Qualified electronic signature validation service

Qualified electronic signature validation service provides validation of electronic signatures, seals, and time stamps in a signed document, including a document signed by an external signature, and data. Accepted are signature formats in accordance with requirements on the advanced electronic signature format as defined by the ETSI, formats of DOC or XLS type cannot be validated.

Validation is run against OCSP or the corresponding CRL lists provided by qualified trust service providers included on the EU Trust List.

Method name: Validate

Service description including WSDL schema, and an example request and response for SOAP 1.1 and SOAP 1.2 are located at https://localhost/secusign/default.asmx?op=Validate.

Localhost is the name used for the local computer; write the SDK server name/IP address instead (according to the settings in IIS).

Request in SOAP 1.1 interface

POST /secusign/default.asmx HTTP/1.1
Host: localhost
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction: "http://software602.com/secusign/Validate"

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <Validate xmlns="http://software602.com/secusign/">
      <FileName>string</FileName>
      <FileData>base64Binary</FileData>
      <FileType>UNKNOWN or CMSPKCS7 or CMSPKCS7Ext or PDF or XML or XML602FORM or XMLISDOC or ASiC_S_CAdES or ASiC_S_XAdES or ASiC_S_Tst or ASiC_E_CAdES_Tst or ASiC_E_XAdES or MS_WORD or MS_EXCEL or MS_PWR_PNT or ODF or EML or MSG
</FileType>
      <ExternalSignatureFileName>string</ExternalSignatureFileName>
      <ExternalSignature>base64Binary</ExternalSignature>
      <Properties>
        <ReportLanguage>string</ReportLanguage>
        <GetReport>boolean</GetReport>
        <GetXMLReport>boolean</GetXMLReport>
        <GetHTMLReport>boolean</GetHTMLReport>
        <GetPDFReport>boolean</GetPDFReport>
        <ValidationTime>dateTime</ValidationTime>
        <IgnoreNoPOE>boolean</IgnoreNoPOE>
        <UseClaimedTimeIfNoTS>boolean</UseClaimedTimeIfNoTS>
        <DontUseGracePeriodForQCerts>boolean</DontUseGracePeriodForQCerts>
      </Properties>
      <Params>string</Params>
    </Validate>
  </soap:Body>
</soap:Envelope>

Input parameters of the method

<FileName>

[mandatory element]

Input	Description
String	Name of input file (including extension) to be validated. Example: Document.pdf. Max. 260 characters.

Input

Description

String

Name of input file (including extension) to be validated. Example: Document.pdf.

Max. 260 characters.

<FileData>

[mandatory element]

Input	Description
Base64Binary	Input file data encoded in Base64.

Input

Description

Base64Binary

Input file data encoded in Base64.

<FileType>

[mandatory element]

Input	Description
UNKNOWN	Unknown document type.
CMSPKCS7	Document signed with an internal CMS/PKCS7 signature, e.g. Data messages from the Data Mailbox Information System.
CMSPKCS7Ext	Document signed with an external CMS/PKCS7 signature, e.g. Data messages from the Data Mailbox Information System.
PDF	PDF document.
XML	XML data.
XML602FORM	FO/ZFO forms for Software602 Form Filler.
XMLISDOC	XML ISDOC data.
ASiC_S_CAdES	ASiC-Simple with CAdES signature.
ASiC_S_XAdES	ASiC-Simple with XAdES signature.
ASiC_S_Tst	ASiC-Simple with a Timestamp.
ASiC_E_CAdES_Tst	ASiC-Extended with CAdES signature or Timestamp.
ASiC_E_XAdES	ASiC-Extended with XAdES signature.
MS_WORD	MS Word document.
MS_EXCEL	MS Excel document.
MS_PWR_PNT	MS PowerPoint document.
ODF	OpenDocumentFormat (OpenOffice).
EML	Electronic mail message*.
MSG	Electronic mail message, contact, appointment or task created or saved in Microsoft Outlook*.

Input

Description

UNKNOWN

Unknown document type.

CMSPKCS7

Document signed with an internal CMS/PKCS7 signature, e.g. Data messages from the Data Mailbox Information System.

CMSPKCS7Ext

Document signed with an external CMS/PKCS7 signature, e.g. Data messages from the Data Mailbox Information System.

