Unknown Protocol - ldap

gistfile1.txt

17:11:47.442 [main] DEBUG org.digidoc4j.Configuration - Parameter: DIGIDOC_DF_CACHE_DIR
17:11:47.442 [main] DEBUG org.digidoc4j.Configuration - Requested parameter <SignOcspRequests> not found
17:11:47.443 [main] DEBUG org.digidoc4j.Configuration - Parameter: SIGN_OCSP_REQUESTS
17:11:47.443 [main] DEBUG org.digidoc4j.Configuration - Requested parameter <OcspAccessCertificateFile> not found
17:11:47.443 [main] DEBUG org.digidoc4j.Configuration - Parameter: DIGIDOC_PKCS12_CONTAINER
17:11:47.443 [main] DEBUG org.digidoc4j.Configuration - Requested parameter <OcspAccessCertificatePassword> not found
17:11:47.454 [main] DEBUG org.digidoc4j.Configuration - Parameter <HttpProxyHost> has blank value, hence will not be registered
17:11:47.454 [main] DEBUG org.digidoc4j.Configuration - Parameter <HttpProxyPort> has blank value, hence will not be registered
17:11:47.454 [main] DEBUG org.digidoc4j.Configuration - Parameter <HttpsProxyHost> has blank value, hence will not be registered
17:11:47.454 [main] DEBUG org.digidoc4j.Configuration - Parameter <HttpsProxyPort> has blank value, hence will not be registered
17:11:47.454 [main] DEBUG org.digidoc4j.Configuration - Parameter <HttpProxyUser> has blank value, hence will not be registered
17:11:47.455 [main] DEBUG org.digidoc4j.Configuration - Parameter <HttpProxyPassword> has blank value, hence will not be registered
17:11:47.455 [main] DEBUG org.digidoc4j.Configuration - Parameter <SslKeystoreType> has blank value, hence will not be registered
17:11:47.455 [main] DEBUG org.digidoc4j.Configuration - Parameter <SslTruststoreType> has blank value, hence will not be registered
17:11:47.455 [main] DEBUG org.digidoc4j.Configuration - Parameter <SslKeystorePath> has blank value, hence will not be registered
17:11:47.455 [main] DEBUG org.digidoc4j.Configuration - Parameter <SslKeystorePassword> has blank value, hence will not be registered
17:11:47.456 [main] DEBUG org.digidoc4j.Configuration - Parameter <SslTruststorePath> has blank value, hence will not be registered
17:11:47.456 [main] DEBUG org.digidoc4j.Configuration - Parameter <SslTruststorePassword> has blank value, hence will not be registered
17:11:47.459 [main] DEBUG org.digidoc4j.Configuration - YAML file parameter <ALLOW_UNSAFE_INTEGER> detected and applied with value <true>
17:11:47.459 [main] DEBUG org.digidoc4j.Configuration - Setting parameter <AllowASN1UnsafeInteger> to <[true]>
17:11:47.459 [main] DEBUG org.digidoc4j.Configuration - Setting parameter <TspsCount> to <[0]>
17:11:47.460 [main] DEBUG org.digidoc4j.Configuration - Requesting parameter <AllowASN1UnsafeInteger>. Returned value is <true>
17:11:47.460 [main] DEBUG org.digidoc4j.Configuration - ------------------------ DEFAULTS ------------------------
17:11:47.462 [main] DEBUG org.digidoc4j.Configuration - Setting parameter <ConnectionTimeoutInMillis> to <[1000]>
17:11:47.462 [main] DEBUG org.digidoc4j.Configuration - Setting parameter <SocketTimeoutInMillis> to <[1000]>
17:11:47.462 [main] DEBUG org.digidoc4j.Configuration - Setting parameter <TslKeyStorePassword> to <[digidoc4j-password]>
17:11:47.462 [main] DEBUG org.digidoc4j.Configuration - Setting parameter <RevocationAndTimestampDeltaInMinutes> to <[1440]>
17:11:47.462 [main] DEBUG org.digidoc4j.Configuration - Setting parameter <TslCacheExpirationTimeInMillis> to <[86400000]>
17:11:47.462 [main] DEBUG org.digidoc4j.Configuration - Setting parameter <AllowedTimestampAndOCSPResponseDeltaInMinutes> to <[15]>
17:11:47.462 [main] DEBUG org.digidoc4j.Configuration - Setting parameter <SignatureProfile> to <[LT]>
17:11:47.468 [main] DEBUG org.digidoc4j.Configuration - Setting parameter <SignatureDigestAlgorithm> to <[SHA256]>
17:11:47.468 [main] DEBUG org.digidoc4j.Configuration - Setting parameter <IsFullSimpleReportNeeded> to <[false]>
17:11:47.468 [main] DEBUG org.digidoc4j.Configuration - Setting parameter <TspSource> to <[http://demo.sk.ee/tsa]>
17:11:47.468 [main] DEBUG org.digidoc4j.Configuration - Setting parameter <TslLocation> to <[https://open-eid.github.io/test-TL/tl-mp-test-EE.xml]>
17:11:47.468 [main] DEBUG org.digidoc4j.Configuration - Setting parameter <TslKeyStoreLocation> to <[keystore/test-keystore.jks]>
17:11:47.468 [main] DEBUG org.digidoc4j.Configuration - Setting parameter <ValidationPolicy> to <[conf/test_constraint.xml]>
17:11:47.468 [main] DEBUG org.digidoc4j.Configuration - Setting parameter <OcspSource> to <[http://demo.sk.ee/ocsp]>
17:11:47.468 [main] DEBUG org.digidoc4j.Configuration - Setting parameter <SignOcspRequests> to <[false]>
17:11:47.468 [main] DEBUG org.digidoc4j.Configuration - Setting parameter <PrintValidationReport> to <[true]>
17:11:47.469 [main] DEBUG org.digidoc4j.Configuration - Setting DDoc4J parameter <SIGN_OCSP_REQUESTS> to <false>
17:11:47.469 [main] DEBUG org.digidoc4j.Configuration - Setting DDoc4J parameter <ALLOWED_OCSP_RESPONDERS_FOR_TM> to <TEST of EID-SK 2016 OCSP RESPONDER 2018,TEST of SK OCSP RESPONDER 2011,TEST-SK OCSP RESPONDER 2005,TEST-SK OCSP RESPONDER,SK OCSP RESPONDER 2011,ESTEID-SK 2007 OCSP RESPONDER 2010,ESTEID-SK 2007 OCSP RESPONDER,ESTEID-SK OCSP RESPONDER 2005,ESTEID-SK OCSP RESPONDER,EID-SK 2007 OCSP RESPONDER 2010,EID-SK 2007 OCSP RESPONDER,EID-SK OCSP RESPONDER,KLASS3-SK 2010 OCSP RESPONDER,KLASS3-SK OCSP RESPONDER 2009,KLASS3-SK OCSP RESPONDER>
17:11:47.469 [main] DEBUG org.digidoc4j.Configuration - Setting parameter <AllowedOcspRespondersForTM> to <[TEST of EID-SK 2016 OCSP RESPONDER 2018, TEST of SK OCSP RESPONDER 2011, TEST-SK OCSP RESPONDER 2005, TEST-SK OCSP RESPONDER, SK OCSP RESPONDER 2011, ESTEID-SK 2007 OCSP RESPONDER 2010, ESTEID-SK 2007 OCSP RESPONDER, ESTEID-SK OCSP RESPONDER 2005, ESTEID-SK OCSP RESPONDER, EID-SK 2007 OCSP RESPONDER 2010, EID-SK 2007 OCSP RESPONDER, EID-SK OCSP RESPONDER, KLASS3-SK 2010 OCSP RESPONDER, KLASS3-SK OCSP RESPONDER 2009, KLASS3-SK OCSP RESPONDER]>
17:11:47.470 [main] DEBUG org.digidoc4j.Configuration - TEST configuration: {ConnectionTimeoutInMillis=[1000], IsFullSimpleReportNeeded=[false], PrintValidationReport=[true], TslKeyStorePassword=[digidoc4j-password], SocketTimeoutInMillis=[1000], SignatureProfile=[LT], OcspSource=[http://demo.sk.ee/ocsp], AllowedOcspRespondersForTM=[TEST of EID-SK 2016 OCSP RESPONDER 2018, TEST of SK OCSP RESPONDER 2011, TEST-SK OCSP RESPONDER 2005, TEST-SK OCSP RESPONDER, SK OCSP RESPONDER 2011, ESTEID-SK 2007 OCSP RESPONDER 2010, ESTEID-SK 2007 OCSP RESPONDER, ESTEID-SK OCSP RESPONDER 2005, ESTEID-SK OCSP RESPONDER, EID-SK 2007 OCSP RESPONDER 2010, EID-SK 2007 OCSP RESPONDER, EID-SK OCSP RESPONDER, KLASS3-SK 2010 OCSP RESPONDER, KLASS3-SK OCSP RESPONDER 2009, KLASS3-SK OCSP RESPONDER], SignatureDigestAlgorithm=[SHA256], SignOcspRequests=[false], AllowASN1UnsafeInteger=[true], TslCacheExpirationTimeInMillis=[86400000], RevocationAndTimestampDeltaInMinutes=[1440], TslKeyStoreLocation=[keystore/test-keystore.jks], TslLocation=[https://open-eid.github.io/test-TL/tl-mp-test-EE.xml], TspsCount=[0], TspSource=[http://demo.sk.ee/tsa], AllowedTimestampAndOCSPResponseDeltaInMinutes=[15], ValidationPolicy=[conf/test_constraint.xml]}
17:11:47.470 [main] DEBUG org.digidoc4j.Configuration - ------------------------ LOADING INITIAL CONFIGURATION ------------------------
17:11:47.470 [main] DEBUG org.digidoc4j.Configuration - Parameter: DIGIDOC_SECURITY_PROVIDER
17:11:47.470 [main] DEBUG org.digidoc4j.Configuration - Parameter: DIGIDOC_SECURITY_PROVIDER_NAME
17:11:47.470 [main] DEBUG org.digidoc4j.Configuration - Parameter: KEY_USAGE_CHECK
17:11:47.470 [main] DEBUG org.digidoc4j.Configuration - Parameter: DIGIDOC_OCSP_SIGN_CERT_SERIAL
17:11:47.470 [main] DEBUG org.digidoc4j.Configuration - Parameter: DATAFILE_HASHCODE_MODE
17:11:47.470 [main] DEBUG org.digidoc4j.Configuration - Parameter: CANONICALIZATION_FACTORY_IMPL
17:11:47.470 [main] DEBUG org.digidoc4j.Configuration - Parameter: DIGIDOC_MAX_DATAFILE_CACHED
17:11:47.470 [main] DEBUG org.digidoc4j.Configuration - Parameter: DIGIDOC_USE_LOCAL_TSL
17:11:47.470 [main] DEBUG org.digidoc4j.Configuration - Parameter: DIGIDOC_NOTARY_IMPL
17:11:47.470 [main] DEBUG org.digidoc4j.Configuration - Parameter: DIGIDOC_TSLFAC_IMPL
17:11:47.470 [main] DEBUG org.digidoc4j.Configuration - Requesting parameter <OcspSource>. Returned value is <http://demo.sk.ee/ocsp>
17:11:47.470 [main] DEBUG org.digidoc4j.Configuration - Parameter: DIGIDOC_OCSP_RESPONDER_URL
17:11:47.471 [main] DEBUG org.digidoc4j.Configuration - Parameter: DIGIDOC_FACTORY_IMPL
17:11:47.471 [main] DEBUG org.digidoc4j.Configuration - Parameter: DIGIDOC_DF_CACHE_DIR
17:11:47.471 [main] DEBUG org.digidoc4j.Configuration - Requesting parameter <SignOcspRequests>. Returned value is <false>
17:11:47.471 [main] DEBUG org.digidoc4j.Configuration - Parameter: SIGN_OCSP_REQUESTS
17:11:47.471 [main] DEBUG org.digidoc4j.Configuration - Requested parameter <OcspAccessCertificateFile> not found
17:11:47.471 [main] DEBUG org.digidoc4j.Configuration - Parameter: DIGIDOC_PKCS12_CONTAINER
17:11:47.471 [main] DEBUG org.digidoc4j.Configuration - Requested parameter <OcspAccessCertificatePassword> not found
17:11:47.471 [main] DEBUG org.digidoc4j.Configuration - Parameter <HttpProxyHost> has blank value, hence will not be registered
17:11:47.471 [main] DEBUG org.digidoc4j.Configuration - Parameter <HttpProxyPort> has blank value, hence will not be registered
17:11:47.471 [main] DEBUG org.digidoc4j.Configuration - Parameter <HttpsProxyHost> has blank value, hence will not be registered
17:11:47.471 [main] DEBUG org.digidoc4j.Configuration - Parameter <HttpsProxyPort> has blank value, hence will not be registered
17:11:47.471 [main] DEBUG org.digidoc4j.Configuration - Parameter <HttpProxyUser> has blank value, hence will not be registered
17:11:47.471 [main] DEBUG org.digidoc4j.Configuration - Parameter <HttpProxyPassword> has blank value, hence will not be registered
17:11:47.471 [main] DEBUG org.digidoc4j.Configuration - Parameter <SslKeystoreType> has blank value, hence will not be registered
17:11:47.471 [main] DEBUG org.digidoc4j.Configuration - Parameter <SslTruststoreType> has blank value, hence will not be registered
17:11:47.471 [main] DEBUG org.digidoc4j.Configuration - Parameter <SslKeystorePath> has blank value, hence will not be registered
17:11:47.471 [main] DEBUG org.digidoc4j.Configuration - Parameter <SslKeystorePassword> has blank value, hence will not be registered
17:11:47.471 [main] DEBUG org.digidoc4j.Configuration - Parameter <SslTruststorePath> has blank value, hence will not be registered
17:11:47.472 [main] DEBUG org.digidoc4j.Configuration - Parameter <SslTruststorePassword> has blank value, hence will not be registered
17:11:47.482 [main] DEBUG org.digidoc4j.Configuration - JVM parameter <org.bouncycastle.asn1.allow_unsafe_integer> detected and applied with value <true>
17:11:47.482 [main] DEBUG org.digidoc4j.Configuration - Setting parameter <AllowASN1UnsafeInteger> to <[true]>
17:11:47.482 [main] DEBUG org.digidoc4j.Configuration - Setting parameter <TspsCount> to <[0]>
17:11:47.482 [main] DEBUG org.digidoc4j.Configuration - Requesting parameter <AllowASN1UnsafeInteger>. Returned value is <true>
17:11:47.482 [main] DEBUG org.digidoc4j.Configuration - ------------------------ </MODE: TEST> ------------------------
17:11:47.504 [main] DEBUG org.digidoc4j.DataFile - Path: john_mack/john_mack_details/contract.zip, mime type: text/zip
17:11:47.523 [main] DEBUG org.digidoc4j.DataFile - Mime type: 
17:11:47.524 [main] DEBUG org.digidoc4j.impl.asic.AsicContainer - Removing file from the container: META-INF/manifest.xml
17:11:47.528 [main] INFO org.digidoc4j.signers.PKCS12SignatureToken - Using PKCS#12 signature token from file: john_mack/john_mack_details/Mr_John__Mack-IAIK_Test_Intermediate_CA.p12
17:11:47.784 [main] DEBUG org.digidoc4j.signers.PKCS12SignatureToken - Searching key by usage: NON_REPUDIATION
17:11:47.858 [main] INFO org.digidoc4j.impl.asic.AsicSignatureBuilder - Signing asic container
17:11:47.858 [main] DEBUG org.digidoc4j.signers.PKCS12SignatureToken - Using key with alias: 
17:11:47.858 [main] INFO org.digidoc4j.impl.asic.AsicSignatureBuilder - Getting data to sign
17:11:47.885 [main] INFO eu.europa.esig.dss.validation.CommonCertificateVerifier - + New CommonCertificateVerifier created.
17:11:48.584 [main] DEBUG eu.europa.esig.dss.xades.SantuarioInitializer - Registering default algorithms
17:11:48.636 [main] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - Registered resolver: eu.europa.esig.dss.xades.EnforcedResolverFragment@64ec96c6
17:11:48.637 [main] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - Registered resolver: org.apache.xml.security.utils.resolver.implementations.ResolverXPointer@456d6c1e
17:11:48.655 [main] DEBUG eu.europa.esig.dss.xades.signature.XAdESService - + XAdESService created
17:11:48.658 [main] DEBUG org.digidoc4j.impl.asic.AsicSignatureBuilder - Using ECDSA encryption algorithm
17:11:48.659 [main] DEBUG org.digidoc4j.Configuration - Requesting parameter <SignatureProfile>. Returned value is <LT>
17:11:48.660 [main] DEBUG org.digidoc4j.impl.asic.AsicSignatureBuilder - Adding signer information
17:11:48.660 [main] DEBUG org.digidoc4j.impl.asic.AsicSignatureBuilder - Signing date is going to be Mon Jan 21 17:11:48 CET 2019
17:11:48.759 [main] DEBUG org.digidoc4j.X509Cert - 
17:11:48.760 [main] DEBUG org.digidoc4j.X509Cert - Part: C
17:11:48.760 [main] DEBUG org.digidoc4j.X509Cert - 
17:11:48.760 [main] DEBUG org.digidoc4j.X509Cert - 
17:11:48.760 [main] DEBUG org.digidoc4j.X509Cert - Subject name: CN="Mr John  Mack", T=Mr, GIVENNAME="John ", SURNAME=Mack, OU=Institute for Applied Information Processing and Communications, O=Graz University of Technology, L=Graz, C=AT
17:11:48.766 [main] DEBUG org.digidoc4j.X509Cert - Subject name part key: CN value: "Mr John  Mack"
17:11:48.766 [main] DEBUG org.digidoc4j.X509Cert - Subject name part key: T value: Mr
17:11:48.766 [main] DEBUG org.digidoc4j.X509Cert - Subject name part key: GIVENNAME value: "John "
17:11:48.767 [main] DEBUG org.digidoc4j.X509Cert - Subject name part key: SURNAME value: Mack
17:11:48.774 [main] DEBUG org.digidoc4j.X509Cert - Subject name part key: OU value: Institute for Applied Information Processing and Communications
17:11:48.774 [main] DEBUG org.digidoc4j.X509Cert - Subject name part key: O value: Graz University of Technology
17:11:48.776 [main] DEBUG org.digidoc4j.X509Cert - Subject name part key: L value: Graz
17:11:48.778 [main] DEBUG org.digidoc4j.X509Cert - Subject name part key: C value: AT
17:11:48.782 [main] DEBUG org.digidoc4j.X509Cert - Subject name: AT
17:11:48.782 [main] INFO org.digidoc4j.Configuration - Source by country <AT> not found, using default TSP source
17:11:48.782 [main] DEBUG org.digidoc4j.Configuration - Requesting parameter <TspSource>. Returned value is <http://demo.sk.ee/tsa>
17:11:48.792 [main] DEBUG org.digidoc4j.Configuration - Requested parameter <HttpProxyPort> not found
17:11:48.793 [main] DEBUG org.digidoc4j.Configuration - Requested parameter <HttpsProxyPort> not found
17:11:48.793 [main] DEBUG org.digidoc4j.Configuration - Requested parameter <SslKeystorePath> not found
17:11:48.798 [main] DEBUG org.digidoc4j.utils.Helper - User-Agent: LIB DigiDoc4j/DEV format: application/vnd.etsi.asic-e+zip signatureProfile: XAdES_BASELINE_LT Java: 11.0.2/Oracle Corporation OS: Linux/amd64/4.18.0-13-generic JVM: Java HotSpot(TM) 64-Bit Server VM/Oracle Corporation/11.0.2+7-LTS
17:11:48.799 [main] DEBUG org.digidoc4j.impl.asic.xades.XadesSigningDssFacade - Getting data to sign from DSS
17:11:48.799 [main] DEBUG org.digidoc4j.impl.asic.xades.XadesSigningDssFacade - Signature parameters: SignatureParameters{signWithExpiredCertificate=false, signatureLevel=XAdES-BASELINE-LT, signaturePackaging=DETACHED, signatureAlgorithm=ECDSA_SHA256, encryptionAlgorithm=ECDSA, digestAlgorithm=SHA256, bLevelParams=BLevelParameters [trustAnchorBPPolicy=true, signingDate=Mon Jan 21 17:11:48 CET 2019, claimedSignerRoles=null, certifiedSignerRoles=null, signaturePolicy=null, commitmentTypeIndication=null, signerLocation=null], signatureTimestampParameters=null, archiveTimestampParameters=null}
17:11:49.166 [main] WARN eu.europa.esig.dss.signature.BaselineBCertificateSelector - Issuer not found for certificate 348267518941F6DE0E30D87E6C68AB1D4390573AE40052E8B058432242FD0F6F
17:11:49.188 [main] DEBUG org.digidoc4j.impl.asic.xades.XadesSigningDssFacade - Got data to sign from DSS
17:11:49.188 [main] DEBUG org.digidoc4j.SignatureParameters - Set signature id to id-16895f3674564c2955ec1ee2b758d19e
17:11:49.188 [main] INFO org.digidoc4j.signers.PKCS12SignatureToken - Signing with PKCS#12 signature token, using digest algorithm: SHA256
17:11:49.188 [main] INFO eu.europa.esig.dss.token.AbstractSignatureTokenConnection - Signature algorithm : SHA256withECDSA
17:11:49.215 [main] DEBUG org.digidoc4j.impl.asic.AsicSignatureBuilder - Finalizing signature ASN1: 30450220018BF90957C5 [71]
17:11:49.215 [main] DEBUG org.digidoc4j.impl.asic.AsicSignatureBuilder - Finalizing signature XmlDSig: 018BF90957C5E0017B3C [64]
17:11:49.215 [main] DEBUG org.digidoc4j.impl.asic.tsl.TslManager - Loading TSL in a synchronized block
17:11:49.218 [main] DEBUG org.digidoc4j.impl.asic.tsl.LazyTslCertificateSource - Initializing lazy TSL certificate source
17:11:49.218 [main] DEBUG org.digidoc4j.Configuration - Requesting parameter <TslCacheExpirationTimeInMillis>. Returned value is <86400000>
17:11:49.218 [main] DEBUG org.digidoc4j.impl.asic.tsl.TslManager - Finished loading TSL in a synchronized block
17:11:49.219 [main] DEBUG org.digidoc4j.impl.asic.tsl.ClonedTslCertificateSource - Instantiating cloned tsl cert source
17:11:49.219 [main] DEBUG org.digidoc4j.impl.asic.SKCommonCertificateVerifier - get TrustedCertSource from LazyTslCertificateSource
17:11:49.220 [main] DEBUG org.digidoc4j.Configuration - Requested parameter <HttpProxyPort> not found
17:11:49.220 [main] DEBUG org.digidoc4j.Configuration - Requested parameter <HttpsProxyPort> not found
17:11:49.220 [main] DEBUG org.digidoc4j.Configuration - Requested parameter <SslKeystorePath> not found
17:11:49.221 [main] DEBUG org.digidoc4j.utils.Helper - User-Agent: LIB DigiDoc4j/DEV format: application/vnd.etsi.asic-e+zip signatureProfile: XAdES_BASELINE_LT Java: 11.0.2/Oracle Corporation OS: Linux/amd64/4.18.0-13-generic JVM: Java HotSpot(TM) 64-Bit Server VM/Oracle Corporation/11.0.2+7-LTS
17:11:49.221 [main] DEBUG org.digidoc4j.impl.asic.xades.XadesSigningDssFacade - Signing document with DSS
17:11:49.221 [main] DEBUG org.digidoc4j.impl.asic.xades.XadesSigningDssFacade - Signature parameters: SignatureParameters{signWithExpiredCertificate=false, signatureLevel=XAdES-BASELINE-LT, signaturePackaging=DETACHED, signatureAlgorithm=ECDSA_SHA256, encryptionAlgorithm=ECDSA, digestAlgorithm=SHA256, bLevelParams=BLevelParameters [trustAnchorBPPolicy=true, signingDate=Mon Jan 21 17:11:48 CET 2019, claimedSignerRoles=null, certifiedSignerRoles=null, signaturePolicy=null, commitmentTypeIndication=null, signerLocation=null], signatureTimestampParameters=null, archiveTimestampParameters=null}
17:11:49.376 [main] INFO eu.europa.esig.dss.xades.signature.XAdESLevelBaselineT - ====> Extending: IN MEMORY DOCUMENT
17:11:49.399 [main] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm - Try to register http://www.w3.org/2001/04/xmldsig-more/rsa-ripemd160 class eu.europa.esig.dss.xades.validation.SignatureRSARIPEMD160AT
17:11:49.426 [main] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:Signature", "")
17:11:49.429 [main] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:SignedInfo", "")
17:11:49.429 [main] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:SignatureMethod", "")
17:11:49.429 [main] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm - Create URI "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256" class "class org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA256"
17:11:49.430 [main] DEBUG org.apache.xml.security.algorithms.JCEMapper - Request for URI http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256
17:11:49.430 [main] DEBUG org.apache.xml.security.algorithms.implementations.SignatureECDSA - Created SignatureECDSA using SHA256withECDSA
17:11:49.467 [main] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:KeyInfo", "")
17:11:49.522 [main] INFO eu.europa.esig.dss.xades.validation.XAdESCertificateSource - +XAdESCertificateSource
17:11:49.522 [main] DEBUG eu.europa.esig.dss.xades.validation.XAdESSignature - Determining signing certificate from certificate candidates list
17:11:49.697 [main] DEBUG org.apache.xml.security.signature.XMLSignature - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256
17:11:49.697 [main] DEBUG org.apache.xml.security.signature.XMLSignature - jceSigAlgorithm    = SHA256withECDSA
17:11:49.697 [main] DEBUG org.apache.xml.security.signature.XMLSignature - jceSigProvider     = BC
17:11:49.700 [main] DEBUG org.apache.xml.security.signature.XMLSignature - PublicKey = EC Public Key [6f:71:44:9f:96:fa:e3:56:a7:04:ba:d2:1b:b5:57:fd:6b:4f:ab:c5]
            X: f8400397ee3a3448de22743f80539595a6ac99e0b2a579f3af3515485bd65b7b
            Y: 3a7cd614bf015d7d28c70ab6e94ee234977f23799c400a8b9f08136ba9bd3aa3

17:11:49.701 [main] DEBUG org.apache.xml.security.utils.SignerOutputStream - Canonicalized SignedInfo:
17:11:49.701 [main] DEBUG org.apache.xml.security.utils.SignerOutputStream - <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"></ds:SignatureMethod><ds:Reference Id="r-id-1" Type="" URI="contract.zip"><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod><ds:DigestValue>sp4VHn9Zph2jhgwVVkGI4UdV2yQ0jTSblgn31qQZgII=</ds:DigestValue></ds:Reference><ds:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#xades-id-16895f3674564c2955ec1ee2b758d19e"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod><ds:DigestValue>z20VQFGL+DMXWKpxhdTq6NOyiy5X7Asz81vQb7dlAmI=</ds:DigestValue></ds:Reference></ds:SignedInfo>
17:11:49.704 [main] DEBUG org.apache.xml.security.algorithms.implementations.SignatureECDSA - Called ECDSA.verify() on AYv5CVfF4AF7PEV21LOr55MlKdWjwvPGIyZygXpOejLNmqY86NOef3waTTZyGjlXuL4MW2wv2qai
4Aa6TrTR0w==
17:11:49.716 [main] DEBUG org.apache.xml.security.signature.Manifest - verify 2 References
17:11:49.716 [main] DEBUG org.apache.xml.security.signature.Manifest - I am not requested to follow nested Manifests
17:11:49.718 [main] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:Reference", "")
17:11:49.718 [main] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - I was asked to create a ResourceResolver and got 1
17:11:49.719 [main] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class eu.europa.esig.dss.xades.validation.DetachedSignatureResolver
17:11:49.721 [main] DEBUG org.apache.xml.security.algorithms.JCEMapper - Request for URI http://www.w3.org/2001/04/xmlenc#sha256
17:11:49.721 [main] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - I was asked to create a ResourceResolver and got 1
17:11:49.721 [main] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class eu.europa.esig.dss.xades.validation.DetachedSignatureResolver
17:11:49.721 [main] DEBUG org.apache.xml.security.utils.DigesterOutputStream - Pre-digested input:
17:11:49.722 [main] DEBUG org.apache.xml.security.utils.DigesterOutputStream - PK   B1Nﾸ￯￀K   Q     contract.txtUT	 ￋ+@\￨+@\ux 
        ￣
￉￈,V ﾢￄ<ﾅﾢﾔￔ"ﾅ4ﾅDﾅﾜￄﾂﾒﾅ￤￢ﾒￌﾼtcﾅￔￒﾢb=ﾮﾐﾌTﾨJﾠﾮￜￄﾔTﾅﾤJﾯﾌ<￟ￄ￤l. PK   ￮A1NMs￑ﾗ￵   
    johnTransactionFormat.xmlUT	 ﾏ+@\￨+@\ux 
        ﾥQ￁Nￃ0ﾽ￯+ﾪ}￀ￒvlﾀd2`ﾂﾌiﾜﾸYmﾴﾅ5I￥ﾴ￱￵ﾤ￫ￒRq$'﾿￧'?S%_ﾊﾼv￶fﾜMￒ￱Bﾎ￠ﾍ￐z,8ﾐrﾔ$ﾰ$ﾅ￬ﾨﾩﾛﾏﾚ<ﾯ￑(￤vDﾏﾣbﾅg￢iﾢﾃﾱ﾿tﾖﾃ￁ￚ￉,ﾟ^ￌ￦ﾗWￗ)ﾈﾞﾍﾺﾃﾺﾒ￁ￅﾄAﾷﾇ￣￷ﾤpDￋGￕ]Yﾒ￲>￢ﾳﾅ￦ﾣﾼGﾻￅￊﾑ
"￢?Ymﾐu￵ﾏﾰ
￧YNￓ44OeﾻZﾷﾈ￁﾿￾ PK
   B1Nﾸ￯￀K   Q         
   ﾤﾁ    contract.txtUT ￋ+@\ux 
        PK
   ￮A1NMs￑ﾗ￵   
        
