From XML Security WG Wiki
Open XML Signature 1.1 interop test items
- X509Data: Support revocation checking by adding dsig11:OCSPResponse to list of elements that may be included in the KeyInfo X509Data element
- Incorporate OCSPResponse as X509Data child and be able to recognize it, extract the content and parse and recognize the base64-encoded OCSP response in DER encoding for the following two cases
- test 1
- validate a signature generated where the corresponding certificate is indicated as revoked in the OCSPResponse element and indicate verification failure
- test 2
- validate a signature generated where the corresponding certificate is indicated as valid in the OCSPResponse element and indicate verification success
- X509Data: Add dsig11:X509Digest to list of elements that may be included, to support reference via base64-encoded digest of a certificate
- Incorporate dsig11:X509Digest as X509Data child and be able to recognize it, extract the content and parse and recognize the base64-encoded digest of the certificate, use corresponding certificate in signature validation
- KeyInfo: Add new DEREncodedKeyValue KeyInfo child element
- recognize DEREncodedKeyValue as child of KeyInfo (not X509Data or KeyValue) and extract base64 DER encoded public key as would be used in the Subject Public Key - use to validate signature.
- KeyInfo: Enable use of XML Encryption EncryptedKey and DerivedKey Elements
- recognize, parse and use key to validate signature, test 1 for EncryptedKey, test 2 for DerivedKey.
- KeyInfo: Add KeyInfoReference - alternative to RetrievalMethod access to a KeyInfo element that does not require use of a Transform
- Recognize presence of KeyInfoReference element as child of KeyInfo, parse and dereference to obtain a different KeyInfo element and process this to obtain key information to validate signature. Perform two tests, one for additional KeyInfo in same document, one for separate document obtained on web.
- Added minimum output length for HMACOutputLength parameter in SignatureMethod
- Verify that signature is deemed invalid if HMacOutputLength truncation length is below the larger of (a) half the underlying hash algorithm's output length, and (b) 80 bits. Test that error generated for SHA-256 with truncation length is less than 128, e.g. 100 bits.