Handling signature validation warnings in DigiDoc libraries
From ID-software (libraries and DigiDoc3 client software) version 3.8 the digitally signed document validation principles have changed so that some container format errors can be regarded as warnings.
The document with a warning is legally valid. "Valid with warnings" is used as a document validity status.
The purpose of using the "Valid with warnings" status is to allow the information system developers to decide, depending on system requirements, whether to display a document with specific format error valid with warnings or invalid. Basically developers have to decide themselves if a specific document should be marked with "Valid with warnings" status.
NB! DigiDoc libraries always return "invalid" when any kind of validating error is detected. Subsequent treatment of the error situation and, if necessary, classification as warning should be realized by the library user in the application client-layer.
We encourage the DigiDoc library users to identify warnings by the same principles as used in DigiDoc3 client software. Detailed description can be found here.
The following error situations are considered as warnings:
- BDOC 2.1 document is using weaker hashing algorithm than officially recommended (SHA-1). Adding signatures is not restricted.
- DDOC documents DataFile element is missing xmlns attribute. These documents were created because of a mistake in PHP sample application. More information. NB! Adding or removing signatures is not allowed!
- DDOC documents X509IssuerName or X509IssuerSerial elements are in wrong namespace. These documents were created because of JDigiDoc library error which affected also DigiDocService and DigiDoc portal users. Adding and removing signatures for these documents was restricted in DigiDoc3 client version 3.8.0. Starting from DigiDoc3 client version 3.8.1 these restrictions have been lifted.
- DDOC document format is outdated (SK-XML 1.0, DIGIDOC-XML 1.1, DIGIDOC-XML 1.2 formats). NB! Adding or removing signatures is not allowed starting from ID-software version 3.7.0.
Library documentation chapter „Validating signed documents“ contains detailed information regarding harnessing warnings, error specifics and implementation instructions.
For testing purposes the library packages also contains a sample file with format errors (sample_files.zip).
To avoid creating new documents with format errors it's necessary to start using newest versions of libraries and sample applications.
DigiDocService web service follows the same logic from version 3.5.1. Validation warnings can be found in SignedDocInfo datastructure SignatureInfo subelement. Detailed information regarding this can be found in DigiDocService specification.