From 9a8ef60de47e470244ca7244d4a3d820f0a848d9 Mon Sep 17 00:00:00 2001
From: Markus Kivisalu <markus.kivisalu@nortal.com>
Date: Tue, 19 Apr 2022 15:15:39 +0300
Subject: [PATCH 1/8] Update mkdocs.yml

---
 mkdocs.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mkdocs.yml b/mkdocs.yml
index b800cb489..9514bc564 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -1,4 +1,4 @@
-site_name: SiVa 3.4 - Signature Validation Service Documentation
+site_name: SiVa 3.5 - Signature Validation Service Documentation
 theme:
     name: material
     include_sidebar: false

From 4cb83d5c697c350c39118bb429864ed1adcabf0e Mon Sep 17 00:00:00 2001
From: Aare Nurm <aare.nurm@nortal.com>
Date: Wed, 20 Apr 2022 10:23:51 +0300
Subject: [PATCH 2/8] DD4J-661 Addition of roadmap

---
 .../documentation_deployment_instructions.txt |  37 +++-------
 .../{taskWorkFlow.PNG => taskWorkFlow.png}    | Bin
 docs/index.md                                 |   1 +
 docs/siva3/references.md                      |   2 +-
 docs/siva3/roadmap.md                         |  15 ++++
 docs/version_info.md                          |  29 ++++----
 mkdocs.yml                                    |  65 +++++++++---------
 7 files changed, 76 insertions(+), 73 deletions(-)
 rename docs/img/siva/qa_strategy/siva2/{taskWorkFlow.PNG => taskWorkFlow.png} (100%)
 create mode 100644 docs/siva3/roadmap.md

diff --git a/docs/documentation_deployment_instructions.txt b/docs/documentation_deployment_instructions.txt
index be1bface2..e35faaf59 100644
--- a/docs/documentation_deployment_instructions.txt
+++ b/docs/documentation_deployment_instructions.txt
@@ -1,44 +1,29 @@
-Our documentation is written using [MkDocs](http://www.mkdocs.org/) static documentation site generator and 
-language that we use to write documentation is [Markdown](https://daringfireball.net/projects/markdown/). 
+Our documentation is written using [MkDocs](http://www.mkdocs.org/) static documentation site generator with [Material theme](https://squidfunk.github.io/mkdocs-material/)  and [Markdown](https://daringfireball.net/projects/markdown/).
 
 System requirements
 -------------------
 
-* **Python 2** - All version above 2.6 should work
+* **Python 3** - currently used version is 3.10
 * **pip** - Python package manager
-* **MkDocs CLI** - to generate and deploy new version of documentation
 * **Text Editor** - to edit Markdown documents (i.e [Haroopad](http://pad.haroopress.com/#))
 
-Installing MkDocs
+Installing required software
 -----------------
 
 ### Ubuntu and Mac OS X
 
-Both Ubuntu and Mac OS X come `python` version 2 already installed You only need to install `pip`
+Both Ubuntu and Mac OS X come `python` already installed (the version depends on OS)
 
-1.  Install `pip` on Ubuntu 15.04 `sudo apt-get install python-pip` on Mac OS X `sudo easy_install pip`
-2.  Next up install `mkdocs` using [pip](https://pip.pypa.io/en/stable/): `pip install mkdocs`
+1.  Install `pip` on Ubuntu 18.04 `sudo apt-get install python-pip` on Mac OS X `sudo easy_install pip`
+2.  Install `mkdocs` using [pip](https://pip.pypa.io/en/stable/): `pip install mkdocs`
+3.  Install material theme `pip install mkdocs-material`
 
 ### Windows
 
-Installing Python:
-
-1. Download the installer from the official `python` homepage: <https://www.python.org/downloads/>
-> **NOTE:** Starting with version 2.7.9 and onwards `pip` ships along with python,<br/>
-so there shouldn't be any need to install `pip` separately.
-2. Execute the python installer
-
-Installing Pip:
-
-1. Download [get-pip.py](https://bootstrap.pypa.io/get-pip.py)
-2. Then run the following command (which may require administrator access): `python get-pip.py`
-3. Add C:\Python27\Scripts to the system path (PATH environment variable)
-
-Installing Mkdocs:
-
-Install `mkdocs` using [pip](https://pip.pypa.io/en/stable/): `pip install mkdocs`
-
-Now You're done and can start editing the PDF Validator documentation. 
+1. Install python. Download the installer from the official `python` homepage: <https://www.python.org/downloads/> and install
+> **NOTE:** Starting with version 2.7.9 and onwards `pip` ships along with python, so there shouldn't be any need to install `pip` separately.
+2. Install `mkdocs` using [pip](https://pip.pypa.io/en/stable/): `pip install mkdocs`
+3.  Install material theme `pip install mkdocs-material`
 
 Editing content
 ---------------
diff --git a/docs/img/siva/qa_strategy/siva2/taskWorkFlow.PNG b/docs/img/siva/qa_strategy/siva2/taskWorkFlow.png
similarity index 100%
rename from docs/img/siva/qa_strategy/siva2/taskWorkFlow.PNG
rename to docs/img/siva/qa_strategy/siva2/taskWorkFlow.png
diff --git a/docs/index.md b/docs/index.md
index 17fdb23a1..fa6bdab2a 100755
--- a/docs/index.md
+++ b/docs/index.md
@@ -34,4 +34,5 @@ SiVa architecture document will cover:
   servers required when deploying SiVa validation web service
   into production
 * [**Quality Assurance**](siva3/qa_strategy) - overview of quality assurance strategy and testing
+* [**Roadmap**](siva3/roadmap) - info about planned releases
 
diff --git a/docs/siva3/references.md b/docs/siva3/references.md
index 938b6d453..3e3e8f0d2 100644
--- a/docs/siva3/references.md
+++ b/docs/siva3/references.md
@@ -1,4 +1,4 @@
-# References
+<!--# References:-->
 
   * (1) Lisa_6_Osa_I_SiVa_Testimise_korraldus.pdf
   * (2) Lisa_4_Osa_I_SiVa_Valideerimisteenuse_analuus MUUDETUD.pdf
diff --git a/docs/siva3/roadmap.md b/docs/siva3/roadmap.md
new file mode 100644
index 000000000..7a59c5810
--- /dev/null
+++ b/docs/siva3/roadmap.md
@@ -0,0 +1,15 @@
+<!--# Roadmap:-->
+
+This roadmap is for information purposes and can change without prior notice.
+
+## Planned releases
+### 3.6.0 - June 2022
+- LOTL/TSL loading improvements
+- Dependency updates
+- Digidoc4j 5.0.0
+- Bug fixes
+
+### 3.7.0 - October 2022
+- CRL information improvements in validation report
+- Dependency updates
+- Bug fixes
\ No newline at end of file
diff --git a/docs/version_info.md b/docs/version_info.md
index ed2f78581..23cbc72ec 100644
--- a/docs/version_info.md
+++ b/docs/version_info.md
@@ -1,16 +1,17 @@
 <!--# Version info-->
 
