Handling signature validation warnings in DigiDoc libraries

From ID-software (libraries and DigiDoc Client software) version 3.8 the digitally signed document validation principles have changed so that some container format errors can be regarded as warnings.

The document with a warning is legally valid.  “Valid with warnings” is used as a document validity status.

The purpose of using the “Valid with warnings” status is to allow the information system developers to decide, depending on system requirements, whether to display a document with specific format error valid with warnings or invalid. Basically developers have to decide themselves if a specific document should be marked with “Valid with warnings” status.

NB! DigiDoc libraries always return “invalid” when any kind of validating error is detected. Subsequent treatment of the error situation and, if necessary, classification as warning should be realized by the library user in the application client-layer.

We encourage the DigiDoc library users to identify warnings by the same principles as used in DigiDoc Client software.

The following error situations are considered as warnings:

  • BDOC 2.1 document is using weaker hashing algorithm than officially recommended (SHA-1). Adding signatures is not restricted.
  • DDOC documents DataFile element is missing xmlns attribute. These documents were created because of a mistake in PHP sample application. More information. NB! Adding or removing signatures is not allowed!
  • DDOC documents X509IssuerName or X509IssuerSerial elements are in wrong namespace. These documents were created because of JDigiDoc library error which affected also DigiDocService and DigiDoc portal users. Adding and removing signatures for these documents was restricted in DigiDoc Client version 3.8.0. Starting from DigiDoc Client version 3.8.1 these restrictions have been lifted.
  • DDOC document format is outdated (SK-XML 1.0, DIGIDOC-XML 1.1, DIGIDOC-XML 1.2 formats).  NB! Adding or removing signatures is not allowed starting from ID-software version 3.7.0.

To avoid creating new documents with format errors it’s necessary to start using newest versions of libraries and sample applications.

DigiDocService web service follows the same logic from version 3.5.1. Validation warnings can be found in SignedDocInfo datastructure SignatureInfo subelement. Detailed information regarding this can be found in DigiDocService specification.