   ﾤﾁﾑ   johnTransactionFormat.xmlUT ﾏ+@\ux 
        PK      ﾱ   ￙
    
17:11:49.722 [main] DEBUG org.apache.xml.security.signature.Reference - Verification successful for URI "contract.zip"
17:11:49.722 [main] DEBUG org.apache.xml.security.signature.Manifest - The Reference has Type 
17:11:49.723 [main] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:Reference", "")
17:11:49.723 [main] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:Transforms", "")
17:11:49.723 [main] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - I was asked to create a ResourceResolver and got 1
17:11:49.723 [main] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class eu.europa.esig.dss.xades.validation.DetachedSignatureResolver
17:11:49.723 [main] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
17:11:49.723 [main] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - State I can resolve reference: "#xades-id-16895f3674564c2955ec1ee2b758d19e"
17:11:49.737 [main] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - Try to catch an Element with ID xades-id-16895f3674564c2955ec1ee2b758d19e and Element was [xades:SignedProperties: null]
17:11:49.737 [main] DEBUG org.apache.xml.security.algorithms.JCEMapper - Request for URI http://www.w3.org/2001/04/xmlenc#sha256
17:11:49.737 [main] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - I was asked to create a ResourceResolver and got 1
17:11:49.737 [main] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class eu.europa.esig.dss.xades.validation.DetachedSignatureResolver
17:11:49.737 [main] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
17:11:49.737 [main] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - State I can resolve reference: "#xades-id-16895f3674564c2955ec1ee2b758d19e"
17:11:49.737 [main] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - Try to catch an Element with ID xades-id-16895f3674564c2955ec1ee2b758d19e and Element was [xades:SignedProperties: null]
17:11:49.738 [main] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:Transform", "")
17:11:49.739 [main] DEBUG org.apache.xml.security.transforms.Transforms - Perform the (0)th http://www.w3.org/2001/10/xml-exc-c14n# transform
17:11:49.740 [main] DEBUG org.apache.xml.security.utils.DigesterOutputStream - Pre-digested input:
17:11:49.740 [main] DEBUG org.apache.xml.security.utils.DigesterOutputStream - <xades:SignedProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Id="xades-id-16895f3674564c2955ec1ee2b758d19e"><xades:SignedSignatureProperties><xades:SigningTime>2019-01-21T16:11:48Z</xades:SigningTime><xades:SigningCertificate><xades:Cert><xades:CertDigest><ds:DigestMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod><ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">NIJnUYlB9t4OMNh+bGirHUOQVzrkAFLosFhDIkL9D28=</ds:DigestValue></xades:CertDigest><xades:IssuerSerial><ds:X509IssuerName xmlns:ds="http://www.w3.org/2000/09/xmldsig#">CN=IAIK Test Intermediate CA,OU=IAIK,O=Graz University of Technology,L=Graz,C=AT</ds:X509IssuerName><ds:X509SerialNumber xmlns:ds="http://www.w3.org/2000/09/xmldsig#">309818016731685</ds:X509SerialNumber></xades:IssuerSerial></xades:Cert></xades:SigningCertificate></xades:SignedSignatureProperties><xades:SignedDataObjectProperties><xades:DataObjectFormat ObjectReference="#r-id-1"><xades:MimeType>text/zip</xades:MimeType></xades:DataObjectFormat></xades:SignedDataObjectProperties></xades:SignedProperties>
17:11:49.740 [main] DEBUG org.apache.xml.security.signature.Reference - Verification successful for URI "#xades-id-16895f3674564c2955ec1ee2b758d19e"
17:11:49.740 [main] DEBUG org.apache.xml.security.signature.Manifest - The Reference has Type http://uri.etsi.org/01903#SignedProperties
17:11:49.741 [main] INFO eu.europa.esig.dss.xades.validation.XAdESSignature - Determining signing certificate from certificate candidates list succeeded
17:11:49.741 [main] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:Signature", "")
17:11:49.741 [main] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:SignedInfo", "")
17:11:49.741 [main] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:SignatureMethod", "")
17:11:49.741 [main] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm - Create URI "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256" class "class org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA256"
17:11:49.741 [main] DEBUG org.apache.xml.security.algorithms.JCEMapper - Request for URI http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256
17:11:49.741 [main] DEBUG org.apache.xml.security.algorithms.implementations.SignatureECDSA - Created SignatureECDSA using SHA256withECDSA
17:11:49.741 [main] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:KeyInfo", "")
17:11:49.743 [main] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:Reference", "")
17:11:49.743 [main] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - I was asked to create a ResourceResolver and got 1
17:11:49.743 [main] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class eu.europa.esig.dss.xades.validation.DetachedSignatureResolver
17:11:49.744 [main] DEBUG org.apache.xml.security.algorithms.JCEMapper - Request for URI http://www.w3.org/2001/04/xmlenc#sha256
17:11:49.744 [main] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - I was asked to create a ResourceResolver and got 1
17:11:49.744 [main] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class eu.europa.esig.dss.xades.validation.DetachedSignatureResolver
17:11:49.744 [main] DEBUG org.apache.xml.security.algorithms.JCEMapper - Request for URI http://www.w3.org/2001/04/xmlenc#sha256
17:11:49.745 [main] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - I was asked to create a ResourceResolver and got 1
17:11:49.745 [main] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class eu.europa.esig.dss.xades.validation.DetachedSignatureResolver
17:11:49.745 [main] DEBUG org.apache.xml.security.utils.DigesterOutputStream - Pre-digested input:
17:11:49.745 [main] DEBUG org.apache.xml.security.utils.DigesterOutputStream - PK   B1Nﾸ￯￀K   Q     contract.txtUT	 ￋ+@\￨+@\ux 
        ￣
￉￈,V ﾢￄ<ﾅﾢﾔￔ"ﾅ4ﾅDﾅﾜￄﾂﾒﾅ￤￢ﾒￌﾼtcﾅￔￒﾢb=ﾮﾐﾌTﾨJﾠﾮￜￄﾔTﾅﾤJﾯﾌ<￟ￄ￤l. PK   ￮A1NMs￑ﾗ￵   
    johnTransactionFormat.xmlUT	 ﾏ+@\￨+@\ux 
        ﾥQ￁Nￃ0ﾽ￯+ﾪ}￀ￒvlﾀd2`ﾂﾌiﾜﾸYmﾴﾅ5I￥ﾴ￱￵ﾤ￫ￒRq$'﾿￧'?S%_ﾊﾼv￶fﾜMￒ￱Bﾎ￠ﾍ￐z,8ﾐrﾔ$ﾰ$ﾅ￬ﾨﾩﾛﾏﾚ<ﾯ￑(￤vDﾏﾣbﾅg￢iﾢﾃﾱ﾿tﾖﾃ￁ￚ￉,ﾟ^ￌ￦ﾗWￗ)ﾈﾞﾍﾺﾃﾺﾒ￁ￅﾄAﾷﾇ￣￷ﾤpDￋGￕ]Yﾒ￲>￢ﾳﾅ￦ﾣﾼGﾻￅￊﾑ
"￢?Ymﾐu￵ﾏﾰ
￧YNￓ44OeﾻZﾷﾈ￁﾿￾ PK
   B1Nﾸ￯￀K   Q         
   ﾤﾁ    contract.txtUT ￋ+@\ux 
        PK
   ￮A1NMs￑ﾗ￵   
        
   ﾤﾁﾑ   johnTransactionFormat.xmlUT ﾏ+@\ux 
        PK      ﾱ   ￙
    
17:11:49.745 [main] DEBUG org.apache.xml.security.signature.Reference - Verification successful for URI "contract.zip"
17:11:49.746 [main] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:Reference", "")
17:11:49.746 [main] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:Transforms", "")
17:11:49.746 [main] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - I was asked to create a ResourceResolver and got 1
17:11:49.746 [main] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class eu.europa.esig.dss.xades.validation.DetachedSignatureResolver
17:11:49.746 [main] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
17:11:49.746 [main] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - State I can resolve reference: "#xades-id-16895f3674564c2955ec1ee2b758d19e"
17:11:49.746 [main] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - Try to catch an Element with ID xades-id-16895f3674564c2955ec1ee2b758d19e and Element was [xades:SignedProperties: null]
17:11:49.749 [main] DEBUG org.apache.xml.security.algorithms.JCEMapper - Request for URI http://www.w3.org/2001/04/xmlenc#sha256
17:11:49.749 [main] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - I was asked to create a ResourceResolver and got 1
17:11:49.749 [main] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class eu.europa.esig.dss.xades.validation.DetachedSignatureResolver
17:11:49.749 [main] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
17:11:49.749 [main] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - State I can resolve reference: "#xades-id-16895f3674564c2955ec1ee2b758d19e"
17:11:49.749 [main] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - Try to catch an Element with ID xades-id-16895f3674564c2955ec1ee2b758d19e and Element was [xades:SignedProperties: null]
17:11:49.749 [main] DEBUG org.apache.xml.security.algorithms.JCEMapper - Request for URI http://www.w3.org/2001/04/xmlenc#sha256
17:11:49.749 [main] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - I was asked to create a ResourceResolver and got 1
17:11:49.749 [main] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class eu.europa.esig.dss.xades.validation.DetachedSignatureResolver
17:11:49.749 [main] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
17:11:49.750 [main] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - State I can resolve reference: "#xades-id-16895f3674564c2955ec1ee2b758d19e"
17:11:49.750 [main] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - Try to catch an Element with ID xades-id-16895f3674564c2955ec1ee2b758d19e and Element was [xades:SignedProperties: null]
17:11:49.750 [main] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:Transform", "")
17:11:49.750 [main] DEBUG org.apache.xml.security.transforms.Transforms - Perform the (0)th http://www.w3.org/2001/10/xml-exc-c14n# transform
17:11:49.750 [main] DEBUG org.apache.xml.security.utils.DigesterOutputStream - Pre-digested input:
17:11:49.751 [main] DEBUG org.apache.xml.security.utils.DigesterOutputStream - <xades:SignedProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Id="xades-id-16895f3674564c2955ec1ee2b758d19e"><xades:SignedSignatureProperties><xades:SigningTime>2019-01-21T16:11:48Z</xades:SigningTime><xades:SigningCertificate><xades:Cert><xades:CertDigest><ds:DigestMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod><ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">NIJnUYlB9t4OMNh+bGirHUOQVzrkAFLosFhDIkL9D28=</ds:DigestValue></xades:CertDigest><xades:IssuerSerial><ds:X509IssuerName xmlns:ds="http://www.w3.org/2000/09/xmldsig#">CN=IAIK Test Intermediate CA,OU=IAIK,O=Graz University of Technology,L=Graz,C=AT</ds:X509IssuerName><ds:X509SerialNumber xmlns:ds="http://www.w3.org/2000/09/xmldsig#">309818016731685</ds:X509SerialNumber></xades:IssuerSerial></xades:Cert></xades:SigningCertificate></xades:SignedSignatureProperties><xades:SignedDataObjectProperties><xades:DataObjectFormat ObjectReference="#r-id-1"><xades:MimeType>text/zip</xades:MimeType></xades:DataObjectFormat></xades:SignedDataObjectProperties></xades:SignedProperties>
17:11:49.751 [main] DEBUG org.apache.xml.security.signature.Reference - Verification successful for URI "#xades-id-16895f3674564c2955ec1ee2b758d19e"
17:11:49.757 [main] DEBUG eu.europa.esig.dss.xades.signature.XAdESLevelBaselineT - Timestamp generation: SHA256 / http://www.w3.org/2001/10/xml-exc-c14n# / 8CVVKtCl1qQc3Ky5XTyM1IvlifJhaKfZcXrvfgHYN1w=
17:11:49.761 [main] DEBUG org.digidoc4j.impl.asic.SkDataLoader - Getting OCSP response from <http://demo.sk.ee/tsa>
17:11:49.778 [main] DEBUG eu.europa.esig.dss.client.http.commons.CommonsDataLoader - Use default SSL configuration
17:11:49.893 [main] DEBUG eu.europa.esig.dss.client.http.commons.CommonsDataLoader - PoolingHttpClientConnectionManager: max total: 20
17:11:49.893 [main] DEBUG eu.europa.esig.dss.client.http.commons.CommonsDataLoader - PoolingHttpClientConnectionManager: max per route: 2
17:11:49.944 [main] DEBUG org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: default
17:11:49.954 [main] DEBUG org.apache.http.client.protocol.RequestAuthCache - Re-using cached 'basic' auth scheme for http://demo.sk.ee:80
17:11:49.954 [main] DEBUG org.apache.http.client.protocol.RequestAuthCache - No credentials for preemptive authentication
17:11:49.955 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection request: [route: {}->http://demo.sk.ee:80][total kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 20]
17:11:49.969 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection leased: [id: 0][route: {}->http://demo.sk.ee:80][total kept alive: 0; route allocated: 1 of 2; total allocated: 1 of 20]
17:11:49.970 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Opening connection {}->http://demo.sk.ee:80
17:11:49.973 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connecting to demo.sk.ee/194.126.110.84:80
17:11:50.024 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connection established 10.27.152.146:58426<->194.126.110.84:80
17:11:50.024 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: set socket timeout to 6000
17:11:50.024 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Executing request POST /tsa HTTP/1.1
17:11:50.025 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Target auth state: UNCHALLENGED
17:11:50.026 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Proxy auth state: UNCHALLENGED
17:11:50.028 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> POST /tsa HTTP/1.1
17:11:50.029 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> User-Agent: LIB DigiDoc4j/DEV format: application/vnd.etsi.asic-e+zip signatureProfile: XAdES_BASELINE_LT Java: 11.0.2/Oracle Corporation OS: Linux/amd64/4.18.0-13-generic JVM: Java HotSpot(TM) 64-Bit Server VM/Oracle Corporation/11.0.2+7-LTS
17:11:50.029 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Content-Type: application/timestamp-query
17:11:50.029 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Content-Length: 59
17:11:50.029 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Host: demo.sk.ee
17:11:50.029 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Connection: Keep-Alive
17:11:50.029 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate
17:11:50.030 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "POST /tsa HTTP/1.1[\r][\n]"
17:11:50.030 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "User-Agent: LIB DigiDoc4j/DEV format: application/vnd.etsi.asic-e+zip signatureProfile: XAdES_BASELINE_LT Java: 11.0.2/Oracle Corporation OS: Linux/amd64/4.18.0-13-generic JVM: Java HotSpot(TM) 64-Bit Server VM/Oracle Corporation/11.0.2+7-LTS[\r][\n]"
17:11:50.030 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Content-Type: application/timestamp-query[\r][\n]"
17:11:50.030 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Content-Length: 59[\r][\n]"
17:11:50.030 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Host: demo.sk.ee[\r][\n]"
17:11:50.030 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
17:11:50.030 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]"
17:11:50.030 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "[\r][\n]"
17:11:50.031 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "09[0x2][0x1][0x1]010[\r][0x6][0x9]`[0x86]H[0x1]e[0x3][0x4][0x2][0x1][0x5][0x0][0x4] [0xf0]%U*[0xd0][0xa5][0xd6][0xa4][0x1c][0xdc][0xac][0xb9]]<[0x8c][0xd4][0x8b][0xe5][0x89][0xf2]ah[0xa7][0xd9]qz[0xef]~[0x1][0xd8]7\[0x1][0x1][0xff]"
17:11:50.114 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "HTTP/1.1 200 OK[\r][\n]"
17:11:50.114 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Server: nginx[\r][\n]"
17:11:50.114 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Date: Mon, 21 Jan 2019 16:11:50 GMT[\r][\n]"
17:11:50.114 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Content-Type: application/timestamp-reply[\r][\n]"
17:11:50.115 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Content-Length: 2028[\r][\n]"
17:11:50.115 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Connection: keep-alive[\r][\n]"
17:11:50.115 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "X-Powered-By: Undertow/1[\r][\n]"
17:11:50.115 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "[\r][\n]"
17:11:50.115 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "0[0x82][0x7][0xe8]0[0x15][0x2][0x1][0x0]0[0x10][0xc][0xe]Operation Okay0[0x82][0x7][0xcd][0x6][0x9]*[0x86]H[0x86][0xf7][\r][0x1][0x7][0x2][0xa0][0x82][0x7][0xbe]0[0x82][0x7][0xba][0x2][0x1][0x3]1[0xf]0[\r][0x6][0x9]`[0x86]H[0x1]e[0x3][0x4][0x2][0x3][0x5][0x0]0l[0x6][0xb]*[0x86]H[0x86][0xf7][\r][0x1][0x9][0x10][0x1][0x4][0xa0]][0x4][0Y[0x2][0x1][0x1][0x6][0x6][0x4][0x0][0x8f]g[0x1][0x1]010[\r][0x6][0x9]`[0x86]H[0x1]e[0x3][0x4][0x2][0x1][0x5][0x0][0x4] [0xf0]%U*[0xd0][0xa5][0xd6][0xa4][0x1c][0xdc][0xac][0xb9]]<[0x8c][0xd4][0x8b][0xe5][0x89][0xf2]ah[0xa7][0xd9]qz[0xef]~[0x1][0xd8]7\[0x2][0x8]-*[0x85]%i;[0x2][0xbc][0x18][0xf]20190121161150Z[0xa0][0x82][0x4][0x19]0[0x82][0x4][0x15]0[0x82][0x2][0xfd][0xa0][0x3][0x2][0x1][0x2][0x2][0x10]N[0xac][0xfb]l#[0xfc][[0x8e]T[0x5][0x96][0xbb][0xb7];SL0[\r][0x6][0x9]*[0x86]H[0x86][0xf7][\r][0x1][0x1][0xb][0x5][0x0]0}1[0xb]0[0x9][0x6][0x3]U[0x4][0x6][0x13][0x2]EE1"0 [0x6][0x3]U[0x4][\n]"
17:11:50.116 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "[0xc][0x19]AS Sertifitseerimiskeskus100.[0x6][0x3]U[0x4][0x3][0xc]'TEST of EE Certification Centre Root CA1[0x18]0[0x16][0x6][0x9]*[0x86]H[0x86][0xf7][\r][0x1][0x9][0x1][0x16][0x9]pki@sk.ee0[0x1e][0x17][\r]140902100651Z[0x17][\r]240902100651Z0]1[0xb]0[0x9][0x6][0x3]U[0x4][0x6][0x13][0x2]EE1"0 [0x6][0x3]U[0x4][\n]"
17:11:50.116 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "[0xc][0x19]AS Sertifitseerimiskeskus1[0xc]0[\n]"
17:11:50.116 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "[0x6][0x3]U[0x4][0xb][0xc][0x3]TSA1[0x1c]0[0x1a][0x6][0x3]U[0x4][0x3][0xc][0x13]DEMO of SK TSA 20140[0x82][0x1]"0[\r][0x6][0x9]*[0x86]H[0x86][0xf7][\r][0x1][0x1][0x1][0x5][0x0][0x3][0x82][0x1][0xf][0x0]0[0x82][0x1][\n]"
17:11:50.117 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "[0x2][0x82][0x1][0x1][0x0][0xca][0xc8]+VuO[0xc4]#6[0x0][0xac]'[\r]2[0xfb][0xb7][0xe6][0x98][0x10][0xd3]3[0xfb]M[0x7][0xec]bzY[0xcf][0xf4][0xa7].C[0xe9][0xf2]N[0x3]n[0xd4][0x93])[0x9e][0xbc][0xbb]F[0x1e]'v[0xbe]x[0xac][0xf2][0xd7]4e]o[0xfb][0xec][0x82][0xc8][0xbc][0x7][0x9e]|[0xe]+[0xf]UI[0xf7]F[0xea][0xf7][0xff][0xc5][0xd0][0xf8][0x10][0xa4][0x85]4[0x8][0x83]W[0x12][0x9b] [0xac][[0x12]`y[0xa4][\n]"
17:11:50.117 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "&.[0x96][0x19]V[0x90]X[0x1d][0xa1]{~ZV[0x12][0xf9][0x17][0xa6][0x9e][0xfe][0xc][0xd7]O{[0x6][0x1b][0x9][0xd6][0xba]6dc[0xda]9E[0xaa]FW^~[0xfd][0xbe][0xd4][0xbf][0xee][0xe3]Y[0x81]@[0xc5][0xc0][0xfa]m[0xae]c#M[0x11]c[0xf8]&[0xb1]l[\n]"
17:11:50.118 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "om[0xba]F|[0xff][0xa5]r[0x83][0x5][0xfb][0x8d][0xde][0x8c]{[0xcb][0x9f][0xe5]e[0xfe]~3"[0x1c]U[0xed]j%[0xee][0xd5][0x0][0x91][0xa9]$X[0xcd][0xab][0xe0]D[0x11][0xdb][0xdf][0xaa][0xf2]u>![0x90][0x10]2@>[0x14]jj[0x15]c[0x5],[0xea]f[0x12]P[0xa0][0xbd][0xc7]#[0x8d][0x8d]D!pj[0xbb][0xdd][0x9d][0x96]([0x8][0xfc]cy[0x8a]@[0xca]t[0xc7][0x80][0xd4]{[0x90][0xa1][0x97][0xd6]$<9[0x2][0x3][0x1][0x0][0x1][0xa3][0x81][0xb0]0[0x81][0xad]0[0xe][0x6][0x3]U[0x1d][0xf][0x1][0x1][0xff][0x4][0x4][0x3][0x2][0x6][0xc0]0[0x16][0x6][0x3]U[0x1d]%[0x1][0x1][0xff][0x4][0xc]0[\n]"
17:11:50.118 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "[0x6][0x8]+[0x6][0x1][0x5][0x5][0x7][0x3][0x8]0[0x1d][0x6][0x3]U[0x1d][0xe][0x4][0x16][0x4][0x14]'[0x4][0x9c]e[0xc]s[0x97]<[0x92]V[0xa6]W[0xbe]%[0xe9])[0x90][0xd5][0xe4][0xdc]0[0x1f][0x6][0x3]U[0x1d]#[0x4][0x18]0[0x16][0x80][0x14][0xb5]4[\n]"
17:11:50.119 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "[0x9d][0xa5]/[0x10][0xc5][0xe7]![0xe][0xbe][0xc4][0xb1]eG[0x1b][0x3]v[0xfe]0C[0x6][0x3]U[0x1d][0x1f][0x4]<0:08[0xa0]6[0xa0]4[0x86]2https://www.sk.ee/repository/crls/test_eeccrca.crl0[\r][0x6][0x9]*[0x86]H[0x86][0xf7][\r][0x1][0x1][0xb][0x5][0x0][0x3][0x82][0x1][0x1][0x0][0x8a][0xb4][0xd9]%J[0xc0][0xfd]T[0xa2]R[0xa3][0xa8][0x4][0x1e][0xed]%X[0xfc][0xa8]"[0xfb][0xe1][0xb6][0x92][0xa0][0x1d][0xe3]E&2[0xa6][0xbd][0xe0]d[0xee][0xf7]R[0xc5]e[0x1e]S[0xbd][0xda]2f8[0xe7]Ch[0xa8]^[0x1e]BWi_[0x95]L[0xbf][0x95]J[0xd9]0:j[0x11][0xee][0xc8]n6V[0xe7][0xe6][0xfd][0x9f][0x96][0x81][0xbd]v[0x9][0x80];[0x9a][0xf5]&#0[0xea][0xdc][0xcb]{"[0xca][0xda][0xaa][0xf1]F[0xcd][0x82][0x1e][0xfd][0xb9][0xb6] Z[0x11][0xe1]%)[0xcb]X[0xae]X'[0xee]oB4[0xe9]8[0xc7]Q[0xb0][0xba][0xf][0xe1]aMF[0xba][0x98][0xfd][0x14][\r][0x8f][0x94][0xf3]o[0xed][0x16][0xe7][0xe4]w[0xd1][0xd6][0xe3]6[0xda][0x95]E[0xa1]B[0x9][0xcd]`[0x8d][0xe8][0xa3]@[0xac]gA[0xc4][0xc6][0xec][0xa7]8[0xe6]f3P_[0xf0][0xfc][0xc3][0xe9][0xeb]e-"[0xa4]`[0x1f][0xa6][0x7][0xbe][0xce][0x9a][0xa8][0x1f][0x97]<[0xfe]&<[0xa1][0xe3][0x9a]>[0xdf]NLG1[0xc3][0x15][0xe2]Y[0xc7][0xb5][0xb1][0xb][0xe5][0xd3]5d4dT[0xc5]}[0xcd]([0xcf][0x1c]sQe%|[0xd7][0xe9][$![0xdf][0xee][0xb]m[0xe4][0x90]Ej[0xcd][0x91][0xb3]Q|*X[0xa2][0xdc][0x8c][0xe8][0x6]1[0x82][0x3][0x17]0[0x82][0x3][0x13][0x2][0x1][0x1]0[0x81][0x91]0}1[0xb]0[0x9][0x6][0x3]U[0x4][0x6][0x13][0x2]EE1"0 [0x6][0x3]U[0x4][\n]"
17:11:50.119 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "[0xc][0x19]AS Sertifitseerimiskeskus100.[0x6][0x3]U[0x4][0x3][0xc]'TEST of EE Certification Centre Root CA1[0x18]0[0x16][0x6][0x9]*[0x86]H[0x86][0xf7][\r][0x1][0x9][0x1][0x16][0x9]pki@sk.ee[0x2][0x10]N[0xac][0xfb]l#[0xfc][[0x8e]T[0x5][0x96][0xbb][0xb7];SL0[\r][0x6][0x9]`[0x86]H[0x1]e[0x3][0x4][0x2][0x3][0x5][0x0][0xa0][0x82][0x1]V0[0x1a][0x6][0x9]*[0x86]H[0x86][0xf7][\r][0x1][0x9][0x3]1[\r][0x6][0xb]*[0x86]H[0x86][0xf7][\r][0x1][0x9][0x10][0x1][0x4]0[0x1c][0x6][0x9]*[0x86]H[0x86][0xf7][\r][0x1][0x9][0x5]1[0xf][0x17][\r]190121161150Z0O[0x6][0x9]*[0x86]H[0x86][0xf7][\r][0x1][0x9][0x4]1B[0x4]@}b[0xb2][0x1]H[0xdf][0x9f]Y[0xfd]9[0xa8][0x15][0x14]Y[0x85][0x8f]|[0x5]k[0x9a][0x17]e[0x18],[0x1e][0xc5][0xc4]<[0xad][0xf1][0x17][0xfe]&B95[0x15][0xd1][0xcf]T[0x11][0x4][0xcd][0xeb][0xf],@[0xe0]i"[0xf6][\r]MbA[0xce]xJ[0x8d][0x82]F+a[0x6]0[0x81][0xc8][0x6][0xb]*[0x86]H[0x86][0xf7][\r][0x1][0x9][0x10][0x2][0xc]1[0x81][0xb8]0[0x81][0xb5]0[0x81][0xb2]0[0x81][0xaf][0x4][0x14][0x2][0xb1][0x97][0xef]x[0xae][0xe1]q[0xf6][0xa1]G_P[0xea][0xcc]eq[0xf1][0xfc][0xb]0[0x81][0x96]0[0x81][0x81][0xa4]0}1[0xb]0[0x9][0x6][0x3]U[0x4][0x6][0x13][0x2]EE1"0 [0x6][0x3]U[0x4][\n]"
17:11:50.120 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "[0xc][0x19]AS Sertifitseerimiskeskus100.[0x6][0x3]U[0x4][0x3][0xc]'TEST of EE Certification Centre Root CA1[0x18]0[0x16][0x6][0x9]*[0x86]H[0x86][0xf7][\r][0x1][0x9][0x1][0x16][0x9]pki@sk.ee[0x2][0x10]N[0xac][0xfb]l#[0xfc][[0x8e]T[0x5][0x96][0xbb][0xb7];SL0[\r][0x6][0x9]*[0x86]H[0x86][0xf7][\r][0x1][0x1][0x1][0x5][0x0][0x4][0x82][0x1][0x0]c[0x1c][0xaf]6[0xd6][0x8d]Y[0xe4][0xef][0xfb]@[0xc2][0x94][0x94] [0xbe]V[0xb5][0xb1][0x91][0xbb]fW[0xf][0x88]7[0x2][0xff][0xf2][0xc1]/[0xb9][0xc3][0x8c][0xb]d[0xf1]_[0xcb][0xcd][0xf]U[0x8f][0xc0] S-;g[0xd1][0x8][0xc4][0x3] /.wY<[0xec][0xaa]^[0xfd]C[0xb9][0x16]$io[0x6][0x1f][0x16][0x87][0xbd]Ru[0xc3][0x5][0x9e][0x82]H"[0x1a][0xd3]e[0x8a]'[0xd3][0x88][0x99][0x90][0xbd][0xa3]F[0xb4][0xbf][0xab]|[0x8d][0xc9][0xfd];[0xab][0x91][0xdd]![0x90]A[0x0][0xd6]{[0xbf]P>[0xf8][0xf5][0xb9][0xb0]cdz[0x91]#h[0xc1][0xe1]R*b[0xcd][0xd1]G[0x92][0x9c][0xc2]J[0x4][0xb9][0xf7][0xee]&S}@[0x7][0xff])[0xf2][0x92][0xd3][0x1e][0xd8]p[0xb0][0xa4][0xb0]E[0xd4][0xac][0xd0][0x1d]g [0x89][0xca][0xa1][0xb8]z(+?H[0x96]:TV[0xf1]Pr[0x9f][0xb4]3[0x9c][0xc1][0xc1][0x80][0x2]/~[0xc8]U[0xec]{[0xc][0x18]_[0xbf][0xe7][0xaa][0xed][0x1][0xfa]a[0xcd]b[0xf6][0xa9][0xda][0x1a]V[0xfa][0xdb][0xad]L[0xeb][0xbc][0x8f][0x88][0xa8],[0xb8][0xce]w[0xaf][0x18][0x8c][0xe0][0xc1]n[0xe7][0xa0][0x82]zvaH1[0x96][0xca][0xfc][0xbb]?G[0xc3][0x6]Z;[0xd1][0xf6][0xdf]ouK[0x13][0xe7][0xd7]"
17:11:50.125 [main] DEBUG org.apache.http.headers - http-outgoing-0 << HTTP/1.1 200 OK
17:11:50.125 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Server: nginx
17:11:50.125 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Date: Mon, 21 Jan 2019 16:11:50 GMT
17:11:50.125 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Type: application/timestamp-reply
17:11:50.125 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Length: 2028
17:11:50.125 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Connection: keep-alive
17:11:50.125 [main] DEBUG org.apache.http.headers - http-outgoing-0 << X-Powered-By: Undertow/1
17:11:50.128 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Connection can be kept alive indefinitely
17:11:50.129 [main] DEBUG eu.europa.esig.dss.client.http.commons.CommonsDataLoader - http://demo.sk.ee/tsa status code is 200 - OK
17:11:50.130 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection [id: 0][route: {}->http://demo.sk.ee:80] can be kept alive indefinitely
17:11:50.130 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection released: [id: 0][route: {}->http://demo.sk.ee:80][total kept alive: 1; route allocated: 1 of 2; total allocated: 1 of 20]
17:11:50.130 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Cancelling request execution
17:11:50.131 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection manager is shutting down
17:11:50.131 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: Close connection
17:11:50.132 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection manager shut down
17:11:50.160 [main] INFO eu.europa.esig.dss.client.tsp.OnlineTSPSource - Status: Operation Okay
17:11:50.160 [main] INFO eu.europa.esig.dss.client.tsp.OnlineTSPSource - TSP SID : SN 104577958183480553559561041502222897996, Issuer C=EE,O=AS Sertifitseerimiskeskus,CN=TEST of EE Certification Centre Root CA,E=pki@sk.ee
17:11:50.228 [main] DEBUG org.digidoc4j.impl.asic.tsl.LazyCertificatePool - Initializing lazy certificate pool
17:11:50.228 [main] DEBUG org.digidoc4j.impl.asic.tsl.LazyCertificatePool - Accessing certificate pool
17:11:50.228 [main] DEBUG org.digidoc4j.impl.asic.tsl.ClonedTslCertificateSource - Accessing TSL
17:11:50.228 [main] DEBUG org.digidoc4j.impl.asic.tsl.LazyTslCertificateSource - Initializing TSL
17:11:50.235 [main] DEBUG org.digidoc4j.Configuration - Requesting parameter <TslLocation>. Returned value is <https://open-eid.github.io/test-TL/tl-mp-test-EE.xml>
17:11:50.238 [main] DEBUG org.digidoc4j.Configuration - Requested parameter <HttpProxyPort> not found
17:11:50.238 [main] DEBUG org.digidoc4j.Configuration - Requested parameter <HttpsProxyPort> not found
17:11:50.238 [main] DEBUG org.digidoc4j.Configuration - Requested parameter <SslKeystorePath> not found
17:11:50.238 [main] DEBUG org.digidoc4j.Configuration - Requesting parameter <ConnectionTimeoutInMillis>. Returned value is <1000>
17:11:50.238 [main] DEBUG org.digidoc4j.Configuration - Requesting parameter <SocketTimeoutInMillis>. Returned value is <1000>
17:11:50.238 [main] DEBUG org.digidoc4j.Configuration - Requesting parameter <TslCacheExpirationTimeInMillis>. Returned value is <86400000>
17:11:50.238 [main] DEBUG org.digidoc4j.impl.asic.tsl.TslLoader - Using file cache directory for storing TSL: /tmp/digidoc4jTSLCache
17:11:50.238 [main] DEBUG org.digidoc4j.Configuration - Requesting parameter <TslKeyStoreLocation>. Returned value is <keystore/test-keystore.jks>
17:11:50.243 [main] DEBUG org.digidoc4j.Configuration - Requesting parameter <TslKeyStorePassword>. Returned value is <digidoc4j-password>
17:11:50.245 [main] DEBUG org.digidoc4j.Configuration - Requesting parameter <TslLocation>. Returned value is <https://open-eid.github.io/test-TL/tl-mp-test-EE.xml>
17:11:50.245 [main] DEBUG org.digidoc4j.impl.asic.tsl.LazyTslCertificateSource - Refreshing TSL
17:11:50.245 [main] DEBUG eu.europa.esig.dss.tsl.service.TSLValidationJob - TSL Validation Job is starting ...
17:11:50.247 [pool-1-thread-1] DEBUG eu.europa.esig.dss.client.http.commons.FileCacheDataLoader - Cached file: /tmp/digidoc4jTSLCache/https___open_eid_github_io_test_TL_tl_mp_test_EE_xml
17:11:50.248 [pool-1-thread-1] DEBUG eu.europa.esig.dss.client.http.commons.FileCacheDataLoader - Cached file was used
17:11:50.251 [main] INFO eu.europa.esig.dss.tsl.service.TSLRepository - New version of EU TSL is stored in cache
17:11:50.771 [main] WARN eu.europa.esig.dss.tsl.service.TSLValidationJob - OJ keystore is out-dated !
17:11:50.784 [pool-1-thread-1] INFO eu.europa.esig.dss.validation.SignedDocumentValidator - Validator 'eu.europa.esig.dss.asic.validation.ASiCContainerWithCAdESValidator' is registred
17:11:50.785 [pool-1-thread-1] INFO eu.europa.esig.dss.validation.SignedDocumentValidator - Validator 'eu.europa.esig.dss.pades.validation.PDFDocumentValidator' is registred
17:11:50.786 [pool-1-thread-1] INFO eu.europa.esig.dss.validation.SignedDocumentValidator - Validator 'eu.europa.esig.dss.asic.validation.ASiCContainerWithXAdESValidator' is registred
17:11:50.788 [pool-1-thread-1] INFO eu.europa.esig.dss.validation.SignedDocumentValidator - Validator 'eu.europa.esig.dss.cades.validation.CMSDocumentValidator' is registred
17:11:50.788 [pool-1-thread-1] INFO eu.europa.esig.dss.validation.SignedDocumentValidator - Validator 'eu.europa.esig.dss.xades.validation.XMLDocumentValidator' is registred
17:11:50.925 [pool-1-thread-1] INFO eu.europa.esig.dss.validation.SignedDocumentValidator - Document validation...
17:11:50.937 [pool-1-thread-1] INFO eu.europa.esig.dss.xades.validation.XAdESCertificateSource - +XAdESCertificateSource
17:11:50.945 [pool-1-thread-1] WARN eu.europa.esig.dss.validation.SignatureValidationContext - Revocation data will not be verified because one of the following: token is selfSigned:true or trusted:true or hasNoIssuer:true
17:11:50.945 [pool-1-thread-1] WARN eu.europa.esig.dss.validation.SignatureValidationContext - Hence no corresponding data will be added to the signature
17:11:50.952 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:Signature", "")
17:11:50.952 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:SignedInfo", "")
17:11:50.952 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:SignatureMethod", "")
17:11:50.952 [pool-1-thread-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm - Create URI "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" class "class org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256"
17:11:50.954 [pool-1-thread-1] DEBUG org.apache.xml.security.algorithms.JCEMapper - Request for URI http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
17:11:50.954 [pool-1-thread-1] DEBUG org.apache.xml.security.algorithms.implementations.SignatureBaseRSA - Created SignatureRSA using SHA256withRSA
17:11:50.956 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:KeyInfo", "")
17:11:50.956 [pool-1-thread-1] DEBUG eu.europa.esig.dss.xades.validation.XAdESSignature - Determining signing certificate from certificate candidates list
17:11:50.956 [pool-1-thread-1] DEBUG org.apache.xml.security.signature.XMLSignature - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
17:11:50.956 [pool-1-thread-1] DEBUG org.apache.xml.security.signature.XMLSignature - jceSigAlgorithm    = SHA256withRSA
17:11:50.956 [pool-1-thread-1] DEBUG org.apache.xml.security.signature.XMLSignature - jceSigProvider     = BC
17:11:50.958 [pool-1-thread-1] DEBUG org.apache.xml.security.signature.XMLSignature - PublicKey = RSA Public Key [2b:bf:24:dc:a2:61:d6:9a:7b:88:ce:7b:67:64:9a:e6:ca:06:d2:f4]
            modulus: df14ad1f61e1ab76780c657667743129725f698c618da5b89edfe721e660ea39b51ef8e2f8e5be3e49f3daa6b89544d05afa6e53d53ba28cfeca6fcb13352f54dd6418bd8f1b12cb4f667684bdd41249545fe23f5e560f914c9f18e238d9d3619b2f0ae910b0f642cfa884297c7bae06dbdaaeb5c86fea726a39d6cbe54f9de832b2af34a96723113c0f94981efc2ac053b34a37c0c13b200f49dfb620b6951989f702e0b7604d6ad7d9e0480863ea8bb1862b37672392c38422599c7c33bdafba941c1af1f5b9697406ebdb8f4c599dfe934d17afbc7f615c6069634220fa15854a0147d8441970f7298a6886cd9b287d6ecef57b33eb23896d38b8e664b645468b9221a784c5fce3d85916111346fe202e108468972c978ea8e2408ba2122f2ea3ab20d5c3eb0f9f44b96b5370ccd3c6e85553c45adfb17a0eb3048a9aa1f38cd07274f48bf44d9382bbdb7681f6e5b01c9809e58dbfe9c6ed6bb66462c7d07e3042e27051572525042a4415835e3db2adb5817909fe45ada3251b3018d16fcc488531bd19a59230b30687782c0f8afe1431122c3b5daf0e0197f0f65f659929e26be7e0473ddf2cac60df2925c3aac0ff668849bf37b9546fc60a8aca6dc4789ffe0ac390a7039b94407159f422cda8750ade0d86cb8a2e605ba29c405cbab3db913edc1befb0ce27bb05957e8caf4d55d843e93857f863da24b96ee279b7
    public exponent: 10001