-| **Version number** | **Change date** | **Author** | **Description** |
-|--------------------|-----------------|------------|-----------------|
-| 0.1 | 06.05.2016 | Mihkel Selgal | Initial SiVa architecture |
-| 1.0 | 26.10.2016 | Priit Reiser, Aare Nurm | Documentation updates |
-| 1.1 | 04.05.2017 | Vadim Pudov, Allan Juhanson, Julia Solovei, Aare Nurm | Documentation updates |
-| 1.2 | 01.11.2017 | Aare Nurm | Update to new version of mkdocs. Addition of SIVA 2.0 documentation structure |
-| 1.3 | 20.12.2017 | Aare Nurm, Siim Suu, Madis Piigli | Documentation updates |
-| 1.4 | 29.01.2019 | Aare Nurm | Addition of SIVA 3.0 document structure |
-| 1.5 | 21.03.2019 | Jorgen Heinsoo | SIVA 3.2 documentation additions with diagnostic data report description |
-| 1.6 | 04.04.2019 | Aare Nurm | Finalizing the documentation for release |
-| 1.7 | 12.06.2020 | Aare Nurm, Priit Üksküla | SIVA 3.3 documentation additions |
-| 1.8 | 01.03.2021 | Markus Kivisalu | SIVA 3.4 documentation additions |
-| 1.9 | 12.04.2021 | Markus Kivisalu | Updated URL-s and reference links |
-| 1.10 | 16.06.2021 | Risto Seene, Markus Kivisalu | SIVA 3.5 documentation additions |
+| **Version number** | **Change date** | **Author**                                            | **Description**                                                               |
+|--------------------|-----------------|-------------------------------------------------------|-------------------------------------------------------------------------------|
+| 0.1                | 06.05.2016      | Mihkel Selgal                                         | Initial SiVa architecture                                                     |
+| 1.0                | 26.10.2016      | Priit Reiser, Aare Nurm                               | Documentation updates                                                         |
+| 1.1                | 04.05.2017      | Vadim Pudov, Allan Juhanson, Julia Solovei, Aare Nurm | Documentation updates                                                         |
+| 1.2                | 01.11.2017      | Aare Nurm                                             | Update to new version of mkdocs. Addition of SIVA 2.0 documentation structure |
+| 1.3                | 20.12.2017      | Aare Nurm, Siim Suu, Madis Piigli                     | Documentation updates                                                         |
+| 1.4                | 29.01.2019      | Aare Nurm                                             | Addition of SIVA 3.0 document structure                                       |
+| 1.5                | 21.03.2019      | Jorgen Heinsoo                                        | SIVA 3.2 documentation additions with diagnostic data report description      |
+| 1.6                | 04.04.2019      | Aare Nurm                                             | Finalizing the documentation for release                                      |
+| 1.7                | 12.06.2020      | Aare Nurm, Priit Üksküla                              | SIVA 3.3 documentation additions                                              |
+| 1.8                | 01.03.2021      | Markus Kivisalu                                       | SIVA 3.4 documentation additions                                              |
+| 1.9                | 12.04.2021      | Markus Kivisalu                                       | Updated URL-s and reference links                                             |
+| 1.10               | 16.06.2021      | Risto Seene, Markus Kivisalu                          | SIVA 3.5 documentation additions                                              |
+| 1.11               | 20.04.2022      | Aare Nurm                                             | Roadmap added                                                                 |
diff --git a/mkdocs.yml b/mkdocs.yml
index 9514bc564..548e7755f 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -31,46 +31,47 @@ nav:
 - 6. QUALITY ASSURANCE: 
       - 6.1 QA Strategy: siva3/qa_strategy.md
       - 6.2 Test Plan: siva3/test_plan.md
-- 7. REFERENCES: siva3/references.md
-- 8. APPENDICES:
+- 7. ROADMAP: siva3/roadmap.md
+- 8. REFERENCES: siva3/references.md
+- 9. APPENDICES:
       - Appendix 1 - Validation Policy: siva3/appendix/validation_policy.md
       - Appendix 2 - Test Case Descriptions: siva3/appendix/test_cases.md
       - Appendix 3 - WSDL/XSD of SOAP Interface : siva3/appendix/wsdl.md
       - Appendix 4 - Known Issues : siva3/appendix/known_issues.md
-- 9. SIVA 2.0 (Deprecated):
-      - 9.1. DEFINITIONS: siva2/definitions.md
-      - 9.2. BACKGROUND: siva2/overview.md
-      - 9.3. STRUCTURE & ACTIVITIES:
-           - 9.3.1 Component model: siva2/structure_and_activities.md
-           - 9.3.2 Use cases: siva2/use_cases.md
-      - 9.4. INTERFACES: siva2/interfaces.md
-      - 9.5. DEPLOYMENT:
-           - 9.5.1 Deployment model: siva2/deployment.md
-           - 9.5.2 System integrator's guide: siva2/systemintegrators_guide.md
-      - 9.6. QUALITY ASSURANCE: 
-           - 9.6.1 QA Strategy: siva2/qa_strategy.md
-           - 9.6.2 Test Plan: siva2/test_plan.md
-      - 9.7. REFERENCES: siva2/references.md
-      - 9.8. APPENDICES:
+- 10. SIVA 2.0 (Deprecated):
+      - 10.1. DEFINITIONS: siva2/definitions.md
+      - 10.2. BACKGROUND: siva2/overview.md
+      - 10.3. STRUCTURE & ACTIVITIES:
+           - 10.3.1 Component model: siva2/structure_and_activities.md
+           - 10.3.2 Use cases: siva2/use_cases.md
+      - 10.4. INTERFACES: siva2/interfaces.md
+      - 10.5. DEPLOYMENT:
+           - 10.5.1 Deployment model: siva2/deployment.md
+           - 10.5.2 System integrator's guide: siva2/systemintegrators_guide.md
+      - 10.6. QUALITY ASSURANCE:
+           - 10.6.1 QA Strategy: siva2/qa_strategy.md
+           - 10.6.2 Test Plan: siva2/test_plan.md
+      - 10.7. REFERENCES: siva2/references.md
+      - 10.8. APPENDICES:
            - Appendix 1 - Validation Policy: siva2/appendix/validation_policy.md
            - Appendix 2 - Test Case Descriptions: siva2/appendix/test_cases.md
            - Appendix 3 - WSDL/XSD of SOAP Interface : siva2/appendix/wsdl.md
            - Appendix 4 - Known Issues : siva2/appendix/known_issues.md      
-- 10. SIVA 1.1 (Deprecated):
-      - 10.1. DEFINITIONS: siva/definitions.md
-      - 10.2. BACKGROUND: siva/overview.md
-      - 10.3. STRUCTURE & ACTIVITIES:
-            - 10.3.1 Component model: siva/v2/structure_and_activities.md
-            - 10.3.2 Use cases: siva/v2/use_cases.md
-      - 10.4. INTERFACES: siva/v2/interfaces.md
-      - 10.5. DEPLOYMENT:
-            - 10.5.1 Deployment model: siva/v2/deployment.md
-            - 10.5.2 System integrator's guide: siva/v2/systemintegrators_guide.md
-      - 10.6. QUALITY ASSURANCE: 
-            - 10.6.1 QA Strategy: siva/qa_strategy.md
-            - 10.6.2 Test Plan: siva/test_plan.md
-      - 10.7. REFERENCES: siva/references.md
-      - 10.8. APPENDICES:
+- 11. SIVA 1.1 (Deprecated):
+      - 11.1. DEFINITIONS: siva/definitions.md
+      - 11.2. BACKGROUND: siva/overview.md
+      - 11.3. STRUCTURE & ACTIVITIES:
+            - 11.3.1 Component model: siva/v2/structure_and_activities.md
+            - 11.3.2 Use cases: siva/v2/use_cases.md
+      - 11.4. INTERFACES: siva/v2/interfaces.md
+      - 11.5. DEPLOYMENT:
+            - 11.5.1 Deployment model: siva/v2/deployment.md
+            - 11.5.2 System integrator's guide: siva/v2/systemintegrators_guide.md
+      - 11.6. QUALITY ASSURANCE:
+            - 11.6.1 QA Strategy: siva/qa_strategy.md
+            - 11.6.2 Test Plan: siva/test_plan.md
+      - 11.7. REFERENCES: siva/references.md
+      - 11.8. APPENDICES:
             - Appendix 1 - Validation Policy: siva/appendix/validation_policy.md
             - Appendix 2 - Test Case Descriptions: siva/appendix/test_cases.md
             - Appendix 3 - WSDL of SOAP Interface : siva/appendix/wsdl.md