PDF

PDF document.

XML

XML data.

XML602FORM

FO/ZFO forms for Software602 Form Filler.

XMLISDOC

XML ISDOC data.

ASiC_S_CAdES

ASiC-Simple with CAdES signature.

ASiC_S_XAdES

ASiC-Simple with XAdES signature.

ASiC_S_Tst

ASiC-Simple with a Timestamp.

ASiC_E_CAdES_Tst

ASiC-Extended with CAdES signature or Timestamp.

ASiC_E_XAdES

ASiC-Extended with XAdES signature.

MS_WORD

MS Word document.

MS_EXCEL

MS Excel document.

MS_PWR_PNT

MS PowerPoint document.

ODF

OpenDocumentFormat (OpenOffice).

EML

Electronic mail message*.

MSG

Electronic mail message, contact, appointment or task created or saved in Microsoft Outlook*.

* Experimental support. If you would like to enable it, contact us.

<ExternalSignatureFileName>

[optional element]

Input	Description
string	External signature file name. Only if such a signature has been created for the document.

Input

Description

string

External signature file name. Only if such a signature has been created for the document.

<ExternalSignature>

[optional element]

Input	Description
Base64Binary	External signature data encoded in base64. Only if such a signature has been created for the document.

Input

Description

Base64Binary

External signature data encoded in base64. Only if such a signature has been created for the document.

<Properties>

[mandatory element including one of GetReport to be true]

<ReportLanguage>

[optional element]

Input	Description
String	Localization of textual information in the output report. Values: cz, en Default value: cz

Input

Description

String

Localization of textual information in the output report. Values: cz, en

Default value: cz

<GetReport>

[optional element]

Input	Description
Boolean	Defines getting a <Report> in response. Default value: true.

Input

Description

Boolean

Defines getting a <Report> in response. Default value: true.

<GetXMLReport>

[optional element]

Input	Description
Boolean	Defines getting a signed validation report in XML. Default value: true.

Input

Description

Boolean

Defines getting a signed validation report in XML. Default value: true.

<GetHTMLReport>

[optional element]

Input	Description
Boolean	Defines getting a validation report in HTML. Default value: true.

Input

Description

Boolean

Defines getting a validation report in HTML. Default value: true.

<GetPDFReport>

[optional element]

Input	Description
Boolean	Defines getting a signed validation report in PDF. Default value: false.

Input

Description

Boolean

Defines getting a signed validation report in PDF. Default value: false.

<ValidationTime>

[optional element]

Input	Description
dateTime	Defines the relevant time as of which the signature validity is determined. Example value: 2018-11-09T07:35:00+02:00 (including time zone). For correct evaluation, the parameter IgnoreNoPoe must be set to true. If ValidationTime is not set or the parameter IgnoreNoPoe is not set to true, the relevant time is set to date and time of attaching the time stamp or, if the time stamp is missing, to current date and time. If ValidationTime is set, this fact is highlighted in red in the output PDF report. Default value: Now (current time taken from SecuSign SDK server).

Input

Description

dateTime

Defines the relevant time as of which the signature validity is determined. Example value: 2018-11-09T07:35:00+02:00 (including time zone).

For correct evaluation, the parameter IgnoreNoPoe must be set to true.

If ValidationTime is not set or the parameter IgnoreNoPoe is not set to true, the relevant time is set to date and time of attaching the time stamp or, if the time stamp is missing, to current date and time.

If ValidationTime is set, this fact is highlighted in red in the output PDF report.

Default value: Now (current time taken from SecuSign SDK server).

<IgnoreNoPOE>

[optional element]

Input	Description
Boolean	Enables signature validation without proven time of existence (time stamp) either as of the current time or, if ValidationTime is set, as of the selected relevant time. Values: false, true. If IgnoreNoPoe is set to true, this fact is highlighted in red in the output PDF report. Default value: false.

Input

Description

Boolean

Enables signature validation without proven time of existence (time stamp) either as of the current time or, if ValidationTime is set, as of the selected relevant time. Values: false, true.

If IgnoreNoPoe is set to true, this fact is highlighted in red in the output PDF report.

Default value: false.