17:11:50.964 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.SignerOutputStream - Canonicalized SignedInfo:
17:11:50.965 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.SignerOutputStream - <ds:SignedInfo xmlns="http://uri.etsi.org/02231/v2#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:tslx="http://uri.etsi.org/02231/v2/additionaltypes#" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#"><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></ds:SignatureMethod><ds:Reference URI="#ID0001"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod><ds:DigestValue>6RKh3wNFCNE2OGitu+A7LLg8MQxi8TV+6qbGNZt7JzE=</ds:DigestValue></ds:Reference><ds:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#SignedProperties"><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod><ds:DigestValue>kF3ZV9FgSJrUIpthNy31JfkXPdup0KQDT5YH6XTjmwQ=</ds:DigestValue></ds:Reference></ds:SignedInfo>
17:11:50.967 [pool-1-thread-1] DEBUG org.apache.xml.security.signature.Manifest - verify 2 References
17:11:50.968 [pool-1-thread-1] DEBUG org.apache.xml.security.signature.Manifest - I am not requested to follow nested Manifests
17:11:50.968 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:Reference", "")
17:11:50.968 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:Transforms", "")
17:11:50.968 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - I was asked to create a ResourceResolver and got 0
17:11:50.968 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
17:11:50.968 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - State I can resolve reference: "#ID0001"
17:11:50.968 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - Try to catch an Element with ID ID0001 and Element was [TrustServiceStatusList: null]
17:11:50.968 [pool-1-thread-1] DEBUG org.apache.xml.security.algorithms.JCEMapper - Request for URI http://www.w3.org/2001/04/xmlenc#sha256
17:11:50.968 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - I was asked to create a ResourceResolver and got 0
17:11:50.968 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
17:11:50.968 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - State I can resolve reference: "#ID0001"
17:11:50.968 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - Try to catch an Element with ID ID0001 and Element was [TrustServiceStatusList: null]
17:11:50.968 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:Transform", "")
17:11:50.969 [pool-1-thread-1] DEBUG org.apache.xml.security.transforms.Transforms - Perform the (0)th http://www.w3.org/2000/09/xmldsig#enveloped-signature transform
17:11:50.971 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.DigesterOutputStream - Pre-digested input:
17:11:50.972 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.DigesterOutputStream - <TrustServiceStatusList xmlns="http://uri.etsi.org/02231/v2#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:tslx="http://uri.etsi.org/02231/v2/additionaltypes#" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Id="ID0001" TSLTag="http://uri.etsi.org/19612/TSLTag">
   <SchemeInformation>
      <TSLVersionIdentifier>5</TSLVersionIdentifier>
      <TSLSequenceNumber>3</TSLSequenceNumber>
      <TSLType>http://uri.etsi.org/TrstSvc/TrustedList/TSLType/EUlistofthelists</TSLType>
      <SchemeOperatorName>
         <Name xml:lang="en">SK Test Authority</Name>
      </SchemeOperatorName>
      <SchemeOperatorAddress>
         <PostalAddresses>
            <PostalAddress xml:lang="en">
               <StreetAddress>Pￃﾤrnu mnt 141</StreetAddress>
               <Locality>Tallinn</Locality>
               <PostalCode>11314</PostalCode>
               <CountryName>EE</CountryName>
            </PostalAddress>
         </PostalAddresses>
         <ElectronicAddress>
            <URI xml:lang="en">mailto:info@sk.ee</URI>
            <URI xml:lang="en">http://sk.ee</URI>
         </ElectronicAddress>
      </SchemeOperatorAddress>
      <SchemeName>
        <Name xml:lang="en">EE:Supervision/Accreditation Status List of test certification services</Name>
      </SchemeName>
      <SchemeInformationURI>
         <URI xml:lang="en">http://sk.ee</URI>
      </SchemeInformationURI>
      <StatusDeterminationApproach>http://uri.etsi.org/TrstSvc/TrustedList/StatusDetn/EUlistofthelists</StatusDeterminationApproach>
      <SchemeTypeCommunityRules>
         <URI xml:lang="en">http://uri.etsi.org/TrstSvc/TrustedList/schemerules/EUlistofthelists</URI>
      </SchemeTypeCommunityRules>
      <SchemeTerritory>EE</SchemeTerritory>
      <PolicyOrLegalNotice>
         <TSLLegalNotice xml:lang="en">The present TSL implementation of ponters to test TSL lists is not applicable to any legal frameworks</TSLLegalNotice>
      </PolicyOrLegalNotice>
      <HistoricalInformationPeriod>65535</HistoricalInformationPeriod>
      <PointersToOtherTSL>
         <OtherTSLPointer>
            <ServiceDigitalIdentities>
               <ServiceDigitalIdentity>
                  <DigitalId>
                     <X509Certificate>MIIEvDCCAqQCCQCL/COUVyiGjTANBgkqhkiG9w0BAQUFADAgMQswCQYDVQQGEwJFRTERMA8GA1UEAwwIVGVzdCBUU0wwHhcNMTgxMTE1MTI1MjU1WhcNMjgxMTEyMTI1MjU1WjAgMQswCQYDVQQGEwJFRTERMA8GA1UEAwwIVGVzdCBUU0wwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDfFK0fYeGrdngMZXZndDEpcl9pjGGNpbie3+ch5mDqObUe+OL45b4+SfPapriVRNBa+m5T1TuijP7Kb8sTNS9U3WQYvY8bEstPZnaEvdQSSVRf4j9eVg+RTJ8Y4jjZ02GbLwrpELD2Qs+ohCl8e64G29qutchv6nJqOdbL5U+d6DKyrzSpZyMRPA+UmB78KsBTs0o3wME7IA9J37YgtpUZifcC4LdgTWrX2eBICGPqi7GGKzdnI5LDhCJZnHwzva+6lBwa8fW5aXQG69uPTFmd/pNNF6+8f2FcYGljQiD6FYVKAUfYRBlw9ymKaIbNmyh9bs71ezPrI4ltOLjmZLZFRouSIaeExfzj2FkWERNG/iAuEIRolyyXjqjiQIuiEi8uo6sg1cPrD59EuWtTcMzTxuhVU8Ra37F6DrMEipqh84zQcnT0i/RNk4K723aB9uWwHJgJ5Y2/6cbta7ZkYsfQfjBC4nBRVyUlBCpEFYNePbKttYF5Cf5FraMlGzAY0W/MSIUxvRmlkjCzBod4LA+K/hQxEiw7Xa8OAZfw9l9lmSnia+fgRz3fLKxg3yklw6rA/2aISb83uVRvxgqKym3EeJ/+CsOQpwOblEBxWfQizah1Ct4NhsuKLmBbopxAXLqz25E+3BvvsM4nuwWVfoyvTVXYQ+k4V/hj2iS5buJ5twIDAQABMA0GCSqGSIb3DQEBBQUAA4ICAQAGTw5MJurTeeWy+jQikGfivrxt9lzqt+uSV8D6V1GBzBAl8m4SqSY0U8KM/gtqh9bhmQwm0qgx/mKcDKzCUKajXPKm/NbR+pjZD9Lcx4Iy0iqi9rsxSKECGM2dYAmm7GXnXvz9QUxZjteTgYoRP2s6GfosvTQiUEr/cIrYAU3wC0/94pRb9/FLVVon/aVdsh+Dqb4j7BhKLzXNCNjkv1Sv/YL1zpe/2SPxe0Bfymys97lcu1DB01e/MLfqQJThYOblMte/zGNZO24HcvROIkyoUtYy5/H4F5rsamSGMNdBfauTtYxz7lOT7qQoDNyGMN9bfjWnkVi/lV2CVooeiHIs7wLWEhYmU9DiAzcmODU9uMRRBlGOWK8UQg05exc518heICmudSbgSyQLGqzVoI4kybhmBA3w93KEXJSXlnU7hBzoYDP2d1g46Ay59UtvLycS1kxe0jVjxxRnh/f9aPbMwUYBzEC0naUzMeJtElHLHgW4HT6PLgFImgLLFh8dnYJUzn35wz10g3YBA61YUJuODpapKHixn/2X/t/8Vf1vqr/VwiwUglNQj+P78Fdb3T56JsYRG1bdf6nz5dvv4qtLoG+OjPI/tiLjh2ktqaMjeVmlQFchy/C5Lr48d9IGmo+x2ECYSWVvwzxI7PIbYBI4oaPjh2zKIrz/AlY2RmqMMA==</X509Certificate>
                  </DigitalId>
               </ServiceDigitalIdentity>
            </ServiceDigitalIdentities>
            <TSLLocation>https://open-eid.github.io/test-TL/EE_T.xml</TSLLocation>
            <AdditionalInformation>
               <OtherInformation>
                  <TSLType>http://uri.etsi.org/TrstSvc/TrustedList/TSLType/EUgeneric</TSLType>
               </OtherInformation>
               <OtherInformation>
                  <SchemeOperatorName>
                     <Name xml:lang="en">SK Test Authority</Name>
                  </SchemeOperatorName>
               </OtherInformation>
               <OtherInformation>
                  <SchemeTypeCommunityRules>
                     <URI xml:lang="en">http://uri.etsi.org/TrstSvc/TrustedList/schemerules/EUcommon</URI>
                  </SchemeTypeCommunityRules>
               </OtherInformation>
               <OtherInformation>
                  <SchemeTerritory>EE_T</SchemeTerritory>
               </OtherInformation>
               <OtherInformation>
                  <tslx:MimeType>application/vnd.etsi.tsl+xml</tslx:MimeType>
               </OtherInformation>
            </AdditionalInformation>
         </OtherTSLPointer>
      </PointersToOtherTSL>
      <ListIssueDateTime>2018-11-22T16:48:45Z</ListIssueDateTime>
      <NextUpdate>
         <dateTime>2020-08-21T23:00:00Z</dateTime>
      </NextUpdate>
      <DistributionPoints>
         <URI>https://open-eid.github.io/test-TL/tl-mp-test-EE.xml</URI>
      </DistributionPoints>
   </SchemeInformation>
</TrustServiceStatusList>
17:11:50.973 [pool-1-thread-1] DEBUG org.apache.xml.security.signature.Reference - Verification successful for URI "#ID0001"
17:11:50.973 [pool-1-thread-1] DEBUG org.apache.xml.security.signature.Manifest - The Reference has Type 
17:11:50.973 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:Reference", "")
17:11:50.973 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - I was asked to create a ResourceResolver and got 0
17:11:50.974 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
17:11:50.974 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - State I can resolve reference: "#SignedProperties"
17:11:50.974 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - Try to catch an Element with ID SignedProperties and Element was [xades:SignedProperties: null]
17:11:50.974 [pool-1-thread-1] DEBUG org.apache.xml.security.algorithms.JCEMapper - Request for URI http://www.w3.org/2001/04/xmlenc#sha256
17:11:50.974 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - I was asked to create a ResourceResolver and got 0
17:11:50.974 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
17:11:50.974 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - State I can resolve reference: "#SignedProperties"
17:11:50.974 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - Try to catch an Element with ID SignedProperties and Element was [xades:SignedProperties: null]
17:11:50.974 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.DigesterOutputStream - Pre-digested input:
17:11:50.975 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.DigesterOutputStream - <xades:SignedProperties xmlns="http://uri.etsi.org/02231/v2#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:tslx="http://uri.etsi.org/02231/v2/additionaltypes#" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Id="SignedProperties"><xades:SignedSignatureProperties><xades:SigningTime>2018-11-22T14:48:45Z</xades:SigningTime><xades:SigningCertificate><xades:Cert><xades:CertDigest><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod><ds:DigestValue>nk6Dlz6rjsOp9TaNXJg0RNj/m53oC7RGzdDHcZ7jrfo=</ds:DigestValue></xades:CertDigest><xades:IssuerSerial><ds:X509IssuerName>CN=Test TSL, C=EE</ds:X509IssuerName><ds:X509SerialNumber>10086976385427474061</ds:X509SerialNumber></xades:IssuerSerial></xades:Cert></xades:SigningCertificate></xades:SignedSignatureProperties></xades:SignedProperties>
17:11:50.975 [pool-1-thread-1] DEBUG org.apache.xml.security.signature.Reference - Verification successful for URI "#SignedProperties"
17:11:50.975 [pool-1-thread-1] DEBUG org.apache.xml.security.signature.Manifest - The Reference has Type http://uri.etsi.org/01903#SignedProperties
17:11:50.975 [pool-1-thread-1] INFO eu.europa.esig.dss.xades.validation.XAdESSignature - Determining signing certificate from certificate candidates list succeeded
17:11:50.975 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:Signature", "")
17:11:50.975 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:SignedInfo", "")
17:11:50.975 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:SignatureMethod", "")
17:11:50.975 [pool-1-thread-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm - Create URI "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" class "class org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256"
17:11:50.976 [pool-1-thread-1] DEBUG org.apache.xml.security.algorithms.JCEMapper - Request for URI http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
17:11:50.976 [pool-1-thread-1] DEBUG org.apache.xml.security.algorithms.implementations.SignatureBaseRSA - Created SignatureRSA using SHA256withRSA
17:11:50.981 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:KeyInfo", "")
17:11:50.981 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:Reference", "")
17:11:50.981 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:Transforms", "")
17:11:50.981 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - I was asked to create a ResourceResolver and got 0
17:11:50.981 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
17:11:50.981 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - State I can resolve reference: "#ID0001"
17:11:50.981 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - Try to catch an Element with ID ID0001 and Element was [TrustServiceStatusList: null]
17:11:50.982 [pool-1-thread-1] DEBUG org.apache.xml.security.algorithms.JCEMapper - Request for URI http://www.w3.org/2001/04/xmlenc#sha256
17:11:50.982 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - I was asked to create a ResourceResolver and got 0
17:11:50.982 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
17:11:50.982 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - State I can resolve reference: "#ID0001"
17:11:50.982 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - Try to catch an Element with ID ID0001 and Element was [TrustServiceStatusList: null]
17:11:50.982 [pool-1-thread-1] DEBUG org.apache.xml.security.algorithms.JCEMapper - Request for URI http://www.w3.org/2001/04/xmlenc#sha256
17:11:50.982 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - I was asked to create a ResourceResolver and got 0
17:11:50.982 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
17:11:50.983 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - State I can resolve reference: "#ID0001"
17:11:50.983 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - Try to catch an Element with ID ID0001 and Element was [TrustServiceStatusList: null]
17:11:50.983 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:Transform", "")
17:11:50.983 [pool-1-thread-1] DEBUG org.apache.xml.security.transforms.Transforms - Perform the (0)th http://www.w3.org/2000/09/xmldsig#enveloped-signature transform
17:11:50.984 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.DigesterOutputStream - Pre-digested input:
17:11:50.985 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.DigesterOutputStream - <TrustServiceStatusList xmlns="http://uri.etsi.org/02231/v2#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:tslx="http://uri.etsi.org/02231/v2/additionaltypes#" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Id="ID0001" TSLTag="http://uri.etsi.org/19612/TSLTag">
   <SchemeInformation>
      <TSLVersionIdentifier>5</TSLVersionIdentifier>
      <TSLSequenceNumber>3</TSLSequenceNumber>
      <TSLType>http://uri.etsi.org/TrstSvc/TrustedList/TSLType/EUlistofthelists</TSLType>
      <SchemeOperatorName>
         <Name xml:lang="en">SK Test Authority</Name>
      </SchemeOperatorName>
      <SchemeOperatorAddress>
         <PostalAddresses>
            <PostalAddress xml:lang="en">
               <StreetAddress>Pￃﾤrnu mnt 141</StreetAddress>
               <Locality>Tallinn</Locality>
               <PostalCode>11314</PostalCode>
               <CountryName>EE</CountryName>
            </PostalAddress>
         </PostalAddresses>
         <ElectronicAddress>
            <URI xml:lang="en">mailto:info@sk.ee</URI>
            <URI xml:lang="en">http://sk.ee</URI>
         </ElectronicAddress>
      </SchemeOperatorAddress>
      <SchemeName>
        <Name xml:lang="en">EE:Supervision/Accreditation Status List of test certification services</Name>
      </SchemeName>
      <SchemeInformationURI>
         <URI xml:lang="en">http://sk.ee</URI>
      </SchemeInformationURI>
      <StatusDeterminationApproach>http://uri.etsi.org/TrstSvc/TrustedList/StatusDetn/EUlistofthelists</StatusDeterminationApproach>
      <SchemeTypeCommunityRules>
         <URI xml:lang="en">http://uri.etsi.org/TrstSvc/TrustedList/schemerules/EUlistofthelists</URI>
      </SchemeTypeCommunityRules>
      <SchemeTerritory>EE</SchemeTerritory>
      <PolicyOrLegalNotice>
         <TSLLegalNotice xml:lang="en">The present TSL implementation of ponters to test TSL lists is not applicable to any legal frameworks</TSLLegalNotice>
      </PolicyOrLegalNotice>
      <HistoricalInformationPeriod>65535</HistoricalInformationPeriod>
      <PointersToOtherTSL>
         <OtherTSLPointer>
            <ServiceDigitalIdentities>
               <ServiceDigitalIdentity>
                  <DigitalId>
                     <X509Certificate>MIIEvDCCAqQCCQCL/COUVyiGjTANBgkqhkiG9w0BAQUFADAgMQswCQYDVQQGEwJFRTERMA8GA1UEAwwIVGVzdCBUU0wwHhcNMTgxMTE1MTI1MjU1WhcNMjgxMTEyMTI1MjU1WjAgMQswCQYDVQQGEwJFRTERMA8GA1UEAwwIVGVzdCBUU0wwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDfFK0fYeGrdngMZXZndDEpcl9pjGGNpbie3+ch5mDqObUe+OL45b4+SfPapriVRNBa+m5T1TuijP7Kb8sTNS9U3WQYvY8bEstPZnaEvdQSSVRf4j9eVg+RTJ8Y4jjZ02GbLwrpELD2Qs+ohCl8e64G29qutchv6nJqOdbL5U+d6DKyrzSpZyMRPA+UmB78KsBTs0o3wME7IA9J37YgtpUZifcC4LdgTWrX2eBICGPqi7GGKzdnI5LDhCJZnHwzva+6lBwa8fW5aXQG69uPTFmd/pNNF6+8f2FcYGljQiD6FYVKAUfYRBlw9ymKaIbNmyh9bs71ezPrI4ltOLjmZLZFRouSIaeExfzj2FkWERNG/iAuEIRolyyXjqjiQIuiEi8uo6sg1cPrD59EuWtTcMzTxuhVU8Ra37F6DrMEipqh84zQcnT0i/RNk4K723aB9uWwHJgJ5Y2/6cbta7ZkYsfQfjBC4nBRVyUlBCpEFYNePbKttYF5Cf5FraMlGzAY0W/MSIUxvRmlkjCzBod4LA+K/hQxEiw7Xa8OAZfw9l9lmSnia+fgRz3fLKxg3yklw6rA/2aISb83uVRvxgqKym3EeJ/+CsOQpwOblEBxWfQizah1Ct4NhsuKLmBbopxAXLqz25E+3BvvsM4nuwWVfoyvTVXYQ+k4V/hj2iS5buJ5twIDAQABMA0GCSqGSIb3DQEBBQUAA4ICAQAGTw5MJurTeeWy+jQikGfivrxt9lzqt+uSV8D6V1GBzBAl8m4SqSY0U8KM/gtqh9bhmQwm0qgx/mKcDKzCUKajXPKm/NbR+pjZD9Lcx4Iy0iqi9rsxSKECGM2dYAmm7GXnXvz9QUxZjteTgYoRP2s6GfosvTQiUEr/cIrYAU3wC0/94pRb9/FLVVon/aVdsh+Dqb4j7BhKLzXNCNjkv1Sv/YL1zpe/2SPxe0Bfymys97lcu1DB01e/MLfqQJThYOblMte/zGNZO24HcvROIkyoUtYy5/H4F5rsamSGMNdBfauTtYxz7lOT7qQoDNyGMN9bfjWnkVi/lV2CVooeiHIs7wLWEhYmU9DiAzcmODU9uMRRBlGOWK8UQg05exc518heICmudSbgSyQLGqzVoI4kybhmBA3w93KEXJSXlnU7hBzoYDP2d1g46Ay59UtvLycS1kxe0jVjxxRnh/f9aPbMwUYBzEC0naUzMeJtElHLHgW4HT6PLgFImgLLFh8dnYJUzn35wz10g3YBA61YUJuODpapKHixn/2X/t/8Vf1vqr/VwiwUglNQj+P78Fdb3T56JsYRG1bdf6nz5dvv4qtLoG+OjPI/tiLjh2ktqaMjeVmlQFchy/C5Lr48d9IGmo+x2ECYSWVvwzxI7PIbYBI4oaPjh2zKIrz/AlY2RmqMMA==</X509Certificate>
                  </DigitalId>
               </ServiceDigitalIdentity>
            </ServiceDigitalIdentities>
            <TSLLocation>https://open-eid.github.io/test-TL/EE_T.xml</TSLLocation>
            <AdditionalInformation>
               <OtherInformation>
                  <TSLType>http://uri.etsi.org/TrstSvc/TrustedList/TSLType/EUgeneric</TSLType>
               </OtherInformation>
               <OtherInformation>
                  <SchemeOperatorName>
                     <Name xml:lang="en">SK Test Authority</Name>
                  </SchemeOperatorName>
               </OtherInformation>
               <OtherInformation>
                  <SchemeTypeCommunityRules>
                     <URI xml:lang="en">http://uri.etsi.org/TrstSvc/TrustedList/schemerules/EUcommon</URI>
                  </SchemeTypeCommunityRules>
               </OtherInformation>
               <OtherInformation>
                  <SchemeTerritory>EE_T</SchemeTerritory>
               </OtherInformation>
               <OtherInformation>
                  <tslx:MimeType>application/vnd.etsi.tsl+xml</tslx:MimeType>
               </OtherInformation>
            </AdditionalInformation>
         </OtherTSLPointer>
      </PointersToOtherTSL>
      <ListIssueDateTime>2018-11-22T16:48:45Z</ListIssueDateTime>
      <NextUpdate>
         <dateTime>2020-08-21T23:00:00Z</dateTime>
      </NextUpdate>
      <DistributionPoints>
         <URI>https://open-eid.github.io/test-TL/tl-mp-test-EE.xml</URI>
      </DistributionPoints>
   </SchemeInformation>
</TrustServiceStatusList>
17:11:50.986 [pool-1-thread-1] DEBUG org.apache.xml.security.signature.Reference - Verification successful for URI "#ID0001"
17:11:50.987 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:Reference", "")
17:11:50.987 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - I was asked to create a ResourceResolver and got 0
17:11:50.987 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
17:11:50.987 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - State I can resolve reference: "#SignedProperties"
17:11:50.987 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - Try to catch an Element with ID SignedProperties and Element was [xades:SignedProperties: null]
17:11:50.988 [pool-1-thread-1] DEBUG org.apache.xml.security.algorithms.JCEMapper - Request for URI http://www.w3.org/2001/04/xmlenc#sha256
17:11:50.989 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - I was asked to create a ResourceResolver and got 0
17:11:50.989 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
17:11:50.989 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - State I can resolve reference: "#SignedProperties"
17:11:50.989 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - Try to catch an Element with ID SignedProperties and Element was [xades:SignedProperties: null]
17:11:50.989 [pool-1-thread-1] DEBUG org.apache.xml.security.algorithms.JCEMapper - Request for URI http://www.w3.org/2001/04/xmlenc#sha256
17:11:50.989 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - I was asked to create a ResourceResolver and got 0
17:11:50.989 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
17:11:50.990 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - State I can resolve reference: "#SignedProperties"
17:11:50.990 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - Try to catch an Element with ID SignedProperties and Element was [xades:SignedProperties: null]
17:11:50.990 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.DigesterOutputStream - Pre-digested input:
17:11:50.990 [pool-1-thread-1] DEBUG org.apache.xml.security.utils.DigesterOutputStream - <xades:SignedProperties xmlns="http://uri.etsi.org/02231/v2#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:tslx="http://uri.etsi.org/02231/v2/additionaltypes#" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Id="SignedProperties"><xades:SignedSignatureProperties><xades:SigningTime>2018-11-22T14:48:45Z</xades:SigningTime><xades:SigningCertificate><xades:Cert><xades:CertDigest><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod><ds:DigestValue>nk6Dlz6rjsOp9TaNXJg0RNj/m53oC7RGzdDHcZ7jrfo=</ds:DigestValue></xades:CertDigest><xades:IssuerSerial><ds:X509IssuerName>CN=Test TSL, C=EE</ds:X509IssuerName><ds:X509SerialNumber>10086976385427474061</ds:X509SerialNumber></xades:IssuerSerial></xades:Cert></xades:SigningCertificate></xades:SignedSignatureProperties></xades:SignedProperties>
17:11:50.990 [pool-1-thread-1] DEBUG org.apache.xml.security.signature.Reference - Verification successful for URI "#SignedProperties"
17:11:51.005 [pool-1-thread-1] DEBUG eu.europa.esig.dss.validation.DefaultAdvancedSignature - Testing revocation data presence for certificates chain SIGNATURE
17:11:51.080 [pool-1-thread-1] DEBUG eu.europa.esig.dss.client.http.commons.FileCacheDataLoader - Cached file: /tmp/digidoc4jTSLCache/https___open_eid_github_io_test_TL_EE_T_xml
17:11:51.080 [pool-1-thread-1] DEBUG eu.europa.esig.dss.client.http.commons.FileCacheDataLoader - Cached file was used
17:11:51.085 [main] INFO eu.europa.esig.dss.tsl.service.TSLRepository - New version of EE_T TSL is stored in cache
17:11:51.138 [pool-1-thread-2] INFO eu.europa.esig.dss.validation.SignedDocumentValidator - Document validation...
17:11:51.167 [pool-1-thread-2] INFO eu.europa.esig.dss.xades.validation.XAdESCertificateSource - +XAdESCertificateSource
17:11:51.188 [pool-1-thread-2] WARN eu.europa.esig.dss.validation.SignatureValidationContext - Revocation data will not be verified because one of the following: token is selfSigned:true or trusted:true or hasNoIssuer:true
17:11:51.188 [pool-1-thread-2] WARN eu.europa.esig.dss.validation.SignatureValidationContext - Hence no corresponding data will be added to the signature
17:11:51.207 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:Signature", "")
17:11:51.207 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:SignedInfo", "")
17:11:51.207 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:SignatureMethod", "")
17:11:51.207 [pool-1-thread-2] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm - Create URI "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" class "class org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256"
17:11:51.207 [pool-1-thread-2] DEBUG org.apache.xml.security.algorithms.JCEMapper - Request for URI http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
17:11:51.207 [pool-1-thread-2] DEBUG org.apache.xml.security.algorithms.implementations.SignatureBaseRSA - Created SignatureRSA using SHA256withRSA
17:11:51.207 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:KeyInfo", "")
17:11:51.207 [pool-1-thread-2] DEBUG eu.europa.esig.dss.xades.validation.XAdESSignature - Determining signing certificate from certificate candidates list
17:11:51.207 [pool-1-thread-2] DEBUG org.apache.xml.security.signature.XMLSignature - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
17:11:51.207 [pool-1-thread-2] DEBUG org.apache.xml.security.signature.XMLSignature - jceSigAlgorithm    = SHA256withRSA
17:11:51.207 [pool-1-thread-2] DEBUG org.apache.xml.security.signature.XMLSignature - jceSigProvider     = BC
17:11:51.209 [pool-1-thread-2] DEBUG org.apache.xml.security.signature.XMLSignature - PublicKey = RSA Public Key [2b:bf:24:dc:a2:61:d6:9a:7b:88:ce:7b:67:64:9a:e6:ca:06:d2:f4]
            modulus: df14ad1f61e1ab76780c657667743129725f698c618da5b89edfe721e660ea39b51ef8e2f8e5be3e49f3daa6b89544d05afa6e53d53ba28cfeca6fcb13352f54dd6418bd8f1b12cb4f667684bdd41249545fe23f5e560f914c9f18e238d9d3619b2f0ae910b0f642cfa884297c7bae06dbdaaeb5c86fea726a39d6cbe54f9de832b2af34a96723113c0f94981efc2ac053b34a37c0c13b200f49dfb620b6951989f702e0b7604d6ad7d9e0480863ea8bb1862b37672392c38422599c7c33bdafba941c1af1f5b9697406ebdb8f4c599dfe934d17afbc7f615c6069634220fa15854a0147d8441970f7298a6886cd9b287d6ecef57b33eb23896d38b8e664b645468b9221a784c5fce3d85916111346fe202e108468972c978ea8e2408ba2122f2ea3ab20d5c3eb0f9f44b96b5370ccd3c6e85553c45adfb17a0eb3048a9aa1f38cd07274f48bf44d9382bbdb7681f6e5b01c9809e58dbfe9c6ed6bb66462c7d07e3042e27051572525042a4415835e3db2adb5817909fe45ada3251b3018d16fcc488531bd19a59230b30687782c0f8afe1431122c3b5daf0e0197f0f65f659929e26be7e0473ddf2cac60df2925c3aac0ff668849bf37b9546fc60a8aca6dc4789ffe0ac390a7039b94407159f422cda8750ade0d86cb8a2e605ba29c405cbab3db913edc1befb0ce27bb05957e8caf4d55d843e93857f863da24b96ee279b7
    public exponent: 10001