From 8eaac7fcada66c75788954b08a8dcd08133b0a2d Mon Sep 17 00:00:00 2001
From: Aare Nurm <aare.nurm@nortal.com>
Date: Tue, 3 May 2022 11:23:24 +0300
Subject: [PATCH 3/8] DD4J-733 - update BDOC 2.1.2 specification reference

---
 docs/siva3/appendix/validation_policy.md | 4 ++--
 docs/siva3/interfaces.md                 | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/siva3/appendix/validation_policy.md b/docs/siva3/appendix/validation_policy.md
index 0b6aa2916..2f27ff2fd 100644
--- a/docs/siva3/appendix/validation_policy.md
+++ b/docs/siva3/appendix/validation_policy.md
@@ -98,7 +98,7 @@ http://open-eid.github.io/SiVa/siva3/appendix/validation_policy/#POLv4
 
 1. SiVa implicitly implements constraints that are specified in the specification documents of the signature formats supported by the Service:
 
-	* [BDOC 2.1](http://id.ee/wp-content/uploads/2020/06/bdoc-spec212-eng.pdf) ASiC-E/XAdES signatures
+	* [BDOC 2.1](https://www.id.ee/wp-content/uploads/2021/06/bdoc-spec212-eng.pdf) ASiC-E/XAdES signatures
 	* [X-Road](https://cyber.ee/research/reports/T-4-23-Profile-for-High-Performance-Digital-Signatures.pdf) ASiC-E/XAdES signatures
 	* [PAdES](http://www.etsi.org/deliver/etsi_en/319100_319199/31914201/01.01.01_60/en_31914201v010101p.pdf) signatures
 	* [XAdES](http://www.etsi.org/deliver/etsi_en/319100_319199/31913201/01.01.01_60/en_31913201v010101p.pdf) signatures
@@ -184,7 +184,7 @@ Legend:
 
 
 ### BDOC container spceific requirements
-The BDOC container must conform with [BDOC 2.1](http://id.ee/wp-content/uploads/2020/06/bdoc-spec212-eng.pdf) standard.
+The BDOC container must conform with [BDOC 2.1](https://www.id.ee/wp-content/uploads/2021/06/bdoc-spec212-eng.pdf) standard.
 1.	File extension
 	* ".bdoc" file extension is supported during signature validation.
 2. Only one signature shall be stored in one signatures.xml file.
diff --git a/docs/siva3/interfaces.md b/docs/siva3/interfaces.md
index 386b299c0..8dda433e0 100644
--- a/docs/siva3/interfaces.md
+++ b/docs/siva3/interfaces.md
@@ -275,7 +275,7 @@ Structure of validationConclusion block
 | validatedDocument. filename | ValidatedDocument. Filename | - | String | Digitally signed document's file name. Not present for hashcode validation. |
 | validatedDocument. fileHash | ValidatedDocument. FileHash | - | String | Calculated hash for validated document in Base64. Present when report signing is enabled. |
 | validatedDocument. hashAlgo | ValidatedDocument. HashAlgo | - | String | Hash algorithm used. Present when report signing is enabled. |
-| signatureForm | SignatureForm | - | String | Format (and optionally version) of the digitally signed document container. <br> In case of documents in [DIGIDOC-XML](https://www.id.ee/wp-content/uploads/2020/08/digidoc_format_1.3.pdf) (DDOC) format, the "hashcode" suffix is used to denote that the container was validated in [hashcode mode](http://sertkeskus.github.io/dds-documentation/api/api_docs/#ddoc-format-and-hashcode), i.e. without original data files. <br> **Possible values:**  <br> DIGIDOC_XML_1.0 <br> DIGIDOC_XML_1.0_hashcode <br> DIGIDOC_XML_1.1 <br> DIGIDOC_XML_1.1_hashcode <br> DIGIDOC_XML_1.2 <br> DIGIDOC_XML_1.2_hashcode <br> DIGIDOC_XML_1.3 <br> DIGIDOC_XML_1.3_hashcode <br> ASiC_E - used in case of all ASIC-E ([BDOC](http://id.ee/wp-content/uploads/2020/06/bdoc-spec212-eng.pdf)) documents and X-Road simple containers that don't use batch time-stamping (see [specification document](https://cyber.ee/research/reports/T-4-23-Profile-for-High-Performance-Digital-Signatures.pdf))<br> ASiC_E_batchsignature - used in case of X-Road containers with batch signature (see [specification document](https://cyber.ee/research/reports/T-4-23-Profile-for-High-Performance-Digital-Signatures.pdf)) <br> ASiC_S - used in case of all ASIC-S documents |
+| signatureForm | SignatureForm | - | String | Format (and optionally version) of the digitally signed document container. <br> In case of documents in [DIGIDOC-XML](https://www.id.ee/wp-content/uploads/2020/08/digidoc_format_1.3.pdf) (DDOC) format, the "hashcode" suffix is used to denote that the container was validated in [hashcode mode](http://sertkeskus.github.io/dds-documentation/api/api_docs/#ddoc-format-and-hashcode), i.e. without original data files. <br> **Possible values:**  <br> DIGIDOC_XML_1.0 <br> DIGIDOC_XML_1.0_hashcode <br> DIGIDOC_XML_1.1 <br> DIGIDOC_XML_1.1_hashcode <br> DIGIDOC_XML_1.2 <br> DIGIDOC_XML_1.2_hashcode <br> DIGIDOC_XML_1.3 <br> DIGIDOC_XML_1.3_hashcode <br> ASiC_E - used in case of all ASIC-E ([BDOC](https://www.id.ee/wp-content/uploads/2021/06/bdoc-spec212-eng.pdf)) documents and X-Road simple containers that don't use batch time-stamping (see [specification document](https://cyber.ee/research/reports/T-4-23-Profile-for-High-Performance-Digital-Signatures.pdf))<br> ASiC_E_batchsignature - used in case of X-Road containers with batch signature (see [specification document](https://cyber.ee/research/reports/T-4-23-Profile-for-High-Performance-Digital-Signatures.pdf)) <br> ASiC_S - used in case of all ASIC-S documents |
 | signatures | Signatures | - | Array | Collection of signatures found in digitally signed document |
 | signatures[0] | Signature | + | Object | Signature information object |
 | signatures[0]. claimedSigningTime | Signature. ClaimedSigningTime | + | Date | Claimed signing time, i.e. signer's computer time during signature creation |
@@ -299,7 +299,7 @@ Structure of validationConclusion block
 | signatures[0].info. signatureProductionPlace.city | Signature.Info. SignatureProductionPlace.City | - | String | Stated city. |
 | signatures[0].info. signatureProductionPlace.postalCode | Signature.Info. SignatureProductionPlace.PostalCode | - | String | Stated postal code. |
 | signatures[0].info. signingReason | Signature.Info SigningReason | - | String | Free text field for PAdES type signatures for stating the signing reason |
-| signatures[0]. signatureFormat | Signature. SignatureFormat | + | String | Format and profile (according to Baseline Profile) of the signature. See [XAdES Baseline Profile](http://www.etsi.org/deliver/etsi_ts/103100_103199/103171/02.01.01_60/ts_103171v020101p.pdf), [CAdES Baseline Profile](http://www.etsi.org/deliver/etsi_ts/103100_103199/103173/02.02.01_60/ts_103173v020201p.pdf) and [PAdES Baseline Profile](http://www.etsi.org/deliver/etsi_ts/103100_103199/103172/02.02.02_60/ts_103172v020202p.pdf) for detailed description of the Baseline Profile levels. Levels that are accepted in SiVa validation policy are described in [SiVa signature validation policy](/siva3/appendix/validation_policy) <br>**Possible values:**  <br> XAdES_BASELINE_B <br> XAdES_BASELINE_B_BES <br> XAdES_BASELINE_B_EPES <br> XAdES_BASELINE_T <br> XAdES_BASELINE_LT - long-term level XAdES signature where time-stamp is used as a assertion of trusted signing time<br> XAdES_BASELINE_LT_TM - long-term level XAdES signature where time-mark is used as a assertion of trusted signing time. Used in case of [BDOC](http://id.ee/wp-content/uploads/2020/06/bdoc-spec212-eng.pdf) signatures with time-mark profile and [DIGIDOC-XML](https://www.id.ee/wp-content/uploads/2020/08/digidoc_format_1.3.pdf) (DDOC) signatures.<br>  XAdES_BASELINE_LTA <br> CAdES_BASELINE_B <br> CAdES_BASELINE_T <br> CAdES_BASELINE_LT <br> CAdES_BASELINE_LTA<br> PAdES_BASELINE_B <br> PAdES_BASELINE_T <br> PAdES_BASELINE_LT <br> PAdES_BASELINE_LTA |
+| signatures[0]. signatureFormat | Signature. SignatureFormat | + | String | Format and profile (according to Baseline Profile) of the signature. See [XAdES Baseline Profile](http://www.etsi.org/deliver/etsi_ts/103100_103199/103171/02.01.01_60/ts_103171v020101p.pdf), [CAdES Baseline Profile](http://www.etsi.org/deliver/etsi_ts/103100_103199/103173/02.02.01_60/ts_103173v020201p.pdf) and [PAdES Baseline Profile](http://www.etsi.org/deliver/etsi_ts/103100_103199/103172/02.02.02_60/ts_103172v020202p.pdf) for detailed description of the Baseline Profile levels. Levels that are accepted in SiVa validation policy are described in [SiVa signature validation policy](/siva3/appendix/validation_policy) <br>**Possible values:**  <br> XAdES_BASELINE_B <br> XAdES_BASELINE_B_BES <br> XAdES_BASELINE_B_EPES <br> XAdES_BASELINE_T <br> XAdES_BASELINE_LT - long-term level XAdES signature where time-stamp is used as a assertion of trusted signing time<br> XAdES_BASELINE_LT_TM - long-term level XAdES signature where time-mark is used as a assertion of trusted signing time. Used in case of [BDOC](https://www.id.ee/wp-content/uploads/2021/06/bdoc-spec212-eng.pdf) signatures with time-mark profile and [DIGIDOC-XML](https://www.id.ee/wp-content/uploads/2020/08/digidoc_format_1.3.pdf) (DDOC) signatures.<br>  XAdES_BASELINE_LTA <br> CAdES_BASELINE_B <br> CAdES_BASELINE_T <br> CAdES_BASELINE_LT <br> CAdES_BASELINE_LTA<br> PAdES_BASELINE_B <br> PAdES_BASELINE_T <br> PAdES_BASELINE_LT <br> PAdES_BASELINE_LTA |
 | signatures[0]. signatureMethod | Signature. SignatureMethod | + | String | Signature method specification URI used in signature creation. |
 | signatures[0]. signatureLevel | Signature. SignatureLevel | - |String | Legal level of the signature, according to Regulation (EU) No 910/2014. <br> - **Possible values on positive validation result:**<br> QESIG <br> QESEAL <br> QES <br> ADESIG_QC <br> ADESEAL_QC <br> ADES_QC <br> ADESIG <br> ADESEAL <br> ADES <br> - **Possible values on indeterminate validation result:**<br> prefix INDETERMINATE is added to the level described in positive result. For example  INDETERMINATE_QESIG <br> - **Possible values on negative validation result:**<br>In addition to abovementioned<br> NOT_ADES_QC_QSCD <br> NOT_ADES_QC <br> NOT_ADES <br> NA <br> - In case of DIGIDOC-XML 1.0..1.3 formats, value is missing as the signature level is not checked by the JDigiDoc base library that is used for validation. However, the signatures can be indirectly regarded as QES level signatures, see also [SiVa Validation Policy](/siva3/appendix/validation_policy)<br> - In case of XROAD ASICE containers the value is missing as the asicverifier base library do not check the signature level.|
 | signatures[0].signedBy | Signature.SignedBy | + | String | Signers name and identification number, i.e. value of the CN field of the signer's certificate |