<UseClaimedTimeIfNoTs>

[optional element]

Input	Description
Boolean	Allows signature validation as of the declared time, if a time stamp is missing on the signature. The declared time is taken from the signingTime signature attribute. Values: false, true For correct evaluation, the parameter IgnoreNoPoe must be set to true. If the parameter UseClaimedTimeIfNoTs is not set and the signature does not contain a time stamp, current time is used for signature validation. If UseClaimedTimeIfNoTs is set to true, this fact is highlighted in red in the output PDF report. Default value: false.

Input

Description

Boolean

Allows signature validation as of the declared time, if a time stamp is missing on the signature. The declared time is taken from the signingTime signature attribute. Values: false, true

For correct evaluation, the parameter IgnoreNoPoe must be set to true.

If the parameter UseClaimedTimeIfNoTs is not set and the signature does not contain a time stamp, current time is used for signature validation.

If UseClaimedTimeIfNoTs is set to true, this fact is highlighted in red in the output PDF report.

Default value: false.

<DontUseGracePeriodForQCerts>

[optional element]

Input	Description
Boolean	Enables signature validation without having to wait 24 hours (grace period) before validation. Revocation will be checked using information from OCSP or, if OCSP is unavailable, from the first available CRL issued after the relevant time. Default value: true.

Input

Description

Boolean

Enables signature validation without having to wait 24 hours (grace period) before validation. Revocation will be checked using information from OCSP or, if OCSP is unavailable, from the first available CRL issued after the relevant time. Default value: true.

</Properties>

<Params>

[optional element]

Input	Description
String	Optional, contains other parameters. Not in use yet.

Input

Description

String

Optional, contains other parameters. Not in use yet.

Response structure

HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: length

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <ValidateResponse xmlns="http://software602.com/secusign/">
      <ValidateResult>int</ValidateResult>
      <Report>
        <CreationDateTime>dateTime</CreationDateTime>
        <FileName>string</FileName>
        <FileSize>long</FileSize>
        <ExtSigFileName>string</ExtSigFileName>
        <ExtSigFileSize>long</ExtSigFileSize>
        <PDFVersion>string</PDFVersion>
        <PDFNumOfPages>int</PDFNumOfPages>
        <docType>string</docType>
        <expiration>dateTime</expiration>
        <docDataHash>base64Binary</docDataHash>
        <docDataHashAlg>string</docDataHashAlg>
        <currSignHashAlg>string</currSignHashAlg>
        <globalStatus>string</globalStatus>
        <validationProperties>
          <ValidationTime>dateTime</ValidationTime>
          <CustomValidationTime>boolean</CustomValidationTime>
          <IgnoreNoPOE>boolean</IgnoreNoPOE>
          <UseClaimedTimeIfNoTS>boolean</UseClaimedTimeIfNoTS>
          <DontUseGracePeriodForQCerts>boolean</DontUseGracePeriodForQCerts>
        </validationProperties>
        <sigInfos>
          <SigInfo>
            <id>unsignedInt</id>
            <sid>string</sid>
            <sigTimestamps xsi:nil="true" />
            <sigType>string</sigType>
            <xmlSignedReferences xsi:nil="true" />
            <pdfByteRange xsi:nil="true" />
            <hasFurtherChanges>boolean</hasFurtherChanges>
            <Reason>string</Reason>
            <Location>string</Location>
            <Contact>string</Contact>
          </SigInfo>
          <SigInfo>
            <id>unsignedInt</id>
            <sid>string</sid>
            <sigTimestamps xsi:nil="true" />
            <sigType>string</sigType>
            <xmlSignedReferences xsi:nil="true" />
            <pdfByteRange xsi:nil="true" />
            <hasFurtherChanges>boolean</hasFurtherChanges>
            <Reason>string</Reason>
            <Location>string</Location>
            <Contact>string</Contact>
          </SigInfo>
        </sigInfos>
      </Report>
      <XMLReport>base64Binary</XMLReport>
      <HTMLReport>base64Binary</HTMLReport>
      <PDFReport>base64Binary</PDFReport>
      <StatusMessage>string</StatusMessage>
    </ValidateResponse>
  </soap:Body>
</soap:Envelope>

Output parameters of the method

<ValidateResult>

Return value	Description
Int	Result of the Validate method (signature validation). 0 = OK, otherwise see Return codes of all methods and the error described in StatusMessage.

