSyAyMDE2MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwKLATeOt27z1OPLOFaUQVTLSL6tiQLrBZCO3C3DQuMLixR6cCla+aAS3U4VaKZRCrK+NI7v2cGvDdPW6jmztJJPlXcbZ2nY6QtQq2TkXnVx8Yh+9H1iRB3u9Av9ALFEisj/uYWGoqA8bT7C0MgCu7VGdvpYpiRy7FCyKX7CDf3wW4a/x+vil4yMb0UD2BTrMgwTgcxsaQ4zCg+DFvB8+97pOWZMWbBjkLskM/mxp/ChrDVRiQsMgcUgiQ2heqRa3lNrHXkyJYseUEaCxXkT+aIwdtG7HPqvTrhLbfJs9iMFV3t08jFRZn8gwpUlyy0pztNoy6Xn6d9BHv5+P7/yIOMKghh23gx637WRIaghIn8+6i6/CIK77IQTxwwc4Prg/kpr+F7/5l7M/9Hk7yXsJZ5RHP+JooJcF25pU7VEO80UDJ/srKfm/frlHqeioUxmYRdZSRLiPiZpMC958euD5NsuiJSGqCtESGLyRxNp5Ts7iaQbMcRx0fHTJ0jG4EzXprUKCZCBD2ozK+DljyKEQZmwr7tXge9/JEiX1xhO4fGzadtz5nXjJvAnh8KUnTX9fli7Y1wY2Y2iBlYUbxn9ENPusE5TcLMKDnvpLEd7b0Z3keQiIWR0GvNN59Fe2RhM4sa0IyNXyM0xvamglEEP9/uWJmEdYf7q0wBmWQUhcMc8CAwEAAaOCAhgwggIUMB8GA1UdIwQYMBaAFLU0Cp2lLxDF5yEOvsSxZUcbA3b+MB0GA1UdDgQWBBSsw050xt/OPR3E74FhBbZv3UkdPTAOBgNVHQ8BAf8EBAMCAQYwRgYDVR0gBD8wPTA7BgYEAI96AQEwMTAvBggrBgEFBQcCARYjaHR0cHM6Ly93d3cuc2suZWUvcmVwb3NpdG9vcml1bS9DUFMwEgYDVR0TAQH/BAgwBgEB/wIBADCBjQYIKwYBBQUHAQEEgYAwfjAgBggrBgEFBQcwAYYUaHR0cDovL29jc3Auc2suZWUvQ0EwWgYIKwYBBQUHMAKGTmh0dHBzOi8vd3d3LnNrLmVlL3VwbG9hZC9maWxlcy9URVNUX29mX0VFX0NlcnRpZmljYXRpb25fQ2VudHJlX1Jvb3RfQ0EuZGVyLmNydDBBBgNVHR4EOjA4oTYwBIICIiIwCocIAAAAAAAAAAAwIocgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJwYDVR0lBCAwHgYIKwYBBQUHAwkGCCsGAQUFBwMCBggrBgEFBQcDBDAlBggrBgEFBQcBAwQZMBcwFQYIKwYBBQUHCwIwCQYHBACL7EkBATBDBgNVHR8EPDA6MDigNqA0hjJodHRwczovL3d3dy5zay5lZS9yZXBvc2l0b3J5L2NybHMvdGVzdF9lZWNjcmNhLmNybDANBgkqhkiG9w0BAQwFAAOCAQEAt/0Rv4T7HcRt53ELEDvjTXdxCmdAvLs/eynom18jTguHSwO1vqcq+FRjZ8Qw2Ds5lL8QqT9h38lrQoyNVXLSJOV49seLM/So3k2I6agYXOtM1a+oQG6Si09dQVwMAk0y/7YOddVnx5OdGJZlJTqQumVJUS96Wm74qKh6B+w0gGgAvg/7BpAIBtUweRmjoV4iT/EKz0bKOJPU63guw7y6APGJOsama9fj96cVrnqNdPhaPKqTIPkdabkwxB3wPiCzON9+r0FVUn0se4kIkqZ+jJQBLmYCvnuzMwiYVBvWorTpWNXwLV7B8cwI5/UwmXermhgBhRhb4ZBQhuChRNEp4w== + + + CN=TEST of NQ-SK 2016,2.5.4.97=#130e4e545245452d3130373437303133,O=AS Sertifitseerimiskeskus,C=EE + + + http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted + 2016-12-21T10:00:00Z + + https://sk.ee/repositoorium/CP/ + https://sk.ee/en/repository/CP/ + + + + + http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/ForeSignatures + + + + + + + + http://uri.etsi.org/TrstSvc/Svctype/CA/QC + + TEST of ESTEID2018: Test certificates for Estonian ID-card, the residence permit card, digital personal identification document + + + + MIIFfDCCBN2gAwIBAgIQNhjzSfd2UEpbkO14EY4ORTAKBggqhkjOPQQDBDBiMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEdMBsGA1UEAwwUVEVTVCBvZiBFRS1Hb3ZDQTIwMTgwHhcNMTgwOTA2MDkwMzUyWhcNMzMwODMwMTI0ODI4WjBgMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBFU1RFSUQyMDE4MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBxYug4cEqwmIj+3TVaUlhfxCV9FQgfuglC2/0Ux1Ieqw11mDjNvnGJhkWxaLbWJi7QtthMG5R104l7Np7lBevrBgBDtfgja9e3MLTQkY+cFS+UQxjt9ZihTUJVsR7lowYlaGEiqqsGbEhlwfu27Xsm8b2rhSiTOvNdjTtG57NnwVAX+ijggMyMIIDLjAfBgNVHSMEGDAWgBR/DHDY9OWPAXfux20pKbn0yfxqwDAdBgNVHQ4EFgQUwISZKcROnzsCNPaZ4QpWAAgpPnswDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwggHNBgNVHSAEggHEMIIBwDAIBgYEAI96AQIwCQYHBACL7EABAjAyBgsrBgEEAYORIQECATAjMCEGCCsGAQUFBwIBFhVodHRwczovL3d3dy5zay5lZS9DUFMwDQYLKwYBBAGDkSEBAgIwDQYLKwYBBAGDkX8BAgEwDQYLKwYBBAGDkSEBAgUwDQYLKwYBBAGDkSEBAgYwDQYLKwYBBAGDkSEBAgcwDQYLKwYBBAGDkSEBAgMwDQYLKwYBBAGDkSEBAgQwDQYLKwYBBAGDkSEBAggwDQYLKwYBBAGDkSEBAgkwDQYLKwYBBAGDkSEBAgowDQYLKwYBBAGDkSEBAgswDQYLKwYBBAGDkSEBAgwwDQYLKwYBBAGDkSEBAg0wDQYLKwYBBAGDkSEBAg4wDQYLKwYBBAGDkSEBAg8wDQYLKwYBBAGDkSEBAhAwDQYLKwYBBAGDkSEBAhEwDQYLKwYBBAGDkSEBAhIwDQYLKwYBBAGDkSEBAhMwDQYLKwYBBAGDkSEBAhQwDQYLKwYBBAGDkX8BAgIwDQYLKwYBBAGDkX8BAgMwDQYLKwYBBAGDkX8BAgQwDQYLKwYBBAGDkX8BAgUwDQYLKwYBBAGDkX8BAgYwKgYDVR0lAQH/BCAwHgYIKwYBBQUHAwkGCCsGAQUFBwMCBggrBgEFBQcDBDB3BggrBgEFBQcBAQRrMGkwLgYIKwYBBQUHMAGGImh0dHA6Ly9haWEuZGVtby5zay5lZS9lZS1nb3ZjYTIwMTgwNwYIKwYBBQUHMAKGK2h0dHA6Ly9jLnNrLmVlL1Rlc3Rfb2ZfRUUtR292Q0EyMDE4LmRlci5jcnQwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vYy5zay5lZS9UZXN0X29mX0VFLUdvdkNBMjAxOC5jcmwwCgYIKoZIzj0EAwQDgYwAMIGIAkIBIF+LqytyaV4o5wUSm30VysB8LdWtoOrzNq2QhB6tGv4slg5z+CR58e60eRFqNxT7eccA/HgoPWs0B1Z+L067qtUCQgCB8OP0kHx/j1t7htN2CXjpSjGFZw5TTI4s1eGyTbe0UJRBXEkUKfFbZVmzGPFPprwUdSPi8PpO7+xGBYlFHA4z+Q== + + + CN=TEST