From a74462143cde154469f8c3877eb19176c3e5aad2 Mon Sep 17 00:00:00 2001
From: Risto Seene <39149669+rsarendus@users.noreply.github.com>
Date: Wed, 4 May 2022 13:56:46 +0300
Subject: [PATCH 4/8] SIVA-342 Compose reported signedBy from subjectDN's
 surname, givenName and serialNumber, or use commonName if any of those are
 not available

---
 .../ValidationReportValueVerificationIT.java  |   2 +-
 .../GenericValidationReportBuilder.java       |  21 +-
 ...emarkContainerValidationReportBuilder.java |  16 +-
 .../util/DistinguishedNameUtil.java           | 181 ++++++++++++++++++
 .../util/DistinguishedNameUtilTest.java       | 154 +++++++++++++++
 .../J_EORG_JAAK_KRISTJAN_38001085718.cer      |  23 +++
 ...E_USLIK_TESTNUMBER_MARY_NN_60001013739.cer |  38 ++++
 ...E_USLIK_TESTNUMBER_MARY_NN_60001016970.cer |  34 ++++
 .../_RIN_W_KY_M_R_L_Z_11404176865.cer         |  33 ++++
 .../resources/certificates/innovaatik_b4b.cer |  25 +++
 10 files changed, 524 insertions(+), 3 deletions(-)
 create mode 100644 validation-services-parent/validation-commons/src/main/java/ee/openeid/siva/validation/util/DistinguishedNameUtil.java
 create mode 100644 validation-services-parent/validation-commons/src/test/java/ee/openeid/siva/validation/util/DistinguishedNameUtilTest.java
 create mode 100644 validation-services-parent/validation-commons/src/test/resources/certificates/J_EORG_JAAK_KRISTJAN_38001085718.cer
 create mode 100644 validation-services-parent/validation-commons/src/test/resources/certificates/O_CONNE_USLIK_TESTNUMBER_MARY_NN_60001013739.cer
 create mode 100644 validation-services-parent/validation-commons/src/test/resources/certificates/O_CONNE_USLIK_TESTNUMBER_MARY_NN_60001016970.cer
 create mode 100644 validation-services-parent/validation-commons/src/test/resources/certificates/_RIN_W_KY_M_R_L_Z_11404176865.cer
 create mode 100644 validation-services-parent/validation-commons/src/test/resources/certificates/innovaatik_b4b.cer