<Report>

<CreationDateTime>

Return value	Description
dateTime	Date and time of creating the validation report.

Return value

Description

dateTime

Date and time of creating the validation report.

<FileName>

Return value	Description
string	Name of input file (including extension) whose signatures were validated or to which the external signature is attached. Max. 260 characters.

Return value

Description

string

Name of input file (including extension) whose signatures were validated or to which the external signature is attached. Max. 260 characters.

<FileSize>

Return value	Description
long	Input file size (in bytes).

<ExtSigFileName>

Return value	Description
string	External signature file name (including extension) whose signature was validated.

Return value

Description

string

External signature file name (including extension) whose signature was validated.

<ExtSigFileSize>

Return value	Description
long	Size of input external signature file (in bytes).

<PDFVersion>

Return value	Description
String	PDF document version. E.g., 1.4, 1.5, 1.7

Return value

Description

String

PDF document version. E.g., 1.4, 1.5, 1.7

<PDFNumOfPages>

Return value	Description
Int	Number of pages in PDF document.

<docType>

Return value	Description
UNKNOWN	Unknown document type.
CMSPKCS7	Document signed with an internal CMS/PKCS7 signature, e.g., Data messages from the Data Mailbox Information System.
CMSPKCS7Ext	Document signed with an external CMS/PKCS7 signature, e.g., Data messages from the Data Mailbox Information System.
PDF	Signed PDF document.
XML	Signed XML data.
XML602FORM	FO/ZFO forms for Software602 Form Filler.
XMLISDOC	Signed XML ISDOC data.
ASiC_S_CAdES	ASiC-Simple with CAdES signature.
ASiC_S_XAdES	ASiC-Simple with XAdES signature.
ASiC_S_Tst	ASiC-Simple with Timestamp.
ASiC_E_CAdES_Tst	ASiC-Extended with CAdES signature or Timestamp.
ASiC_E_XAdES	ASiC-Extended with XAdES signature.
MS_WORD	Signed MS Word document.
MS_EXCEL	Signed MS Excel document.
MS_PWR_PNT	Signed MS PowerPoint document.
ODF	Signed OpenDocumentFormat (OpenOffice).

Return value

Description

UNKNOWN

Unknown document type.

CMSPKCS7

Document signed with an internal CMS/PKCS7 signature, e.g., Data messages from the Data Mailbox Information System.

CMSPKCS7Ext

Document signed with an external CMS/PKCS7 signature, e.g., Data messages from the Data Mailbox Information System.

PDF

Signed PDF document.

XML

Signed XML data.

XML602FORM

FO/ZFO forms for Software602 Form Filler.

XMLISDOC

Signed XML ISDOC data.

ASiC_S_CAdES

ASiC-Simple with CAdES signature.

ASiC_S_XAdES

ASiC-Simple with XAdES signature.

ASiC_S_Tst

ASiC-Simple with Timestamp.

ASiC_E_CAdES_Tst

ASiC-Extended with CAdES signature or Timestamp.

ASiC_E_XAdES

ASiC-Extended with XAdES signature.

MS_WORD

Signed MS Word document.

MS_EXCEL

Signed MS Excel document.

MS_PWR_PNT

Signed MS PowerPoint document.

ODF

Signed OpenDocumentFormat (OpenOffice).

<expiration>

Return value	Description
DateTime	Date and time when the whole document’s validability expire. After this date it will not be possible to validate the signature certificates and provide further validability, preservation and validity of the document.

Return value

Description

DateTime

Date and time when the whole document’s validability expire. After this date it will not be possible to validate the signature certificates and provide further validability, preservation and validity of the document.

<docDataHash>

Return value	Description
Base64Binary	Hash of the analyzed document encoded in Base64. The hash calculation algorithm is in the following docDataHashAlg element.

Return value

Description

Base64Binary

Hash of the analyzed document encoded in Base64. The hash calculation algorithm is in the following docDataHashAlg element.

<docDataHashAlg>

Return value	Description
String	The hash calculation algorithm for the analyzed document. The format is e.g.: 2.16.840.1.101.3.4.2.1.