17:11:51.218 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.SignerOutputStream - Canonicalized SignedInfo:
17:11:51.219 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.SignerOutputStream - <ds:SignedInfo xmlns="http://uri.etsi.org/02231/v2#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ecc="http://uri.etsi.org/TrstSvc/SvcInfoExt/eSigDir-1999-93-EC-TrustedList/#" xmlns:tslx="http://uri.etsi.org/02231/v2/additionaltypes#" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#"><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></ds:SignatureMethod><ds:Reference URI="#TEST-EE"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod><ds:DigestValue>NZNsmYD/PyGRObHD+Xujfo9Df0ic3PBB7juRkz0il60=</ds:DigestValue></ds:Reference><ds:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#SignedProperties"><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod><ds:DigestValue>5ZTC+V+bgwftEPM++8vYO+EJGe+a/q1NZQTY1LZ35bI=</ds:DigestValue></ds:Reference></ds:SignedInfo>
17:11:51.220 [pool-1-thread-2] DEBUG org.apache.xml.security.signature.Manifest - verify 2 References
17:11:51.221 [pool-1-thread-2] DEBUG org.apache.xml.security.signature.Manifest - I am not requested to follow nested Manifests
17:11:51.221 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:Reference", "")
17:11:51.221 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:Transforms", "")
17:11:51.221 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - I was asked to create a ResourceResolver and got 0
17:11:51.221 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
17:11:51.221 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - State I can resolve reference: "#TEST-EE"
17:11:51.221 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - Try to catch an Element with ID TEST-EE and Element was [TrustServiceStatusList: null]
17:11:51.221 [pool-1-thread-2] DEBUG org.apache.xml.security.algorithms.JCEMapper - Request for URI http://www.w3.org/2001/04/xmlenc#sha256
17:11:51.221 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - I was asked to create a ResourceResolver and got 0
17:11:51.221 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
17:11:51.221 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - State I can resolve reference: "#TEST-EE"
17:11:51.222 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - Try to catch an Element with ID TEST-EE and Element was [TrustServiceStatusList: null]
17:11:51.222 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:Transform", "")
17:11:51.222 [pool-1-thread-2] DEBUG org.apache.xml.security.transforms.Transforms - Perform the (0)th http://www.w3.org/2000/09/xmldsig#enveloped-signature transform
17:11:51.224 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - Pre-digested input:
17:11:51.225 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - <TrustServiceStatusList xmlns="http://uri.etsi.org/02231/v2#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ecc="http://uri.etsi.org/TrstSvc/SvcInfoExt/eSigDir-1999-93-EC-TrustedList/#" xmlns:tslx="http://uri.etsi.org/02231/v2/additionaltypes#" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Id="TEST-EE" TSLTag="http://uri.etsi.org/02231/TSLTag">
   <SchemeInformation>
      <TSLVersionIdentifier>5</TSLVersionIdentifier>
      <TSLSequenceNumber>10</TSLSequenceNumber>
      <TSLType>http://uri.etsi.org/TrstSvc/TrustedList/TSLType/EUgeneric</TSLType>
      <SchemeOperatorName>
         <Name xml:lang="en">SK Test Authority</Name>
      </SchemeOperatorName>
      <SchemeOperatorAddress>
         <PostalAddresses>
            <PostalAddress xml:lang="en">
               <StreetAddress>Pￃﾤrnu mnt 141</StreetAddress>
               <Locality>Tallinn</Locality>
               <StateOrProvince>Harjumaa</StateOrProvince>
               <PostalCode>11314</PostalCode>
               <CountryName>EE</CountryName>
            </PostalAddress>
         </PostalAddresses>
         <ElectronicAddress>
            <URI xml:lang="en">mailto:info@sk.ee</URI>
            <URI xml:lang="en">http://sk.ee</URI>
         </ElectronicAddress>
      </SchemeOperatorAddress>
      <SchemeName>
         <Name xml:lang="en">EE:Supervision/Accreditation Status List of test certification services</Name>
      </SchemeName>
      <SchemeInformationURI>
         <URI xml:lang="en">http://sk.ee</URI>
      </SchemeInformationURI>
      <StatusDeterminationApproach>http://uri.etsi.org/TrstSvc/TrustedList/TSLType/StatusDetn/EUappropriate</StatusDeterminationApproach>
      <SchemeTypeCommunityRules>
         <URI xml:lang="en">http://uri.etsi.org/TrstSvc/TrustedList/schemerules/EUcommon</URI>
         <URI xml:lang="en">http://uri.etsi.org/TrstSvc/TrustedList/schemerules/EE</URI>
      </SchemeTypeCommunityRules>
      <SchemeTerritory>EE_T</SchemeTerritory>
      <PolicyOrLegalNotice>
         <TSLLegalNotice xml:lang="en">The present TSL implementation of test certificates is not applicable to any legal frameworks</TSLLegalNotice>
      </PolicyOrLegalNotice>
      <HistoricalInformationPeriod>65535</HistoricalInformationPeriod>
      <PointersToOtherTSL>
         <OtherTSLPointer>
            <ServiceDigitalIdentities>
               <ServiceDigitalIdentity>
                  <DigitalId>
                     <X509Certificate>MIIEvDCCAqQCCQC/HGif/u6k6TANBgkqhkiG9w0BAQUFADAgMQswCQYDVQQGEwJFRTERMA8GA1UEAxMIVGVzdCBUU0wwHhcNMTQwNjI1MDkxMDMwWhcNMTUwNjI1MDkxMDMwWjAgMQswCQYDVQQGEwJFRTERMA8GA1UEAxMIVGVzdCBUU0wwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDCU3NdeUa4xMF78VfYPGDDGC4yd2bYboF4C2R7mfUcoaIGOZ4VCShl9ojjQY0a4/7QEI5FPDwvziydN9UFlCRYmb7YrANXL1WS71aLapLM9KuT6e0siFgh1HLeZA0YcdL7opRCVAKxejHuWShuRdvJsNXiv/nKg35I6NPW5OP7IM4HR71CqGcWgtlFkL7sqs943vccpLZa23XQcAfngW0VdPSxuz4R/kzNkIFXBjrPSpjR74006e9csrKxJmebKfGqIIOu0waFVmXsWbj46p05PLpfsVX+lJ8O9CVtq0p4R4BzcUHh4zLJpUDZlRcK0t64EjTSnH4OgEP+qH/zhBxDb8maCRqyZT7iY6e/VBbfwub7ZhNzAnPYd7yGbBz7PIBWEqDNLtTBVq7rlYd63ap2TEvXKczh50IJEM8DTdAWpHG6iRcB17nqxI3U8iq/bPVhcT/OW4Dhb9ZdEllJzCgvpDpv/yBZ/F1tggQwrtjZ4cvZ6AXt+Bb5j5vZpcxbl1Q/2a4dcFMCXfxuuoboXPlFY1ElQGiF3oOV/iVRBNn6gnv0b3+qB1sQlLii4nS/fxwAehsH5z3m4fuLgZKfT9AcpR1e8jJQLJne0dTX0spc1yOVi8nv/PvpZGh3OI/rZfGP2pUU4RQnV96Fw/VBeYFv48+mcwMta+HpaaNTNvmzhQIDAQABMA0GCSqGSIb3DQEBBQUAA4ICAQB9gBvNxbsw/iGCXlbqrqZMjvvMqJVEsSIYe7Hb3mBiPAw50zxBTVXPY9nq5P2nD1hWK/sQMLVTbhQ/rSbiiEzMizEEhMAj5NzLrGm5qDFJeJjvqvsV+IehO9E4sKZ5GI9lhbuOcPo5N1YGSDrtqJpPPKhSv4TeOtl7Y1uCSMq8R9Y3XjNBqv0BsdlnMq6ugBQ74eiOwrIdy2jCIbzNn9ZJtbTiOnVSlaywMiaRkjslkajnFDvMj3pmh9R9/r+/cGMosCVMEqxFYcNjn2CU1S9mslnZb2U/LBYm/WhHF3V1PDN56NaIgBVJAXOJgeQGKvDKHddDMjavSanXQbZeEaikH8znON+HiasNVG/Y7ZBMQTcoWJZ23q07tDQSXCDfgl1AhhaAxgsCnf+yfwWaxHjhygx40VzJnEiBTzAVnqDGW0cezpRnP8huueen38ptKjI46JFR+CgW0ckyFpNtE5AaR0vJuJl8lSpAkXtmIC6iGxsnszV519MXZxpXI0QXAhZQmkw7HPvy/aWxqmX8yyy5Yh2en25631GHt5LtSc1iiGpX0/x+rAiRjDcU5AAEOB4XWF3+NSc7Tyl09trfisQcWp9vCEFSIAwhiErpMvmP+yK/Emh7nZwqU4ueAj3OvggqPsg0Soaixr/UQC9T+rIwifv1Bh2q+VXGqdLG62Ay5Q==</X509Certificate>
                  </DigitalId>
               </ServiceDigitalIdentity>
             </ServiceDigitalIdentities>
            <TSLLocation>https://open-eid.github.io/test-TL/tl-mp-test-EE.xml</TSLLocation>
            <AdditionalInformation>
               <OtherInformation>
                  <TSLType>http://uri.etsi.org/TrstSvc/TrustedList/TSLType/EUlistofthelists</TSLType>
               </OtherInformation>
               <OtherInformation>
                  <SchemeOperatorName>
                     <Name xml:lang="en">SK Test Authority</Name>
                  </SchemeOperatorName>
               </OtherInformation>
               <OtherInformation>
                  <SchemeTypeCommunityRules>
                     <URI>http://uri.etsi.org/TrstSvc/eSigDir-1999-93-EC-TrustedList/schemerules/CompiledList</URI>
                  </SchemeTypeCommunityRules>
               </OtherInformation>
               <OtherInformation>
                  <SchemeTerritory>EE</SchemeTerritory>
               </OtherInformation>
               <OtherInformation>
                  <tslx:MimeType>application/vnd.etsi.tsl+xml</tslx:MimeType>
               </OtherInformation>
            </AdditionalInformation>
         </OtherTSLPointer>
      </PointersToOtherTSL>
      <ListIssueDateTime>2018-11-22T16:47:37Z</ListIssueDateTime>
      <NextUpdate>
         <dateTime>2020-08-20T21:00:00Z</dateTime>
      </NextUpdate>
      <DistributionPoints>
         <URI>https://open-eid.github.io/test-TL/EE_T.xml</URI>
      </DistributionPoints>
   </SchemeInformation>
   <TrustServiceProviderList>
      <TrustServiceProvider>
         <TSPInformation>
            <TSPName>
               <Name xml:lang="en">AS Sertifitseerimiskeskus</Name>
            </TSPName>
            <TSPTradeName>
               <Name xml:lang="en">SK</Name>
            </TSPTradeName>
            <TSPAddress>
               <PostalAddresses>
                  <PostalAddress xml:lang="en">
                     <StreetAddress>Pￃﾤrnu mnt 141</StreetAddress>
                     <Locality>Tallinn</Locality>
                     <StateOrProvince>Harjumaa</StateOrProvince>
                     <PostalCode>11314</PostalCode>
                     <CountryName>EE</CountryName>
                  </PostalAddress>
               </PostalAddresses>
               <ElectronicAddress>
                  <URI xml:lang="en">http://www.sk.ee</URI>
                  <URI xml:lang="en">mailto:info@sk.ee</URI>
               </ElectronicAddress>
            </TSPAddress>
            <TSPInformationURI>
               <URI xml:lang="en">http://www.sk.ee/en/repository/CPS</URI>
            </TSPInformationURI>
         </TSPInformation>
         <TSPServices>
            <TSPService>
               <ServiceInformation>
                  <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/CA/QC</ServiceTypeIdentifier>
                  <ServiceName>
                     <Name xml:lang="en">TEST of ESTEID-SK 2011: Test certificates for Estonian ID-card, the residence permit card, digital personal identification document</Name>
                  </ServiceName>
                  <ServiceDigitalIdentity>
                     <DigitalId>
                        <X509Certificate>MIIEuzCCA6OgAwIBAgIQSxRID7FoIaNNdNhBeucLvDANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMTEwMzA3MTMwNjA5WhcNMjMwOTA3MTIwNjA5WjBsMQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEfMB0GA1UEAwwWVEVTVCBvZiBFU1RFSUQtU0sgMjAxMTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0SMr+A2QGMJuNpu60MgqKG0yLL7JfvjNtgs2hqWADDn1AQeD79o+8r4SRYp9kowSFA8E1v38XXTHRq3nSZeToOC5DMAWjsKlm4x8hwwp31BXCs/Hrl9VmikIgAlaHvv3Z+MzS6qeLdzyYi/glPVrY42A6/kBApOJlOVLvAFdySNmFkY+Ky7MZ9jbBr+Nx4py/V7xm9VD62Oe1lku4S4qd+VYcQ5jftbr4OFjBp9Nn58/5svQxrLjv3B67i19d7sNh7UPnMiO6BeBb6yb3P1lqdHofE1lElStIPViJlzjPOh4puxWadHDvVYUCJgW2aM58mTfjFhZbVfcrVn5OyIiTQIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwE
17:11:51.228 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - Pre-digested input:
17:11:51.229 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - B/zAOBgNVHQ8BAf8EBAMCAQYwgZkGA1UdIASBkTCBjjCBiwYKKwYBBAHOHwMBATB9MFgGCCsGAQUFBwICMEweSgBBAGkAbgB1AGwAdAAgAHQAZQBzAHQAaQBtAGkAcwBlAGsAcwAuACAATwBuAGwAeQAgAGYAbwByACAAdABlAHMAdABpAG4AZwAuMCEGCCsGAQUFBwIBFhVodHRwczovL3d3dy5zay5lZS9DUFMwHQYDVR0OBBYEFEG2/sWxsbRTE4z6+mLQNG1tIjQKMB8GA1UdIwQYMBaAFLU0Cp2lLxDF5yEOvsSxZUcbA3b+MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvcnkvY3Jscy90ZXN0X2VlY2NyY2EuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQBdh5R23K7qkrO78j51xN6CR2qwxUcK/cgcTLWv0obPmJ7jRax3PX0pFhaUE6EhAR0dgS4u6XZrjPgVrt/mwq1h8lJP1MF2ueAHKyS0SGj7aFLkcC+ULwu1k6yiortFJ0Ds49ZGA+ioGzYWPQ+g1Zl4wSDIz52ot0cHUijnf39Szq7E2z7MDfZkYg8HZeHrO493EFghXcnSH7J7z47cgP3GWFNUKv1V2c0eVE4OxRulZ3KmBLPWbJKZ0TyGa/Aooc+TorEjxz//WzcF/Sklp4FeD0MU39UURIlg7LfEcm832bPzZzVGFd4drBd5Dy0Uquu63kW7RDqr+wQFSxKr9DIH</X509Certificate>
                     </DigitalId>
                     <DigitalId>
                        <X509SubjectName>1.2.840.113549.1.9.1=#1609706b6940736b2e6565,CN=TEST of ESTEID-SK 2011,O=AS Sertifitseerimiskeskus,C=EE</X509SubjectName>
                     </DigitalId>
                  </ServiceDigitalIdentity>
                  <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
                  <StatusStartingTime>2016-06-30T22:00:00Z</StatusStartingTime>
                  <TSPServiceDefinitionURI>
                     <URI xml:lang="et">https://sk.ee/repositoorium/CP/</URI>
                     <URI xml:lang="en">https://sk.ee/en/repository/CP/</URI>
                  </TSPServiceDefinitionURI>
                  <ServiceInformationExtensions>
                     <Extension Critical="true">
                        <ecc:Qualifications>
                           <ecc:QualificationElement>
                              <ecc:Qualifiers>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCWithQSCD"></ecc:Qualifier>
                              </ecc:Qualifiers>
                              <ecc:CriteriaList assert="atLeastOne">
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="digitalSignature">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:Description> This service issues qualified certificates for e-signing and e-authentication within the same process. The Relying Party shall make distinction by inspection of keyUsage field contents - e-signature certificates have nonRepudation bit set exclusively. Any certificate issued under the CA/QC Sdi certificate and is issued as a QC (i.e. containing a QcCompliance statement) and that has either its nR or its dS bit set is to be considered as supported by an SSCD</ecc:Description>
                              </ecc:CriteriaList>
                           </ecc:QualificationElement>
                           <ecc:QualificationElement>
                              <ecc:Qualifiers>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCStatement"></ecc:Qualifier>
                              </ecc:Qualifiers>
                              <ecc:CriteriaList assert="all">
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:Description>All certificates issued under this CA/QC service that have nonRepudiation bit set exclusively are issued as qualified certificates</ecc:Description>
                              </ecc:CriteriaList>
                           </ecc:QualificationElement>
                        </ecc:Qualifications>
                     </Extension>
                  </ServiceInformationExtensions>
               </ServiceInformation>
               <ServiceHistory>
                  <ServiceHistoryInstance>
                     <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/CA/QC</ServiceTypeIdentifier>
                     <ServiceName>
                        <Name xml:lang="en">TEST of ESTEID-SK 2011: Test certificates for Estonian ID-card, the residence permit card, digital personal identification document</Name>
                     </ServiceName>
                     <ServiceDigitalIdentity>
                        <DigitalId>
                           <X509SubjectName>1.2.840.113549.1.9.1=#1609706b6940736b2e6565,CN=TEST of ESTEID-SK 2011,O=AS Sertifitseerimiskeskus,C=EE</X509SubjectName>
                        </DigitalId>
                     </ServiceDigitalIdentity>
                     <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/undersupervision</ServiceStatus>
                     <StatusStartingTime>2011-03-08T22:00:00Z</StatusStartingTime>
                     <ServiceInformationExtensions>
                        <Extension Critical="true">
                           <ecc:Qualifications>
                              <ecc:QualificationElement>
                                 <ecc:Qualifiers>
                                    <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCWithSSCD"></ecc:Qualifier>
                                 </ecc:Qualifiers>
                                 <ecc:CriteriaList assert="atLeastOne">
                                    <ecc:KeyUsage>
                                       <ecc:KeyUsageBit name="digitalSignature">true</ecc:KeyUsageBit>
                                    </ecc:KeyUsage>
                                    <ecc:KeyUsage>
                                       <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                    </ecc:KeyUsage>
                                    <ecc:Description> This service issues qualified certificates for e-signing and e-authentication within the same process. The Relying Party shall make distinction by inspection of keyUsage field contents - e-signature certificates have nonRepudation bit set exclusively. Any certificate issued under the CA/QC Sdi certificate and is issued as a QC (i.e. containing a QcCompliance statement) and that has either its nR or its dS bit set is to be considered as supported by an SSCD</ecc:Description>
                                 </ecc:CriteriaList>
                              </ecc:QualificationElement>
                              <ecc:QualificationElement>
                                 <ecc:Qualifiers>
                                    <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCStatement"></ecc:Qualifier>
                                 </ecc:Qualifiers>
                                 <ecc:CriteriaList assert="all">
                                    <ecc:KeyUsage>
                                       <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                    </ecc:KeyUsage>
                                    <ecc:Description>All certificates issued under this CA/QC service that have nonRepudiation bit set exclusively are issued as qualified certificates</ecc:Description>
                                 </ecc:CriteriaList>
                              </ecc:QualificationElement>
                           </ecc:Qualifications>
                        </Extension>
                     </ServiceInformationExtensions>
                  </ServiceHistoryInstance>
               </ServiceHistory>
            </TSPService>
            <TSPService>
               <ServiceInformation>
                  <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/CA/QC</ServiceTypeIdentifier>
                  <ServiceName>
                     <Name xml:lang="en">TEST of ESTEID-SK 2015: Test certificates for Estonian ID-card, the residence permit card, digital personal identification document</Name>
                  </ServiceName>
                  <ServiceDigitalIdentity>
    
17:11:51.230 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - Pre-digested input:
17:11:51.231 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream -                  <DigitalId>
                        <X509Certificate>MIIGgzCCBWugAwIBAgIQEDb9gCZi4PdWc7IoNVIbsTANBgkqhkiG9w0BAQwFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwIBcNMTUxMjE4MDcxMzQ0WhgPMjAzMDEyMTcyMzU5NTlaMGsxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEfMB0GA1UEAwwWVEVTVCBvZiBFU1RFSUQtU0sgMjAxNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMTeAFvLxmAeaOsRKaf+hlkOhW+CdEilmUIKWs+qCWVq+w8E8PA/TohAZdUcO4KFXothmPDmfOCb0ExXcnOPCr2NndavzB39htlyYKYxkOkZi3pLz8bZg/HvpBoy8KIg0sYdbhVPYHf6i7fuJjDac4zN1vKdVQXA6Tv5wS/e90/ZyF955vycxdNLticdozm5yCDMNgsEji6QNA1zIi3+C2YmnDXx6VyxhuC2R3q0xNkwtJ4ezs1RZGxWokTNPzQc3ilGhEJlVsS8vP624hUHwufQnwrKWpc3+D+plMIO0j3E+hmh46gIadDRweFR/dzb+CIBHRaFh0LEBjd/cDFQlBI+E8vpkhqeWp6rp1xwnhCL201M3E1E1Mw+51Xqj7WOfY0TzjOmQJy8WJPEwU2m44KxW1SnpeEBVkgb4XYFeQHAllc7J7JDv50BoIPpecgaqn1vKR7l//wDsL0MN1tDlBhl3x7TJ/fwMnwB1E3zVZR74TUZh5J49CAcFrfM4RmP/0hcDW8+4wNWMg2Qgst2qmPZmHCI/OJt5yMt0Ud5yPF8AWxVot3TxOBGjMiM8m6WsksFsQxp5WtA0DANGXIIfydTaTV16Mg+KpYVqFKxkvFBmfVp6xApMaFl3dY/m56O9JHEqFpBDF+uDQIMjFJxJ4Pt7Mdk40zfL4PSw9Qco2T3AgMBAAGjggINMIICCTAfBgNVHSMEGDAWgBS1NAqdpS8QxechDr7EsWVHGwN2/jAdBgNVHQ4EFgQUScDyRDll1ZtGOw04YIOx1i0ohqYwDgYDVR0PAQH/BAQDAgEGMGYGA1UdIARfMF0wMQYKKwYBBAHOHwMBATAjMCEGCCsGAQUFBwIBFhVodHRwczovL3d3dy5zay5lZS9DUFMwDAYKKwYBBAHOHwMBAjAMBgorBgEEAc4fAwEDMAwGCisGAQQBzh8DAQQwEgYDVR0TAQH/BAgwBgEB/wIBADBBBgNVHR4EOjA4oTYwBIICIiIwCocIAAAAAAAAAAAwIocgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJwYDVR0lBCAwHgYIKwYBBQUHAwkGCCsGAQUFBwMCBggrBgEFBQcDBDCBiQYIKwYBBQUHAQEEfTB7MCUGCCsGAQUFBzABhhlodHRwOi8vZGVtby5zay5lZS9jYV9vY3NwMFIGCCsGAQUFBzAChkZodHRwOi8vd3d3LnNrLmVlL2NlcnRzL1RFU1Rfb2ZfRUVfQ2VydGlmaWNhdGlvbl9DZW50cmVfUm9vdF9DQS5kZXIuY3J0MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvcnkvY3Jscy90ZXN0X2VlY2NyY2EuY3JsMA0GCSqGSIb3DQEBDAUAA4IBAQDBOYTpbbQuoJKAmtDPpAomDd9mKZCarIPxAH8UXphSndMqOmIUA4oQMrLcZ6a0rMyCFR8x4NX7abc8T81cvgUAWjfNFn8+bi6+DgbjhYY+wZ010MHHdUo2xPajfog8cDWJPkmz+9PAdyjzhb1eYoEnm5D6o4hZQCiRyPnOKp7LZcpsVz1IFXsqP7M5WgHk0SqY1vs+Yhu7zWPSNYFIzNNXGoUtfKhhkHiRWFX/wdzr3fqeaQ3gs/PyD53YuJXRzFrktgJJoJWnHEYIhEwbai9+OeKr4L4kTkxvPKTyjjpLKcjUk0Y0cxg7BuzwevonyBtL72b/FVs6XsXJJqCa3W4T</X509Certificate>
                     </DigitalId>
                     <DigitalId>
                        <X509SubjectName>CN=TEST of ESTEID-SK 2015,2.5.4.97=#0c0e4e545245452d3130373437303133,O=AS Sertifitseerimiskeskus,C=EE</X509SubjectName>
                     </DigitalId>
                  </ServiceDigitalIdentity>
                  <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
                  <StatusStartingTime>2016-06-30T22:00:00Z</StatusStartingTime>
                  <TSPServiceDefinitionURI>
                     <URI xml:lang="et">https://sk.ee/repositoorium/CP/</URI>
                     <URI xml:lang="en">https://sk.ee/en/repository/CP/</URI>
                  </TSPServiceDefinitionURI>
                  <ServiceInformationExtensions>
                     <Extension Critical="true">
                        <ecc:Qualifications>
                           <ecc:QualificationElement>
                              <ecc:Qualifiers>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCWithQSCD"></ecc:Qualifier>
                              </ecc:Qualifiers>
                              <ecc:CriteriaList assert="atLeastOne">
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="digitalSignature">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:Description>This service issues qualified certificates for e-signing and e-authentication within the same process. The Relying Party shall make distinction by inspection of keyUsage field contents - e-signature certificates have nonRepudation bit set exclusively. Any certificate issued under the CA/QC Sdi certificate and is issued as a QC (i.e. containing a QcCompliance statement) and that has either its nR or its dS bit set is to be considered as supported by an SSCD</ecc:Description>
                              </ecc:CriteriaList>
                           </ecc:QualificationElement>
                           <ecc:QualificationElement>
                              <ecc:Qualifiers>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCStatement"></ecc:Qualifier>
                              </ecc:Qualifiers>
                              <ecc:CriteriaList assert="all">
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:Description>All certificates issued under this CA/QC service that have nonRepudiation bit set exclusively are issued as qualified certificates</ecc:Description>
                              </ecc:CriteriaList>
                           </ecc:QualificationElement>
                        </ecc:Qualifications>
                     </Extension>
                  </ServiceInformationExtensions>
               </ServiceInformation>
               <ServiceHistory>
                  <ServiceHistoryInstance>
                     <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/CA/QC</ServiceTypeIdentifier>
                     <ServiceName>
                        <Name xml:lang="en">TEST of ESTEID-SK 2015: Test certificates for Estonian ID-card, the residence permit card, digital personal identification document</Name>
                     </ServiceName>
                     <ServiceDigitalIdentity>
                        <DigitalId>
                           <X509SubjectName>CN=TEST of ESTEID-SK 2015,2.5.4.97=#0c0e4e545245452d3130373437303133,O=AS Sertifitseerimiskeskus,C=EE</X509SubjectName>
                        </DigitalId>
                     </ServiceDigitalIdentity>
                     <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/undersupervision</ServiceStatus>
                     <StatusStartingTime>2015-12-18T07:13:44Z</StatusStartingTime>
                     <ServiceInformationExtensions>
                        <Extension Critical="true">
                           <ecc:Qualifications>
                              <ecc:QualificationElement>
                                 <ecc:Qualifiers>
                                    <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCWithSSCD"></ecc:Qualifier>
                                 </ecc:Qualifiers>
                                 <ecc:CriteriaList assert="atLeastOne">
                                    <ecc:KeyUsage>
                                       <ecc:KeyUsageBit name="digitalSignature">true</ecc:KeyUsageBit>
                                    </ecc:KeyUsage>
                                    <ecc:KeyUsage>
                                       <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                    </ecc:KeyUsage>
                                    <ecc:Description> This service issues qualified certificates for e-signing and e-authentication within the same process. The Relying Party shall make distinction by inspection of keyUsage field contents - e-signature certificates have nonRepudation bit set exclusively. Any certificate issued under the CA/QC Sdi certificate and is issued as a QC (i.e. containing a QcCompliance statement) and that has either its nR or its dS bit set is to be considered as supported by an SSCD</ecc:Description>
                                 </ecc:CriteriaList>
                              </ecc:QualificationElement>
                              <ecc:QualificationElement>
      