diff --git a/siva-parent/siva-test/src/test/java/ee/openeid/siva/resttest/ValidationReportValueVerificationIT.java b/siva-parent/siva-test/src/test/java/ee/openeid/siva/resttest/ValidationReportValueVerificationIT.java
index c400d4803..ae1b315bc 100644
--- a/siva-parent/siva-test/src/test/java/ee/openeid/siva/resttest/ValidationReportValueVerificationIT.java
+++ b/siva-parent/siva-test/src/test/java/ee/openeid/siva/resttest/ValidationReportValueVerificationIT.java
@@ -215,7 +215,7 @@ public void bdocCorrectValuesArePresentInvalidLtSignatureAdesqc() {
                 .body("signatures[0].id", Matchers.is("S1510667783001"))
                 .body("signatures[0].signatureFormat", Matchers.is("XAdES_BASELINE_LT"))
                 .body("signatures[0].signatureLevel", Matchers.is("NOT_ADES_QC"))
-                .body("signatures[0].signedBy", Matchers.is("NURM,AARE,PNOEE-38211015222"))
+                .body("signatures[0].signedBy", Matchers.is("NURM,AARE,38211015222"))
                 .body("signatures[0].indication", Matchers.is("TOTAL-FAILED"))
                 .body("signatures[0].subIndication", Matchers.is("HASH_FAILURE"))
                 .body("signatures[0].errors[0].content", Matchers.is("The result of the LTV validation process is not acceptable to continue the process!"))
diff --git a/validation-services-parent/generic-validation-service/src/main/java/ee/openeid/validation/service/generic/validator/report/GenericValidationReportBuilder.java b/validation-services-parent/generic-validation-service/src/main/java/ee/openeid/validation/service/generic/validator/report/GenericValidationReportBuilder.java
index 6eaf254a8..07e0dcb03 100644
--- a/validation-services-parent/generic-validation-service/src/main/java/ee/openeid/validation/service/generic/validator/report/GenericValidationReportBuilder.java
+++ b/validation-services-parent/generic-validation-service/src/main/java/ee/openeid/validation/service/generic/validator/report/GenericValidationReportBuilder.java
@@ -36,8 +36,10 @@
 import ee.openeid.siva.validation.document.report.builder.ReportBuilderUtils;
 import ee.openeid.siva.validation.service.signature.policy.properties.ConstraintDefinedPolicy;
 import ee.openeid.siva.validation.util.CertUtil;
+import ee.openeid.siva.validation.util.DistinguishedNameUtil;
 import ee.openeid.siva.validation.util.SubjectDNParser;
 import ee.openeid.validation.service.generic.validator.TokenUtils;
+import eu.europa.esig.dss.diagnostic.AbstractTokenProxy;
 import eu.europa.esig.dss.diagnostic.CertificateRevocationWrapper;
 import eu.europa.esig.dss.diagnostic.CertificateWrapper;
 import eu.europa.esig.dss.diagnostic.RelatedRevocationWrapper;
@@ -60,6 +62,7 @@
 import eu.europa.esig.dss.spi.tsl.TrustedListsCertificateSource;
 import eu.europa.esig.dss.validation.AdvancedSignature;
 import eu.europa.esig.dss.validation.executor.ValidationLevel;
+import eu.europa.esig.dss.validation.reports.AbstractReports;
 import eu.europa.esig.dss.validation.timestamp.TimestampToken;
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.collections4.CollectionUtils;
@@ -197,7 +200,7 @@ private SignatureValidationData buildSignatureValidationData(String signatureId)
         signatureValidationData.setSignatureFormat(changeAndValidateSignatureFormat(dssReports.getSimpleReport().getSignatureFormat(signatureId).toString(), signatureId));
         signatureValidationData.setSignatureMethod(parseSignatureMethod(signatureId));
         signatureValidationData.setSignatureLevel(dssReports.getSimpleReport().getSignatureQualification(signatureId).name());
-        signatureValidationData.setSignedBy(parseSubjectDistinguishedName(signatureId).getCommonName());
+        signatureValidationData.setSignedBy(parseSignedBy(signatureId));
         signatureValidationData.setSubjectDistinguishedName(parseSubjectDistinguishedName(signatureId));
         signatureValidationData.setClaimedSigningTime(parseClaimedSigningTime(signatureId));
         signatureValidationData.setSignatureScopes(parseSignatureScopes(signatureId));
@@ -356,6 +359,22 @@ private String getSignatureId(String signatureId) {
         return signatureId;
     }
 
+    private String parseSignedBy(String signatureId) {
+        return Optional.ofNullable(dssReports)
+                .map(AbstractReports::getDiagnosticData)
+                .map(diagnosticData -> diagnosticData.getSignatureById(signatureId))
+                .map(AbstractTokenProxy::getSigningCertificate)
+                .map(signingCertificate -> Optional
+                        .ofNullable(DistinguishedNameUtil.getSurnameAndGivenNameAndSerialNumber(
+                                signingCertificate.getSurname(),
+                                signingCertificate.getGivenName(),
+                                signingCertificate.getSubjectSerialNumber()
+                        ))
+                        .orElseGet(signingCertificate::getCommonName)
+                )
+                .orElseGet(ReportBuilderUtils::valueNotPresent);
+    }
+
     private SubjectDistinguishedName parseSubjectDistinguishedName(String signatureId) {
         CertificateWrapper signingCertificate = dssReports.getDiagnosticData().getSignatureById(signatureId).getSigningCertificate();
 
diff --git a/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/report/TimemarkContainerValidationReportBuilder.java b/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/report/TimemarkContainerValidationReportBuilder.java
index b8c9e6f2e..fc786b3b9 100644
--- a/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/report/TimemarkContainerValidationReportBuilder.java
+++ b/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/report/TimemarkContainerValidationReportBuilder.java
@@ -22,6 +22,7 @@
 import ee.openeid.siva.validation.document.report.builder.ReportBuilderUtils;
 import ee.openeid.siva.validation.service.signature.policy.properties.ValidationPolicy;
 import ee.openeid.siva.validation.util.CertUtil;
+import ee.openeid.siva.validation.util.DistinguishedNameUtil;
 import eu.europa.esig.dss.diagnostic.DiagnosticData;
 import eu.europa.esig.dss.diagnostic.SignatureWrapper;
 import eu.europa.esig.dss.diagnostic.TimestampWrapper;
@@ -48,6 +49,7 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Optional;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
@@ -171,7 +173,7 @@ private SignatureValidationData createSignatureValidationData(Signature signatur
         signatureValidationData.setSignatureFormat(getSignatureFormat(signature.getProfile()));
         signatureValidationData.setSignatureMethod(signature.getSignatureMethod());
         signatureValidationData.setSignatureLevel(getSignatureLevel(signature));
-        signatureValidationData.setSignedBy(removeQuotes(signature.getSigningCertificate().getSubjectName(CN)));
+        signatureValidationData.setSignedBy(parseSignedBy(signature.getSigningCertificate()));
         signatureValidationData.setSubjectDistinguishedName(parseSubjectDistinguishedName(signature.getSigningCertificate()));
         signatureValidationData.setErrors(getErrors(signature));
         signatureValidationData.setSignatureScopes(getSignatureScopes(signature, dataFilenames));
@@ -186,6 +188,18 @@ private SignatureValidationData createSignatureValidationData(Signature signatur
         return signatureValidationData;
     }
 