Return value

Description

String

The hash calculation algorithm for the analyzed document.

The format is e.g.: 2.16.840.1.101.3.4.2.1.

<currSignHashAlg>

Return value	Description
String	The hash calculation algorithm of the last signature. Example: 2.16.840.1.101.3.4.2.1.

Return value

Description

String

The hash calculation algorithm of the last signature. Example: 2.16.840.1.101.3.4.2.1.

<globalStatus>

Return value	Description
String	Sums up the document status based on all its signatures and time stamps. It may be one of the following values: OK = 0 (All signatures and document time stamps are valid; TOTAL_PASSED according to the ETSI^[2]). WARNING = 1 (The validity of some signature certificates or document time stamps cannot be determined; INDETERMINATE according to the ETSI^[2]). ERROR = 2 (Some signatures or document time stamps are invalid, e.g. revoked certificate, violated document hash, changes after signing, etc.; (TOTAL_FAILED according to the ETSI^[2]). NO_SIGNATURES = 3 (The document does not contain any signatures or document time stamps).

Return value

Description

String

Sums up the document status based on all its signatures and time stamps. It may be one of the following values:

OK = 0 (All signatures and document time stamps are valid; TOTAL_PASSED according to the ETSI^[2]).
WARNING = 1 (The validity of some signature certificates or document time stamps cannot be determined; INDETERMINATE according to the ETSI^[2]).
ERROR = 2 (Some signatures or document time stamps are invalid, e.g. revoked certificate, violated document hash, changes after signing, etc.; (TOTAL_FAILED according to the ETSI^[2]).
NO_SIGNATURES = 3 (The document does not contain any signatures or document time stamps).

<validationProperties>

<ValidationTime>

Return value	Description
dateTime	Relevant time – time as of which the signature validity was determined. Example value: 2018-11-09T07:35:00.085+01:00 (including time zone). Default value Now (current time taken from SecuSign SDK server).

Return value

Description

dateTime

Relevant time – time as of which the signature validity was determined. Example value: 2018-11-09T07:35:00.085+01:00 (including time zone).

Default value Now (current time taken from SecuSign SDK server).

<CustomValidationTime>

Return value	Description
Boolean	Specifies whether a user-defined relevant time was set for signature validation – ValidationTime. Default value false.

Return value

Description

Boolean

Specifies whether a user-defined relevant time was set for signature validation – ValidationTime.

Default value false.

<IgnoreNoPOE>

Return value	Description
Boolean	Specifies whether the signature was validated without a proven time of existence (time stamp). Default value false.

Return value

Description

Boolean

Specifies whether the signature was validated without a proven time of existence (time stamp).

Default value false.

<UseClaimedTimeIfNoTs>

Return value	Description
Boolean	Specifies whether the signature was validated as of the declared time. The declared time, if needed, is taken from the signature’s signingTime attribute. Default value false

Return value

Description

Boolean

Specifies whether the signature was validated as of the declared time. The declared time, if needed, is taken from the signature’s signingTime attribute.

Default value false

<DontUseGracePeriodForQCerts>

Return value	Description
Boolean	Specifies whether the signature was validated without having to wait 24 hours (grace period) before validation. Revocation was checked using information from OCSP or, if OCSP was unavailable, from the first available CRL issued after the relevant time. Default value true.

Return value

Description

Boolean

Specifies whether the signature was validated without having to wait 24 hours (grace period) before validation. Revocation was checked using information from OCSP or, if OCSP was unavailable, from the first available CRL issued after the relevant time.

Default value true.

</validationProperties>

<sigInfos>

<SigInfo>

Signature details (repeated element if there is more than one signature).

<status>

Return value	Description
String	Resulting signature validation status according to the first version of the ETSI standard^[1] concerning validation of PAdES, CAdES, XAdES and ASiC.

Return value

Description

String

Resulting signature validation status according to the first version of the ETSI standard^[1] concerning validation of PAdES, CAdES, XAdES and ASiC.

<statusEN>

Return value	Description
String	Resulting signature validation status according to the current version of the ETSI standard^[2] concerning validation of PAdES, CAdES, XAdES and ASiC, see the Indication and subIndication values in Preserve_register/update/getInfo.