17:11:51.232 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - Pre-digested input:
17:11:51.233 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream -                            <ecc:Qualifiers>
                                    <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCStatement"></ecc:Qualifier>
                                 </ecc:Qualifiers>
                                 <ecc:CriteriaList assert="all">
                                    <ecc:KeyUsage>
                                       <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                    </ecc:KeyUsage>
                                    <ecc:Description>All certificates issued under this CA/QC service that have nonRepudiation bit set exclusively are issued as qualified certificates</ecc:Description>
                                 </ecc:CriteriaList>
                              </ecc:QualificationElement>
                           </ecc:Qualifications>
                        </Extension>
                     </ServiceInformationExtensions>
                  </ServiceHistoryInstance>
               </ServiceHistory>
            </TSPService>
            <TSPService>
               <ServiceInformation>
                  <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/CA/QC</ServiceTypeIdentifier>
                  <ServiceName>
                     <Name xml:lang="en">TEST of EID-SK 2016 qualified certificates for electronic signatures</Name>
                  </ServiceName>
                  <ServiceDigitalIdentity>
                     <DigitalId>
                        <X509Certificate>MIIG+DCCBeCgAwIBAgIQUkCP5k8r59RXxWzfbx+GsjANBgkqhkiG9w0BAQwFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwIBcNMTYwODMwMTEyNDE1WhgPMjAzMDEyMTcyMzU5NTlaMGgxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEcMBoGA1UEAwwTVEVTVCBvZiBFSUQtU0sgMjAxNjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOrKOByrJqS1QsKD4tXhqkZafPMd5sfxem6iVbMAAHKpvOs4Ia2oXdSvJ2FjrMl5szeT4lpHyzfECzO3nx7pvRLKHufi6lMwMGjtSI6DK8BiH9z7Lm+kNLunNFdIir0hPijjbIkjg9iwfaeST9Fi5502LsK7duhKuCnH7O0uMrS/MynJ4StANGY13X2FvPW4qkrtbwsmhdN0Btro72O6/3O+0vbnq/yCWtcQrBGv3+8XEBdCqH5S/Rt0EugKX4UlVy5l0QUc8IrjGtdMsr9KDtvmVwlefXYKoLqkC7guMGOUNf6Y4AYGsPqfY4dG3N5YNp5FHDL7IO93h7TpRV3gyR38LiJsPHk5nES5mdPkNuEkCyg0zEKI7uJ4LUuBbjzZPp2gP7PN8Iqi9GP7V2NCz8vUVN3WpHvctsf0DMvZdV5pxqLY5ojyfhMsU4aMcGSQA9EK8ES3O1zBK1DW+btjbQjUFW1SIwCkB2yofFxge+vvzZGbvt2UGOE8oAL8/JzNxi9FbjTAbycrGWgEMQ0sM1fKc+OsvoaSy9m3ZQGph0+dbsouQpl3kpJvjDMzxxkrMqxdhlVMreLKGCMMxJMAGQEwVS5P93Nnmz8UbkmeomUJr3NrBo4+V9L5S4Kx1vTvD0p72xRYFyfifLOjs8qs7lR3yhkcBPQI78ERqxv31FWDAgMBAAGjggKFMIICgTAfBgNVHSMEGDAWgBS1NAqdpS8QxechDr7EsWVHGwN2/jAdBgNVHQ4EFgQUrrDq4Tb4JqulzAtmVf46HQK/ErQwDgYDVR0PAQH/BAQDAgEGMIHEBgNVHSAEgbwwgbkwPAYHBACL7EABAjAxMC8GCCsGAQUFBwIBFiNodHRwczovL3d3dy5zay5lZS9yZXBvc2l0b29yaXVtL0NQUzA8BgcEAIvsQAEAMDEwLwYIKwYBBQUHAgEWI2h0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvb3JpdW0vQ1BTMDsGBgQAj3oBAjAxMC8GCCsGAQUFBwIBFiNodHRwczovL3d3dy5zay5lZS9yZXBvc2l0b29yaXVtL0NQUzASBgNVHRMBAf8ECDAGAQH/AgEAMCcGA1UdJQQgMB4GCCsGAQUFBwMJBggrBgEFBQcDAgYIKwYBBQUHAwQwfAYIKwYBBQUHAQEEcDBuMCAGCCsGAQUFBzABhhRodHRwOi8vb2NzcC5zay5lZS9DQTBKBggrBgEFBQcwAoY+aHR0cDovL3d3dy5zay5lZS9jZXJ0cy9FRV9DZXJ0aWZpY2F0aW9uX0NlbnRyZV9Sb290X0NBLmRlci5jcnQwQQYDVR0eBDowOKE2MASCAiIiMAqHCAAAAAAAAAAAMCKHIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCUGCCsGAQUFBwEDBBkwFzAVBggrBgEFBQcLAjAJBgcEAIvsSQEBMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvcnkvY3Jscy90ZXN0X2VlY2NyY2EuY3JsMA0GCSqGSIb3DQEBDAUAA4IBAQAiw1VNxp1Ho7FwcPlFqlLl6zb225IvpNelFX2QMbq1SPe41LuBW7WRZIV4b6bRQug55k8lAm8eX3zEXL9I+4Bzai/IBlMSTYNpqAQGNVImQVwMa64uN8DWo8LNWSYNYYxQzO7sTnqsqxLPWeKZRMkREI0RaVNoIPsciJvid9iBKTcGnMVkbrgyLzlXblLMU4I0pL2RWlfs2tr+XtCtWAvJPFskM2QZ2NnLjW8WroZr8TooocRA1vl/ruIAPC3FxW7zebKcA2B66j4tW7uyF2kPx4WWA3xgR5QZnn4ePEAYjJdu1eWd9KbeAbxPCfFOST43t0fm20HfV2Wp2PMEq4b2</X509Certificate>
                     </DigitalId>
                     <DigitalId>
                        <X509SubjectName>CN=TEST of EID-SK 2016,2.5.4.97=#130e4e545245452d3130373437303133,O=AS Sertifitseerimiskeskus,C=EE</X509SubjectName>
                     </DigitalId>
                  </ServiceDigitalIdentity>
                  <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
                  <StatusStartingTime>2016-12-21T10:00:00Z</StatusStartingTime>
                  <TSPServiceDefinitionURI>
                     <URI xml:lang="et">https://sk.ee/repositoorium/CP/</URI>
                     <URI xml:lang="en">https://sk.ee/en/repository/CP/</URI>
                  </TSPServiceDefinitionURI>
                  <ServiceInformationExtensions>
                     <Extension Critical="true">
                        <ecc:Qualifications>
                           <ecc:QualificationElement>
                              <ecc:Qualifiers>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCStatement"></ecc:Qualifier>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCForESig"></ecc:Qualifier>
                              </ecc:Qualifiers>
                              <ecc:CriteriaList assert="all">
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:PolicySet>
                                    <ecc:PolicyIdentifier>
                                       <xades:Identifier>1.3.6.1.4.1.10015.17.2</xades:Identifier>
                                    </ecc:PolicyIdentifier>
                                 </ecc:PolicySet>
                                 <ecc:Description>All certificates issued under this CA/QC service that have nonRepudiation bit set exclusively are issued as qualified certificates
                                 </ecc:Description>
                              </ecc:CriteriaList>
                           </ecc:QualificationElement>
                        </ecc:Qualifications>
                     </Extension>
                     <Extension Critical="true">
                        <AdditionalServiceInformation>
                           <URI xml:lang="en">http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/ForeSignatures</URI>
                        </AdditionalServiceInformation>
                     </Extension>
                  </ServiceInformationExtensions>
               </ServiceInformation>
            </TSPService>
            <TSPService>
               <ServiceInformation>
                  <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/CA/PKC</ServiceTypeIdentifier>
                  <ServiceName>
                     <Name xml:lang="en">TEST of NQ-SK 2016 advanced certificates for electronic signatures</Name>
                  </ServiceName>
                  <ServiceDigitalIdentity>
                     <DigitalId>
                        <X509Certificate>MIIGijCCBXKgAwIBAgIQOjiPZGsWs2VXxW0gWA+mAzANBgkqhkiG9w0BAQwFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwIBcNMTYwODMwMTEyNTIwWhgPMjAzMDEyMTcyMzU5NTlaMGcxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBOUS1TSyAyMDE2MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwKLATeOt27z1OPLOFaUQVTLSL6tiQLrBZCO3C3DQuMLixR6cCla+aAS3U4VaKZRCrK+NI7v2cGvDdPW6jmztJJPlXcbZ2nY6QtQq2TkXnVx8Yh+9H1iRB3u9Av9ALFEisj/uYWGoqA8bT7C0MgCu7VGdvpYpiRy7FCyKX7CDf3wW4a/x+vil4yMb0UD2BTrMgwTgcxsaQ4zCg+DFvB8+97pOWZMWbBjkLskM/mxp/ChrDVRiQsMgcUgiQ2heqRa3lNrHXkyJYseUEaCxXkT+aIwdtG7HPqvTrhLbfJs9iMFV3t08jFRZn8gwpUlyy0pztNoy6Xn6d9BHv5+P7/yIOMKghh23gx637WRIaghIn8+6i6/CIK77IQTxwwc4Prg/kpr+F7/5l7M/9Hk7yXsJZ5RHP+JooJcF25pU7VEO80UDJ/srKfm/frlHqeioUxmYRdZSRLiPiZpMC958euD5NsuiJSGqCtESGLyRxNp5Ts7iaQbMcRx0fHTJ0jG4EzXprUKCZCBD2ozK+DljyKEQZmwr7tXge9/JEiX1xhO4fGzadtz5nXjJvAnh8KUnTX9fli7Y1wY2Y2iBlYUbxn9ENPusE5TcLMKDnvpLEd7b0Z3keQiIWR0GvN
17:11:51.234 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - Pre-digested input:
17:11:51.239 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - N59Fe2RhM4sa0IyNXyM0xvamglEEP9/uWJmEdYf7q0wBmWQUhcMc8CAwEAAaOCAhgwggIUMB8GA1UdIwQYMBaAFLU0Cp2lLxDF5yEOvsSxZUcbA3b+MB0GA1UdDgQWBBSsw050xt/OPR3E74FhBbZv3UkdPTAOBgNVHQ8BAf8EBAMCAQYwRgYDVR0gBD8wPTA7BgYEAI96AQEwMTAvBggrBgEFBQcCARYjaHR0cHM6Ly93d3cuc2suZWUvcmVwb3NpdG9vcml1bS9DUFMwEgYDVR0TAQH/BAgwBgEB/wIBADCBjQYIKwYBBQUHAQEEgYAwfjAgBggrBgEFBQcwAYYUaHR0cDovL29jc3Auc2suZWUvQ0EwWgYIKwYBBQUHMAKGTmh0dHBzOi8vd3d3LnNrLmVlL3VwbG9hZC9maWxlcy9URVNUX29mX0VFX0NlcnRpZmljYXRpb25fQ2VudHJlX1Jvb3RfQ0EuZGVyLmNydDBBBgNVHR4EOjA4oTYwBIICIiIwCocIAAAAAAAAAAAwIocgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJwYDVR0lBCAwHgYIKwYBBQUHAwkGCCsGAQUFBwMCBggrBgEFBQcDBDAlBggrBgEFBQcBAwQZMBcwFQYIKwYBBQUHCwIwCQYHBACL7EkBATBDBgNVHR8EPDA6MDigNqA0hjJodHRwczovL3d3dy5zay5lZS9yZXBvc2l0b3J5L2NybHMvdGVzdF9lZWNjcmNhLmNybDANBgkqhkiG9w0BAQwFAAOCAQEAt/0Rv4T7HcRt53ELEDvjTXdxCmdAvLs/eynom18jTguHSwO1vqcq+FRjZ8Qw2Ds5lL8QqT9h38lrQoyNVXLSJOV49seLM/So3k2I6agYXOtM1a+oQG6Si09dQVwMAk0y/7YOddVnx5OdGJZlJTqQumVJUS96Wm74qKh6B+w0gGgAvg/7BpAIBtUweRmjoV4iT/EKz0bKOJPU63guw7y6APGJOsama9fj96cVrnqNdPhaPKqTIPkdabkwxB3wPiCzON9+r0FVUn0se4kIkqZ+jJQBLmYCvnuzMwiYVBvWorTpWNXwLV7B8cwI5/UwmXermhgBhRhb4ZBQhuChRNEp4w==</X509Certificate>
                     </DigitalId>
                     <DigitalId>
                        <X509SubjectName>CN=TEST of NQ-SK 2016,2.5.4.97=#130e4e545245452d3130373437303133,O=AS Sertifitseerimiskeskus,C=EE</X509SubjectName>
                     </DigitalId>
                  </ServiceDigitalIdentity>
                  <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
                  <StatusStartingTime>2016-12-21T10:00:00Z</StatusStartingTime>
                  <TSPServiceDefinitionURI>
                     <URI xml:lang="et">https://sk.ee/repositoorium/CP/</URI>
                     <URI xml:lang="en">https://sk.ee/en/repository/CP/</URI>
                  </TSPServiceDefinitionURI>
                  <ServiceInformationExtensions>
                     <Extension Critical="true">
                        <AdditionalServiceInformation>
                           <URI xml:lang="en">http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/ForeSignatures</URI>
                        </AdditionalServiceInformation>
                     </Extension>
                  </ServiceInformationExtensions>
               </ServiceInformation>
            </TSPService>
            <TSPService>
               <ServiceInformation>
                  <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/CA/QC</ServiceTypeIdentifier>
                  <ServiceName>
                     <Name xml:lang="en">TEST of ESTEID2018: Test certificates for Estonian ID-card, the residence permit card, digital personal identification document</Name>
                  </ServiceName>
                  <ServiceDigitalIdentity>
                     <DigitalId>
                        <X509Certificate>MIIFfDCCBN2gAwIBAgIQNhjzSfd2UEpbkO14EY4ORTAKBggqhkjOPQQDBDBiMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEdMBsGA1UEAwwUVEVTVCBvZiBFRS1Hb3ZDQTIwMTgwHhcNMTgwOTA2MDkwMzUyWhcNMzMwODMwMTI0ODI4WjBgMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBFU1RFSUQyMDE4MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBxYug4cEqwmIj+3TVaUlhfxCV9FQgfuglC2/0Ux1Ieqw11mDjNvnGJhkWxaLbWJi7QtthMG5R104l7Np7lBevrBgBDtfgja9e3MLTQkY+cFS+UQxjt9ZihTUJVsR7lowYlaGEiqqsGbEhlwfu27Xsm8b2rhSiTOvNdjTtG57NnwVAX+ijggMyMIIDLjAfBgNVHSMEGDAWgBR/DHDY9OWPAXfux20pKbn0yfxqwDAdBgNVHQ4EFgQUwISZKcROnzsCNPaZ4QpWAAgpPnswDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwggHNBgNVHSAEggHEMIIBwDAIBgYEAI96AQIwCQYHBACL7EABAjAyBgsrBgEEAYORIQECATAjMCEGCCsGAQUFBwIBFhVodHRwczovL3d3dy5zay5lZS9DUFMwDQYLKwYBBAGDkSEBAgIwDQYLKwYBBAGDkX8BAgEwDQYLKwYBBAGDkSEBAgUwDQYLKwYBBAGDkSEBAgYwDQYLKwYBBAGDkSEBAgcwDQYLKwYBBAGDkSEBAgMwDQYLKwYBBAGDkSEBAgQwDQYLKwYBBAGDkSEBAggwDQYLKwYBBAGDkSEBAgkwDQYLKwYBBAGDkSEBAgowDQYLKwYBBAGDkSEBAgswDQYLKwYBBAGDkSEBAgwwDQYLKwYBBAGDkSEBAg0wDQYLKwYBBAGDkSEBAg4wDQYLKwYBBAGDkSEBAg8wDQYLKwYBBAGDkSEBAhAwDQYLKwYBBAGDkSEBAhEwDQYLKwYBBAGDkSEBAhIwDQYLKwYBBAGDkSEBAhMwDQYLKwYBBAGDkSEBAhQwDQYLKwYBBAGDkX8BAgIwDQYLKwYBBAGDkX8BAgMwDQYLKwYBBAGDkX8BAgQwDQYLKwYBBAGDkX8BAgUwDQYLKwYBBAGDkX8BAgYwKgYDVR0lAQH/BCAwHgYIKwYBBQUHAwkGCCsGAQUFBwMCBggrBgEFBQcDBDB3BggrBgEFBQcBAQRrMGkwLgYIKwYBBQUHMAGGImh0dHA6Ly9haWEuZGVtby5zay5lZS9lZS1nb3ZjYTIwMTgwNwYIKwYBBQUHMAKGK2h0dHA6Ly9jLnNrLmVlL1Rlc3Rfb2ZfRUUtR292Q0EyMDE4LmRlci5jcnQwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vYy5zay5lZS9UZXN0X29mX0VFLUdvdkNBMjAxOC5jcmwwCgYIKoZIzj0EAwQDgYwAMIGIAkIBIF+LqytyaV4o5wUSm30VysB8LdWtoOrzNq2QhB6tGv4slg5z+CR58e60eRFqNxT7eccA/HgoPWs0B1Z+L067qtUCQgCB8OP0kHx/j1t7htN2CXjpSjGFZw5TTI4s1eGyTbe0UJRBXEkUKfFbZVmzGPFPprwUdSPi8PpO7+xGBYlFHA4z+Q==</X509Certificate>
                     </DigitalId>
                     <DigitalId>
                        <X509SubjectName>CN=TEST of ESTEID2018,2.5.4.97=#0c0e4e545245452d3130373437303133,O=SK ID Solutions AS,C=EE</X509SubjectName>
                     </DigitalId>
                  </ServiceDigitalIdentity>
                  <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
                  <StatusStartingTime>2018-04-05T09:45:21Z</StatusStartingTime>
                  <TSPServiceDefinitionURI>
                     <URI xml:lang="et">https://sk.ee/repositoorium/CP/</URI>
                     <URI xml:lang="en">https://sk.ee/en/repository/CP/</URI>
                  </TSPServiceDefinitionURI>
                  <ServiceInformationExtensions>
                     <Extension Critical="true">
                        <ecc:Qualifications>
                           <ecc:QualificationElement>
                              <ecc:Qualifiers>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCWithSSCD"></ecc:Qualifier>
                              </ecc:Qualifiers>
                              <ecc:CriteriaList assert="atLeastOne">
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="digitalSignature">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:Description> This service issues qualified certificates for e-signing and e-authentication within the same process. The Relying Party shall make distinction by inspection of keyUsage field contents - e-signature certificates have nonRepudation bit set exclusively. Any certificate issued under the CA/QC Sdi certificate and is issued as a QC (i.e. containing a QcCompliance statement) and that has either its nR or its dS bit set is to be considered as supported by an SSCD</ecc:Description>
                              </ecc:CriteriaList>
                           </ecc:QualificationElement>
                           <ecc:QualificationElement>
                              <ecc:Qualifiers>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCStatement"></ecc:Qualifier>
                              </ecc:Qualifiers>
                              <ecc:CriteriaList assert="all">
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                              </ecc:CriteriaList>
                           </ecc:QualificationElement>
                        </ecc:Qualifications>
                     </Extension>
                  </ServiceInformationExtensions>
               </ServiceInformation>
            </TSPService>
            <TSPService>
               <ServiceInformation>
                  <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/Certstatus/OCSP/QC</ServiceTypeIdentifier>
                  <ServiceName>
                     <Name xml:lang="en">TEST of SK OCSP RESPONDER 2011</Name>
            
17:11:51.240 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - Pre-digested input:
17:11:51.243 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream -       </ServiceName>
                  <ServiceDigitalIdentity>
                     <DigitalId>
                        <X509Certificate>MIIEijCCA3KgAwIBAgIQaI8x6BnacYdNdNwlYnn/mzANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMTEwMzA3MTMyMjQ1WhcNMjQwOTA3MTIyMjQ1WjCBgzELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNlcnRpZml0c2VlcmltaXNrZXNrdXMxDTALBgNVBAsMBE9DU1AxJzAlBgNVBAMMHlRFU1Qgb2YgU0sgT0NTUCBSRVNQT05ERVIgMjAxMTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0cw6Cja17BbYbHi6frwccDI4BIQLk/fiCE8L45os0xhPgEGR+EHE8LPCIqofPgf4gwN1vDE6cQNUlK0Od+Ush39i9Z45esnfpGq+2HsDJaFmFr5+uC1MEz5Kn1TazEvKbRjkGnSQ9BertlGer2BlU/kqOk5qA5RtJfhT0psc1ixKdPipv59wnf+nHx1+T+fPWndXVZLoDg4t3w8lIvIE/KhOSMlErvBIHIAKV7yH1hOxyeGLghqzMiAn3UeTEOgoOS9URv0C/T5C3mH+Y/uakMSxjNuz41PneimCzbEJZJRiEaMIj8qPAubcbL8GtY03MWmfNtX6/wh6u6TMfW8S2wIDAQABo4H+MIH7MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMJMB0GA1UdDgQWBBR9/5CuRokEgGiqSzYuZGYAogl8TzCBoAYDVR0gBIGYMIGVMIGSBgorBgEEAc4fAwEBMIGDMFgGCCsGAQUFBwICMEweSgBBAGkAbgB1AGwAdAAgAHQAZQBzAHQAaQBtAGkAcwBlAGsAcwAuACAATwBuAGwAeQAgAGYAbwByACAAdABlAHMAdABpAG4AZwAuMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LnNrLmVlL2FqYXRlbXBlbC8wHwYDVR0jBBgwFoAUtTQKnaUvEMXnIQ6+xLFlRxsDdv4wDQYJKoZIhvcNAQEFBQADggEBAAbaj7kTruTAPHqToye9ZtBdaJ3FZjiKug9/5RjsMwDpOeqFDqCorLd+DBI4tgdu0g4lhaI3aVnKdRBkGV18kqp84uU97JRFWQEf6H8hpJ9k/LzAACkP3tD+0ym+md532mV+nRz1Jj+RPLAUk9xYMV7KPczZN1xnl2wZDJwBbQpcSVH1DjlZv3tFLHBLIYTS6qOK4SxStcgRq7KdRczfW6mfXzTCRWM3G9nmDei5Q3+XTED41j8szRWglzYf6zOv4djkja64WYraQ5zb4x8Xh7qTCk6UupZ7je+0oRfuz0h/3zyRdjcRPkjloSpQp/NG8Rmrcnr874p8d9fdwCrRI7U=</X509Certificate>
                     </DigitalId>
                     <DigitalId>
                        <X509SubjectName>1.2.840.113549.1.9.1=#1609706b6940736b2e6565,CN=TEST of SK OCSP RESPONDER 2011,OU=OCSP,O=AS Sertifitseerimiskeskus,C=EE</X509SubjectName>
                     </DigitalId>
                  </ServiceDigitalIdentity>
                  <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
                  <StatusStartingTime>2016-06-30T22:00:00Z</StatusStartingTime>
                  <ServiceSupplyPoints>
                     <ServiceSupplyPoint>http://demo.sk.ee/ocsp</ServiceSupplyPoint>
                  </ServiceSupplyPoints>
               </ServiceInformation>
               <ServiceHistory>
                  <ServiceHistoryInstance>
                     <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/Certstatus/OCSP/QC</ServiceTypeIdentifier>
                     <ServiceName>
                        <Name xml:lang="en">TEST of SK OCSP RESPONDER 2011</Name>
                     </ServiceName>
                     <ServiceDigitalIdentity>
                        <DigitalId>
                           <X509SubjectName>1.2.840.113549.1.9.1=#1609706b6940736b2e6565,CN=TEST of SK OCSP RESPONDER 2011,OU=OCSP,O=AS Sertifitseerimiskeskus,C=EE</X509SubjectName>
                        </DigitalId>
                     </ServiceDigitalIdentity>
                     <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/undersupervision</ServiceStatus>
                     <StatusStartingTime>2011-03-08T22:00:00Z</StatusStartingTime>
                  </ServiceHistoryInstance>
               </ServiceHistory>
            </TSPService>
            <TSPService>
               <ServiceInformation>
                  <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/TSA/QTST</ServiceTypeIdentifier>
                  <ServiceName>
                     <Name xml:lang="en">DEMO of SK TSA</Name>
                  </ServiceName>
                  <ServiceDigitalIdentity>
                     <DigitalId>
                        <X509Certificate>MIIEEDCCAvigAwIBAgIQM7TnUTYz+b1Tgw99YoRLODANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMTQwNTI2MDk1NTA5WhcNMjQwNTI2MDk1NTA5WjBYMQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEMMAoGA1UECwwDVFNBMRcwFQYDVQQDDA5ERU1PIG9mIFNLIFRTQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMYVFuAcGSanEI10cpb2Rcd2IgXz5XMYJM8XD1wL5Ltv/R2dCQmGaDbpb+/bXOCgm9P/fjCJ7g/DGoplomkKQfUkK4qi0quUaZylnJRgDtj6Y12Mni507Lnk6+6f0xxUAUSV7mCrdZtzYG7jrVjeTjx5RHwr69EKz5zBdLE/N5n893h2+Z1gMsUXJvm1DN4Ui99kCdo1vi2iTVgh5SpTo8lDAkzElrl6B3sHWwgUe7CyxjL4uqvU3B6OwU27F3mrAK/3c1+hdyuZKMTurWzQznCr1jqx0TubxRcwiyDyE9i3ip0G92+NB1/xop33+ooLkL930i/A/kVJYWLIR2N2Ms8CAwEAAaOBsDCBrTAOBgNVHQ8BAf8EBAMCBsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwHQYDVR0OBBYEFNfCWP6p03Uhi50s/a2eWQR886TUMB8GA1UdIwQYMBaAFLU0Cp2lLxDF5yEOvsSxZUcbA3b+MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvcnkvY3Jscy90ZXN0X2VlY2NyY2EuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBfidmlXMbJ+tBDgaQ9CyM0ObI5srSaePHamHglBUFU34tYp9HVhVU+8xh5+hGEOV5y0mZeeIyuQyfwlySQ0vMWdZx02KdNFa9m6ICpufTieHHUzZBCWs/Pl8Bci3Vu5y/VwUAYf14TVJEWCyhyRwo/bfxXRnWIr/Mhe8d10exroADEtcEhRLklyHw6C+ck/mVyrbQm+XoZq876TyuZWmbzxMSi3UG/Zpss1LjK4qI75HDJqW/PHsDJC8YCIpVoRBcN+O0TLuzxOYG++cZBU7QR3axkSkyammtbF85lqxh4Xi4nKjIYgrGWbNXZp4dN/G+uMTDk/2rj8w7E6aRWne2m</X509Certificate>
                     </DigitalId>
                     <DigitalId>
                        <X509Certificate>MIIEFTCCAv2gAwIBAgIQTqz7bCP8W45UBZa7tztTTDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMTQwOTAyMTAwNjUxWhcNMjQwOTAyMTAwNjUxWjBdMQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEMMAoGA1UECwwDVFNBMRwwGgYDVQQDDBNERU1PIG9mIFNLIFRTQSAyMDE0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAysgrVnVPxH8jNgCsJw0y+7fmmBDTM/tNB+xielnP9KcuQ+nyTgNu1JMpnry7Rh4ndr54rPLXNGVdb/vsgsi8B558DisPVUn3Rur3/8XQ+BCkhTQIg1cSmyCsWxJgeaQKJi6WGVaQWB2he35aVhL5F6ae/gzXT3sGGwnWujZkY9o5RapGV15+/b7Uv+7jWYFAxcD6ba5jI00RY/gmsWwKb226Rnz/pXKDBfuN3ox7y5/lZf5+MyIcVe1qJe7VAJGpJFjNq+BEEdvfqvJ1PiGQEDJAPhRqahVjBSzqZhJQoL3HI42NRCFwarvdnZYoCPxjeYpAynTHgNR7kKGX1iQ8OQIDAQABo4GwMIGtMA4GA1UdDwEB/wQEAwIGwDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAdBgNVHQ4EFgQUJwScZQxzlzySVqZXviXpKZDV5NwwHwYDVR0jBBgwFoAUtTQKnaUvEMXnIQ6+xLFlRxsDdv4wQwYDVR0fBDwwOjA4oDagNIYyaHR0cHM6Ly93d3cuc2suZWUvcmVwb3NpdG9yeS9jcmxzL3Rlc3RfZWVjY3JjYS5jcmwwDQYJKoZIhvcNAQELBQADggEBAIq02SVKwP1UolKjqAQe7SVY/Kgi++G2kqAd40UmMqa94GTu91LFZR5TvdoyZjjnQ2ioXh5CV2lflUy/lUrZMDpqEe7IbjZW5+b9n5aBvXYJgDua9SYjMOrcy3siytqq8UbNgh79ubYgWhHhJSnLWK5YJ+5vQjTpOMdRsLp/D+FhTUa6mP0UDY+U82/tFufkd9HW4zbalUWhQgnNYI3oo0CsZ0HExuynOOZmM1Bf8PzD6etlLSKkYB+mB77Omqgflzz+Jjyh45o+305MRzHDFeJZx7WxC+XTNWQ0ZFTFfc0ozxxzUWUlfNfpWyQh3+4LbeSQRWrNkbNRfCpYotyM6AY=</X509Certificate>
                     </DigitalId>
                     <DigitalId>
                        <X509SubjectName>CN=DEMO of SK TSA,OU=TSA,O=AS Sertifitseerimiskeskus,C=EE</X509SubjectName>
                     </DigitalId>
                  </ServiceDigitalIdentity>
                  <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
                  <StatusStartingTime>2016-06-30T22:00:00Z</StatusStartingTime>
                  <ServiceSupplyPoints>
                     <ServiceSupplyPoint>http://demo.sk.ee/tsa/</ServiceSupplyPoint>
                  </ServiceSupplyPoints>
               </ServiceInformation>
               <ServiceHistory>
                  <ServiceHistoryInstance>
                     <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/TSA/QTST</ServiceTypeIdentifier>
                     <ServiceName>
                        <Name xml:lang="en">DEMO of SK TSA</Name>
                     </ServiceName>
                     <ServiceDigitalIdentity>
                        <DigitalId>
                           <X509SubjectName>CN=DEMO of SK TSA,OU=TSA,O=AS Sertifitseerimiskeskus,C=EE</X509SubjectName>
                        </DigitalId>
                     </ServiceDigitalIdentity>
                     <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/undersupervision</ServiceStatus>
                     <
17:11:51.245 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - Pre-digested input:
17:11:51.247 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - StatusStartingTime>2014-05-31T21:00:00Z</StatusStartingTime>
                  </ServiceHistoryInstance>
               </ServiceHistory>
            </TSPService>
            <TSPService>
               <ServiceInformation>
                  <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/CA/QC</ServiceTypeIdentifier>
                  <ServiceName>
                     <Name xml:lang="en">TEST of KLASS3 2010: test electronic seals</Name>
                  </ServiceName>
                  <ServiceDigitalIdentity>
                     <DigitalId>
                        <X509Certificate>MIIExzCCA6+gAwIBAgIQIrzOHDuBOQRPabRVIaWqEzANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMTIwMzIxMTA1ODI5WhcNMjUwMzIxMTA1ODI5WjB1MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEhMB8GA1UECwwYU2VydGlmaXRzZWVyaW1pc3RlZW51c2VkMR8wHQYDVQQDDBZURVNUIG9mIEtMQVNTMy1TSyAyMDEwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Ua/6IAAqXvy2COvRLW9yCSeImQ23XRAzf/xHmJ6fYiSs0LaR8c19IOSOkOarAgUrt0XDG5KWBdE5qwuVc0gQN9ZjYwmDg3dq4LVo89FdvATKk2Tao01Iu1N+2eGSEifgGBH5iWfYqu1hGJ2nJPHIG9bKXZXfw+ET2gymO5bHnt8iOJmq+YynMXEvxtUTl2hKh0o6m28i3YKXru0jm5qe5/YCJ9HFw9yKn8eLnI2/9Jfruxe5F1AMOkVXhVtA57yeQARv18a8uEQZV0CS/WDmCPi+hl6GqSwhWZBdB9igOMsnZdNS1s7kr2/46doZQVPa2X3vJyYMTl/oaWB++VfAQIDAQABo4IBSTCCAUUwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAcYwgZkGA1UdIASBkTCBjjCBiwYKKwYBBAHOHwMBATB9MCEGCCsGAQUFBwIBFhVodHRwczovL3d3dy5zay5lZS9jcHMwWAYIKwYBBQUHAgIwTB5KAEEAaQBuAHUAbAB0ACAAdABlAHMAdABpAG0AaQBzAGUAawBzAC4AIABPAG4AbAB5ACAAZgBvAHIAIAB0AGUAcwB0AGkAbgBnAC4wHQYDVR0OBBYEFNFoQ5JN1Wc5Ii9tzYgGEg662Wp2MB8GA1UdIwQYMBaAFLU0Cp2lLxDF5yEOvsSxZUcbA3b+MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvcnkvY3Jscy90ZXN0X2VlY2NyY2EuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCiE8G8gwZpeeHm0PoqHd54/KbfH2cAklqO5rcg2m9fhhvPNtMQ9Wc19JWauE2YuNsnJNKetglUAnA/yd64DhQKBf+2JUgYJas4dTscRgXXlz8huuvenNUpfPd3iispVc2WNBQ2qjBEZXdqhbkG0/RgM42Hb28+1v23HsoLhCGY2YjHhYynmOk/8BULI/ArsgA7FJflXi5Xp/cdC8BJQ87vtPlAnxm0axZMvASNXMUvvQTUjCTg0yczX3d8+I3EBNBlzfPMsyU1LCn6Opbs2/DGF/4enhRGk/49L6ltfOyOA73buSogS2JkvCweSx6Y2cs1fXVyFszm2HJmQgwbZYfR</X509Certificate>
                     </DigitalId>
                     <DigitalId>
                        <X509SubjectName>CN=TEST of KLASS3-SK 2010,OU=Sertifitseerimisteenused,O=AS Sertifitseerimiskeskus,C=EE</X509SubjectName>
                     </DigitalId>
                  </ServiceDigitalIdentity>
                  <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
                  <StatusStartingTime>2016-06-30T22:00:00Z</StatusStartingTime>
                  <TSPServiceDefinitionURI>
                     <URI xml:lang="et">https://sk.ee/repositoorium/CP/</URI>
                     <URI xml:lang="en">https://sk.ee/en/repository/CP/</URI>
                  </TSPServiceDefinitionURI>
                  <ServiceInformationExtensions>
                     <Extension Critical="true">
                        <ecc:Qualifications>
                           <ecc:QualificationElement>
                              <ecc:Qualifiers>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCQSCDStatusAsInCert"></ecc:Qualifier>
                              </ecc:Qualifiers>
                              <ecc:CriteriaList assert="all">
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:PolicySet>
                                    <ecc:PolicyIdentifier>
                                       <xades:Identifier>0.4.0.194112.1.3</xades:Identifier>
                                    </ecc:PolicyIdentifier>
                                 </ecc:PolicySet>
                                 <ecc:Description>Any certificate that is issued under the CA/QC Sdi certificate and that is issued as a QC (i.e. containing a QcCompliance statement) and having its Certificate Policy PolicyIdentifier OID set as 0.4.0.194112.1.3, is to be considered as supported by a QSCD. They are issued for digital stamping according to eIDAS regulation</ecc:Description>
                              </ecc:CriteriaList>
                           </ecc:QualificationElement>
                           <ecc:QualificationElement>
                              <ecc:Qualifiers>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCForLegalPerson"></ecc:Qualifier>
                              </ecc:Qualifiers>
                              <ecc:CriteriaList assert="atLeastOne">
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">false</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:Description>Any certificate issued under the CA/QC Sdi certificate and is issued as a QC (i.e. containing a QcCompliance statement) is to be considered as issued to a Legal Person</ecc:Description>
                              </ecc:CriteriaList>
                           </ecc:QualificationElement>
                           <ecc:QualificationElement>
                              <ecc:Qualifiers>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCStatement"></ecc:Qualifier>
                              </ecc:Qualifiers>
                              <ecc:CriteriaList assert="all">
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:Description>All certificates issued under this CA/QC service that have nonRepudiation bit set exclusively are issued as qualified certificates</ecc:Description>
                              </ecc:CriteriaList>
                           </ecc:QualificationElement>
                           <ecc:QualificationElement>
                              <ecc:Qualifiers>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCForESeal"></ecc:Qualifier>
                              </ecc:Qualifiers>
                              <ecc:CriteriaList assert="all">
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:Description></ecc:Description>
                              </ecc:CriteriaList>
                           </ecc:QualificationElement>
                        </ecc:Qualifications>
                     </Extension>
                     <Extension Critical="true">
                        <AdditionalServiceInformation>
                           <URI xml:lang="en">http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/ForeSeals</URI>
                        </AdditionalServiceInformation>
                     </Extension>
                  </ServiceInformationExtensions>
               </ServiceInformation>
               <ServiceHistory>
                  <ServiceHistoryInstance>
                     <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/CA/QC</ServiceTypeIdentifier>
                     <ServiceName>
                        <Name xml:lang="en">TEST of KLASS3 2010: test electronic seals</Name>
                     </ServiceName>
                     <ServiceDigitalIdentity>
                        <DigitalId>
                           <X509SubjectName>CN=TEST of KLASS3-SK 2010,OU=Sertifitseerimisteenused,O=AS Sertifitseerimiskeskus,C=EE</X509SubjectName>
        
17:11:51.248 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - Pre-digested input:
17:11:51.250 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream -                 </DigitalId>
                     </ServiceDigitalIdentity>
                     <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/undersupervision</ServiceStatus>
                     <StatusStartingTime>2010-03-31T09:17:00Z</StatusStartingTime>
                     <TSPServiceDefinitionURI>
                        <URI xml:lang="et">https://sk.ee/repositoorium/CP/</URI>
                        <URI xml:lang="en">https://sk.ee/en/repository/CP/</URI>
                     </TSPServiceDefinitionURI>
                     <ServiceInformationExtensions>
                        <Extension Critical="true">
                           <ecc:Qualifications>
                              <ecc:QualificationElement>
                                 <ecc:Qualifiers>
                                    <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCForLegalPerson"></ecc:Qualifier>
                                 </ecc:Qualifiers>
                                 <ecc:CriteriaList assert="atLeastOne">
                                    <ecc:KeyUsage>
                                       <ecc:KeyUsageBit name="nonRepudiation">false</ecc:KeyUsageBit>
                                    </ecc:KeyUsage>
                                    <ecc:KeyUsage>
                                       <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                    </ecc:KeyUsage>
                                 </ecc:CriteriaList>
                              </ecc:QualificationElement>
                              <ecc:QualificationElement>
                                 <ecc:Qualifiers>
                                    <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCWithSSCD"></ecc:Qualifier>
                                 </ecc:Qualifiers>
                                 <ecc:CriteriaList assert="all">
                                    <ecc:KeyUsage>
                                       <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                    </ecc:KeyUsage>
                                 </ecc:CriteriaList>
                              </ecc:QualificationElement>
                              <ecc:QualificationElement>
                                 <ecc:Qualifiers>
                                    <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCStatement"></ecc:Qualifier>
                                 </ecc:Qualifiers>
                                 <ecc:CriteriaList assert="all">
                                    <ecc:KeyUsage>
                                       <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                    </ecc:KeyUsage>
                                 </ecc:CriteriaList>
                              </ecc:QualificationElement>
                           </ecc:Qualifications>
                        </Extension>
                     </ServiceInformationExtensions>
                  </ServiceHistoryInstance>
               </ServiceHistory>
            </TSPService>
            <TSPService>
               <ServiceInformation>
                  <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/CA/QC</ServiceTypeIdentifier>
                  <ServiceName>
                     <Name xml:lang="en">TEST of KLASS3-SK 2016: test electronic seals</Name>
                  </ServiceName>
                  <ServiceDigitalIdentity>
                     <DigitalId>
                        <X509Certificate>MIIGyTCCBbGgAwIBAgIQWwxFeuMr159YRRcFxuRXvzANBgkqhkiG9w0BAQwFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMTYxMjA1MDcyODA1WhcNMzAxMjE3MDcyODA1WjCBjjELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNlcnRpZml0c2VlcmltaXNrZXNrdXMxITAfBgNVBAsMGFNlcnRpZml0c2VlcmltaXN0ZWVudXNlZDEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxHzAdBgNVBAMMFlRFU1Qgb2YgS0xBU1MzLVNLIDIwMTYwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDLBBWlTGtbsgjmRQHKjUz7xsc4BI5Lts/l9t7seXPK5OzZiXomPK2y8y8QxslfDI9KEA0X7VAF2UPwgEDpBLXAOcD1cbijMl23Gz815TH7Lfg+ZpHDh375F1m2vlEoWX0UG7FioRM+xAsBK3EaL3HpJkN8fCSzUwgP7tCl+ivmQwTA0dAoXCib/XtTrYjYa57vHG8xMzKZvc9B4pK9DLvBe+fHbkXHEh1y1EU4AX2VE+eIcieqSHh1PtsB6/YCoSHDa8/uffWcrurbbl++QHgQC8yE6jTQyEfHcIB7ZCy1RbH4l4QtdmsuG7YpxDyBcjFjdz1h1a82GFA67ZHlZ5ogDn7xXyu2fbUBcJlj9wM2wxiyrUt6HCFky6CJhL60zEGVur4nWL/2KYedOxa4CowTv52ceGHBMuWcBHQK2egs5l8ti8oN5jLIhHe2k0dCYJa59fOf6QQv7jKeA/yfY6CmW8BWtY8knmFSOnsqEIBSbWNsYMB1+cidxyr3sTd+haTIZs1JVhS1+gFAe4xVJYDMdnU+nqIvZvNwP9fANC+Nl3h8rfdHLYIexRg8+m2lsrgVT2QOf73EJ+JS10vUI2SinVZikxltxHkA96jDWzs1kpdjKuPdei7fI1roKBhKLyUA6n7tB2XEp0E5K5v4HNXWnY7+skuyvSZxMShNgSmegQIDAQABo4ICMTCCAi0wEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAcYwgfYGA1UdIASB7jCB6zCBgwYJKwYBBAHOHwcDMHYwIAYIKwYBBQUHAgEWFGh0dHA6Ly93d3cuc2suZWUvY3BzMFIGCCsGAQUFBwICMEYeRABBAHMAdQB0AHUAcwBlACAAcwBlAHIAdABpAGYAaQBrAGEAYQB0AC4AIABDAG8AcgBwAG8AcgBhAHQAZQAgAEkARAAuMAgGBmeBDAECAjAvBgkrBgEEAc4fBwIwIjAgBggrBgEFBQcCARYUaHR0cDovL3d3dy5zay5lZS9jcHMwCAYGBACPegEBMAkGBwQAi+xAAQEwCAYGBACPegEHMAkGBwQAi+xAAQMwHQYDVR0OBBYEFC4bj7sBLzT42jAEi1zB8lwl49j3MB8GA1UdIwQYMBaAFLU0Cp2lLxDF5yEOvsSxZUcbA3b+MIGIBggrBgEFBQcBAQR8MHowIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3NwLnNrLmVlL0NBMFYGCCsGAQUFBzAChkpodHRwczovL3NrLmVlL3VwbG9hZC9maWxlcy9URVNUX29mX0VFX0NlcnRpZmljYXRpb25fQ2VudHJlX1Jvb3RfQ0EuZGVyLmNydDBDBgNVHR8EPDA6MDigNqA0hjJodHRwczovL3d3dy5zay5lZS9yZXBvc2l0b3J5L2NybHMvdGVzdF9lZWNjcmNhLmNybDANBgkqhkiG9w0BAQwFAAOCAQEAWwdrvtnroOs0VHJWGJTKBclIZhxqmMWmy0Wt/cmblAT4NV0mcWGKwGj4F2S1tUnsw9x4zbpPy0GX0knKVeC76MnwbgjjjjQDs9DPc+CmLz3RMGqiw1ZIXvvXnoUiaB9vH6Xekm7McvIUTZtRjKIgFK6IzU2P5YGl5OMJ8TFhhtH0Jwo/0pyJqM9W0hmMdSMOHTwtqHnBQGjn0KQ5+zDtgVy6rt8bn44yuKXUIdYOFMrhK9nE/D8c7sOEbcDbr1n+rLFS0ov2xMcySIa99Rk5HaCsfvQAz5RQx38gJ9Hu/Ah9AVuMBfNyyrgYzRu93dc/+XX2h/Oe2s4LuJUDvm1aFw==</X509Certificate>
                     </DigitalId>
                  </ServiceDigitalIdentity>
                  <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
                  <StatusStartingTime>2017-06-30T06:00:00Z</StatusStartingTime>
                  <TSPServiceDefinitionURI>
                     <URI xml:lang="et">https://sk.ee/repositoorium/CP/</URI>
                     <URI xml:lang="en">https://sk.ee/en/repository/CP/</URI>
                  </TSPServiceDefinitionURI>
                  <ServiceInformationExtensions>
                     <Extension Critical="true">
                        <ecc:Qualifications>
                           <ecc:QualificationElement>
                              <ecc:Qualifiers>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCQSCDStatusAsInCert"></ecc:Qualifier>
                              </ecc:Qualifiers>
                              <ecc:CriteriaList assert="all">
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:PolicySet>
                                    <ecc:PolicyIdentifier>
                                       <xades:Identifier>0.4.0.194112.1.3</xades:Identifier>
                                    </ecc:PolicyIdentifier>
                                 </ecc:PolicySet>
                                 <ecc:Description>Any certificate that is issued under the CA/QC Sdi certificate and that is issued as a QC (i.e. containing a QcCompliance statement) and having its Certificate Policy PolicyIdentifier OID set as 0.4.0.194112.1.3, is to be considered as supported by a QSCD. They are issued for digital stamping according to eIDAS regulation</ecc:Description>
                              </ecc:CriteriaList>
                           </ecc:QualificationElement>
                           <ecc:QualificationElement>
                              <ecc:Qualifiers>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCForLegalPerson"></
17:11:51.251 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - Pre-digested input:
17:11:51.251 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - ecc:Qualifier>
                              </ecc:Qualifiers>
                              <ecc:CriteriaList assert="atLeastOne">
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">false</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:Description>Any certificate issued under the CA/QC Sdi certificate and is issued as a QC (i.e. containing a QcCompliance statement) is to be considered as issued to a Legal Person</ecc:Description>
                              </ecc:CriteriaList>
                           </ecc:QualificationElement>
                           <ecc:QualificationElement>
                              <ecc:Qualifiers>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCStatement"></ecc:Qualifier>
                              </ecc:Qualifiers>
                              <ecc:CriteriaList assert="all">
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:Description>All certificates issued under this CA/QC service that have nonRepudiation bit set exclusively are issued as qualified certificates</ecc:Description>
                              </ecc:CriteriaList>
                           </ecc:QualificationElement>
                           <ecc:QualificationElement>
                              <ecc:Qualifiers>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCForESeal"></ecc:Qualifier>
                              </ecc:Qualifiers>
                              <ecc:CriteriaList assert="all">
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:Description></ecc:Description>
                              </ecc:CriteriaList>
                           </ecc:QualificationElement>
                        </ecc:Qualifications>
                     </Extension>
                     <Extension Critical="true">
                        <AdditionalServiceInformation>
                           <URI xml:lang="en">http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/ForeSeals</URI>
                        </AdditionalServiceInformation>
                     </Extension>
                  </ServiceInformationExtensions>
               </ServiceInformation>
            </TSPService>
         </TSPServices>
      </TrustServiceProvider>
   </TrustServiceProviderList>
</TrustServiceStatusList>
17:11:51.253 [pool-1-thread-2] DEBUG org.apache.xml.security.signature.Reference - Verification successful for URI "#TEST-EE"
17:11:51.254 [pool-1-thread-2] DEBUG org.apache.xml.security.signature.Manifest - The Reference has Type 
17:11:51.254 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:Reference", "")
17:11:51.254 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - I was asked to create a ResourceResolver and got 0
17:11:51.254 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
17:11:51.254 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - State I can resolve reference: "#SignedProperties"
17:11:51.254 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - Try to catch an Element with ID SignedProperties and Element was [xades:SignedProperties: null]
17:11:51.254 [pool-1-thread-2] DEBUG org.apache.xml.security.algorithms.JCEMapper - Request for URI http://www.w3.org/2001/04/xmlenc#sha256
17:11:51.254 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - I was asked to create a ResourceResolver and got 0
17:11:51.254 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
17:11:51.254 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - State I can resolve reference: "#SignedProperties"
17:11:51.254 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - Try to catch an Element with ID SignedProperties and Element was [xades:SignedProperties: null]
17:11:51.255 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - Pre-digested input:
17:11:51.255 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - <xades:SignedProperties xmlns="http://uri.etsi.org/02231/v2#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ecc="http://uri.etsi.org/TrstSvc/SvcInfoExt/eSigDir-1999-93-EC-TrustedList/#" xmlns:tslx="http://uri.etsi.org/02231/v2/additionaltypes#" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Id="SignedProperties"><xades:SignedSignatureProperties><xades:SigningTime>2018-11-22T14:47:37Z</xades:SigningTime><xades:SigningCertificate><xades:Cert><xades:CertDigest><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod><ds:DigestValue>nk6Dlz6rjsOp9TaNXJg0RNj/m53oC7RGzdDHcZ7jrfo=</ds:DigestValue></xades:CertDigest><xades:IssuerSerial><ds:X509IssuerName>CN=Test TSL, C=EE</ds:X509IssuerName><ds:X509SerialNumber>10086976385427474061</ds:X509SerialNumber></xades:IssuerSerial></xades:Cert></xades:SigningCertificate></xades:SignedSignatureProperties></xades:SignedProperties>
17:11:51.255 [pool-1-thread-2] DEBUG org.apache.xml.security.signature.Reference - Verification successful for URI "#SignedProperties"
17:11:51.255 [pool-1-thread-2] DEBUG org.apache.xml.security.signature.Manifest - The Reference has Type http://uri.etsi.org/01903#SignedProperties
17:11:51.255 [pool-1-thread-2] INFO eu.europa.esig.dss.xades.validation.XAdESSignature - Determining signing certificate from certificate candidates list succeeded
17:11:51.260 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:Signature", "")
17:11:51.261 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:SignedInfo", "")
17:11:51.261 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:SignatureMethod", "")
17:11:51.261 [pool-1-thread-2] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm - Create URI "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" class "class org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256"
17:11:51.261 [pool-1-thread-2] DEBUG org.apache.xml.security.algorithms.JCEMapper - Request for URI http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
17:11:51.261 [pool-1-thread-2] DEBUG org.apache.xml.security.algorithms.implementations.SignatureBaseRSA - Created SignatureRSA using SHA256withRSA
17:11:51.261 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:KeyInfo", "")
17:11:51.261 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:Reference", "")
17:11:51.261 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:Transforms", "")
17:11:51.261 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - I was asked to create a ResourceResolver and got 0
17:11:51.261 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
17:11:51.261 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - State I can resolve reference: "#TEST-EE"
17:11:51.261 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - Try to catch an Element with ID TEST-EE and Element was [TrustServiceStatusList: null]
17:11:51.262 [pool-1-thread-2] DEBUG org.apache.xml.security.algorithms.JCEMapper - Request for URI http://www.w3.org/2001/04/xmlenc#sha256
17:11:51.262 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - I was asked to create a ResourceResolver and got 0
17:11:51.262 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
17:11:51.262 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - State I can resolve reference: "#TEST-EE"
17:11:51.262 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - Try to catch an Element with ID TEST-EE and Element was [TrustServiceStatusList: null]
17:11:51.262 [pool-1-thread-2] DEBUG org.apache.xml.security.algorithms.JCEMapper - Request for URI http://www.w3.org/2001/04/xmlenc#sha256
17:11:51.262 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - I was asked to create a ResourceResolver and got 0
17:11:51.262 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
17:11:51.262 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - State I can resolve reference: "#TEST-EE"
17:11:51.262 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - Try to catch an Element with ID TEST-EE and Element was [TrustServiceStatusList: null]
17:11:51.262 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:Transform", "")
17:11:51.262 [pool-1-thread-2] DEBUG org.apache.xml.security.transforms.Transforms - Perform the (0)th http://www.w3.org/2000/09/xmldsig#enveloped-signature transform
17:11:51.263 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - Pre-digested input:
17:11:51.264 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - <TrustServiceStatusList xmlns="http://uri.etsi.org/02231/v2#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ecc="http://uri.etsi.org/TrstSvc/SvcInfoExt/eSigDir-1999-93-EC-TrustedList/#" xmlns:tslx="http://uri.etsi.org/02231/v2/additionaltypes#" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Id="TEST-EE" TSLTag="http://uri.etsi.org/02231/TSLTag">
   <SchemeInformation>
      <TSLVersionIdentifier>5</TSLVersionIdentifier>
      <TSLSequenceNumber>10</TSLSequenceNumber>
      <TSLType>http://uri.etsi.org/TrstSvc/TrustedList/TSLType/EUgeneric</TSLType>
      <SchemeOperatorName>
         <Name xml:lang="en">SK Test Authority</Name>
      </SchemeOperatorName>
      <SchemeOperatorAddress>
         <PostalAddresses>
            <PostalAddress xml:lang="en">
               <StreetAddress>Pￃﾤrnu mnt 141</StreetAddress>
               <Locality>Tallinn</Locality>
               <StateOrProvince>Harjumaa</StateOrProvince>
               <PostalCode>11314</PostalCode>
               <CountryName>EE</CountryName>
            </PostalAddress>
         </PostalAddresses>
         <ElectronicAddress>
            <URI xml:lang="en">mailto:info@sk.ee</URI>
            <URI xml:lang="en">http://sk.ee</URI>
         </ElectronicAddress>
      </SchemeOperatorAddress>
      <SchemeName>
         <Name xml:lang="en">EE:Supervision/Accreditation Status List of test certification services</Name>
      </SchemeName>
      <SchemeInformationURI>
         <URI xml:lang="en">http://sk.ee</URI>
      </SchemeInformationURI>
      <StatusDeterminationApproach>http://uri.etsi.org/TrstSvc/TrustedList/TSLType/StatusDetn/EUappropriate</StatusDeterminationApproach>
      <SchemeTypeCommunityRules>
         <URI xml:lang="en">http://uri.etsi.org/TrstSvc/TrustedList/schemerules/EUcommon</URI>
         <URI xml:lang="en">http://uri.etsi.org/TrstSvc/TrustedList/schemerules/EE</URI>
      </SchemeTypeCommunityRules>
      <SchemeTerritory>EE_T</SchemeTerritory>
      <PolicyOrLegalNotice>
         <TSLLegalNotice xml:lang="en">The present TSL implementation of test certificates is not applicable to any legal frameworks</TSLLegalNotice>
      </PolicyOrLegalNotice>
      <HistoricalInformationPeriod>65535</HistoricalInformationPeriod>
      <PointersToOtherTSL>
         <OtherTSLPointer>
            <ServiceDigitalIdentities>
               <ServiceDigitalIdentity>
                  <DigitalId>
                     <X509Certificate>MIIEvDCCAqQCCQC/HGif/u6k6TANBgkqhkiG9w0BAQUFADAgMQswCQYDVQQGEwJFRTERMA8GA1UEAxMIVGVzdCBUU0wwHhcNMTQwNjI1MDkxMDMwWhcNMTUwNjI1MDkxMDMwWjAgMQswCQYDVQQGEwJFRTERMA8GA1UEAxMIVGVzdCBUU0wwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDCU3NdeUa4xMF78VfYPGDDGC4yd2bYboF4C2R7mfUcoaIGOZ4VCShl9ojjQY0a4/7QEI5FPDwvziydN9UFlCRYmb7YrANXL1WS71aLapLM9KuT6e0siFgh1HLeZA0YcdL7opRCVAKxejHuWShuRdvJsNXiv/nKg35I6NPW5OP7IM4HR71CqGcWgtlFkL7sqs943vccpLZa23XQcAfngW0VdPSxuz4R/kzNkIFXBjrPSpjR74006e9csrKxJmebKfGqIIOu0waFVmXsWbj46p05PLpfsVX+lJ8O9CVtq0p4R4BzcUHh4zLJpUDZlRcK0t64EjTSnH4OgEP+qH/zhBxDb8maCRqyZT7iY6e/VBbfwub7ZhNzAnPYd7yGbBz7PIBWEqDNLtTBVq7rlYd63ap2TEvXKczh50IJEM8DTdAWpHG6iRcB17nqxI3U8iq/bPVhcT/OW4Dhb9ZdEllJzCgvpDpv/yBZ/F1tggQwrtjZ4cvZ6AXt+Bb5j5vZpcxbl1Q/2a4dcFMCXfxuuoboXPlFY1ElQGiF3oOV/iVRBNn6gnv0b3+qB1sQlLii4nS/fxwAehsH5z3m4fuLgZKfT9AcpR1e8jJQLJne0dTX0spc1yOVi8nv/PvpZGh3OI/rZfGP2pUU4RQnV96Fw/VBeYFv48+mcwMta+HpaaNTNvmzhQIDAQABMA0GCSqGSIb3DQEBBQUAA4ICAQB9gBvNxbsw/iGCXlbqrqZMjvvMqJVEsSIYe7Hb3mBiPAw50zxBTVXPY9nq5P2nD1hWK/sQMLVTbhQ/rSbiiEzMizEEhMAj5NzLrGm5qDFJeJjvqvsV+IehO9E4sKZ5GI9lhbuOcPo5N1YGSDrtqJpPPKhSv4TeOtl7Y1uCSMq8R9Y3XjNBqv0BsdlnMq6ugBQ74eiOwrIdy2jCIbzNn9ZJtbTiOnVSlaywMiaRkjslkajnFDvMj3pmh9R9/r+/cGMosCVMEqxFYcNjn2CU1S9mslnZb2U/LBYm/WhHF3V1PDN56NaIgBVJAXOJgeQGKvDKHddDMjavSanXQbZeEaikH8znON+HiasNVG/Y7ZBMQTcoWJZ23q07tDQSXCDfgl1AhhaAxgsCnf+yfwWaxHjhygx40VzJnEiBTzAVnqDGW0cezpRnP8huueen38ptKjI46JFR+CgW0ckyFpNtE5AaR0vJuJl8lSpAkXtmIC6iGxsnszV519MXZxpXI0QXAhZQmkw7HPvy/aWxqmX8yyy5Yh2en25631GHt5LtSc1iiGpX0/x+rAiRjDcU5AAEOB4XWF3+NSc7Tyl09trfisQcWp9vCEFSIAwhiErpMvmP+yK/Emh7nZwqU4ueAj3OvggqPsg0Soaixr/UQC9T+rIwifv1Bh2q+VXGqdLG62Ay5Q==</X509Certificate>
                  </DigitalId>
               </ServiceDigitalIdentity>
             </ServiceDigitalIdentities>
            <TSLLocation>https://open-eid.github.io/test-TL/tl-mp-test-EE.xml</TSLLocation>
            <AdditionalInformation>
               <OtherInformation>
                  <TSLType>http://uri.etsi.org/TrstSvc/TrustedList/TSLType/EUlistofthelists</TSLType>
               </OtherInformation>
               <OtherInformation>
                  <SchemeOperatorName>
                     <Name xml:lang="en">SK Test Authority</Name>
                  </SchemeOperatorName>
               </OtherInformation>
               <OtherInformation>
                  <SchemeTypeCommunityRules>
                     <URI>http://uri.etsi.org/TrstSvc/eSigDir-1999-93-EC-TrustedList/schemerules/CompiledList</URI>
                  </SchemeTypeCommunityRules>
               </OtherInformation>
               <OtherInformation>
                  <SchemeTerritory>EE</SchemeTerritory>
               </OtherInformation>
               <OtherInformation>
                  <tslx:MimeType>application/vnd.etsi.tsl+xml</tslx:MimeType>
               </OtherInformation>
            </AdditionalInformation>
         </OtherTSLPointer>
      </PointersToOtherTSL>
      <ListIssueDateTime>2018-11-22T16:47:37Z</ListIssueDateTime>
      <NextUpdate>
         <dateTime>2020-08-20T21:00:00Z</dateTime>
      </NextUpdate>
      <DistributionPoints>
         <URI>https://open-eid.github.io/test-TL/EE_T.xml</URI>
      </DistributionPoints>
   </SchemeInformation>
   <TrustServiceProviderList>
      <TrustServiceProvider>
         <TSPInformation>
            <TSPName>
               <Name xml:lang="en">AS Sertifitseerimiskeskus</Name>
            </TSPName>
            <TSPTradeName>
               <Name xml:lang="en">SK</Name>
            </TSPTradeName>
            <TSPAddress>
               <PostalAddresses>
                  <PostalAddress xml:lang="en">
                     <StreetAddress>Pￃﾤrnu mnt 141</StreetAddress>
                     <Locality>Tallinn</Locality>
                     <StateOrProvince>Harjumaa</StateOrProvince>
                     <PostalCode>11314</PostalCode>
                     <CountryName>EE</CountryName>
                  </PostalAddress>
               </PostalAddresses>
               <ElectronicAddress>
                  <URI xml:lang="en">http://www.sk.ee</URI>
                  <URI xml:lang="en">mailto:info@sk.ee</URI>
               </ElectronicAddress>
            </TSPAddress>
            <TSPInformationURI>
               <URI xml:lang="en">http://www.sk.ee/en/repository/CPS</URI>
            </TSPInformationURI>
         </TSPInformation>
         <TSPServices>
            <TSPService>
               <ServiceInformation>
                  <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/CA/QC</ServiceTypeIdentifier>
                  <ServiceName>
                     <Name xml:lang="en">TEST of ESTEID-SK 2011: Test certificates for Estonian ID-card, the residence permit card, digital personal identification document</Name>
                  </ServiceName>
                  <ServiceDigitalIdentity>
                     <DigitalId>
                        <X509Certificate>MIIEuzCCA6OgAwIBAgIQSxRID7FoIaNNdNhBeucLvDANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMTEwMzA3MTMwNjA5WhcNMjMwOTA3MTIwNjA5WjBsMQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEfMB0GA1UEAwwWVEVTVCBvZiBFU1RFSUQtU0sgMjAxMTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0SMr+A2QGMJuNpu60MgqKG0yLL7JfvjNtgs2hqWADDn1AQeD79o+8r4SRYp9kowSFA8E1v38XXTHRq3nSZeToOC5DMAWjsKlm4x8hwwp31BXCs/Hrl9VmikIgAlaHvv3Z+MzS6qeLdzyYi/glPVrY42A6/kBApOJlOVLvAFdySNmFkY+Ky7MZ9jbBr+Nx4py/V7xm9VD62Oe1lku4S4qd+VYcQ5jftbr4OFjBp9Nn58/5svQxrLjv3B67i19d7sNh7UPnMiO6BeBb6yb3P1lqdHofE1lElStIPViJlzjPOh4puxWadHDvVYUCJgW2aM58mTfjFhZbVfcrVn5OyIiTQIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwE
17:11:51.265 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - Pre-digested input:
17:11:51.266 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - B/zAOBgNVHQ8BAf8EBAMCAQYwgZkGA1UdIASBkTCBjjCBiwYKKwYBBAHOHwMBATB9MFgGCCsGAQUFBwICMEweSgBBAGkAbgB1AGwAdAAgAHQAZQBzAHQAaQBtAGkAcwBlAGsAcwAuACAATwBuAGwAeQAgAGYAbwByACAAdABlAHMAdABpAG4AZwAuMCEGCCsGAQUFBwIBFhVodHRwczovL3d3dy5zay5lZS9DUFMwHQYDVR0OBBYEFEG2/sWxsbRTE4z6+mLQNG1tIjQKMB8GA1UdIwQYMBaAFLU0Cp2lLxDF5yEOvsSxZUcbA3b+MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvcnkvY3Jscy90ZXN0X2VlY2NyY2EuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQBdh5R23K7qkrO78j51xN6CR2qwxUcK/cgcTLWv0obPmJ7jRax3PX0pFhaUE6EhAR0dgS4u6XZrjPgVrt/mwq1h8lJP1MF2ueAHKyS0SGj7aFLkcC+ULwu1k6yiortFJ0Ds49ZGA+ioGzYWPQ+g1Zl4wSDIz52ot0cHUijnf39Szq7E2z7MDfZkYg8HZeHrO493EFghXcnSH7J7z47cgP3GWFNUKv1V2c0eVE4OxRulZ3KmBLPWbJKZ0TyGa/Aooc+TorEjxz//WzcF/Sklp4FeD0MU39UURIlg7LfEcm832bPzZzVGFd4drBd5Dy0Uquu63kW7RDqr+wQFSxKr9DIH</X509Certificate>
                     </DigitalId>
                     <DigitalId>
                        <X509SubjectName>1.2.840.113549.1.9.1=#1609706b6940736b2e6565,CN=TEST of ESTEID-SK 2011,O=AS Sertifitseerimiskeskus,C=EE</X509SubjectName>
                     </DigitalId>
                  </ServiceDigitalIdentity>
                  <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
                  <StatusStartingTime>2016-06-30T22:00:00Z</StatusStartingTime>
                  <TSPServiceDefinitionURI>
                     <URI xml:lang="et">https://sk.ee/repositoorium/CP/</URI>
                     <URI xml:lang="en">https://sk.ee/en/repository/CP/</URI>
                  </TSPServiceDefinitionURI>
                  <ServiceInformationExtensions>
                     <Extension Critical="true">
                        <ecc:Qualifications>
                           <ecc:QualificationElement>
                              <ecc:Qualifiers>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCWithQSCD"></ecc:Qualifier>
                              </ecc:Qualifiers>
                              <ecc:CriteriaList assert="atLeastOne">
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="digitalSignature">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:Description> This service issues qualified certificates for e-signing and e-authentication within the same process. The Relying Party shall make distinction by inspection of keyUsage field contents - e-signature certificates have nonRepudation bit set exclusively. Any certificate issued under the CA/QC Sdi certificate and is issued as a QC (i.e. containing a QcCompliance statement) and that has either its nR or its dS bit set is to be considered as supported by an SSCD</ecc:Description>
                              </ecc:CriteriaList>
                           </ecc:QualificationElement>
                           <ecc:QualificationElement>
                              <ecc:Qualifiers>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCStatement"></ecc:Qualifier>
                              </ecc:Qualifiers>
                              <ecc:CriteriaList assert="all">
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:Description>All certificates issued under this CA/QC service that have nonRepudiation bit set exclusively are issued as qualified certificates</ecc:Description>
                              </ecc:CriteriaList>
                           </ecc:QualificationElement>
                        </ecc:Qualifications>
                     </Extension>
                  </ServiceInformationExtensions>
               </ServiceInformation>
               <ServiceHistory>
                  <ServiceHistoryInstance>
                     <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/CA/QC</ServiceTypeIdentifier>
                     <ServiceName>
                        <Name xml:lang="en">TEST of ESTEID-SK 2011: Test certificates for Estonian ID-card, the residence permit card, digital personal identification document</Name>
                     </ServiceName>
                     <ServiceDigitalIdentity>
                        <DigitalId>
                           <X509SubjectName>1.2.840.113549.1.9.1=#1609706b6940736b2e6565,CN=TEST of ESTEID-SK 2011,O=AS Sertifitseerimiskeskus,C=EE</X509SubjectName>
                        </DigitalId>
                     </ServiceDigitalIdentity>
                     <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/undersupervision</ServiceStatus>
                     <StatusStartingTime>2011-03-08T22:00:00Z</StatusStartingTime>
                     <ServiceInformationExtensions>
                        <Extension Critical="true">
                           <ecc:Qualifications>
                              <ecc:QualificationElement>
                                 <ecc:Qualifiers>
                                    <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCWithSSCD"></ecc:Qualifier>
                                 </ecc:Qualifiers>
                                 <ecc:CriteriaList assert="atLeastOne">
                                    <ecc:KeyUsage>
                                       <ecc:KeyUsageBit name="digitalSignature">true</ecc:KeyUsageBit>
                                    </ecc:KeyUsage>
                                    <ecc:KeyUsage>
                                       <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                    </ecc:KeyUsage>
                                    <ecc:Description> This service issues qualified certificates for e-signing and e-authentication within the same process. The Relying Party shall make distinction by inspection of keyUsage field contents - e-signature certificates have nonRepudation bit set exclusively. Any certificate issued under the CA/QC Sdi certificate and is issued as a QC (i.e. containing a QcCompliance statement) and that has either its nR or its dS bit set is to be considered as supported by an SSCD</ecc:Description>
                                 </ecc:CriteriaList>
                              </ecc:QualificationElement>
                              <ecc:QualificationElement>
                                 <ecc:Qualifiers>
                                    <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCStatement"></ecc:Qualifier>
                                 </ecc:Qualifiers>
                                 <ecc:CriteriaList assert="all">
                                    <ecc:KeyUsage>
                                       <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                    </ecc:KeyUsage>
                                    <ecc:Description>All certificates issued under this CA/QC service that have nonRepudiation bit set exclusively are issued as qualified certificates</ecc:Description>
                                 </ecc:CriteriaList>
                              </ecc:QualificationElement>
                           </ecc:Qualifications>
                        </Extension>
                     </ServiceInformationExtensions>
                  </ServiceHistoryInstance>
               </ServiceHistory>
            </TSPService>
            <TSPService>
               <ServiceInformation>
                  <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/CA/QC</ServiceTypeIdentifier>
                  <ServiceName>
                     <Name xml:lang="en">TEST of ESTEID-SK 2015: Test certificates for Estonian ID-card, the residence permit card, digital personal identification document</Name>
                  </ServiceName>
                  <ServiceDigitalIdentity>
    