+    private String parseSignedBy(X509Cert signingCertificate) {
+        return Optional.ofNullable(signingCertificate)
+                .flatMap(certificate -> Optional
+                        .ofNullable(certificate.getX509Certificate())
+                        .map(DistinguishedNameUtil::getSubjectSurnameAndGivenNameAndSerialNumber)
+                        .or(() -> Optional
+                                .ofNullable(certificate.getSubjectName(CN))
+                                .map(this::removeQuotes))
+                )
+                .orElseGet(ReportBuilderUtils::valueNotPresent);
+    }
+
     private SubjectDistinguishedName parseSubjectDistinguishedName(X509Cert signingCertificate) {
         String serialNumber = signingCertificate.getSubjectName(X509Cert.SubjectName.SERIALNUMBER);
         String commonName = signingCertificate.getSubjectName(CN);
diff --git a/validation-services-parent/validation-commons/src/main/java/ee/openeid/siva/validation/util/DistinguishedNameUtil.java b/validation-services-parent/validation-commons/src/main/java/ee/openeid/siva/validation/util/DistinguishedNameUtil.java
new file mode 100644
index 000000000..a40aa429a
--- /dev/null
+++ b/validation-services-parent/validation-commons/src/main/java/ee/openeid/siva/validation/util/DistinguishedNameUtil.java
@@ -0,0 +1,181 @@
+/*
+ * Copyright 2022 Riigi Infosüsteemide Amet
+ *
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ *
+ * https://joinup.ec.europa.eu/software/page/eupl
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence is
+ * distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and limitations under the Licence.
+ */
+
+package ee.openeid.siva.validation.util;
+
+import lombok.AccessLevel;
+import lombok.NoArgsConstructor;
+import org.apache.commons.lang3.StringUtils;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
+import org.bouncycastle.asn1.x500.RDN;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x500.style.BCStyle;
+import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
+
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509Certificate;
+import java.util.List;
+import java.util.Objects;
+
+@NoArgsConstructor(access = AccessLevel.PRIVATE)
+public final class DistinguishedNameUtil {
+
+    /**
+     * Extracts subject distinguished name from X-509 certificate.
+     *
+     * @param certificate the certificate to extract subject distinguished name from
+     *
+     * @return subject distinguished name
+     *
+     * @throws IllegalArgumentException if parsing the certificate fails
+     */
+    public static X500Name getSubjectDistinguishedName(X509Certificate certificate) {
+        try {
+            return new JcaX509CertificateHolder(certificate).getSubject();
+        } catch (CertificateEncodingException e) {
+            throw new IllegalArgumentException("Certificate encoding error", e);
+        }
+    }
+
+    /**
+     * Extracts the value of the first field from the certificate's subject distinguished name
+     * that matches the specified object identifier, or {@code null} if no such field is found.
+     *
+     * @param certificate the certificate to extract the subject distinguished name field from
+     * @param oid the object identifier of the field to extract
+     *
+     * @return the specified subject distinguished name field or {@code null}
+     *
+     * @see #getSubjectDistinguishedName(X509Certificate)
+     * @see #getDistinguishedNameValueByOid(X500Name, ASN1ObjectIdentifier)
+     */
+    public static String getSubjectDistinguishedNameValueByOid(X509Certificate certificate, ASN1ObjectIdentifier oid) {
+        return getDistinguishedNameValueByOid(getSubjectDistinguishedName(certificate), oid);
+    }
+
+    /**
+     * Extracts the value of the first field from the specified distinguished name
+     * that matches the specified object identifier, or {@code null} if no such field is found.
+     *
+     * @param distinguishedName the distinguished name to extract the field from
+     * @param oid the object identifier of the field to extract
+     *
+     * @return the specified distinguished name field or {@code null}
+     */
+    public static String getDistinguishedNameValueByOid(X500Name distinguishedName, ASN1ObjectIdentifier oid) {
+        for (RDN rdn : distinguishedName.getRDNs(oid)) {
+            for (AttributeTypeAndValue typeAndValue : rdn.getTypesAndValues()) {
+                if (oid.equals(typeAndValue.getType()) && Objects.nonNull(typeAndValue.getValue())) {
+                    return typeAndValue.getValue().toString();
+                }
+            }
+        }
+
+        return null;
+    }
+
+    /**
+     * Returns a comma-separated list of subject distinguished name fields surName, givenName and serialNumber
+     * without natural person semantics identifier, in the form of "{@code JÕEORG,JAAK-KRISTJAN,38001085718}",
+     * or {@code null} if any of the fields is missing.
+     *
+     * @param certificate the certificate to extract subject's surName, givenName and serialNumber from
+     *
+     * @return a comma-separated list of subject's surName, givenName and serialNumber or {@code null}
+     *
+     * @see #getSubjectDistinguishedName(X509Certificate)
+     * @see #getSurnameAndGivenNameAndSerialNumber(X500Name)
+     */
+    public static String getSubjectSurnameAndGivenNameAndSerialNumber(X509Certificate certificate) {
+        return getSurnameAndGivenNameAndSerialNumber(getSubjectDistinguishedName(certificate));
+    }
+
+    /**
+     * Returns a comma-separated list of distinguished name fields surName, givenName and serialNumber
+     * without natural person semantics identifier, in the form of "{@code JÕEORG,JAAK-KRISTJAN,38001085718}",
+     * or {@code null} if any of the fields is missing.
+     *
+     * @param distinguishedName the distinguished name to extract surName, givenName and serialNumber from
+     *
+     * @return a comma-separated list of surName, givenName and serialNumber or {@code null}
+     *
+     * @see #withoutNaturalPersonSemanticsIdentifier(String)
+     */
+    public static String getSurnameAndGivenNameAndSerialNumber(X500Name distinguishedName) {
+        String surname = getDistinguishedNameValueByOid(distinguishedName, BCStyle.SURNAME);
+        if (surname == null) {
+            return null;
+        }
+
+        String givenName = getDistinguishedNameValueByOid(distinguishedName, BCStyle.GIVENNAME);
+        if (givenName == null) {
+            return null;
+        }
+
+        String serialNumber = getDistinguishedNameValueByOid(distinguishedName, BCStyle.SERIALNUMBER);
+        if (serialNumber == null) {
+            return null;
+        }
+
+        return getSurnameAndGivenNameAndSerialNumber(surname, givenName, serialNumber);
+    }
+
+    /**
+     * Returns a comma-separated list of surName, givenName and serialNumber
+     * without natural person semantics identifier, in the form of "{@code JÕEORG,JAAK-KRISTJAN,38001085718}",