Return value

Description

String

Resulting signature validation status according to the current version of the ETSI standard^[2] concerning validation of PAdES, CAdES, XAdES and ASiC, see the Indication and subIndication values in Preserve_register/update/getInfo.

<message>

Return value	Description
String	Details of signature/seal/timestamp status validation, if available for the status.

Return value

Description

String

Details of signature/seal/timestamp status validation, if available for the status.

<certType>

Return value	Description
String	Type of signature/seal/timestamp certificate. It may be one of the following values: COMMERCIAL = Commercial authentication certificate. QUALIFIED = Qualified signature for electronic signatures/seals. TRUSTED = Certificate for electronic signatures issued by a qualified .certificate issue service provider. INTERNAL = Private certificate. UNKNOWN = Unknown. OST = Operating system’s trusted certificate.

Return value

Description

String

Type of signature/seal/timestamp certificate. It may be one of the following values:

COMMERCIAL = Commercial authentication certificate.
QUALIFIED = Qualified signature for electronic signatures/seals.
TRUSTED = Certificate for electronic signatures issued by a qualified .certificate issue service provider.
INTERNAL = Private certificate.
UNKNOWN = Unknown.
OST = Operating system’s trusted certificate.

<adesType>

Return value	Description
String	Signature certificate type according to the AdES (Advanced Electronic Signature) standard.

Return value

Description

String

Signature certificate type according to the AdES (Advanced Electronic Signature) standard.

<eidasType>

Return value	Description
String	Signature certificate type according to the eIDAS regulation. It may be one of the following values: ADVANCED_SIGNATURE = Advanced electronic signature. ACREDITED_SIGNATURE = Recognized electronic signature (Advanced electronic signature based on a qualified certificate). QUALIFIED_SIGNATURE = Recognized electronic signature (Qualified electronic signature based on a qualified certificate and created on a qualified device). ADVANCED_SEAL = Advanced electronic seal. TRUSTED_SEAL = Advanced electronic seal based on a certificate for electronic seals from a qualified trust service provider. ACREDITED_SEAL = Recognized electronic seal (Advanced electronic seal based on a qualified certificate for electronic seals). QUALIFIED_SEAL = Qualified electronic seal based on a qualified certificate from a qualified trust service provider. TIMESTAMP = Electronic time stamp. QUALIFIED_TIMESTAMP = Qualified electronic time stamp. SYSTEM_SIGNATURE = Electronic mark based on a system certificate.

Return value

Description

String

Signature certificate type according to the eIDAS regulation. It may be one of the following values:

ADVANCED_SIGNATURE = Advanced electronic signature.
ACREDITED_SIGNATURE = Recognized electronic signature (Advanced electronic signature based on a qualified certificate).
QUALIFIED_SIGNATURE = Recognized electronic signature (Qualified electronic signature based on a qualified certificate and created on a qualified device).
ADVANCED_SEAL = Advanced electronic seal.
TRUSTED_SEAL = Advanced electronic seal based on a certificate for electronic seals from a qualified trust service provider.
ACREDITED_SEAL = Recognized electronic seal (Advanced electronic seal based on a qualified certificate for electronic seals).
QUALIFIED_SEAL = Qualified electronic seal based on a qualified certificate from a qualified trust service provider.
TIMESTAMP = Electronic time stamp.
QUALIFIED_TIMESTAMP = Qualified electronic time stamp.
SYSTEM_SIGNATURE = Electronic mark based on a system certificate.

<baselineType>

Return value	Description
String	Signature certificate type according to the Baseline profile. It may be one of the following values: BaselineType_LEGACY=Does not match any Baseline profile. CADES_B = CAdES B-B (Baseline B). CADES_T = CAdES B-T (Baseline T). CADES_LT = CAdES B-LT (Baseline LT). CADES_LTA = CAdES B-LTA (Baseline LTA). PADES_B = PAdES B-B (Baseline B). PADES_T = PAdES B-T (Baseline T). PADES_LT = PAdES B-LT (Baseline LT). PADES_LTA = PAdES B-LTA (Baseline LTA). XADES_B = XAdES B-B (Baseline B). XADES_T = XAdES B-T (Baseline T). XADES_LT = XAdES B-LT (Baseline LT). XADES_LTA = XAdES B-LTA (Baseline LTA). ASIC_B = ASiC B-B (Baseline B). ASIC_T = ASiC B-T (Baseline T). ASIC_LT = ASiC B-LT (Baseline LT). ASIC_LTA = ASiC B-LTA (Baseline LTA).