17:11:51.267 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - Pre-digested input:
17:11:51.267 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream -                  <DigitalId>
                        <X509Certificate>MIIGgzCCBWugAwIBAgIQEDb9gCZi4PdWc7IoNVIbsTANBgkqhkiG9w0BAQwFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwIBcNMTUxMjE4MDcxMzQ0WhgPMjAzMDEyMTcyMzU5NTlaMGsxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEfMB0GA1UEAwwWVEVTVCBvZiBFU1RFSUQtU0sgMjAxNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMTeAFvLxmAeaOsRKaf+hlkOhW+CdEilmUIKWs+qCWVq+w8E8PA/TohAZdUcO4KFXothmPDmfOCb0ExXcnOPCr2NndavzB39htlyYKYxkOkZi3pLz8bZg/HvpBoy8KIg0sYdbhVPYHf6i7fuJjDac4zN1vKdVQXA6Tv5wS/e90/ZyF955vycxdNLticdozm5yCDMNgsEji6QNA1zIi3+C2YmnDXx6VyxhuC2R3q0xNkwtJ4ezs1RZGxWokTNPzQc3ilGhEJlVsS8vP624hUHwufQnwrKWpc3+D+plMIO0j3E+hmh46gIadDRweFR/dzb+CIBHRaFh0LEBjd/cDFQlBI+E8vpkhqeWp6rp1xwnhCL201M3E1E1Mw+51Xqj7WOfY0TzjOmQJy8WJPEwU2m44KxW1SnpeEBVkgb4XYFeQHAllc7J7JDv50BoIPpecgaqn1vKR7l//wDsL0MN1tDlBhl3x7TJ/fwMnwB1E3zVZR74TUZh5J49CAcFrfM4RmP/0hcDW8+4wNWMg2Qgst2qmPZmHCI/OJt5yMt0Ud5yPF8AWxVot3TxOBGjMiM8m6WsksFsQxp5WtA0DANGXIIfydTaTV16Mg+KpYVqFKxkvFBmfVp6xApMaFl3dY/m56O9JHEqFpBDF+uDQIMjFJxJ4Pt7Mdk40zfL4PSw9Qco2T3AgMBAAGjggINMIICCTAfBgNVHSMEGDAWgBS1NAqdpS8QxechDr7EsWVHGwN2/jAdBgNVHQ4EFgQUScDyRDll1ZtGOw04YIOx1i0ohqYwDgYDVR0PAQH/BAQDAgEGMGYGA1UdIARfMF0wMQYKKwYBBAHOHwMBATAjMCEGCCsGAQUFBwIBFhVodHRwczovL3d3dy5zay5lZS9DUFMwDAYKKwYBBAHOHwMBAjAMBgorBgEEAc4fAwEDMAwGCisGAQQBzh8DAQQwEgYDVR0TAQH/BAgwBgEB/wIBADBBBgNVHR4EOjA4oTYwBIICIiIwCocIAAAAAAAAAAAwIocgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJwYDVR0lBCAwHgYIKwYBBQUHAwkGCCsGAQUFBwMCBggrBgEFBQcDBDCBiQYIKwYBBQUHAQEEfTB7MCUGCCsGAQUFBzABhhlodHRwOi8vZGVtby5zay5lZS9jYV9vY3NwMFIGCCsGAQUFBzAChkZodHRwOi8vd3d3LnNrLmVlL2NlcnRzL1RFU1Rfb2ZfRUVfQ2VydGlmaWNhdGlvbl9DZW50cmVfUm9vdF9DQS5kZXIuY3J0MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvcnkvY3Jscy90ZXN0X2VlY2NyY2EuY3JsMA0GCSqGSIb3DQEBDAUAA4IBAQDBOYTpbbQuoJKAmtDPpAomDd9mKZCarIPxAH8UXphSndMqOmIUA4oQMrLcZ6a0rMyCFR8x4NX7abc8T81cvgUAWjfNFn8+bi6+DgbjhYY+wZ010MHHdUo2xPajfog8cDWJPkmz+9PAdyjzhb1eYoEnm5D6o4hZQCiRyPnOKp7LZcpsVz1IFXsqP7M5WgHk0SqY1vs+Yhu7zWPSNYFIzNNXGoUtfKhhkHiRWFX/wdzr3fqeaQ3gs/PyD53YuJXRzFrktgJJoJWnHEYIhEwbai9+OeKr4L4kTkxvPKTyjjpLKcjUk0Y0cxg7BuzwevonyBtL72b/FVs6XsXJJqCa3W4T</X509Certificate>
                     </DigitalId>
                     <DigitalId>
                        <X509SubjectName>CN=TEST of ESTEID-SK 2015,2.5.4.97=#0c0e4e545245452d3130373437303133,O=AS Sertifitseerimiskeskus,C=EE</X509SubjectName>
                     </DigitalId>
                  </ServiceDigitalIdentity>
                  <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
                  <StatusStartingTime>2016-06-30T22:00:00Z</StatusStartingTime>
                  <TSPServiceDefinitionURI>
                     <URI xml:lang="et">https://sk.ee/repositoorium/CP/</URI>
                     <URI xml:lang="en">https://sk.ee/en/repository/CP/</URI>
                  </TSPServiceDefinitionURI>
                  <ServiceInformationExtensions>
                     <Extension Critical="true">
                        <ecc:Qualifications>
                           <ecc:QualificationElement>
                              <ecc:Qualifiers>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCWithQSCD"></ecc:Qualifier>
                              </ecc:Qualifiers>
                              <ecc:CriteriaList assert="atLeastOne">
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="digitalSignature">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:Description>This service issues qualified certificates for e-signing and e-authentication within the same process. The Relying Party shall make distinction by inspection of keyUsage field contents - e-signature certificates have nonRepudation bit set exclusively. Any certificate issued under the CA/QC Sdi certificate and is issued as a QC (i.e. containing a QcCompliance statement) and that has either its nR or its dS bit set is to be considered as supported by an SSCD</ecc:Description>
                              </ecc:CriteriaList>
                           </ecc:QualificationElement>
                           <ecc:QualificationElement>
                              <ecc:Qualifiers>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCStatement"></ecc:Qualifier>
                              </ecc:Qualifiers>
                              <ecc:CriteriaList assert="all">
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:Description>All certificates issued under this CA/QC service that have nonRepudiation bit set exclusively are issued as qualified certificates</ecc:Description>
                              </ecc:CriteriaList>
                           </ecc:QualificationElement>
                        </ecc:Qualifications>
                     </Extension>
                  </ServiceInformationExtensions>
               </ServiceInformation>
               <ServiceHistory>
                  <ServiceHistoryInstance>
                     <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/CA/QC</ServiceTypeIdentifier>
                     <ServiceName>
                        <Name xml:lang="en">TEST of ESTEID-SK 2015: Test certificates for Estonian ID-card, the residence permit card, digital personal identification document</Name>
                     </ServiceName>
                     <ServiceDigitalIdentity>
                        <DigitalId>
                           <X509SubjectName>CN=TEST of ESTEID-SK 2015,2.5.4.97=#0c0e4e545245452d3130373437303133,O=AS Sertifitseerimiskeskus,C=EE</X509SubjectName>
                        </DigitalId>
                     </ServiceDigitalIdentity>
                     <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/undersupervision</ServiceStatus>
                     <StatusStartingTime>2015-12-18T07:13:44Z</StatusStartingTime>
                     <ServiceInformationExtensions>
                        <Extension Critical="true">
                           <ecc:Qualifications>
                              <ecc:QualificationElement>
                                 <ecc:Qualifiers>
                                    <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCWithSSCD"></ecc:Qualifier>
                                 </ecc:Qualifiers>
                                 <ecc:CriteriaList assert="atLeastOne">
                                    <ecc:KeyUsage>
                                       <ecc:KeyUsageBit name="digitalSignature">true</ecc:KeyUsageBit>
                                    </ecc:KeyUsage>
                                    <ecc:KeyUsage>
                                       <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                    </ecc:KeyUsage>
                                    <ecc:Description> This service issues qualified certificates for e-signing and e-authentication within the same process. The Relying Party shall make distinction by inspection of keyUsage field contents - e-signature certificates have nonRepudation bit set exclusively. Any certificate issued under the CA/QC Sdi certificate and is issued as a QC (i.e. containing a QcCompliance statement) and that has either its nR or its dS bit set is to be considered as supported by an SSCD</ecc:Description>
                                 </ecc:CriteriaList>
                              </ecc:QualificationElement>
                              <ecc:QualificationElement>
      
17:11:51.268 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - Pre-digested input:
17:11:51.268 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream -                            <ecc:Qualifiers>
                                    <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCStatement"></ecc:Qualifier>
                                 </ecc:Qualifiers>
                                 <ecc:CriteriaList assert="all">
                                    <ecc:KeyUsage>
                                       <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                    </ecc:KeyUsage>
                                    <ecc:Description>All certificates issued under this CA/QC service that have nonRepudiation bit set exclusively are issued as qualified certificates</ecc:Description>
                                 </ecc:CriteriaList>
                              </ecc:QualificationElement>
                           </ecc:Qualifications>
                        </Extension>
                     </ServiceInformationExtensions>
                  </ServiceHistoryInstance>
               </ServiceHistory>
            </TSPService>
            <TSPService>
               <ServiceInformation>
                  <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/CA/QC</ServiceTypeIdentifier>
                  <ServiceName>
                     <Name xml:lang="en">TEST of EID-SK 2016 qualified certificates for electronic signatures</Name>
                  </ServiceName>
                  <ServiceDigitalIdentity>
                     <DigitalId>
                        <X509Certificate>MIIG+DCCBeCgAwIBAgIQUkCP5k8r59RXxWzfbx+GsjANBgkqhkiG9w0BAQwFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwIBcNMTYwODMwMTEyNDE1WhgPMjAzMDEyMTcyMzU5NTlaMGgxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEcMBoGA1UEAwwTVEVTVCBvZiBFSUQtU0sgMjAxNjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOrKOByrJqS1QsKD4tXhqkZafPMd5sfxem6iVbMAAHKpvOs4Ia2oXdSvJ2FjrMl5szeT4lpHyzfECzO3nx7pvRLKHufi6lMwMGjtSI6DK8BiH9z7Lm+kNLunNFdIir0hPijjbIkjg9iwfaeST9Fi5502LsK7duhKuCnH7O0uMrS/MynJ4StANGY13X2FvPW4qkrtbwsmhdN0Btro72O6/3O+0vbnq/yCWtcQrBGv3+8XEBdCqH5S/Rt0EugKX4UlVy5l0QUc8IrjGtdMsr9KDtvmVwlefXYKoLqkC7guMGOUNf6Y4AYGsPqfY4dG3N5YNp5FHDL7IO93h7TpRV3gyR38LiJsPHk5nES5mdPkNuEkCyg0zEKI7uJ4LUuBbjzZPp2gP7PN8Iqi9GP7V2NCz8vUVN3WpHvctsf0DMvZdV5pxqLY5ojyfhMsU4aMcGSQA9EK8ES3O1zBK1DW+btjbQjUFW1SIwCkB2yofFxge+vvzZGbvt2UGOE8oAL8/JzNxi9FbjTAbycrGWgEMQ0sM1fKc+OsvoaSy9m3ZQGph0+dbsouQpl3kpJvjDMzxxkrMqxdhlVMreLKGCMMxJMAGQEwVS5P93Nnmz8UbkmeomUJr3NrBo4+V9L5S4Kx1vTvD0p72xRYFyfifLOjs8qs7lR3yhkcBPQI78ERqxv31FWDAgMBAAGjggKFMIICgTAfBgNVHSMEGDAWgBS1NAqdpS8QxechDr7EsWVHGwN2/jAdBgNVHQ4EFgQUrrDq4Tb4JqulzAtmVf46HQK/ErQwDgYDVR0PAQH/BAQDAgEGMIHEBgNVHSAEgbwwgbkwPAYHBACL7EABAjAxMC8GCCsGAQUFBwIBFiNodHRwczovL3d3dy5zay5lZS9yZXBvc2l0b29yaXVtL0NQUzA8BgcEAIvsQAEAMDEwLwYIKwYBBQUHAgEWI2h0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvb3JpdW0vQ1BTMDsGBgQAj3oBAjAxMC8GCCsGAQUFBwIBFiNodHRwczovL3d3dy5zay5lZS9yZXBvc2l0b29yaXVtL0NQUzASBgNVHRMBAf8ECDAGAQH/AgEAMCcGA1UdJQQgMB4GCCsGAQUFBwMJBggrBgEFBQcDAgYIKwYBBQUHAwQwfAYIKwYBBQUHAQEEcDBuMCAGCCsGAQUFBzABhhRodHRwOi8vb2NzcC5zay5lZS9DQTBKBggrBgEFBQcwAoY+aHR0cDovL3d3dy5zay5lZS9jZXJ0cy9FRV9DZXJ0aWZpY2F0aW9uX0NlbnRyZV9Sb290X0NBLmRlci5jcnQwQQYDVR0eBDowOKE2MASCAiIiMAqHCAAAAAAAAAAAMCKHIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCUGCCsGAQUFBwEDBBkwFzAVBggrBgEFBQcLAjAJBgcEAIvsSQEBMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvcnkvY3Jscy90ZXN0X2VlY2NyY2EuY3JsMA0GCSqGSIb3DQEBDAUAA4IBAQAiw1VNxp1Ho7FwcPlFqlLl6zb225IvpNelFX2QMbq1SPe41LuBW7WRZIV4b6bRQug55k8lAm8eX3zEXL9I+4Bzai/IBlMSTYNpqAQGNVImQVwMa64uN8DWo8LNWSYNYYxQzO7sTnqsqxLPWeKZRMkREI0RaVNoIPsciJvid9iBKTcGnMVkbrgyLzlXblLMU4I0pL2RWlfs2tr+XtCtWAvJPFskM2QZ2NnLjW8WroZr8TooocRA1vl/ruIAPC3FxW7zebKcA2B66j4tW7uyF2kPx4WWA3xgR5QZnn4ePEAYjJdu1eWd9KbeAbxPCfFOST43t0fm20HfV2Wp2PMEq4b2</X509Certificate>
                     </DigitalId>
                     <DigitalId>
                        <X509SubjectName>CN=TEST of EID-SK 2016,2.5.4.97=#130e4e545245452d3130373437303133,O=AS Sertifitseerimiskeskus,C=EE</X509SubjectName>
                     </DigitalId>
                  </ServiceDigitalIdentity>
                  <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
                  <StatusStartingTime>2016-12-21T10:00:00Z</StatusStartingTime>
                  <TSPServiceDefinitionURI>
                     <URI xml:lang="et">https://sk.ee/repositoorium/CP/</URI>
                     <URI xml:lang="en">https://sk.ee/en/repository/CP/</URI>
                  </TSPServiceDefinitionURI>
                  <ServiceInformationExtensions>
                     <Extension Critical="true">
                        <ecc:Qualifications>
                           <ecc:QualificationElement>
                              <ecc:Qualifiers>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCStatement"></ecc:Qualifier>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCForESig"></ecc:Qualifier>
                              </ecc:Qualifiers>
                              <ecc:CriteriaList assert="all">
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:PolicySet>
                                    <ecc:PolicyIdentifier>
                                       <xades:Identifier>1.3.6.1.4.1.10015.17.2</xades:Identifier>
                                    </ecc:PolicyIdentifier>
                                 </ecc:PolicySet>
                                 <ecc:Description>All certificates issued under this CA/QC service that have nonRepudiation bit set exclusively are issued as qualified certificates
                                 </ecc:Description>
                              </ecc:CriteriaList>
                           </ecc:QualificationElement>
                        </ecc:Qualifications>
                     </Extension>
                     <Extension Critical="true">
                        <AdditionalServiceInformation>
                           <URI xml:lang="en">http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/ForeSignatures</URI>
                        </AdditionalServiceInformation>
                     </Extension>
                  </ServiceInformationExtensions>
               </ServiceInformation>
            </TSPService>
            <TSPService>
               <ServiceInformation>
                  <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/CA/PKC</ServiceTypeIdentifier>
                  <ServiceName>
                     <Name xml:lang="en">TEST of NQ-SK 2016 advanced certificates for electronic signatures</Name>
                  </ServiceName>
                  <ServiceDigitalIdentity>
                     <DigitalId>
                        <X509Certificate>MIIGijCCBXKgAwIBAgIQOjiPZGsWs2VXxW0gWA+mAzANBgkqhkiG9w0BAQwFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwIBcNMTYwODMwMTEyNTIwWhgPMjAzMDEyMTcyMzU5NTlaMGcxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBOUS1TSyAyMDE2MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwKLATeOt27z1OPLOFaUQVTLSL6tiQLrBZCO3C3DQuMLixR6cCla+aAS3U4VaKZRCrK+NI7v2cGvDdPW6jmztJJPlXcbZ2nY6QtQq2TkXnVx8Yh+9H1iRB3u9Av9ALFEisj/uYWGoqA8bT7C0MgCu7VGdvpYpiRy7FCyKX7CDf3wW4a/x+vil4yMb0UD2BTrMgwTgcxsaQ4zCg+DFvB8+97pOWZMWbBjkLskM/mxp/ChrDVRiQsMgcUgiQ2heqRa3lNrHXkyJYseUEaCxXkT+aIwdtG7HPqvTrhLbfJs9iMFV3t08jFRZn8gwpUlyy0pztNoy6Xn6d9BHv5+P7/yIOMKghh23gx637WRIaghIn8+6i6/CIK77IQTxwwc4Prg/kpr+F7/5l7M/9Hk7yXsJZ5RHP+JooJcF25pU7VEO80UDJ/srKfm/frlHqeioUxmYRdZSRLiPiZpMC958euD5NsuiJSGqCtESGLyRxNp5Ts7iaQbMcRx0fHTJ0jG4EzXprUKCZCBD2ozK+DljyKEQZmwr7tXge9/JEiX1xhO4fGzadtz5nXjJvAnh8KUnTX9fli7Y1wY2Y2iBlYUbxn9ENPusE5TcLMKDnvpLEd7b0Z3keQiIWR0GvN
17:11:51.269 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - Pre-digested input:
17:11:51.269 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - N59Fe2RhM4sa0IyNXyM0xvamglEEP9/uWJmEdYf7q0wBmWQUhcMc8CAwEAAaOCAhgwggIUMB8GA1UdIwQYMBaAFLU0Cp2lLxDF5yEOvsSxZUcbA3b+MB0GA1UdDgQWBBSsw050xt/OPR3E74FhBbZv3UkdPTAOBgNVHQ8BAf8EBAMCAQYwRgYDVR0gBD8wPTA7BgYEAI96AQEwMTAvBggrBgEFBQcCARYjaHR0cHM6Ly93d3cuc2suZWUvcmVwb3NpdG9vcml1bS9DUFMwEgYDVR0TAQH/BAgwBgEB/wIBADCBjQYIKwYBBQUHAQEEgYAwfjAgBggrBgEFBQcwAYYUaHR0cDovL29jc3Auc2suZWUvQ0EwWgYIKwYBBQUHMAKGTmh0dHBzOi8vd3d3LnNrLmVlL3VwbG9hZC9maWxlcy9URVNUX29mX0VFX0NlcnRpZmljYXRpb25fQ2VudHJlX1Jvb3RfQ0EuZGVyLmNydDBBBgNVHR4EOjA4oTYwBIICIiIwCocIAAAAAAAAAAAwIocgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJwYDVR0lBCAwHgYIKwYBBQUHAwkGCCsGAQUFBwMCBggrBgEFBQcDBDAlBggrBgEFBQcBAwQZMBcwFQYIKwYBBQUHCwIwCQYHBACL7EkBATBDBgNVHR8EPDA6MDigNqA0hjJodHRwczovL3d3dy5zay5lZS9yZXBvc2l0b3J5L2NybHMvdGVzdF9lZWNjcmNhLmNybDANBgkqhkiG9w0BAQwFAAOCAQEAt/0Rv4T7HcRt53ELEDvjTXdxCmdAvLs/eynom18jTguHSwO1vqcq+FRjZ8Qw2Ds5lL8QqT9h38lrQoyNVXLSJOV49seLM/So3k2I6agYXOtM1a+oQG6Si09dQVwMAk0y/7YOddVnx5OdGJZlJTqQumVJUS96Wm74qKh6B+w0gGgAvg/7BpAIBtUweRmjoV4iT/EKz0bKOJPU63guw7y6APGJOsama9fj96cVrnqNdPhaPKqTIPkdabkwxB3wPiCzON9+r0FVUn0se4kIkqZ+jJQBLmYCvnuzMwiYVBvWorTpWNXwLV7B8cwI5/UwmXermhgBhRhb4ZBQhuChRNEp4w==</X509Certificate>
                     </DigitalId>
                     <DigitalId>
                        <X509SubjectName>CN=TEST of NQ-SK 2016,2.5.4.97=#130e4e545245452d3130373437303133,O=AS Sertifitseerimiskeskus,C=EE</X509SubjectName>
                     </DigitalId>
                  </ServiceDigitalIdentity>
                  <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
                  <StatusStartingTime>2016-12-21T10:00:00Z</StatusStartingTime>
                  <TSPServiceDefinitionURI>
                     <URI xml:lang="et">https://sk.ee/repositoorium/CP/</URI>
                     <URI xml:lang="en">https://sk.ee/en/repository/CP/</URI>
                  </TSPServiceDefinitionURI>
                  <ServiceInformationExtensions>
                     <Extension Critical="true">
                        <AdditionalServiceInformation>
                           <URI xml:lang="en">http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/ForeSignatures</URI>
                        </AdditionalServiceInformation>
                     </Extension>
                  </ServiceInformationExtensions>
               </ServiceInformation>
            </TSPService>
            <TSPService>
               <ServiceInformation>
                  <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/CA/QC</ServiceTypeIdentifier>
                  <ServiceName>
                     <Name xml:lang="en">TEST of ESTEID2018: Test certificates for Estonian ID-card, the residence permit card, digital personal identification document</Name>
                  </ServiceName>
                  <ServiceDigitalIdentity>
                     <DigitalId>
                        <X509Certificate>MIIFfDCCBN2gAwIBAgIQNhjzSfd2UEpbkO14EY4ORTAKBggqhkjOPQQDBDBiMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEdMBsGA1UEAwwUVEVTVCBvZiBFRS1Hb3ZDQTIwMTgwHhcNMTgwOTA2MDkwMzUyWhcNMzMwODMwMTI0ODI4WjBgMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBFU1RFSUQyMDE4MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBxYug4cEqwmIj+3TVaUlhfxCV9FQgfuglC2/0Ux1Ieqw11mDjNvnGJhkWxaLbWJi7QtthMG5R104l7Np7lBevrBgBDtfgja9e3MLTQkY+cFS+UQxjt9ZihTUJVsR7lowYlaGEiqqsGbEhlwfu27Xsm8b2rhSiTOvNdjTtG57NnwVAX+ijggMyMIIDLjAfBgNVHSMEGDAWgBR/DHDY9OWPAXfux20pKbn0yfxqwDAdBgNVHQ4EFgQUwISZKcROnzsCNPaZ4QpWAAgpPnswDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwggHNBgNVHSAEggHEMIIBwDAIBgYEAI96AQIwCQYHBACL7EABAjAyBgsrBgEEAYORIQECATAjMCEGCCsGAQUFBwIBFhVodHRwczovL3d3dy5zay5lZS9DUFMwDQYLKwYBBAGDkSEBAgIwDQYLKwYBBAGDkX8BAgEwDQYLKwYBBAGDkSEBAgUwDQYLKwYBBAGDkSEBAgYwDQYLKwYBBAGDkSEBAgcwDQYLKwYBBAGDkSEBAgMwDQYLKwYBBAGDkSEBAgQwDQYLKwYBBAGDkSEBAggwDQYLKwYBBAGDkSEBAgkwDQYLKwYBBAGDkSEBAgowDQYLKwYBBAGDkSEBAgswDQYLKwYBBAGDkSEBAgwwDQYLKwYBBAGDkSEBAg0wDQYLKwYBBAGDkSEBAg4wDQYLKwYBBAGDkSEBAg8wDQYLKwYBBAGDkSEBAhAwDQYLKwYBBAGDkSEBAhEwDQYLKwYBBAGDkSEBAhIwDQYLKwYBBAGDkSEBAhMwDQYLKwYBBAGDkSEBAhQwDQYLKwYBBAGDkX8BAgIwDQYLKwYBBAGDkX8BAgMwDQYLKwYBBAGDkX8BAgQwDQYLKwYBBAGDkX8BAgUwDQYLKwYBBAGDkX8BAgYwKgYDVR0lAQH/BCAwHgYIKwYBBQUHAwkGCCsGAQUFBwMCBggrBgEFBQcDBDB3BggrBgEFBQcBAQRrMGkwLgYIKwYBBQUHMAGGImh0dHA6Ly9haWEuZGVtby5zay5lZS9lZS1nb3ZjYTIwMTgwNwYIKwYBBQUHMAKGK2h0dHA6Ly9jLnNrLmVlL1Rlc3Rfb2ZfRUUtR292Q0EyMDE4LmRlci5jcnQwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vYy5zay5lZS9UZXN0X29mX0VFLUdvdkNBMjAxOC5jcmwwCgYIKoZIzj0EAwQDgYwAMIGIAkIBIF+LqytyaV4o5wUSm30VysB8LdWtoOrzNq2QhB6tGv4slg5z+CR58e60eRFqNxT7eccA/HgoPWs0B1Z+L067qtUCQgCB8OP0kHx/j1t7htN2CXjpSjGFZw5TTI4s1eGyTbe0UJRBXEkUKfFbZVmzGPFPprwUdSPi8PpO7+xGBYlFHA4z+Q==</X509Certificate>
                     </DigitalId>
                     <DigitalId>
                        <X509SubjectName>CN=TEST of ESTEID2018,2.5.4.97=#0c0e4e545245452d3130373437303133,O=SK ID Solutions AS,C=EE</X509SubjectName>
                     </DigitalId>
                  </ServiceDigitalIdentity>
                  <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
                  <StatusStartingTime>2018-04-05T09:45:21Z</StatusStartingTime>
                  <TSPServiceDefinitionURI>
                     <URI xml:lang="et">https://sk.ee/repositoorium/CP/</URI>
                     <URI xml:lang="en">https://sk.ee/en/repository/CP/</URI>
                  </TSPServiceDefinitionURI>
                  <ServiceInformationExtensions>
                     <Extension Critical="true">
                        <ecc:Qualifications>
                           <ecc:QualificationElement>
                              <ecc:Qualifiers>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCWithSSCD"></ecc:Qualifier>
                              </ecc:Qualifiers>
                              <ecc:CriteriaList assert="atLeastOne">
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="digitalSignature">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:Description> This service issues qualified certificates for e-signing and e-authentication within the same process. The Relying Party shall make distinction by inspection of keyUsage field contents - e-signature certificates have nonRepudation bit set exclusively. Any certificate issued under the CA/QC Sdi certificate and is issued as a QC (i.e. containing a QcCompliance statement) and that has either its nR or its dS bit set is to be considered as supported by an SSCD</ecc:Description>
                              </ecc:CriteriaList>
                           </ecc:QualificationElement>
                           <ecc:QualificationElement>
                              <ecc:Qualifiers>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCStatement"></ecc:Qualifier>
                              </ecc:Qualifiers>
                              <ecc:CriteriaList assert="all">
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                              </ecc:CriteriaList>
                           </ecc:QualificationElement>
                        </ecc:Qualifications>
                     </Extension>
                  </ServiceInformationExtensions>
               </ServiceInformation>
            </TSPService>
            <TSPService>
               <ServiceInformation>
                  <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/Certstatus/OCSP/QC</ServiceTypeIdentifier>
                  <ServiceName>
                     <Name xml:lang="en">TEST of SK OCSP RESPONDER 2011</Name>
            