of ESTEID2018,2.5.4.97=#0c0e4e545245452d3130373437303133,O=SK ID Solutions AS,C=EE + + + http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted + 2018-04-05T09:45:21Z + + https://sk.ee/repositoorium/CP/ + https://sk.ee/en/repository/CP/ + + + + + + + + + + + true + + + true + + This service issues qualified certificates for e-signing and e-authentication within the same process. The Relying Party shall make distinction by inspection of keyUsage field contents - e-signature certificates have nonRepudation bit set exclusively. Any certificate issued under the CA/QC Sdi certificate and is issued as a QC (i.e. containing a QcCompliance statement) and that has either its nR or its dS bit set is to be considered as supported by an SSCD + + + + + + + + + true + + + + + + + + http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/ForeSignatures + + + + + + + + http://uri.etsi.org/TrstSvc/Svctype/Certstatus/OCSP/QC + + TEST of SK OCSP RESPONDER 2011 + + + + MIIEijCCA3KgAwIBAgIQaI8x6BnacYdNdNwlYnn/mzANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMTEwMzA3MTMyMjQ1WhcNMjQwOTA3MTIyMjQ1WjCBgzELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNlcnRpZml0c2VlcmltaXNrZXNrdXMxDTALBgNVBAsMBE9DU1AxJzAlBgNVBAMMHlRFU1Qgb2YgU0sgT0NTUCBSRVNQT05ERVIgMjAxMTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0cw6Cja17BbYbHi6frwccDI4BIQLk/fiCE8L45os0xhPgEGR+EHE8LPCIqofPgf4gwN1vDE6cQNUlK0Od+Ush39i9Z45esnfpGq+2HsDJaFmFr5+uC1MEz5Kn1TazEvKbRjkGnSQ9BertlGer2BlU/kqOk5qA5RtJfhT0psc1ixKdPipv59wnf+nHx1+T+fPWndXVZLoDg4t3w8lIvIE/KhOSMlErvBIHIAKV7yH1hOxyeGLghqzMiAn3UeTEOgoOS9URv0C/T5C3mH+Y/uakMSxjNuz41PneimCzbEJZJRiEaMIj8qPAubcbL8GtY03MWmfNtX6/wh6u6TMfW8S2wIDAQABo4H+MIH7MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMJMB0GA1UdDgQWBBR9/5CuRokEgGiqSzYuZGYAogl8TzCBoAYDVR0gBIGYMIGVMIGSBgorBgEEAc4fAwEBMIGDMFgGCCsGAQUFBwICMEweSgBBAGkAbgB1AGwAdAAgAHQAZQBzAHQAaQBtAGkAcwBlAGsAcwAuACAATwBuAGwAeQAgAGYAbwByACAAdABlAHMAdABpAG4AZwAuMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LnNrLmVlL2FqYXRlbXBlbC8wHwYDVR0jBBgwFoAUtTQKnaUvEMXnIQ6+xLFlRxsDdv4wDQYJKoZIhvcNAQEFBQADggEBAAbaj7kTruTAPHqToye9ZtBdaJ3FZjiKug9/5RjsMwDpOeqFDqCorLd+DBI4tgdu0g4lhaI3aVnKdRBkGV18kqp84uU97JRFWQEf6H8hpJ9k/LzAACkP3tD+0ym+md532mV+nRz1Jj+RPLAUk9xYMV7KPczZN1xnl2wZDJwBbQpcSVH1DjlZv3tFLHBLIYTS6qOK4SxStcgRq7KdRczfW6mfXzTCRWM3G9nmDei5Q3+XTED41j8szRWglzYf6zOv4djkja64WYraQ5zb4x8Xh7qTCk6UupZ7je+0oRfuz0h/3zyRdjcRPkjloSpQp/NG8Rmrcnr874p8d9fdwCrRI7U= + + + 1.2.840.113549.1.9.1=#1609706b6940736b2e6565,CN=TEST of SK OCSP RESPONDER 2011,OU=OCSP,O=AS Sertifitseerimiskeskus,C=EE + + + http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted + 2011-03-08T22:00:00Z + + http://demo.sk.ee/ocsp + + + + + + http://uri.etsi.org/TrstSvc/Svctype/Certstatus/OCSP/QC + + TEST of SK OCSP RESPONDER 2020 + + + + MIIEzjCCA7agAwIBAgIQa7w4iGoiIOtfrn0fG/hc1zANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMjAxMTEzMTIzMzM1WhcNMjQwNjEzMTEzMzM1WjCBgzELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNlcnRpZml0c2VlcmltaXNrZXNrdXMxDTALBgNVBAsMBE9DU1AxJzAlBgNVBAMMHlRFU1Qgb2YgU0sgT0NTUCBSRVNQT05ERVIgMjAyMDEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz6U1uMvi5P6bycikgOFp1QdIdt2R/x/+WbRVNLNjDTMS0t70BVl6+Z7c5jqZUNIBZ5qlr3K8v5bIv0rdr1H/By0wFMWsWksZnQLIsb/lU+HeuSIDY2ESs0YzvZW4AB3tDrMFOrtuImmsUxhsz00KcRt9o+/o0RD9v5qxhJaqj6+Pr/8fZJK67Wuiqli2vVtuStaTb5zpjA1MJtu9OM4jk/FaL1FaST72XPTzpMVNJR/Rk63t0wL4l4f4s3y0ZI+JPzXu3jyeH+g3ZVLbwB2ccwgqfDPKXoxfNtcDxjUZz16OQQp2Rp14h/n8If0jyHfiNHHCDKaSPFyyJJMgRrQkiwIDAQABo4IBQTCCAT0wEwYDVR0lBAwwCgYIKwYBBQUHAwkwHQYDVR0OBBYEFIGteMcJzpGYrEl+MRkb+QpBx6XFMIGgBgNVHSAEgZgwgZUwgZIGCisGAQQBzh8DAQEwgYMwWAYIKwYBBQUHAgIwTB5KAEEAaQBuAHUAbAB0ACAAdABlAHMAdABpAG0AaQBzAGUAawBzAC4AIABPAG4AbAB5ACAAZgBvAHIAIAB0AGUAcwB0AGkAbgBnAC4wJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuc2suZWUvYWphdGVtcGVsLzAfBgNVHSMEGDAWgBS1NAqdpS8QxechDr7EsWVHGwN2/jBDBgNVHR8EPDA6MDigNqA0hjJodHRwczovL3d3dy5zay5lZS9yZXBvc2l0b3J5L2NybHMvdGVzdF9lZWNjcmNhLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAKR+ssgVTDDkGl+sLwz5OwaBMUOPEscr7DcCXmjmRaC+KjTe8kCuXZwnMH7tMf0mDyF22USJ/o2m0MFW1k8zjH1yr1/2JghttRfi5mCvoMHNXVM/ST1C/6rrymaYA27RxIj201USwTQp35YvhUUIZO3Xby/60yXZyt7wCS7xAnH65U/0LnkT5w5DLC8EdXlH3QF600Z74fm8z54lY80IoSgIEPmFZlLe4YR822G24mawGRQKIbhPK2DO6sGtLZDAfee4B6TGmPcunztsYaUoc1spfCKrx5EBthieSgAp0dh0kMBAR/AGh7fSwl5zyASFgYmtVP4FZS6w6ETlXU7Bg3g== + + + http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted + 2020-11-13T13:00:00Z + + http://demo.sk.ee/ocsp + + + + + + http://uri.etsi.org/TrstSvc/Svctype/TSA/TSS-QC + + DEMO of SK TSA + + + + MIIEEDCCAvigAwIBAgIQM7TnUTYz+b1Tgw99YoRLODANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMTQwNTI2MDk1NTA5WhcNMjQwNTI2MDk1NTA5WjBYMQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEMMAoGA1UECwwDVFNBMRcwFQYDVQQDDA5ERU1PIG9mIFNLIFRTQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMYVFuAcGSanEI10cpb2Rcd2IgXz5XMYJM8XD1wL5Ltv/R2dCQmGaDbpb+/bXOCgm9P/fjCJ7g/DGoplomkKQfUkK4qi0quUaZylnJRgDtj6Y12Mni507Lnk6+6f0xxUAUSV7mCrdZtzYG7jrVjeTjx5RHwr69EKz5zBdLE/N5n893h2+Z1gMsUXJvm1DN4Ui99kCdo1vi2iTVgh5SpTo8lDAkzElrl6B3sHWwgUe7CyxjL4uqvU3B6OwU27F3mrAK/3c1+hdyuZKMTurWzQznCr1jqx0TubxRcwiyDyE9i3ip0G92+NB1/xop33+ooLkL930i/A/kVJYWLIR2N2Ms8CAwEAAaOBsDCBrTAOBgNVHQ8BAf8EBAMCBsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwHQYDVR0OBBYEFNfCWP6p03Uhi50s/a2eWQR886TUMB8GA1UdIwQYMBaAFLU0Cp2lLxDF5yEOvsSxZUcbA3b+MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvcnkvY3Jscy90ZXN0X2VlY2NyY2EuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBfidmlXMbJ+tBDgaQ9CyM0ObI5srSaePHamHglBUFU34tYp9HVhVU+8xh5+hGEOV5y0mZeeIyuQyfwlySQ0vMWdZx02KdNFa9m6ICpufTieHHUzZBCWs/Pl8Bci3Vu5y/VwUAYf14TVJEWCyhyRwo/bfxXRnWIr/Mhe8d10exroADEtcEhRLklyHw6C+ck/mVyrbQm+XoZq876TyuZWmbzxMSi3UG/Zpss1LjK4qI75HDJqW/PHsDJC8YCIpVoRBcN+O0TLuzxOYG++cZBU7QR3axkSkyammtbF85lqxh4Xi4nKjIYgrGWbNXZp4dN/G+uMTDk/2rj8w7E6aRWne2m + + + MIIEFTCCAv2gAwIBAgIQTqz7bCP8W45UBZa7tztTTDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMTQwOTAyMTAwNjUxWhcNMjQwOTAyMTAwNjUxWjBdMQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEMMAoGA1UECwwDVFNBMRwwGgYDVQQDDBNERU1PIG9mIFNLIFRTQSAyMDE0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAysgrVnVPxH8jNgCsJw0y+7fmmBDTM/tNB+xielnP9KcuQ+nyTgNu1JMpnry7Rh4ndr54rPLXNGVdb/vsgsi8B558DisPVUn3Rur3/8XQ+BCkhTQIg1cSmyCsWxJgeaQKJi6WGVaQWB2he35aVhL5F6ae/gzXT3sGGwnWujZkY9o5RapGV15+/b7Uv+7jWYFAxcD6ba5jI00RY/gmsWwKb226Rnz/pXKDBfuN3ox7y5/lZf5+MyIcVe1qJe7VAJGpJFjNq+BEEdvfqvJ1PiGQEDJAPhRqahVjBSzqZhJQoL3HI42NRCFwarvdnZYoCPxjeYpAynTHgNR7kKGX1iQ8OQIDAQABo4GwMIGtMA4GA1UdDwEB/wQEAwIGwDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAdBgNVHQ4EFgQUJwScZQxzlzySVqZXviXpKZDV5NwwHwYDVR0jBBgwFoAUtTQKnaUvEMXnIQ6+xLFlRxsDdv4wQwYDVR0fBDwwOjA4oDagNIYyaHR0cHM6Ly93d3cuc2suZWUvcmVwb3NpdG9yeS9jcmxzL3Rlc3RfZWVjY3JjYS5jcmwwDQYJKoZIhvcNAQELBQADggEBAIq02SVKwP1UolKjqAQe7SVY/Kgi++G2kqAd40UmMqa94GTu91LFZR5TvdoyZjjnQ2ioXh5CV2lflUy/lUrZMDpqEe7IbjZW5+b9n5aBvXYJgDua9SYjMOrcy3siytqq8UbNgh79ubYgWhHhJSnLWK5YJ+5vQjTpOMdRsLp/D+FhTUa6mP0UDY+U82/tFufkd9HW4zbalUWhQgnNYI3oo0CsZ0HExuynOOZmM1Bf8PzD6etlLSKkYB+mB77Omqgflzz+Jjyh45o+305MRzHDFeJZx7WxC+XTNWQ0ZFTFfc0ozxxzUWUlfNfpWyQh3+4LbeSQRWrNkbNRfCpYotyM6AY= + + + CN=DEMO of SK TSA,OU=TSA,O=AS Sertifitseerimiskeskus,C=EE + + + http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted + 2014-05-31T21:00:00Z + + http://demo.sk.ee/tsa/ + + + + + + http://uri.etsi.org/TrstSvc/Svctype/TSA/QTST + + DEMO SK TIMESTAMPING AUTHORITY 2020 + + + + MIIEgzCCA2ugAwIBAgIQcGzJsYR4QLlft+S73s/WfTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMjAxMTMwMjEwMDAwWhcNMjUxMTMwMjEwMDAwWjB/MSwwKgYDVQQDDCNERU1PIFNLIFRJTUVTVEFNUElORyBBVVRIT1JJVFkgMjAyMDEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxDDAKBgNVBAsMA1RTQTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMQswCQYDVQQGEwJFRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMz8yTHQyp8gzyPnKt/CQg+07c/ogDl4V1SmyFGPT+lQaYZvXIKNNZyJlzII+vNnsok6hIRvAX5ffDZs8dkeNdo8QOuQ81QbLn5JJT2VuSppvpnqpFCiL+uWY0/nnwNmyiDueMkUDDJavbSPCkWwmW+aQZCNGd+krSTL/zNHCfOt7cAVDQAL9C4Ue7olufIZoDCTqRA00S8bGbTQPyTS8uUMEuwWc4JYZqEu4c24bIGhbKoCOSR60WrD6cBoZXLlqwDbWdkX5SLjJ9dTCxGW+pLpnAWx+KqJY3HkDiSZCT46JXOaoVzmcFx3l7eqQfqWgkzRZs9TJvqQSLQ+vgSAORECAwEAAaOB/DCB+TAOBgNVHQ8BAf8EBAMCBsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwHQYDVR0OBBYEFJ8v3/rNs6jK0l3BxyVSixDYEOJHMB8GA1UdIwQYMBaAFLU0Cp2lLxDF5yEOvsSxZUcbA3b+MIGOBggrBgEFBQcBAQSBgTB/MCEGCCsGAQUFBzABhhVodHRwOi8vZGVtby5zay5lZS9haWEwWgYIKwYBBQUHMAKGTmh0dHBzOi8vd3d3LnNrLmVlL3VwbG9hZC9maWxlcy9URVNUX29mX0VFX0NlcnRpZmljYXRpb25fQ2VudHJlX1Jvb3RfQ0EuZGVyLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAWWkQKAbEAT77n8L42gw5ql7BO1fdmUgRJRRwWL9Vo9l1c50lqieR8MUToF4wpF6D0PJUx9FDcKL0fbURFTRuETCgGekYmCjMbVQCiv6W38vMsIdJLBWjo2oT2AjtJ2VakwkrzzSxOSBrF5u0hPsAkP0VkBhmW1E0DHfm1Bti2xk5t9OsJMJqfTTl8v1HXktlnxi6WdUzLBcSdknFePDnSYoT3xOfOz1IlB3Ta729bgglAjVBEoWyrKX4kTjZPChxseMntXaW/pN+Agm3Xa9hniXdK4KamzX8d8LJ+qObxmc9TXmksbWZVup0ktfJYWIHCwZjmQukAed/pIX8UV3N9w== + + + http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted + 2020-11-30T21:00:00Z + + http://demo.sk.ee/tsa/ + + + + + + http://uri.etsi.org/TrstSvc/Svctype/CA/QC + + TEST of KLASS3 2010: test electronic seals + + + + MIIExzCCA6+gAwIBAgIQIrzOHDuBOQRPabRVIaWqEzANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMTIwMzIxMTA1ODI5WhcNMjUwMzIxMTA1ODI5WjB1MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEhMB8GA1UECwwYU2VydGlmaXRzZWVyaW1pc3RlZW51c2VkMR8wHQYDVQQDDBZURVNUIG9mIEtMQVNTMy1TSyAyMDEwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Ua/6IAAqXvy2COvRLW9yCSeImQ23XRAzf/xHmJ6fYiSs0LaR8c19IOSOkOarAgUrt0XDG5KWBdE5qwuVc0gQN9ZjYwmDg3dq4LVo89FdvATKk2Tao01Iu1N+2eGSEifgGBH5iWfYqu1hGJ2nJPHIG9bKXZXfw+ET2gymO5bHnt8iOJmq+YynMXEvxtUTl2hKh0o6m28i3YKXru0jm5qe5/YCJ9HFw9yKn8eLnI2/9Jfruxe5F1AMOkVXhVtA57yeQARv18a8uEQZV0CS/WDmCPi+hl6GqSwhWZBdB9igOMsnZdNS1s7kr2/46doZQVPa2X3vJyYMTl/oaWB++VfAQIDAQABo4IBSTCCAUUwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAcYwgZkGA1UdIASBkTCBjjCBiwYKKwYBBAHOHwMBATB9MCEGCCsGAQUFBwIBFhVodHRwczovL3d3dy5zay5lZS9jcHMwWAYIKwYBBQUHAgIwTB5KAEEAaQBuAHUAbAB0ACAAdABlAHMAdABpAG0AaQBzAGUAawBzAC4AIABPAG4AbAB5ACAAZgBvAHIAIAB0AGUAcwB0AGkAbgBnAC4wHQYDVR0OBBYEFNFoQ5JN1Wc5Ii9tzYgGEg662Wp2MB8GA1UdIwQYMBaAFLU0Cp2lLxDF5yEOvsSxZUcbA3b+MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvcnkvY3Jscy90ZXN0X2VlY2NyY2EuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCiE8G8gwZpeeHm0PoqHd54/KbfH2cAklqO5rcg2m9fhhvPNtMQ9Wc19JWauE2YuNsnJNKetglUAnA/yd64DhQKBf+2JUgYJas4dTscRgXXlz8huuvenNUpfPd3iispVc2WNBQ2qjBEZXdqhbkG0/RgM42Hb28+1v23HsoLhCGY2YjHhYynmOk/8BULI/ArsgA7FJflXi5Xp/cdC8BJQ87vtPlAnxm0axZMvASNXMUvvQTUjCTg0yczX3d8+I3EBNBlzfPMsyU1LCn6Opbs2/DGF/4enhRGk/49L6ltfOyOA73buSogS2JkvCweSx6Y2cs1fXVyFszm2HJmQgwbZYfR + + + CN=TEST of KLASS3-SK 2010,OU=Sertifitseerimisteenused,O=AS Sertifitseerimiskeskus,C=EE + + + http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted + 2010-03-31T09:17:00Z + + https://sk.ee/en/repository/CP/ + https://sk.ee/repositoorium/CP/ + + + + + + + + + + + false + + + true + + + + + + + + + + true + + + + + + + + + + true + + + + + + + + http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/ForeSeals + + + + + + + + http://uri.etsi.org/TrstSvc/Svctype/CA/QC + + TEST of KLASS3-SK 2016: test electronic seals + + + + MIIGyTCCBbGgAwIBAgIQWwxFeuMr159YRRcFxuRXvzANBgkqhkiG9w0BAQwFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMTYxMjA1MDcyODA1WhcNMzAxMjE3MDcyODA1WjCBjjELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNlcnRpZml0c2VlcmltaXNrZXNrdXMxITAfBgNVBAsMGFNlcnRpZml0c2VlcmltaXN0ZWVudXNlZDEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxHzAdBgNVBAMMFlRFU1Qgb2YgS0xBU1MzLVNLIDIwMTYwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDLBBWlTGtbsgjmRQHKjUz7xsc4BI5Lts/l9t7seXPK5OzZiXomPK2y8y8QxslfDI9KEA0X7VAF2UPwgEDpBLXAOcD1cbijMl23Gz815TH7Lfg+ZpHDh375F1m2vlEoWX0UG7FioRM+xAsBK3EaL3HpJkN8fCSzUwgP7tCl+ivmQwTA0dAoXCib/XtTrYjYa57vHG8xMzKZvc9B4pK9DLvBe+fHbkXHEh1y1EU4AX2VE+eIcieqSHh1PtsB6/YCoSHDa8/uffWcrurbbl++QHgQC8yE6jTQyEfHcIB7ZCy1RbH4l4QtdmsuG7YpxDyBcjFjdz1h1a82GFA67ZHlZ5ogDn7xXyu2fbUBcJlj9wM2wxiyrUt6HCFky6CJhL60zEGVur4nWL/2KYedOxa4CowTv52ceGHBMuWcBHQK2egs5l8ti8oN5jLIhHe2k0dCYJa59fOf6QQv7jKeA/yfY6CmW8BWtY8knmFSOnsqEIBSbWNsYMB1+cidxyr3sTd+haTIZs1JVhS1+gFAe4xVJYDMdnU+nqIvZvNwP9fANC+Nl3h8rfdHLYIexRg8+m2lsrgVT2QOf73EJ+JS10vUI2SinVZikxltxHkA96jDWzs1kpdjKuPdei7fI1roKBhKLyUA6n7tB2XEp0E5K5v4HNXWnY7+skuyvSZxMShNgSmegQIDAQABo4ICMTCCAi0wEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAcYwgfYGA1UdIASB7jCB6zCBgwYJKwYBBAHOHwcDMHYwIAYIKwYBBQUHAgEWFGh0dHA6Ly93d3cuc2suZWUvY3BzMFIGCCsGAQUFBwICMEYeRABBAHMAdQB0AHUAcwBlACAAcwBlAHIAdABpAGYAaQBrAGEAYQB0AC4AIABDAG8AcgBwAG8AcgBhAHQAZQAgAEkARAAuMAgGBmeBDAECAjAvBgkrBgEEAc4fBwIwIjAgBggrBgEFBQcCARYUaHR0cDovL3d3dy5zay5lZS9jcHMwCAYGBACPegEBMAkGBwQAi+xAAQEwCAYGBACPegEHMAkGBwQAi+xAAQMwHQYDVR0OBBYEFC4bj7sBLzT42jAEi1zB8lwl49j3MB8GA1UdIwQYMBaAFLU0Cp2lLxDF5yEOvsSxZUcbA3b+MIGIBggrBgEFBQcBAQR8MHowIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3NwLnNrLmVlL0NBMFYGCCsGAQUFBzAChkpodHRwczovL3NrLmVlL3VwbG9hZC9maWxlcy9URVNUX29mX0VFX0NlcnRpZmljYXRpb25fQ2VudHJlX1Jvb3RfQ0EuZGVyLmNydDBDBgNVHR8EPDA6MDigNqA0hjJodHRwczovL3d3dy5zay5lZS9yZXBvc2l0b3J5L2NybHMvdGVzdF9lZWNjcmNhLmNybDANBgkqhkiG9w0BAQwFAAOCAQEAWwdrvtnroOs0VHJWGJTKBclIZhxqmMWmy0Wt/cmblAT4NV0mcWGKwGj4F2S1tUnsw9x4zbpPy0GX0knKVeC76MnwbgjjjjQDs9DPc+CmLz3RMGqiw1ZIXvvXnoUiaB9vH6Xekm7McvIUTZtRjKIgFK6IzU2P5YGl5OMJ8TFhhtH0Jwo/0pyJqM9W0hmMdSMOHTwtqHnBQGjn0KQ5+zDtgVy6rt8bn44yuKXUIdYOFMrhK9nE/D8c7sOEbcDbr1n+rLFS0ov2xMcySIa99Rk5HaCsfvQAz5RQx38gJ9Hu/Ah9AVuMBfNyyrgYzRu93dc/+XX2h/Oe2s4LuJUDvm1aFw== + + + http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted + 2017-06-30T06:00:00Z + + https://sk.ee/repositoorium/CP/ + https://sk.ee/en/repository/CP/ + + + + + + + + + + + true + + + + 0.4.0.194112.1.3 + + + Any certificate that is issued under the CA/QC Sdi certificate and that is issued as a QC (i.e. containing a QcCompliance statement) and having its Certificate Policy PolicyIdentifier OID set as 0.4.0.194112.1.3, is to be considered as supported by a QSCD. They are issued for digital stamping according to eIDAS regulation + + + + + + + + + true + + + false + + Any certificate issued under the CA/QC Sdi certificate and is issued as a QC (i.e. containing a QcCompliance statement) is to be considered as issued to a Legal Person + + + + + + + + + true + + All certificates issued under this CA/QC service that have nonRepudiation bit set exclusively are issued as qualified certificates + + + + + + + + + true + + + + + + + + + http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/ForeSeals + + + + + + + + http://uri.etsi.org/TrstSvc/Svctype/TSA/TSS-QC + + CN=libdigidocpp Inter,C=EE + + + + MIIDeDCCAmCgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAnMQswCQYDVQQGEwJFRTEYMBYGA1UEAxMPbGliZGlnaWRvY3BwIENBMB4XDTE0MDMyMzIzMTM0OVoXDTI0MDMyMDIzMTM0OVowKjELMAkGA1UEBhMCRUUxGzAZBgNVBAMTEmxpYmRpZ2lkb2NwcCBJbnRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN6EPZ6Dg8D+VjK6lakSh1MdZzuunt0p/5EEJEW/wNJIPFK4CWTMDvYD1aiVP7Kh+WmJV+l3lck0vAyPUnPjXQrbucz0V+1DaBhOnairMhK04gJ2fYktNr90atyz/mQJroiyHdncToeW7iSbro8d2P9BSLfIM6o/yjNasYAWfcrG4/biGTYW/YqN2fad605T8tLYgReNET84qFQV4L34mUdY8PLDg/kaJL6iYC337u5UfNl6qEdg1zU/8jD1c1YPL1duF+J2JK3YbLizjKkBAQRGpY3Emk984lV6fQBfgCEwbO1yecOXL9jFXIGp9aZNjVLtQuPu/Yfz120rMx8qlEcCAwEAAaOBqzCBqDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUWp//2G24RVxM2GM5/6mJ9lYq2PEwHwYDVR0jBBgwFoAUPsJJGbvIsF9JdKFutxdtIX28DAgwRQYIKwYBBQUHAQEEOTA3MDUGCCsGAQUFBzABhilodHRwOi8vd3d3Lm9wZW54YWRlcy5vcmcvY2dpLWJpbi9vY3NwLmNnaTANBgkqhkiG9w0BAQUFAAOCAQEARxDvfF4LvUlAHhxzOEygk+gFishTUrzsaaZ9NFgo7yLrejjyzM3RRZQTkFfru9Xr0DmxCfh4pgFBHlW4csDmufQOFTtJTf3Qvuh+EnM+WGtMsNZaHwuEpVlI64WYgbM1UOD71BswvJ/drZ6b0xmlJQwjLMn6f8ET10w+eTcWF2rPfaod8Rj0JPSJPPLYm6FOgJzHuB3p4h+uBx2kh1a64PD3/jGvz8r2ZUHXdkQD+mz6UJPj6cxsmzcTu3k1RVX+kPgjQvJ6PjQQJyAL3UGYIb0cYZIcEZ3gHErtZ9HQS2zJXtlMrlnpwAWi3xiw015hz4KyPJvQOKxyX2/TIatCpA== + + + http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted + 2010-03-31T09:17:00Z + + https://sk.ee/en/repository/CP/ + https://sk.ee/repositoorium/CP/ + + + + + + + + + + + false + + + true + + + + + + + + + + true + + + + + + + + + + true + + + + + + + + http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/ForeSignatures + + + + + + + + +t65aSUu4OMp9MylQUfJzmO6/qBD5NEYPZ4V1j2JG7tc=UHfgbifUebApTRtasmuqWr1kGKs3jmlkKEKxssZIR2c=dDAc08OxAiq8hrbTDhJEwkpQRG3doypxKAFglpj6Nce6fl21F3cergC1ZBf5CYD5QAyk+BHCM9fd +V6pPOpXTgLHQ7BxD+u+vQ2rURlcbTuCpT0CCBU5VaZ0uf7wPzrCXbVJPs3uWwQOGbhXvNFcoIF5r +dy98ABHsPYo70yoYi31gjfNinQpKxjUmgovC/HmstK0wi8GHGAWEOATITJQNLoN5BBPqGNdHDPS9 +Shg1KGmc6Dwe8SmkGRgfjHWrjImTYRK+PH+wmQSvKqZuuq+Oxtt58Flp3Ir5KoqYOIU7zNxrJQeE +QKDimq+qV2pPX1feoKsyGnMfNqcZrg0iciFAjzD8wPD0KkHepAEYfqJ4Zd0qlTCRVs7B63brnxgT +/Z0yUgjAFVFb/iqZjp0b6I+7QL1NyDoKH9P3+woH9suO6r2WGCozoQoyDwS52WJas9iJnr4gRPV4 +xm7HT72ZlZ6HLcqWU2lEU31XaCpR1rh7xZZCIqLpyrnhC3jBmYVuSCRIRSMKCPzNUsOW48fd3FIX +CH258t4DSQTpEDkCxtD/UEe89LaeZpirEkCgl/nLgQajSoP7v9xw4P5M4sQideOHL2s8I2NcRrZH +bkv3WmO+2ZBZayI4nTQzLuLYRoVxGSszBHaUyN7WeyXHrnB6wrQ5qSGtSIZBxL7odww+SYW57TQ=MIIEvDCCAqQCCQCL/COUVyiGjTANBgkqhkiG9w0BAQUFADAgMQswCQYDVQQGEwJFRTERMA8GA1UE +AwwIVGVzdCBUU0wwHhcNMTgxMTE1MTI1MjU1WhcNMjgxMTEyMTI1MjU1WjAgMQswCQYDVQQGEwJF +RTERMA8GA1UEAwwIVGVzdCBUU0wwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDfFK0f +YeGrdngMZXZndDEpcl9pjGGNpbie3+ch5mDqObUe+OL45b4+SfPapriVRNBa+m5T1TuijP7Kb8sT +NS9U3WQYvY8bEstPZnaEvdQSSVRf4j9eVg+RTJ8Y4jjZ02GbLwrpELD2Qs+ohCl8e64G29qutchv +6nJqOdbL5U+d6DKyrzSpZyMRPA+UmB78KsBTs0o3wME7IA9J37YgtpUZifcC4LdgTWrX2eBICGPq +i7GGKzdnI5LDhCJZnHwzva+6lBwa8fW5aXQG69uPTFmd/pNNF6+8f2FcYGljQiD6FYVKAUfYRBlw +9ymKaIbNmyh9bs71ezPrI4ltOLjmZLZFRouSIaeExfzj2FkWERNG/iAuEIRolyyXjqjiQIuiEi8u +o6sg1cPrD59EuWtTcMzTxuhVU8Ra37F6DrMEipqh84zQcnT0i/RNk4K723aB9uWwHJgJ5Y2/6cbt +a7ZkYsfQfjBC4nBRVyUlBCpEFYNePbKttYF5Cf5FraMlGzAY0W/MSIUxvRmlkjCzBod4LA+K/hQx +Eiw7Xa8OAZfw9l9lmSnia+fgRz3fLKxg3yklw6rA/2aISb83uVRvxgqKym3EeJ/+CsOQpwOblEBx +WfQizah1Ct4NhsuKLmBbopxAXLqz25E+3BvvsM4nuwWVfoyvTVXYQ+k4V/hj2iS5buJ5twIDAQAB +MA0GCSqGSIb3DQEBBQUAA4ICAQAGTw5MJurTeeWy+jQikGfivrxt9lzqt+uSV8D6V1GBzBAl8m4S +qSY0U8KM/gtqh9bhmQwm0qgx/mKcDKzCUKajXPKm/NbR+pjZD9Lcx4Iy0iqi9rsxSKECGM2dYAmm +7GXnXvz9QUxZjteTgYoRP2s6GfosvTQiUEr/cIrYAU3wC0/94pRb9/FLVVon/aVdsh+Dqb4j7BhK +LzXNCNjkv1Sv/YL1zpe/2SPxe0Bfymys97lcu1DB01e/MLfqQJThYOblMte/zGNZO24HcvROIkyo +UtYy5/H4F5rsamSGMNdBfauTtYxz7lOT7qQoDNyGMN9bfjWnkVi/lV2CVooeiHIs7wLWEhYmU9Di +AzcmODU9uMRRBlGOWK8UQg05exc518heICmudSbgSyQLGqzVoI4kybhmBA3w93KEXJSXlnU7hBzo +YDP2d1g46Ay59UtvLycS1kxe0jVjxxRnh/f9aPbMwUYBzEC0naUzMeJtElHLHgW4HT6PLgFImgLL +Fh8dnYJUzn35wz10g3YBA61YUJuODpapKHixn/2X/t/8Vf1vqr/VwiwUglNQj+P78Fdb3T56JsYR +G1bdf6nz5dvv4qtLoG+OjPI/tiLjh2ktqaMjeVmlQFchy/C5Lr48d9IGmo+x2ECYSWVvwzxI7PIb +YBI4oaPjh2zKIrz/AlY2RmqMMA==2024-07-08T11:06:07Znk6Dlz6rjsOp9TaNXJg0RNj/m53oC7RGzdDHcZ7jrfo=CN=Test TSL, C=EE10086976385427474061 \ No newline at end of file diff --git a/test/data/EE_T-CA-withdrawn-granted-before.xml b/test/data/EE_T-CA-withdrawn-granted-before.xml index a9ca13d18..234283815 100644 --- a/test/data/EE_T-CA-withdrawn-granted-before.xml +++ b/test/data/EE_T-CA-withdrawn-granted-before.xml @@ -75,7 +75,7 @@ - 2020-12-11T10:36:28Z + 2024-07-08T15:00:16Z 2027-08-20T21:00:00Z @@ -127,7 +127,7 @@ http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted - 2016-11-28T01:00:00Z + 2013-04-23T01:00:00Z http://sk.ee/en/repository/CP/ @@ -182,7 +182,7 @@ http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/withdrawn - 2016-11-27T22:00:00Z + 2013-04-22T11:49:30Z http://uri.etsi.org/TrstSvc/Svctype/CA/QC @@ -627,15 +627,15 @@ -1Be6Pb83gRGV1D35y8eXFtj/OveFEsGr9bnwIs9xkYA=lYHBnQ/i/q/Tr3aaUjLihMIGaizr7XhEeeWq7MugID4=qll7tfZTzta+xfv1hLE56JuUPuSimdqKJpjXCvyGQ3cZH9OjPm+qjbMserUJUDYoW9P77cgKmQRO -Tz1kl/TTNFD6gLG33NutjBF+aPQVUQePymoSV2A81/eWbjweX+qDt3MUlla7RRfn045JXbTZJha3 -UMsB85R6BQDx1KLksqU7jgYxRaJx0ikPuuWC9Voftew6VutwAVvke0eLQwhxDZ7ppkQt2cZdZ1fZ -2JY4UPCKgpGjB5j7Z5r/krbs6tnYey09zmtix7uh8ocvl9srhbwz1tUab3ezbfWYmQz1VnGVxyL2 -ueV8pyIWZHRQTvIpzXXjtoxHz2w45VUShgW/6+UcubtEPS59MNBXW3LLJeRGiwuDVvuz0ZwpLB2h -rNPcnGI1TePG5Tu1z46VVr/mNw9RvEY37h7asZKGMtnj1b9GBR/Ma36M1RVAl9vldTJwWhXuHkGm -Vi2T+YSAt6qpVE822f12kdW93uWFQENj9glwYZowRFa7e3238gKOyBKM0RsukIb0Kye4zk37HacB -1j8ibL0AaICc+8fhSDkmVsVvsKu1P98zvYLiUn1/uxVD/e5BDW9DACTAWRoxSZ+34Z1n9heny5j5 -/joEZwN4Y67nz2IVENG9+0DHAGnG53NTjCMcHj8RhwkNmcss13+KZK1h9bsAebkMUM5g8N8ICjs=MIIEvDCCAqQCCQCL/COUVyiGjTANBgkqhkiG9w0BAQUFADAgMQswCQYDVQQGEwJFRTERMA8GA1UE +5eoz49jlgdIxmRrbCBqv7P+X3zBICURg9tQKfe0Bucg=SnRrOVKoFum1PAJ55DnL2/V+COIkV30S+Ew3Ic/+od8=KCstB1+y35pqsyBdDAS6LdiRmRzzK59G2/AeizVHXa6Hk73fFYbLFn4snisDEReeWmzzHSpnksRP +BM1aGQ+nenq6K3NMgrlipjopoCmVCbmz/2bJ/8Lvf6WOSh6dcmNXMqkxSXrLnw8UHJBN/+ScGSQj +Fy5vgx5J0WGZI2PKdd6FuWOhvKm1MzPlmuh7BjqX9jQpKt5aiJUBSxXEOjzKSmFRJA9mK5gVShLZ +BSzABSzHuGyj6pmevHhn/+vVbyUgNVeLPmbSOiFChMOuAt17geb1gZviqUc2UemvvX20oIk40liZ +juayyOeP1raB1VVDTtcWgCDoNAUXBglr3sPYeo/u1bNFbAsC0vOF6v998KmORjC+1Q/CScJwiFey +zoDxIhbCzVs5cVG44tLVcFDUODUveS59zveCttVKZTnrFCeimMc1cql1Lbx8i/3/nTqL1iQ2MTr0 +ARe2sHlhrPjVs9vaNgkOx7aXdeIEjYlCqkhN3xbBBfGeKD6uY2YqsFOPGKPCGQB8+ykqSbsGrWI0 +R4yp6k2m9a2gpy953RBPy+4wcH38S153ugL1izXNaZT06+WPBZgGvHPa090t0XYjS790I1GEgwg6 +2RZvjW7n0NV1vC24qIcB8MFQ3Z1sPuiZgcP/891+vVTxzXPV1qDn54oE1xOQFwKgUdKnVWRrJ04=MIIEvDCCAqQCCQCL/COUVyiGjTANBgkqhkiG9w0BAQUFADAgMQswCQYDVQQGEwJFRTERMA8GA1UE AwwIVGVzdCBUU0wwHhcNMTgxMTE1MTI1MjU1WhcNMjgxMTEyMTI1MjU1WjAgMQswCQYDVQQGEwJF RTERMA8GA1UEAwwIVGVzdCBUU0wwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDfFK0f YeGrdngMZXZndDEpcl9pjGGNpbie3+ch5mDqObUe+OL45b4+SfPapriVRNBa+m5T1TuijP7Kb8sT @@ -656,4 +656,4 @@ AzcmODU9uMRRBlGOWK8UQg05exc518heICmudSbgSyQLGqzVoI4kybhmBA3w93KEXJSXlnU7hBzo YDP2d1g46Ay59UtvLycS1kxe0jVjxxRnh/f9aPbMwUYBzEC0naUzMeJtElHLHgW4HT6PLgFImgLL Fh8dnYJUzn35wz10g3YBA61YUJuODpapKHixn/2X/t/8Vf1vqr/VwiwUglNQj+P78Fdb3T56JsYR G1bdf6nz5dvv4qtLoG+OjPI/tiLjh2ktqaMjeVmlQFchy/C5Lr48d9IGmo+x2ECYSWVvwzxI7PIb -YBI4oaPjh2zKIrz/AlY2RmqMMA==2020-12-11T08:36:28Znk6Dlz6rjsOp9TaNXJg0RNj/m53oC7RGzdDHcZ7jrfo=CN=Test TSL, C=EE10086976385427474061 \ No newline at end of file +YBI4oaPjh2zKIrz/AlY2RmqMMA==2024-07-08T12:00:16Znk6Dlz6rjsOp9TaNXJg0RNj/m53oC7RGzdDHcZ7jrfo=CN=Test TSL, C=EE10086976385427474061 \ No newline at end of file diff --git a/test/data/EE_T-CA-withdrawn-granted-later.xml b/test/data/EE_T-CA-withdrawn-granted-later.xml index 937e87730..e5e7c2ab0 100644 --- a/test/data/EE_T-CA-withdrawn-granted-later.xml +++ b/test/data/EE_T-CA-withdrawn-granted-later.xml @@ -75,7 +75,7 @@ - 2020-12-11T10:36:29Z + 2024-07-08T14:59:20Z 2027-08-20T21:00:00Z @@ -127,7 +127,7 @@ http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted - 2016-11-29T01:00:00Z + 2013-04-24T11:49:30Z http://sk.ee/en/repository/CP/ @@ -182,7 +182,7 @@ http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/withdrawn - 2016-11-27T22:00:00Z + 2013-04-22T11:49:30Z http://uri.etsi.org/TrstSvc/Svctype/CA/QC @@ -627,15 +627,15 @@ -5zcz+hBh7Fr37DA77Xv4bPiij/isTwQz8Q4Kf+LXxT8=HC+E9uid2ys39YsCEDKN7resLtxvOIOf/Y8AN4iPyWo=2qoq/9eQvEr9VPhN98/DY+XOm33ALTUZ552rrDEcfs73BiCnND3SEZuoyyG+ULW/RHa6GhGoBRF0 -RvVd4bPMA33mVTg//qA+k+F+wqekWKX+u73C9tBTqfboq5oG0O3moGfAoWeNsLhWJbJBEL2FWHhn -6PVXf41Ftf5VaevfK1Mq/JhYTpqMXHaacoNQ/zVPkuhinHqjgWIM1jeK7L7tqupw6J+1CNKeEjvJ -Girt3sxomz0zUroSbdBcxm1YXUrbBuNvk0M7kDkJJlpIzzotVFYsbYRitpW2csXCbFpO4urN1CHP -fPIPBG1UaW/YY1ggrWlsUsBfT+CHnMTGmEYh2peyqMLnCrpVRc7x14d4ZcPUUPIwTl3NtvkA2VDR -327ddR1rvR9BVgtFwDtsNZd35WwLPkqBSDfC2cIUTukQD+FfaSGnfYpmxhcB1vJNpF7rs78TiF2s -g7SxvU3BDZxWmUxDQGcX4LG5EFHPCNcPf/fiMea5G8dRCapXIrIGmFtWumvbNAdcLef/+PwioQV1 -Fp7VLTZLGr6fCrsESM92gMbjdR4uitVixXSKao7slZdNNBuS267/TL89s57BrkFszypMlqWEwawr -3IESikq+SkM0AoKukKcU1Tj8aBxs2tQ389tzAYLSfrevZ2zIRZ46TeCYVSwL9j3+efxfJcrYmsM=MIIEvDCCAqQCCQCL/COUVyiGjTANBgkqhkiG9w0BAQUFADAgMQswCQYDVQQGEwJFRTERMA8GA1UE +5X+DKzZFHzD0jrbdYMuRV0FI9Rtk0GDSrdn1THQ6/VM=J/jgHjLvAY0xsw5jKuCeNaJ7KyS6mlaikJ9uftyjw6s=sjZO9YeudvIEdjLmHpK2GAMrNsPbMEVfM0slJugA7NhlGUvNsPmkDRp6qbND82h/s33apZ1izGvZ ++oGKD3iI3ZyYNeldABZor6J2JCldtFTAdnbCD4ShVeJ4A9YWRn790CX3D0WhYW/MG27Ww/zhDDmm +/xIA13XPqIvBkM+dTADexfzy2UoUCd7+w/Bw3GqghA4XVaFewNQwAqw4Tbs8aWQwZ9bnWRR5T2eT +liVqrtMhByWdmrDR/Ttb5nr9MZHogepaPmMsx5JBcBl7N9wTUGnoJZWaDRxWWfkFLbyqnXS3tob7 +02411tMutTsN24mOvx/Ax+d3jn+U9ly4bzzu92SsF+TrLuaTgoxOlEm29dFjC+MRHCgJn7AGCJj0 +N3S/+9VfeUeQ8lyzKL4qXpC6Y9OPW5Tu05Aa2yAD4DSqwd2jL05OUHUBHyRFFyWsCd2veSuXs74W +0w8oVN3TpariC4TCYRFjNfZDVVtSqWFLC6po2w/1a1/EwfdT/N8HVMjsDwB1JJvAqE78//1pMgA/ +3482K1OPxSSOu3RPiB9z4jK45w0AAI3ZHCrJtbBcp23LAG5DOxJegUjZhixNjiqtssVtFU8IE37v +wRoJrghOD28Nxl4OXjEM5MI4HfQSLitP3c5b45d1qtzdaL4/ulMRKTnBmiTcRrhBUsjwUR1l/w0=MIIEvDCCAqQCCQCL/COUVyiGjTANBgkqhkiG9w0BAQUFADAgMQswCQYDVQQGEwJFRTERMA8GA1UE AwwIVGVzdCBUU0wwHhcNMTgxMTE1MTI1MjU1WhcNMjgxMTEyMTI1MjU1WjAgMQswCQYDVQQGEwJF RTERMA8GA1UEAwwIVGVzdCBUU0wwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDfFK0f YeGrdngMZXZndDEpcl9pjGGNpbie3+ch5mDqObUe+OL45b4+SfPapriVRNBa+m5T1TuijP7Kb8sT @@ -656,4 +656,4 @@ AzcmODU9uMRRBlGOWK8UQg05exc518heICmudSbgSyQLGqzVoI4kybhmBA3w93KEXJSXlnU7hBzo YDP2d1g46Ay59UtvLycS1kxe0jVjxxRnh/f9aPbMwUYBzEC0naUzMeJtElHLHgW4HT6PLgFImgLL Fh8dnYJUzn35wz10g3YBA61YUJuODpapKHixn/2X/t/8Vf1vqr/VwiwUglNQj+P78Fdb3T56JsYR G1bdf6nz5dvv4qtLoG+OjPI/tiLjh2ktqaMjeVmlQFchy/C5Lr48d9IGmo+x2ECYSWVvwzxI7PIb -YBI4oaPjh2zKIrz/AlY2RmqMMA==2020-12-11T08:36:29Znk6Dlz6rjsOp9TaNXJg0RNj/m53oC7RGzdDHcZ7jrfo=CN=Test TSL, C=EE10086976385427474061 \ No newline at end of file +YBI4oaPjh2zKIrz/AlY2RmqMMA==2024-07-08T11:59:20Znk6Dlz6rjsOp9TaNXJg0RNj/m53oC7RGzdDHcZ7jrfo=CN=Test TSL, C=EE10086976385427474061 \ No newline at end of file diff --git a/test/data/EE_T-CA-withdrawn.xml b/test/data/EE_T-CA-withdrawn.xml index 4a58cdb7f..976bca9bb 100644 --- a/test/data/EE_T-CA-withdrawn.xml +++ b/test/data/EE_T-CA-withdrawn.xml @@ -75,7 +75,7 @@ - 2020-12-11T10:36:29Z + 2024-07-08T14:58:00Z 2027-08-20T21:00:00Z @@ -127,7 +127,7 @@ http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/withdrawn - 2016-11-27T21:00:00Z + 2013-04-22T11:49:30Z http://sk.ee/en/repository/CP/ @@ -611,15 +611,15 @@ -bSGQxOPC6bL6YVWxepwIPRsyLkXiXfNM6x+2DTXRKY0=HC+E9uid2ys39YsCEDKN7resLtxvOIOf/Y8AN4iPyWo=I2Dhb65fKWaQfhOg+NO4+TBH4kVPeYD4XFzdCTOOYqQ0gBpAovAS3rW6cTn+GvEun/sUefViIE6H -P/LboL3EvtmBrvHOCY/fxj9k3MyHsdK8JyDigMXiu1V2+/JIHZWX74IWHqR/UVbTQ4r6yxdljNaN -UdJN2kOPvubj5mTNTtC8mSugw8j5TBK5/BPaVzXxd2w8iD275q0NWYn1I2tM4KMZ2hzj1um+D/h+ -8bKnu0gyW9bC+zh3CelgiYSwNse4SUPH2r9l1ndNPXzqBmIz8U/lwD/F75f60WwSrfV+fjYbZ7HR -sr/BwG5Ka8m46YxfQjRnSVjzQCybwp7u1sD5fbM7K8fuLDUSkvU+TVNT09BKUsyJMLaHBGvoCGqq -tF3/8kTJUo36FXkQOqXK/iegKTxRAO8sSnppYJgiltTB75HeQgyEI6c1QEDOeUXlljaQtycga1rx -eyuRNP3I0SgPlPaTNihdqDQk814u7hJQz0J71MSWsUJp+EUlbhbCbCXXz3llhOXOaMEr3Ep+/O3Y -BpDFJAq6N5t/4bpSHxnwProRnR/1N6F9/JFTINEaI+jMoDTRQXmNen4c/6yYvyHILV92PnR3HZVT -cfVIuTbcEFZVQpaBd2s5VJYiMdgvUjNMWvyUZc8mgPdeGV2imLU12wg88CZStwlxZQGgTZrMpso=MIIEvDCCAqQCCQCL/COUVyiGjTANBgkqhkiG9w0BAQUFADAgMQswCQYDVQQGEwJFRTERMA8GA1UE +xbL8Cj+bzOj37r8G3x/tqXhxR7uhoRCBw8ljw7eBWtY=4KekkQp+xPo/SAu5UQ2L3e2jxmjr5iMYIQMdhV1xHfM=wyk8SWOe/JRO5a4xlj6WPYL/Lbz9TMqOjaUS4W61hxUQZO2ugqZ0yjmmcRcZXB5jL/CgUtwCeDZI +chPH7ZbyLR6Ev35Yg6warJ4kvST4P9s69VUKzpBlLvkoO9xf+lREeO6bkFFoRYiKaq/SjmH9pf7c +KLO1s/PrhvWUucYn5TzWnNwTd/B+oL+X2SuGpKdz/CTGPel8zx7dXUTac2BEir+VHSg5O5KuICLc +hN3CbHLEYocHHYeQNoMYl64fNHoUu4yn067gUdVT0VT2zUzLrIwAId6JF8tjZe7zDZJyPIMIvw+t +bwzs0/FCJokhF+Siwb9+iN5lg5iEcQTWa631lKP3uTB40T3l/QxsGos9K76hXvjR5rWy0GeU0q27 +9xz0RmTv2ipGe8ebDz4S0Vp/vV4WM9pr5psl3MTqGdIfoxsl64uY0L2zuyuSwbRwMiZHiBlssVJ7 +AYezzhi4+9rB1Chyjdm5RqmcePDWwEXNFZk1s12zs9XJKvOwmbZyVG8aP4Papxt3+o/iR2NH5zcg +vamgGB/UDoPhHpEahKd/uQP6rL/duBIkbl38GcCNLHFXV+osSxbZzMidXKNnIAtS9EaXbiTRdM6V +HyPclZ9ma9rDoylPNrx7kSkl7q5lrLdFP4r7hW+Oi8kFRUMzEq+Zr/hbXk2l6OJP7pbLZTW1+eI=MIIEvDCCAqQCCQCL/COUVyiGjTANBgkqhkiG9w0BAQUFADAgMQswCQYDVQQGEwJFRTERMA8GA1UE AwwIVGVzdCBUU0wwHhcNMTgxMTE1MTI1MjU1WhcNMjgxMTEyMTI1MjU1WjAgMQswCQYDVQQGEwJF RTERMA8GA1UEAwwIVGVzdCBUU0wwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDfFK0f YeGrdngMZXZndDEpcl9pjGGNpbie3+ch5mDqObUe+OL45b4+SfPapriVRNBa+m5T1TuijP7Kb8sT @@ -640,4 +640,4 @@ AzcmODU9uMRRBlGOWK8UQg05exc518heICmudSbgSyQLGqzVoI4kybhmBA3w93KEXJSXlnU7hBzo YDP2d1g46Ay59UtvLycS1kxe0jVjxxRnh/f9aPbMwUYBzEC0naUzMeJtElHLHgW4HT6PLgFImgLL Fh8dnYJUzn35wz10g3YBA61YUJuODpapKHixn/2X/t/8Vf1vqr/VwiwUglNQj+P78Fdb3T56JsYR G1bdf6nz5dvv4qtLoG+OjPI/tiLjh2ktqaMjeVmlQFchy/C5Lr48d9IGmo+x2ECYSWVvwzxI7PIb -YBI4oaPjh2zKIrz/AlY2RmqMMA==2020-12-11T08:36:29Znk6Dlz6rjsOp9TaNXJg0RNj/m53oC7RGzdDHcZ7jrfo=CN=Test TSL, C=EE10086976385427474061 \ No newline at end of file +YBI4oaPjh2zKIrz/AlY2RmqMMA==2024-07-08T11:58:00Znk6Dlz6rjsOp9TaNXJg0RNj/m53oC7RGzdDHcZ7jrfo=CN=Test TSL, C=EE10086976385427474061 \ No newline at end of file diff --git a/vcpkg.json b/vcpkg.json index 47f688fcd..8d31818e4 100644 --- a/vcpkg.json +++ b/vcpkg.json @@ -7,6 +7,7 @@ "name": "libxml2", "default-features": false }, + "xmlsec", "zlib" ], "features": { @@ -16,7 +17,8 @@ "vcpkg-configuration": { "overlay-ports": [ "patches/vcpkg-ports/openssl", - "patches/vcpkg-ports/xml-security-c" + "patches/vcpkg-ports/xml-security-c", + "patches/vcpkg-ports/xmlsec" ], "registries": [ {