Return value

Description

String

Signature certificate type according to the Baseline profile. It may be one of the following values:

BaselineType_LEGACY=Does not match any Baseline profile.
CADES_B = CAdES B-B (Baseline B).
CADES_T = CAdES B-T (Baseline T).
CADES_LT = CAdES B-LT (Baseline LT).
CADES_LTA = CAdES B-LTA (Baseline LTA).
PADES_B = PAdES B-B (Baseline B).
PADES_T = PAdES B-T (Baseline T).
PADES_LT = PAdES B-LT (Baseline LT).
PADES_LTA = PAdES B-LTA (Baseline LTA).
XADES_B = XAdES B-B (Baseline B).
XADES_T = XAdES B-T (Baseline T).
XADES_LT = XAdES B-LT (Baseline LT).
XADES_LTA = XAdES B-LTA (Baseline LTA).
ASIC_B = ASiC B-B (Baseline B).
ASIC_T = ASiC B-T (Baseline T).
ASIC_LT = ASiC B-LT (Baseline LT).
ASIC_LTA = ASiC B-LTA (Baseline LTA).

<signCert>

<Name>

Return value	Description
String	Name of the signing person as listed in the certificate.

Return value

Description

String

Name of the signing person as listed in the certificate.

<Subject>

Return value	Description
String	Details from the certificate attribute Subject, e.g.: CN = Common name. GN = Given name. SN = Surname. SERIALNUMBER = Serial number. C = Country. L = Locality. E = E-mail. O = Organization. OU = Organizational unit. Pseudonyme = pseudonym.

Return value

Description

String

Details from the certificate attribute Subject, e.g.:

CN = Common name.
GN = Given name.
SN = Surname.
SERIALNUMBER = Serial number.
C = Country.
L = Locality.
E = E-mail.
O = Organization.
OU = Organizational unit.
Pseudonyme = pseudonym.

<IssuerName>

Return value	Description
String	Name of certificate issuer from CN in the Issuer attribute.

Return value

Description

String

Name of certificate issuer from CN in the Issuer attribute.

<Issuer>

Return value	Description
String	Complete details of certificate issuer from the Issuer attribute.

Return value

Description

String

Complete details of certificate issuer from the Issuer attribute.

<Serial>

Return value	Description
String	Certificate serial number.

Return value

Description

String

Certificate serial number.

<NotBefore>

Return value	Description
String	Certificate validity starting from.

Return value

Description

String

Certificate validity starting from.

<NotAfter>

Return value	Description
String	Certificate validity until.

Return value

Description

String

Certificate validity until.

<Hash>

Return value	Description
String	Hash of the certificate’s public key using the SHA256 algorithm.

Return value

Description

String

Hash of the certificate’s public key using the SHA256 algorithm.

<ServiceStatusUri>

Return value

Description

String

Contains the whole Uri specifying the authority’s service status on TSL, e.g., http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted.

<ServiceTypeUri>

Return value

Description

String

Contains the whole Uri specifying the authority’s service type on TSL, e.g., http://uri.etsi.org/TrstSvc/Svctype/CA/QC.

Return value

Description

dateTime

Trusted time of signature/seal/timestamp.

<timeFromComputerClock>

Return value

Description

dateTime

Time of signature/seal/timestamp from the author’s computer clock.

<validTo>

Return value

Return value

Description

String

Details from the certificate attribute Subject, e.g.:

CN=Common name.
GN=Given Name.
SN=Surname.
SERIALNUMBER=serial number of the certificate.
C=Country.
L=Locality.
E=E-mail.
O= Organization.
OU=Organizational unit.
Pseudonym=pseudonym.