17:11:51.270 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - Pre-digested input:
17:11:51.270 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream -       </ServiceName>
                  <ServiceDigitalIdentity>
                     <DigitalId>
                        <X509Certificate>MIIEijCCA3KgAwIBAgIQaI8x6BnacYdNdNwlYnn/mzANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMTEwMzA3MTMyMjQ1WhcNMjQwOTA3MTIyMjQ1WjCBgzELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNlcnRpZml0c2VlcmltaXNrZXNrdXMxDTALBgNVBAsMBE9DU1AxJzAlBgNVBAMMHlRFU1Qgb2YgU0sgT0NTUCBSRVNQT05ERVIgMjAxMTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0cw6Cja17BbYbHi6frwccDI4BIQLk/fiCE8L45os0xhPgEGR+EHE8LPCIqofPgf4gwN1vDE6cQNUlK0Od+Ush39i9Z45esnfpGq+2HsDJaFmFr5+uC1MEz5Kn1TazEvKbRjkGnSQ9BertlGer2BlU/kqOk5qA5RtJfhT0psc1ixKdPipv59wnf+nHx1+T+fPWndXVZLoDg4t3w8lIvIE/KhOSMlErvBIHIAKV7yH1hOxyeGLghqzMiAn3UeTEOgoOS9URv0C/T5C3mH+Y/uakMSxjNuz41PneimCzbEJZJRiEaMIj8qPAubcbL8GtY03MWmfNtX6/wh6u6TMfW8S2wIDAQABo4H+MIH7MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMJMB0GA1UdDgQWBBR9/5CuRokEgGiqSzYuZGYAogl8TzCBoAYDVR0gBIGYMIGVMIGSBgorBgEEAc4fAwEBMIGDMFgGCCsGAQUFBwICMEweSgBBAGkAbgB1AGwAdAAgAHQAZQBzAHQAaQBtAGkAcwBlAGsAcwAuACAATwBuAGwAeQAgAGYAbwByACAAdABlAHMAdABpAG4AZwAuMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LnNrLmVlL2FqYXRlbXBlbC8wHwYDVR0jBBgwFoAUtTQKnaUvEMXnIQ6+xLFlRxsDdv4wDQYJKoZIhvcNAQEFBQADggEBAAbaj7kTruTAPHqToye9ZtBdaJ3FZjiKug9/5RjsMwDpOeqFDqCorLd+DBI4tgdu0g4lhaI3aVnKdRBkGV18kqp84uU97JRFWQEf6H8hpJ9k/LzAACkP3tD+0ym+md532mV+nRz1Jj+RPLAUk9xYMV7KPczZN1xnl2wZDJwBbQpcSVH1DjlZv3tFLHBLIYTS6qOK4SxStcgRq7KdRczfW6mfXzTCRWM3G9nmDei5Q3+XTED41j8szRWglzYf6zOv4djkja64WYraQ5zb4x8Xh7qTCk6UupZ7je+0oRfuz0h/3zyRdjcRPkjloSpQp/NG8Rmrcnr874p8d9fdwCrRI7U=</X509Certificate>
                     </DigitalId>
                     <DigitalId>
                        <X509SubjectName>1.2.840.113549.1.9.1=#1609706b6940736b2e6565,CN=TEST of SK OCSP RESPONDER 2011,OU=OCSP,O=AS Sertifitseerimiskeskus,C=EE</X509SubjectName>
                     </DigitalId>
                  </ServiceDigitalIdentity>
                  <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
                  <StatusStartingTime>2016-06-30T22:00:00Z</StatusStartingTime>
                  <ServiceSupplyPoints>
                     <ServiceSupplyPoint>http://demo.sk.ee/ocsp</ServiceSupplyPoint>
                  </ServiceSupplyPoints>
               </ServiceInformation>
               <ServiceHistory>
                  <ServiceHistoryInstance>
                     <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/Certstatus/OCSP/QC</ServiceTypeIdentifier>
                     <ServiceName>
                        <Name xml:lang="en">TEST of SK OCSP RESPONDER 2011</Name>
                     </ServiceName>
                     <ServiceDigitalIdentity>
                        <DigitalId>
                           <X509SubjectName>1.2.840.113549.1.9.1=#1609706b6940736b2e6565,CN=TEST of SK OCSP RESPONDER 2011,OU=OCSP,O=AS Sertifitseerimiskeskus,C=EE</X509SubjectName>
                        </DigitalId>
                     </ServiceDigitalIdentity>
                     <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/undersupervision</ServiceStatus>
                     <StatusStartingTime>2011-03-08T22:00:00Z</StatusStartingTime>
                  </ServiceHistoryInstance>
               </ServiceHistory>
            </TSPService>
            <TSPService>
               <ServiceInformation>
                  <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/TSA/QTST</ServiceTypeIdentifier>
                  <ServiceName>
                     <Name xml:lang="en">DEMO of SK TSA</Name>
                  </ServiceName>
                  <ServiceDigitalIdentity>
                     <DigitalId>
                        <X509Certificate>MIIEEDCCAvigAwIBAgIQM7TnUTYz+b1Tgw99YoRLODANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMTQwNTI2MDk1NTA5WhcNMjQwNTI2MDk1NTA5WjBYMQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEMMAoGA1UECwwDVFNBMRcwFQYDVQQDDA5ERU1PIG9mIFNLIFRTQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMYVFuAcGSanEI10cpb2Rcd2IgXz5XMYJM8XD1wL5Ltv/R2dCQmGaDbpb+/bXOCgm9P/fjCJ7g/DGoplomkKQfUkK4qi0quUaZylnJRgDtj6Y12Mni507Lnk6+6f0xxUAUSV7mCrdZtzYG7jrVjeTjx5RHwr69EKz5zBdLE/N5n893h2+Z1gMsUXJvm1DN4Ui99kCdo1vi2iTVgh5SpTo8lDAkzElrl6B3sHWwgUe7CyxjL4uqvU3B6OwU27F3mrAK/3c1+hdyuZKMTurWzQznCr1jqx0TubxRcwiyDyE9i3ip0G92+NB1/xop33+ooLkL930i/A/kVJYWLIR2N2Ms8CAwEAAaOBsDCBrTAOBgNVHQ8BAf8EBAMCBsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwHQYDVR0OBBYEFNfCWP6p03Uhi50s/a2eWQR886TUMB8GA1UdIwQYMBaAFLU0Cp2lLxDF5yEOvsSxZUcbA3b+MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvcnkvY3Jscy90ZXN0X2VlY2NyY2EuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBfidmlXMbJ+tBDgaQ9CyM0ObI5srSaePHamHglBUFU34tYp9HVhVU+8xh5+hGEOV5y0mZeeIyuQyfwlySQ0vMWdZx02KdNFa9m6ICpufTieHHUzZBCWs/Pl8Bci3Vu5y/VwUAYf14TVJEWCyhyRwo/bfxXRnWIr/Mhe8d10exroADEtcEhRLklyHw6C+ck/mVyrbQm+XoZq876TyuZWmbzxMSi3UG/Zpss1LjK4qI75HDJqW/PHsDJC8YCIpVoRBcN+O0TLuzxOYG++cZBU7QR3axkSkyammtbF85lqxh4Xi4nKjIYgrGWbNXZp4dN/G+uMTDk/2rj8w7E6aRWne2m</X509Certificate>
                     </DigitalId>
                     <DigitalId>
                        <X509Certificate>MIIEFTCCAv2gAwIBAgIQTqz7bCP8W45UBZa7tztTTDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMTQwOTAyMTAwNjUxWhcNMjQwOTAyMTAwNjUxWjBdMQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEMMAoGA1UECwwDVFNBMRwwGgYDVQQDDBNERU1PIG9mIFNLIFRTQSAyMDE0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAysgrVnVPxH8jNgCsJw0y+7fmmBDTM/tNB+xielnP9KcuQ+nyTgNu1JMpnry7Rh4ndr54rPLXNGVdb/vsgsi8B558DisPVUn3Rur3/8XQ+BCkhTQIg1cSmyCsWxJgeaQKJi6WGVaQWB2he35aVhL5F6ae/gzXT3sGGwnWujZkY9o5RapGV15+/b7Uv+7jWYFAxcD6ba5jI00RY/gmsWwKb226Rnz/pXKDBfuN3ox7y5/lZf5+MyIcVe1qJe7VAJGpJFjNq+BEEdvfqvJ1PiGQEDJAPhRqahVjBSzqZhJQoL3HI42NRCFwarvdnZYoCPxjeYpAynTHgNR7kKGX1iQ8OQIDAQABo4GwMIGtMA4GA1UdDwEB/wQEAwIGwDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAdBgNVHQ4EFgQUJwScZQxzlzySVqZXviXpKZDV5NwwHwYDVR0jBBgwFoAUtTQKnaUvEMXnIQ6+xLFlRxsDdv4wQwYDVR0fBDwwOjA4oDagNIYyaHR0cHM6Ly93d3cuc2suZWUvcmVwb3NpdG9yeS9jcmxzL3Rlc3RfZWVjY3JjYS5jcmwwDQYJKoZIhvcNAQELBQADggEBAIq02SVKwP1UolKjqAQe7SVY/Kgi++G2kqAd40UmMqa94GTu91LFZR5TvdoyZjjnQ2ioXh5CV2lflUy/lUrZMDpqEe7IbjZW5+b9n5aBvXYJgDua9SYjMOrcy3siytqq8UbNgh79ubYgWhHhJSnLWK5YJ+5vQjTpOMdRsLp/D+FhTUa6mP0UDY+U82/tFufkd9HW4zbalUWhQgnNYI3oo0CsZ0HExuynOOZmM1Bf8PzD6etlLSKkYB+mB77Omqgflzz+Jjyh45o+305MRzHDFeJZx7WxC+XTNWQ0ZFTFfc0ozxxzUWUlfNfpWyQh3+4LbeSQRWrNkbNRfCpYotyM6AY=</X509Certificate>
                     </DigitalId>
                     <DigitalId>
                        <X509SubjectName>CN=DEMO of SK TSA,OU=TSA,O=AS Sertifitseerimiskeskus,C=EE</X509SubjectName>
                     </DigitalId>
                  </ServiceDigitalIdentity>
                  <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
                  <StatusStartingTime>2016-06-30T22:00:00Z</StatusStartingTime>
                  <ServiceSupplyPoints>
                     <ServiceSupplyPoint>http://demo.sk.ee/tsa/</ServiceSupplyPoint>
                  </ServiceSupplyPoints>
               </ServiceInformation>
               <ServiceHistory>
                  <ServiceHistoryInstance>
                     <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/TSA/QTST</ServiceTypeIdentifier>
                     <ServiceName>
                        <Name xml:lang="en">DEMO of SK TSA</Name>
                     </ServiceName>
                     <ServiceDigitalIdentity>
                        <DigitalId>
                           <X509SubjectName>CN=DEMO of SK TSA,OU=TSA,O=AS Sertifitseerimiskeskus,C=EE</X509SubjectName>
                        </DigitalId>
                     </ServiceDigitalIdentity>
                     <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/undersupervision</ServiceStatus>
                     <
17:11:51.271 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - Pre-digested input:
17:11:51.271 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - StatusStartingTime>2014-05-31T21:00:00Z</StatusStartingTime>
                  </ServiceHistoryInstance>
               </ServiceHistory>
            </TSPService>
            <TSPService>
               <ServiceInformation>
                  <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/CA/QC</ServiceTypeIdentifier>
                  <ServiceName>
                     <Name xml:lang="en">TEST of KLASS3 2010: test electronic seals</Name>
                  </ServiceName>
                  <ServiceDigitalIdentity>
                     <DigitalId>
                        <X509Certificate>MIIExzCCA6+gAwIBAgIQIrzOHDuBOQRPabRVIaWqEzANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMTIwMzIxMTA1ODI5WhcNMjUwMzIxMTA1ODI5WjB1MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEhMB8GA1UECwwYU2VydGlmaXRzZWVyaW1pc3RlZW51c2VkMR8wHQYDVQQDDBZURVNUIG9mIEtMQVNTMy1TSyAyMDEwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Ua/6IAAqXvy2COvRLW9yCSeImQ23XRAzf/xHmJ6fYiSs0LaR8c19IOSOkOarAgUrt0XDG5KWBdE5qwuVc0gQN9ZjYwmDg3dq4LVo89FdvATKk2Tao01Iu1N+2eGSEifgGBH5iWfYqu1hGJ2nJPHIG9bKXZXfw+ET2gymO5bHnt8iOJmq+YynMXEvxtUTl2hKh0o6m28i3YKXru0jm5qe5/YCJ9HFw9yKn8eLnI2/9Jfruxe5F1AMOkVXhVtA57yeQARv18a8uEQZV0CS/WDmCPi+hl6GqSwhWZBdB9igOMsnZdNS1s7kr2/46doZQVPa2X3vJyYMTl/oaWB++VfAQIDAQABo4IBSTCCAUUwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAcYwgZkGA1UdIASBkTCBjjCBiwYKKwYBBAHOHwMBATB9MCEGCCsGAQUFBwIBFhVodHRwczovL3d3dy5zay5lZS9jcHMwWAYIKwYBBQUHAgIwTB5KAEEAaQBuAHUAbAB0ACAAdABlAHMAdABpAG0AaQBzAGUAawBzAC4AIABPAG4AbAB5ACAAZgBvAHIAIAB0AGUAcwB0AGkAbgBnAC4wHQYDVR0OBBYEFNFoQ5JN1Wc5Ii9tzYgGEg662Wp2MB8GA1UdIwQYMBaAFLU0Cp2lLxDF5yEOvsSxZUcbA3b+MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvcnkvY3Jscy90ZXN0X2VlY2NyY2EuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCiE8G8gwZpeeHm0PoqHd54/KbfH2cAklqO5rcg2m9fhhvPNtMQ9Wc19JWauE2YuNsnJNKetglUAnA/yd64DhQKBf+2JUgYJas4dTscRgXXlz8huuvenNUpfPd3iispVc2WNBQ2qjBEZXdqhbkG0/RgM42Hb28+1v23HsoLhCGY2YjHhYynmOk/8BULI/ArsgA7FJflXi5Xp/cdC8BJQ87vtPlAnxm0axZMvASNXMUvvQTUjCTg0yczX3d8+I3EBNBlzfPMsyU1LCn6Opbs2/DGF/4enhRGk/49L6ltfOyOA73buSogS2JkvCweSx6Y2cs1fXVyFszm2HJmQgwbZYfR</X509Certificate>
                     </DigitalId>
                     <DigitalId>
                        <X509SubjectName>CN=TEST of KLASS3-SK 2010,OU=Sertifitseerimisteenused,O=AS Sertifitseerimiskeskus,C=EE</X509SubjectName>
                     </DigitalId>
                  </ServiceDigitalIdentity>
                  <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
                  <StatusStartingTime>2016-06-30T22:00:00Z</StatusStartingTime>
                  <TSPServiceDefinitionURI>
                     <URI xml:lang="et">https://sk.ee/repositoorium/CP/</URI>
                     <URI xml:lang="en">https://sk.ee/en/repository/CP/</URI>
                  </TSPServiceDefinitionURI>
                  <ServiceInformationExtensions>
                     <Extension Critical="true">
                        <ecc:Qualifications>
                           <ecc:QualificationElement>
                              <ecc:Qualifiers>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCQSCDStatusAsInCert"></ecc:Qualifier>
                              </ecc:Qualifiers>
                              <ecc:CriteriaList assert="all">
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:PolicySet>
                                    <ecc:PolicyIdentifier>
                                       <xades:Identifier>0.4.0.194112.1.3</xades:Identifier>
                                    </ecc:PolicyIdentifier>
                                 </ecc:PolicySet>
                                 <ecc:Description>Any certificate that is issued under the CA/QC Sdi certificate and that is issued as a QC (i.e. containing a QcCompliance statement) and having its Certificate Policy PolicyIdentifier OID set as 0.4.0.194112.1.3, is to be considered as supported by a QSCD. They are issued for digital stamping according to eIDAS regulation</ecc:Description>
                              </ecc:CriteriaList>
                           </ecc:QualificationElement>
                           <ecc:QualificationElement>
                              <ecc:Qualifiers>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCForLegalPerson"></ecc:Qualifier>
                              </ecc:Qualifiers>
                              <ecc:CriteriaList assert="atLeastOne">
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">false</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:Description>Any certificate issued under the CA/QC Sdi certificate and is issued as a QC (i.e. containing a QcCompliance statement) is to be considered as issued to a Legal Person</ecc:Description>
                              </ecc:CriteriaList>
                           </ecc:QualificationElement>
                           <ecc:QualificationElement>
                              <ecc:Qualifiers>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCStatement"></ecc:Qualifier>
                              </ecc:Qualifiers>
                              <ecc:CriteriaList assert="all">
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:Description>All certificates issued under this CA/QC service that have nonRepudiation bit set exclusively are issued as qualified certificates</ecc:Description>
                              </ecc:CriteriaList>
                           </ecc:QualificationElement>
                           <ecc:QualificationElement>
                              <ecc:Qualifiers>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCForESeal"></ecc:Qualifier>
                              </ecc:Qualifiers>
                              <ecc:CriteriaList assert="all">
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:Description></ecc:Description>
                              </ecc:CriteriaList>
                           </ecc:QualificationElement>
                        </ecc:Qualifications>
                     </Extension>
                     <Extension Critical="true">
                        <AdditionalServiceInformation>
                           <URI xml:lang="en">http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/ForeSeals</URI>
                        </AdditionalServiceInformation>
                     </Extension>
                  </ServiceInformationExtensions>
               </ServiceInformation>
               <ServiceHistory>
                  <ServiceHistoryInstance>
                     <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/CA/QC</ServiceTypeIdentifier>
                     <ServiceName>
                        <Name xml:lang="en">TEST of KLASS3 2010: test electronic seals</Name>
                     </ServiceName>
                     <ServiceDigitalIdentity>
                        <DigitalId>
                           <X509SubjectName>CN=TEST of KLASS3-SK 2010,OU=Sertifitseerimisteenused,O=AS Sertifitseerimiskeskus,C=EE</X509SubjectName>
        
17:11:51.272 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - Pre-digested input:
17:11:51.272 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream -                 </DigitalId>
                     </ServiceDigitalIdentity>
                     <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/undersupervision</ServiceStatus>
                     <StatusStartingTime>2010-03-31T09:17:00Z</StatusStartingTime>
                     <TSPServiceDefinitionURI>
                        <URI xml:lang="et">https://sk.ee/repositoorium/CP/</URI>
                        <URI xml:lang="en">https://sk.ee/en/repository/CP/</URI>
                     </TSPServiceDefinitionURI>
                     <ServiceInformationExtensions>
                        <Extension Critical="true">
                           <ecc:Qualifications>
                              <ecc:QualificationElement>
                                 <ecc:Qualifiers>
                                    <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCForLegalPerson"></ecc:Qualifier>
                                 </ecc:Qualifiers>
                                 <ecc:CriteriaList assert="atLeastOne">
                                    <ecc:KeyUsage>
                                       <ecc:KeyUsageBit name="nonRepudiation">false</ecc:KeyUsageBit>
                                    </ecc:KeyUsage>
                                    <ecc:KeyUsage>
                                       <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                    </ecc:KeyUsage>
                                 </ecc:CriteriaList>
                              </ecc:QualificationElement>
                              <ecc:QualificationElement>
                                 <ecc:Qualifiers>
                                    <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCWithSSCD"></ecc:Qualifier>
                                 </ecc:Qualifiers>
                                 <ecc:CriteriaList assert="all">
                                    <ecc:KeyUsage>
                                       <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                    </ecc:KeyUsage>
                                 </ecc:CriteriaList>
                              </ecc:QualificationElement>
                              <ecc:QualificationElement>
                                 <ecc:Qualifiers>
                                    <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCStatement"></ecc:Qualifier>
                                 </ecc:Qualifiers>
                                 <ecc:CriteriaList assert="all">
                                    <ecc:KeyUsage>
                                       <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                    </ecc:KeyUsage>
                                 </ecc:CriteriaList>
                              </ecc:QualificationElement>
                           </ecc:Qualifications>
                        </Extension>
                     </ServiceInformationExtensions>
                  </ServiceHistoryInstance>
               </ServiceHistory>
            </TSPService>
            <TSPService>
               <ServiceInformation>
                  <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/CA/QC</ServiceTypeIdentifier>
                  <ServiceName>
                     <Name xml:lang="en">TEST of KLASS3-SK 2016: test electronic seals</Name>
                  </ServiceName>
                  <ServiceDigitalIdentity>
                     <DigitalId>
                        <X509Certificate>MIIGyTCCBbGgAwIBAgIQWwxFeuMr159YRRcFxuRXvzANBgkqhkiG9w0BAQwFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMTYxMjA1MDcyODA1WhcNMzAxMjE3MDcyODA1WjCBjjELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNlcnRpZml0c2VlcmltaXNrZXNrdXMxITAfBgNVBAsMGFNlcnRpZml0c2VlcmltaXN0ZWVudXNlZDEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxHzAdBgNVBAMMFlRFU1Qgb2YgS0xBU1MzLVNLIDIwMTYwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDLBBWlTGtbsgjmRQHKjUz7xsc4BI5Lts/l9t7seXPK5OzZiXomPK2y8y8QxslfDI9KEA0X7VAF2UPwgEDpBLXAOcD1cbijMl23Gz815TH7Lfg+ZpHDh375F1m2vlEoWX0UG7FioRM+xAsBK3EaL3HpJkN8fCSzUwgP7tCl+ivmQwTA0dAoXCib/XtTrYjYa57vHG8xMzKZvc9B4pK9DLvBe+fHbkXHEh1y1EU4AX2VE+eIcieqSHh1PtsB6/YCoSHDa8/uffWcrurbbl++QHgQC8yE6jTQyEfHcIB7ZCy1RbH4l4QtdmsuG7YpxDyBcjFjdz1h1a82GFA67ZHlZ5ogDn7xXyu2fbUBcJlj9wM2wxiyrUt6HCFky6CJhL60zEGVur4nWL/2KYedOxa4CowTv52ceGHBMuWcBHQK2egs5l8ti8oN5jLIhHe2k0dCYJa59fOf6QQv7jKeA/yfY6CmW8BWtY8knmFSOnsqEIBSbWNsYMB1+cidxyr3sTd+haTIZs1JVhS1+gFAe4xVJYDMdnU+nqIvZvNwP9fANC+Nl3h8rfdHLYIexRg8+m2lsrgVT2QOf73EJ+JS10vUI2SinVZikxltxHkA96jDWzs1kpdjKuPdei7fI1roKBhKLyUA6n7tB2XEp0E5K5v4HNXWnY7+skuyvSZxMShNgSmegQIDAQABo4ICMTCCAi0wEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAcYwgfYGA1UdIASB7jCB6zCBgwYJKwYBBAHOHwcDMHYwIAYIKwYBBQUHAgEWFGh0dHA6Ly93d3cuc2suZWUvY3BzMFIGCCsGAQUFBwICMEYeRABBAHMAdQB0AHUAcwBlACAAcwBlAHIAdABpAGYAaQBrAGEAYQB0AC4AIABDAG8AcgBwAG8AcgBhAHQAZQAgAEkARAAuMAgGBmeBDAECAjAvBgkrBgEEAc4fBwIwIjAgBggrBgEFBQcCARYUaHR0cDovL3d3dy5zay5lZS9jcHMwCAYGBACPegEBMAkGBwQAi+xAAQEwCAYGBACPegEHMAkGBwQAi+xAAQMwHQYDVR0OBBYEFC4bj7sBLzT42jAEi1zB8lwl49j3MB8GA1UdIwQYMBaAFLU0Cp2lLxDF5yEOvsSxZUcbA3b+MIGIBggrBgEFBQcBAQR8MHowIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3NwLnNrLmVlL0NBMFYGCCsGAQUFBzAChkpodHRwczovL3NrLmVlL3VwbG9hZC9maWxlcy9URVNUX29mX0VFX0NlcnRpZmljYXRpb25fQ2VudHJlX1Jvb3RfQ0EuZGVyLmNydDBDBgNVHR8EPDA6MDigNqA0hjJodHRwczovL3d3dy5zay5lZS9yZXBvc2l0b3J5L2NybHMvdGVzdF9lZWNjcmNhLmNybDANBgkqhkiG9w0BAQwFAAOCAQEAWwdrvtnroOs0VHJWGJTKBclIZhxqmMWmy0Wt/cmblAT4NV0mcWGKwGj4F2S1tUnsw9x4zbpPy0GX0knKVeC76MnwbgjjjjQDs9DPc+CmLz3RMGqiw1ZIXvvXnoUiaB9vH6Xekm7McvIUTZtRjKIgFK6IzU2P5YGl5OMJ8TFhhtH0Jwo/0pyJqM9W0hmMdSMOHTwtqHnBQGjn0KQ5+zDtgVy6rt8bn44yuKXUIdYOFMrhK9nE/D8c7sOEbcDbr1n+rLFS0ov2xMcySIa99Rk5HaCsfvQAz5RQx38gJ9Hu/Ah9AVuMBfNyyrgYzRu93dc/+XX2h/Oe2s4LuJUDvm1aFw==</X509Certificate>
                     </DigitalId>
                  </ServiceDigitalIdentity>
                  <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
                  <StatusStartingTime>2017-06-30T06:00:00Z</StatusStartingTime>
                  <TSPServiceDefinitionURI>
                     <URI xml:lang="et">https://sk.ee/repositoorium/CP/</URI>
                     <URI xml:lang="en">https://sk.ee/en/repository/CP/</URI>
                  </TSPServiceDefinitionURI>
                  <ServiceInformationExtensions>
                     <Extension Critical="true">
                        <ecc:Qualifications>
                           <ecc:QualificationElement>
                              <ecc:Qualifiers>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCQSCDStatusAsInCert"></ecc:Qualifier>
                              </ecc:Qualifiers>
                              <ecc:CriteriaList assert="all">
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:PolicySet>
                                    <ecc:PolicyIdentifier>
                                       <xades:Identifier>0.4.0.194112.1.3</xades:Identifier>
                                    </ecc:PolicyIdentifier>
                                 </ecc:PolicySet>
                                 <ecc:Description>Any certificate that is issued under the CA/QC Sdi certificate and that is issued as a QC (i.e. containing a QcCompliance statement) and having its Certificate Policy PolicyIdentifier OID set as 0.4.0.194112.1.3, is to be considered as supported by a QSCD. They are issued for digital stamping according to eIDAS regulation</ecc:Description>
                              </ecc:CriteriaList>
                           </ecc:QualificationElement>
                           <ecc:QualificationElement>
                              <ecc:Qualifiers>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCForLegalPerson"></
17:11:51.273 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - Pre-digested input:
17:11:51.273 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - ecc:Qualifier>
                              </ecc:Qualifiers>
                              <ecc:CriteriaList assert="atLeastOne">
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">false</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:Description>Any certificate issued under the CA/QC Sdi certificate and is issued as a QC (i.e. containing a QcCompliance statement) is to be considered as issued to a Legal Person</ecc:Description>
                              </ecc:CriteriaList>
                           </ecc:QualificationElement>
                           <ecc:QualificationElement>
                              <ecc:Qualifiers>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCStatement"></ecc:Qualifier>
                              </ecc:Qualifiers>
                              <ecc:CriteriaList assert="all">
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:Description>All certificates issued under this CA/QC service that have nonRepudiation bit set exclusively are issued as qualified certificates</ecc:Description>
                              </ecc:CriteriaList>
                           </ecc:QualificationElement>
                           <ecc:QualificationElement>
                              <ecc:Qualifiers>
                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCForESeal"></ecc:Qualifier>
                              </ecc:Qualifiers>
                              <ecc:CriteriaList assert="all">
                                 <ecc:KeyUsage>
                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
                                 </ecc:KeyUsage>
                                 <ecc:Description></ecc:Description>
                              </ecc:CriteriaList>
                           </ecc:QualificationElement>
                        </ecc:Qualifications>
                     </Extension>
                     <Extension Critical="true">
                        <AdditionalServiceInformation>
                           <URI xml:lang="en">http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/ForeSeals</URI>
                        </AdditionalServiceInformation>
                     </Extension>
                  </ServiceInformationExtensions>
               </ServiceInformation>
            </TSPService>
         </TSPServices>
      </TrustServiceProvider>
   </TrustServiceProviderList>
</TrustServiceStatusList>
17:11:51.273 [pool-1-thread-2] DEBUG org.apache.xml.security.signature.Reference - Verification successful for URI "#TEST-EE"
17:11:51.273 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.ElementProxy - setElement("ds:Reference", "")
17:11:51.273 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - I was asked to create a ResourceResolver and got 0
17:11:51.273 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
17:11:51.273 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - State I can resolve reference: "#SignedProperties"
17:11:51.273 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - Try to catch an Element with ID SignedProperties and Element was [xades:SignedProperties: null]
17:11:51.276 [pool-1-thread-2] DEBUG org.apache.xml.security.algorithms.JCEMapper - Request for URI http://www.w3.org/2001/04/xmlenc#sha256
17:11:51.276 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - I was asked to create a ResourceResolver and got 0
17:11:51.276 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
17:11:51.276 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - State I can resolve reference: "#SignedProperties"
17:11:51.276 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - Try to catch an Element with ID SignedProperties and Element was [xades:SignedProperties: null]
17:11:51.276 [pool-1-thread-2] DEBUG org.apache.xml.security.algorithms.JCEMapper - Request for URI http://www.w3.org/2001/04/xmlenc#sha256
17:11:51.276 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - I was asked to create a ResourceResolver and got 0
17:11:51.276 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
17:11:51.276 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - State I can resolve reference: "#SignedProperties"
17:11:51.276 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.resolver.implementations.ResolverFragment - Try to catch an Element with ID SignedProperties and Element was [xades:SignedProperties: null]
17:11:51.276 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - Pre-digested input:
17:11:51.276 [pool-1-thread-2] DEBUG org.apache.xml.security.utils.DigesterOutputStream - <xades:SignedProperties xmlns="http://uri.etsi.org/02231/v2#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ecc="http://uri.etsi.org/TrstSvc/SvcInfoExt/eSigDir-1999-93-EC-TrustedList/#" xmlns:tslx="http://uri.etsi.org/02231/v2/additionaltypes#" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Id="SignedProperties"><xades:SignedSignatureProperties><xades:SigningTime>2018-11-22T14:47:37Z</xades:SigningTime><xades:SigningCertificate><xades:Cert><xades:CertDigest><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod><ds:DigestValue>nk6Dlz6rjsOp9TaNXJg0RNj/m53oC7RGzdDHcZ7jrfo=</ds:DigestValue></xades:CertDigest><xades:IssuerSerial><ds:X509IssuerName>CN=Test TSL, C=EE</ds:X509IssuerName><ds:X509SerialNumber>10086976385427474061</ds:X509SerialNumber></xades:IssuerSerial></xades:Cert></xades:SigningCertificate></xades:SignedSignatureProperties></xades:SignedProperties>
17:11:51.277 [pool-1-thread-2] DEBUG org.apache.xml.security.signature.Reference - Verification successful for URI "#SignedProperties"
17:11:51.293 [pool-1-thread-2] DEBUG eu.europa.esig.dss.validation.DefaultAdvancedSignature - Testing revocation data presence for certificates chain SIGNATURE
17:11:51.332 [main] INFO eu.europa.esig.dss.tsl.service.TSLRepository - Nb of loaded trusted lists : 2
17:11:51.332 [main] INFO eu.europa.esig.dss.tsl.service.TSLRepository - Nb of trusted certificates : 10
17:11:51.332 [main] DEBUG eu.europa.esig.dss.tsl.service.TSLValidationJob - TSL Validation Job is finishing ...
17:11:51.332 [main] DEBUG org.digidoc4j.impl.asic.tsl.LazyTslCertificateSource - Finished refreshing TSL, cache expires at Tue Jan 22 17:11:51 CET 2019
17:11:51.332 [main] DEBUG org.digidoc4j.impl.asic.tsl.ClonedTslCertificateSource - Cloning TSL
17:11:51.470 [main] DEBUG org.digidoc4j.ConfigurationRegistry - Seal <OcspAccessCertificateFile> found
17:11:51.471 [main] DEBUG org.digidoc4j.ConfigurationRegistry - Seal <OcspAccessCertificatePassword> found
17:11:51.471 [main] DEBUG org.digidoc4j.ConfigurationRegistry - Seal <HttpProxyHost> found
17:11:51.471 [main] DEBUG org.digidoc4j.ConfigurationRegistry - Seal <HttpProxyPort> found
17:11:51.471 [main] DEBUG org.digidoc4j.ConfigurationRegistry - Seal <HttpsProxyHost> found
17:11:51.471 [main] DEBUG org.digidoc4j.ConfigurationRegistry - Seal <HttpsProxyPort> found
17:11:51.471 [main] DEBUG org.digidoc4j.ConfigurationRegistry - Seal <HttpProxyUser> found
17:11:51.471 [main] DEBUG org.digidoc4j.ConfigurationRegistry - Seal <HttpProxyPassword> found
17:11:51.472 [main] DEBUG org.digidoc4j.ConfigurationRegistry - Seal <SslKeystoreType> found
17:11:51.472 [main] DEBUG org.digidoc4j.ConfigurationRegistry - Seal <SslTruststoreType> found
17:11:51.472 [main] DEBUG org.digidoc4j.ConfigurationRegistry - Seal <SslKeystorePath> found
17:11:51.472 [main] DEBUG org.digidoc4j.ConfigurationRegistry - Seal <SslKeystorePassword> found
17:11:51.472 [main] DEBUG org.digidoc4j.ConfigurationRegistry - Seal <SslTruststorePath> found
17:11:51.472 [main] DEBUG org.digidoc4j.ConfigurationRegistry - Seal <SslTruststorePassword> found
17:11:51.472 [main] DEBUG org.digidoc4j.ConfigurationRegistry - Seal <TspCountrySource> found
17:11:51.472 [main] DEBUG org.digidoc4j.ConfigurationRegistry - Seal <TspCountryKeystorePath> found
17:11:51.472 [main] DEBUG org.digidoc4j.ConfigurationRegistry - Seal <TspCountryKeystoreType> found
17:11:51.472 [main] DEBUG org.digidoc4j.ConfigurationRegistry - Seal <TspCountryKeystorePassword> found
17:11:51.473 [main] DEBUG org.digidoc4j.ConfigurationRegistry - Seal <8affb1764827cc4b6f17791f8ad7aa61> found
17:11:51.473 [main] DEBUG org.digidoc4j.impl.asic.tsl.ClonedTslCertificateSource - Finished cloning TSL
17:11:51.473 [main] DEBUG org.digidoc4j.impl.asic.tsl.LazyTslCertificateSource - Accessing TSL
17:11:51.474 [main] DEBUG org.digidoc4j.impl.asic.tsl.LazyCertificatePool - Accessing certificate pool
17:11:51.474 [main] DEBUG org.digidoc4j.impl.asic.tsl.ClonedTslCertificateSource - Accessing TSL
17:11:51.474 [main] DEBUG org.digidoc4j.impl.asic.tsl.LazyTslCertificateSource - Accessing TSL
17:11:51.474 [main] INFO eu.europa.esig.dss.validation.SignatureValidationContext - Retrieving 348267518941F6DE0E30D87E6C68AB1D4390573AE40052E8B058432242FD0F6F certificate's issuer using AIA.
17:11:51.476 [main] DEBUG eu.europa.esig.dss.DSSUtils - Loading certificate(s) from ldap://ldap.iaik.tugraz.at/cn=iaik-test-intermediate-ca,ou=pki,dc=iaik,dc=tugraz,dc=at?cACertificate;binary
17:11:51.487 [main] WARN org.digidoc4j.impl.asic.xades.XadesSigningDssFacade - Signing document in DSS failed:java.util.concurrent.ExecutionException: eu.europa.esig.dss.DSSException: An error occured while reading from url 'ldap://ldap.iaik.tugraz.at/cn=iaik-test-intermediate-ca,ou=pki,dc=iaik,dc=tugraz,dc=at?cACertificate;binary' : unknown protocol: ldap
17:11:51.487 [main] WARN org.digidoc4j.impl.asic.AsicSignatureBuilder - PROBLEM with signing: 3C64733A5369676E6564 -> 30450220018BF90957C5
Signature is null!
Exception in thread "main" ValidateIncomingSignature is null
	at org.digidoc4j.impl.asic.AsicContainer.validateIncomingSignature(AsicContainer.java:208)
	at org.digidoc4j.impl.asic.AsicContainer.addSignature(AsicContainer.java:375)
	at at.tugraz.model.CreateASIC.createSignatureAndSign(CreateASIC.java:53)
	at at.tugraz.model.CreateASIC.createASic(CreateASIC.java:29)
	at at.tugraz.App.main(App.java:27)