+     * or {@code null} if any of the fields is missing.
+     *
+     * @param surname the surName field
+     * @param givenName the givenName field
+     * @param serialNumber the serialNumber field, either with or without natural person semantics identifier
+     *
+     * @return a comma-separated list of surName, givenName and serialNumber or {@code null}
+     *
+     * @see #withoutNaturalPersonSemanticsIdentifier(String)
+     */
+    public static String getSurnameAndGivenNameAndSerialNumber(String surname, String givenName, String serialNumber) {
+        if (surname != null && givenName != null && serialNumber != null) {
+            return surname + ',' + givenName + ',' + withoutNaturalPersonSemanticsIdentifier(serialNumber);
+        } else {
+            return null;
+        }
+    }
+
+    private static final List<String> NATURAL_IDENTITY_TYPE_REFERENCES = List.of(
+            "PAS", "IDC", "PNO", "TAX", "TIN"
+    );
+
+    /**
+     * Strips natural person semantics identifier from the serialNumber, if present.
+     * More information about the natural person semantics identifier can be found
+     * <a href="https://www.etsi.org/deliver/etsi_en/319400_319499/31941201/01.01.01_60/en_31941201v010101p.pdf#page=10">here</a>.
+     *
+     * @param serialNumber the serialNumber to strip from natural person semantics identifier
+     *
+     * @return the serialNumber without natural person semantics identifier
+     */
+    public static String withoutNaturalPersonSemanticsIdentifier(String serialNumber) {
+        if (StringUtils.length(serialNumber) > 6 && serialNumber.charAt(5) == '-') {
+            if (serialNumber.charAt(2) == ':' || NATURAL_IDENTITY_TYPE_REFERENCES.contains(serialNumber.substring(0, 3))) {
+                return serialNumber.substring(6);
+            }
+        }
+
+        return serialNumber;
+    }
+
+}
diff --git a/validation-services-parent/validation-commons/src/test/java/ee/openeid/siva/validation/util/DistinguishedNameUtilTest.java b/validation-services-parent/validation-commons/src/test/java/ee/openeid/siva/validation/util/DistinguishedNameUtilTest.java
new file mode 100644
index 000000000..6b90ed1ee
--- /dev/null
+++ b/validation-services-parent/validation-commons/src/test/java/ee/openeid/siva/validation/util/DistinguishedNameUtilTest.java
@@ -0,0 +1,154 @@
+/*
+ * Copyright 2022 Riigi Infosüsteemide Amet
+ *
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ *
+ * https://joinup.ec.europa.eu/software/page/eupl
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence is
+ * distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and limitations under the Licence.
+ */
+
+package ee.openeid.siva.validation.util;
+
+import org.apache.commons.lang3.StringUtils;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.MethodSource;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.stream.Stream;
+
+class DistinguishedNameUtilTest {
+
+    @ParameterizedTest(name = "[{index}] \"{0}\" -> \"{1}\"")
+    @MethodSource("prefixedSerialNumberAndExpectedResultPairs")
+    void testWithoutNaturalPersonSemanticsIdentifier(String serialNumber, String expectedResult) {
+        String result = DistinguishedNameUtil.withoutNaturalPersonSemanticsIdentifier(serialNumber);
+        Assertions.assertEquals(expectedResult, result);
+    }
+
+    static Stream<Arguments> prefixedSerialNumberAndExpectedResultPairs() {
+        return Stream.of(
+                Arguments.arguments("PASSK-P3000180", "P3000180"),
+                Arguments.arguments("IDCBE-590082394654", "590082394654"),
+                Arguments.arguments("PNOEE-38001085718", "38001085718"),
+                Arguments.arguments("TAXSW-18492018423", "18492018423"),
+                Arguments.arguments("TINSB-3849282371", "3849282371"),
+                Arguments.arguments("EI:SE-200007292386", "200007292386"),
+                Arguments.arguments("38001085718", "38001085718"),
+                Arguments.arguments("12345-6789", "12345-6789"),
+                Arguments.arguments(StringUtils.SPACE, StringUtils.SPACE),
+                Arguments.arguments(StringUtils.EMPTY, StringUtils.EMPTY)
+        );
+    }
+
+    @ParameterizedTest(name = "[{index}] \"{0}\" -> \"{1}\"")
+    @MethodSource("surnameAndGivenNameAndSerialNumberInX500NameAndExpectedResultPairs")
+    void testGetSurnameAndGivenNameAndSerialNumberFromX500NameSucceeds(X500Name x500Name, String expectedResult) {
+        String result = DistinguishedNameUtil.getSurnameAndGivenNameAndSerialNumber(x500Name);
+        Assertions.assertEquals(expectedResult, result);
+    }
+
+    static Stream<Arguments> surnameAndGivenNameAndSerialNumberInX500NameAndExpectedResultPairs() {
+        return Stream.of(
+                Arguments.arguments(
+                        new X500Name("SERIALNUMBER=38001085718,GIVENNAME=JAAK-KRISTJAN,SN=JÕEORG"),
+                        "JÕEORG,JAAK-KRISTJAN,38001085718"
+                ),
+                Arguments.arguments(
+                        new X500Name("SERIALNUMBER=PNOEE-38001085718,GIVENNAME=JAAK-KRISTJAN,SN=JÕEORG"),
+                        "JÕEORG,JAAK-KRISTJAN,38001085718"
+                ),
+                Arguments.arguments(
+                        new X500Name("CN=\"JÕEORG,JAAK-KRISTJAN,38001085718\",SN=JÕEORG,GIVENNAME=JAAK-KRISTJAN,SERIALNUMBER=38001085718"),
+                        "JÕEORG,JAAK-KRISTJAN,38001085718"
+                )
+        );
+    }
+
+    @ParameterizedTest(name = "[{index}] \"{0}\" -> null")
+    @MethodSource("incompleteX500NameAndExpectedResultPairs")
+    void testGetSurnameAndGivenNameAndSerialNumberFromX500NameFails(X500Name x500Name) {
+        String result = DistinguishedNameUtil.getSurnameAndGivenNameAndSerialNumber(x500Name);
+        Assertions.assertNull(result);
+    }
+
+    static Stream<X500Name> incompleteX500NameAndExpectedResultPairs() {
+        return Stream.of(
+                new X500Name("SN=JÕEORG"),
+                new X500Name("GIVENNAME=JAAK-KRISTJAN"),
+                new X500Name("SERIALNUMBER=38001085718"),
+                new X500Name("SERIALNUMBER=PNOEE-38001085718"),
+                new X500Name("SN=JÕEORG,GIVENNAME=JAAK-KRISTJAN"),
+                new X500Name("SN=JÕEORG,SERIALNUMBER=38001085718"),
+                new X500Name("SN=JÕEORG,SERIALNUMBER=PNOEE-38001085718"),
+                new X500Name("GIVENNAME=JAAK-KRISTJAN,SERIALNUMBER=38001085718"),
+                new X500Name("GIVENNAME=JAAK-KRISTJAN,SERIALNUMBER=PNOEE-38001085718"),
+                new X500Name("CN=\"JÕEORG,JAAK-KRISTJAN,38001085718\"")
+        );
+    }
+
+    @ParameterizedTest(name = "[{index}] {0} -> \"{1}\"")
+    @MethodSource("certificateAndExpectedSurnameGivenNameSerialNumberResultPairs")
+    void testGetSurnameAndGivenNameAndSerialNumberFromCertificateSucceeds(X509Certificate certificate, String expectedResult) {
+        String result = DistinguishedNameUtil.getSubjectSurnameAndGivenNameAndSerialNumber(certificate);