</certPath>

<crlPath>

Revocation data source, may be one of the following values:

SECUSIGN - revocation data downloaded from the SecuSign server
ONLINE - revocation data downloaded from its online source
CUSTOM - revocation data provided by the user
PADES_DSS_VRI - revocation data stored in a PDF document
XADES_UNSIGNED_SIGNATURE_PROPERTIES - revocation data stored in the unsigned part of XAdES signature
CADES_SIGNED_DATA - revocation data stored in the signed part of CAdES signature
CADES_UNSIGNED_ATTRIBUTES - revocation data stored in the unsigned part of CAdES signature
UNKNOWN - unknown source of revocation data or not specified
CERTIFICATE_FROM_SIGNATURE - certificate originating from a document/signature
TS_CERTIFICATE_FROM_SIGNATURE - TS certificate originating from a document/signature
DOC_INFO - certificates originating from DocInfo → DocInfoTslProvider.

<DistributionPointChecked>

Return value

Description

Boolean

Specifies whether the CRL/OCSP distribution point was checked. Not always needed.

<DistributionPoint>

Return value

Description

String

Distribution point URL.

<DistributionPointCheckDate>

Return value

Description

dateTime

Date and time when the distribution point was checked.

<DistributionPointThisUpdate>

Return value

Description

dateTime

Details from the CRL/OCSP distribution point on the date and time this update was issued. If the CRL/OCSP for a time stamp was issued before the relevant time, the system checks the DistributionPoint for a newer one and if a newer one is not available, the certificate was not revoked as of the given DistributionCheckDate.

<DistributionPointHash>

Return value

Description

String

CRL/OCSP distribution point hash.

</RevocationData>

</crlPath>

<lastHashAlgOid>

Return value

Description

dateTime

The last used OID digest algorithm in SignerInfo (CMS, PDF). Example for SHA256 algorithm: 2.16.840.1.101.3.4.2.1.

<id>

Return value

Description

unsignedInt

Order number of the signature as it was added to the document.

Counting from zero.

<sid>

Return value

Description

String

Unique identifier of the signature.

<counterSignsSignatureSid>

Return value

Description

String

Unique identifier of the signature that signs this.

<DecisiveMoment>

Return value

Description

dateTime

Relevant time is the time as of which we evaluate the given entity (signature/time stamp). It is a Proof of Existence, as of which we validate the entity. If a date and time from a time stamp is not available, ValidationTime (or the current date) will be used.

<DecisiveMomentSource>

Return value

Description

string

Information on the origin of the relevant time at which the signature was evaluated. Values:

VALIDATION_DATE - verified on the validation date, CUSTOM_VALIDATION_DATE - verified on the user validation date,
TIMESTAMP - verified on the time stamp date,
CLAIMED_TIME - validated on the date from so-called claimedTime, which is value from the signature author’s computer clock.

<sigTimestamps>

optional element, depends on the existence of a time stamp on the signature

Return value

Description

XML structure

Details of a time stamp attached as an attribute to a digital signature. The XML data structure as for the parent signature. Which means it contains the SigInfo element, see above, including all its children. Details in the children relate to the time stamp certificate.

<sigType>

Return value	Description
Enum	Signature type. It may be one of the following values: UNKNOWN – unknown. STANDARD – standard. XML602FORM_TECHNICAL – for Software602 forms.

<xmlSignedReferences>

Optional element, depends on the input file format (only for XML/ZFO).

Return value

Description

XML structure

Signature data. May contain id, uri, digAlg and digest.

<pdfByteRange>

Optional element, depends on the input file format (only for PDF).

Return value

Description

XML structure

Byte range of PDF signatures

<hasFurtherChanges>

Return value

Description

Boolean

Specifies whether any changes were made to the document after it was signed.

Values: false, true.

<Reason>

Return value

Description

String

Reason for signing the document.

<Location>

Return value

Description

String

Location where the document was signed.

<Contact>

Return value

Description

String

Contact details related to the document signature.

</SigInfo>

</sigInfos>

</Report>

<XMLReport>

Return value

Description

Base64Binary

XML data of output report encoded in Base64.

<HTMLReport>

Return value

Description

Base64Binary

HTML data of output report encoded in Base64.

<PDFReport>

Return value

Description

Base64Binary

PDF data of output report encoded in Base64.

<StatusMessage>

Return value

Description

String

Text statement corresponding to the overall validation result for all signatures. The value is only filled if the result is complicated.