+        Assertions.assertEquals(expectedResult, result);
+    }
+
+    static Stream<Arguments> certificateAndExpectedSurnameGivenNameSerialNumberResultPairs() {
+        return Stream.of(
+                Arguments.arguments(
+                        loadCertificate("src/test/resources/certificates/J_EORG_JAAK_KRISTJAN_38001085718.cer"),
+                        "JÕEORG,JAAK-KRISTJAN,38001085718"
+                ),
+                Arguments.arguments(
+                        loadCertificate("src/test/resources/certificates/O_CONNE_USLIK_TESTNUMBER_MARY_NN_60001013739.cer"),
+                        "O’CONNEŽ-ŠUSLIK TESTNUMBER,MARY ÄNN,60001013739"
+                ),
+                Arguments.arguments(
+                        loadCertificate("src/test/resources/certificates/O_CONNE_USLIK_TESTNUMBER_MARY_NN_60001016970.cer"),
+                        "O’CONNEŽ-ŠUSLIK TESTNUMBER,MARY ÄNN,60001016970"
+                ),
+                Arguments.arguments(
+                        loadCertificate("src/test/resources/certificates/_RIN_W_KY_M_R_L_Z_11404176865.cer"),
+                        "ŽÕRINÜWŠKY,MÄRÜ-LÖÖZ,11404176865"
+                )
+        );
+    }
+
+    @ParameterizedTest(name = "[{index}] {0} -> null")
+    @MethodSource("certificatesNotSupportingSurnameAndGivenNameAndSerialNumberLists")
+    void testGetSurnameAndGivenNameAndSerialNumberFromCertificateFails(X509Certificate certificate) {
+        String result = DistinguishedNameUtil.getSubjectSurnameAndGivenNameAndSerialNumber(certificate);
+        Assertions.assertNull(result);
+    }
+
+    static Stream<X509Certificate> certificatesNotSupportingSurnameAndGivenNameAndSerialNumberLists() {
+        return Stream.of(
+                loadCertificate("src/test/resources/certificates/innovaatik_b4b.cer")
+        );
+    }
+
+    static X509Certificate loadCertificate(String path) {
+        try (InputStream in = new FileInputStream(path)) {
+            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
+            return (X509Certificate) certificateFactory.generateCertificate(in);
+        } catch (CertificateException | IOException e) {
+            throw new IllegalStateException("Failed to load certificate: " + path, e);
+        }
+    }
+
+}
\ No newline at end of file
diff --git a/validation-services-parent/validation-commons/src/test/resources/certificates/J_EORG_JAAK_KRISTJAN_38001085718.cer b/validation-services-parent/validation-commons/src/test/resources/certificates/J_EORG_JAAK_KRISTJAN_38001085718.cer
new file mode 100644
index 000000000..8420642ac
--- /dev/null
+++ b/validation-services-parent/validation-commons/src/test/resources/certificates/J_EORG_JAAK_KRISTJAN_38001085718.cer
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID6jCCA02gAwIBAgIQR+qcVFxYF1pcSy/QGEnMVjAKBggqhkjOPQQDBDBgMQsw
+CQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRh
+DA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBFU1RFSUQyMDE4MB4X
+DTE5MDEyNTE1NDgzMVoXDTI0MDEyNTIxNTk1OVowfzELMAkGA1UEBhMCRUUxKjAo
+BgNVBAMMIUrDlUVPUkcsSkFBSy1LUklTVEpBTiwzODAwMTA4NTcxODEQMA4GA1UE
+BAwHSsOVRU9SRzEWMBQGA1UEKgwNSkFBSy1LUklTVEpBTjEaMBgGA1UEBRMRUE5P
+RUUtMzgwMDEwODU3MTgwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATbyCq95SWCQTr+
+b5MXxRLTHYHJHCgaLornlrF9j+q6aFCDFLgoNv70yw/sHYp2FQ0yRywG2vFwDCLA
+5vACPLSVPGyOvYx7fiX84uSpPo6fcNlwQ25coNfpUIIuh+T6MwujggGrMIIBpzAJ
+BgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIGQDBIBgNVHSAEQTA/MDIGCysGAQQBg5Eh
+AQIBMCMwIQYIKwYBBQUHAgEWFWh0dHBzOi8vd3d3LnNrLmVlL0NQUzAJBgcEAIvs
+QAECMB0GA1UdDgQWBBTIgEaf0wSPZSWihjLuyTNmzm4DWzCBigYIKwYBBQUHAQME
+fjB8MAgGBgQAjkYBATAIBgYEAI5GAQQwEwYGBACORgEGMAkGBwQAjkYBBgEwUQYG
+BACORgEFMEcwRRY/aHR0cHM6Ly9zay5lZS9lbi9yZXBvc2l0b3J5L2NvbmRpdGlv
+bnMtZm9yLXVzZS1vZi1jZXJ0aWZpY2F0ZXMvEwJFTjAfBgNVHSMEGDAWgBTAhJkp
+xE6fOwI09pnhClYACCk+ezBzBggrBgEFBQcBAQRnMGUwLAYIKwYBBQUHMAGGIGh0
+dHA6Ly9haWEuZGVtby5zay5lZS9lc3RlaWQyMDE4MDUGCCsGAQUFBzAChilodHRw
+Oi8vYy5zay5lZS9UZXN0X29mX0VTVEVJRDIwMTguZGVyLmNydDAKBggqhkjOPQQD
+BAOBigAwgYYCQSPBHYO2O/aLmr+vqMlESJrIY3gdtWni8hd4phIl5fR3uiQaQvtN
+eGBIzrGvdqgRJmYg+HvskQb/Laq7Xjp+cgqkAkEX9+x/S3H/S/+n/nogfgRSP5JC
+wYAw02zTRL3MKLpZ1AOf8i1iGvpHI9S6iyXcDhh6hM8slDg7EK3KyNwfkMLh5A==
+-----END CERTIFICATE-----
diff --git a/validation-services-parent/validation-commons/src/test/resources/certificates/O_CONNE_USLIK_TESTNUMBER_MARY_NN_60001013739.cer b/validation-services-parent/validation-commons/src/test/resources/certificates/O_CONNE_USLIK_TESTNUMBER_MARY_NN_60001013739.cer
new file mode 100644
index 000000000..bbce0b991
--- /dev/null
+++ b/validation-services-parent/validation-commons/src/test/resources/certificates/O_CONNE_USLIK_TESTNUMBER_MARY_NN_60001013739.cer
@@ -0,0 +1,38 @@
+-----BEGIN CERTIFICATE-----
+MIIGuDCCBKCgAwIBAgIQbsALi4xUxPdggr2EPjoVJjANBgkqhkiG9w0BAQsFADBr
+MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1
+czEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxHzAdBgNVBAMMFlRFU1Qgb2YgRVNU
+RUlELVNLIDIwMTUwIBcNMjEwNDIzMTIyODUyWhgPMjAzMDEyMTcyMzU5NTlaMIGf
+MQswCQYDVQQGEwJFRTE9MDsGA1UEAww0T+KAmUNPTk5Fxb0txaBVU0xJSyBURVNU
+TlVNQkVSLE1BUlkgw4ROTiw2MDAwMTAxMzczOTEnMCUGA1UEBAweT+KAmUNPTk5F
+xb0txaBVU0xJSyBURVNUTlVNQkVSMRIwEAYDVQQqDAlNQVJZIMOETk4xFDASBgNV
+BAUTCzYwMDAxMDEzNzM5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+r8Gtz4AS8HoY2UpUvD9/OxJzymnvSTR5LKcG7+rLdXszEgdyRCy0sHg1yRseZgXu
+XQsAG/IGKQFUOBND6LAD2Puv+wk4HenB7EZmeiDQzdKGE3CoRz+UU+zz8EqQTzZi
+l85R7kK1oDi3b1RtB4flELSQ38ufeOFAli97K2hhYGVtPDOcJIbz4jej4UqQnY80
+Ma+5niQxsN9pf2W/Fe2r7TMtqmo+aKbaWMr3uLESbPGpiffetcWnllmLQR2lcx2w
+aHXp3XeUQXHBbtO0oypaxpgDTcRBLH3ZGuElj0KGfXqRaO6dwOjjHG5G8+Tzvy/2
+pvGuqbr9RvcH3QMmG1mEswIDAQABo4ICHzCCAhswCQYDVR0TBAIwADAOBgNVHQ8B
+Af8EBAMCBkAwdQYDVR0gBG4wbDBfBgorBgEEAc4fAwEDMFEwHgYIKwYBBQUHAgIw
+EgwQT25seSBmb3IgVEVTVElORzAvBggrBgEFBQcCARYjaHR0cHM6Ly93d3cuc2su
+ZWUvcmVwb3NpdG9vcml1bS9DUFMwCQYHBACL7EABAjAdBgNVHQ4EFgQUNGA6HJQi
+W4kukHbhN6CmD0Js1McwgYoGCCsGAQUFBwEDBH4wfDAIBgYEAI5GAQEwCAYGBACO
+RgEEMFEGBgQAjkYBBTBHMEUWP2h0dHBzOi8vc2suZWUvZW4vcmVwb3NpdG9yeS9j
+b25kaXRpb25zLWZvci11c2Utb2YtY2VydGlmaWNhdGVzLxMCRU4wEwYGBACORgEG
+MAkGBwQAjkYBBgEwHwYDVR0jBBgwFoAUScDyRDll1ZtGOw04YIOx1i0ohqYwgYMG
+CCsGAQUFBwEBBHcwdTAsBggrBgEFBQcwAYYgaHR0cDovL2FpYS5kZW1vLnNrLmVl
+L2VzdGVpZDIwMTUwRQYIKwYBBQUHMAKGOWh0dHBzOi8vc2suZWUvdXBsb2FkL2Zp
+bGVzL1RFU1Rfb2ZfRVNURUlELVNLXzIwMTUuZGVyLmNydDA0BgNVHR8ELTArMCmg
+J6AlhiNodHRwczovL2Muc2suZWUvdGVzdF9lc3RlaWQyMDE1LmNybDANBgkqhkiG
+9w0BAQsFAAOCAgEAn5yOThHC3o+qywote9HYZz6TgGUin606KONrUcbsP9UMZwKF
+HhQBAZE9ycJ3iOIKtEk0VlH5vwL0MvyY26VyHgkprozEcX5OCQKBCTn/ZKR+IIXQ
+wNT0ZadQHTAuCLidHH9bI4/CofTWtr6udYezmQs7FIXbcazQ6cgkb937HulVHt4x
+IDZ8kp9oUaqbpUfCSu5zOspQRM2ih0MshPmZvkS9qeFgbkTD0D+RPccxV7jjHCbH
+xjHzYNFrq2JJuKacxx/OR12KGKOtcGlYjFxWl18MJ/n3tvoEcWaXKtPZ+BmStbPH
+RFb29fkSIWtEzFRSbbLYeHkC53m8lWQ4kXhMJ10aZs9nXRVJ0I4/wMjZTpO6lMkq
+Exm77nyycxPv3glJWssFp5LEKgJKxWt2aT9ihHypqEPVjBZGfppFOJT81gxLLF0k
+MVxnRqpNbi/1thY5IIxFgGzxIHJlIMuw/HECMJ+/n19dF+Z8tqCoxhNxEQm409jR
+v6/RsRhtQ5IIY0PR8eL5xzwgET5BWy5AjUtzGeQsEiywY9+kNfLgv0GQsdfiyhyG
+z5oX/8t9AlntTTLpUdWRs4IU3M1yLV2qxc/zAyXRZYJ5nbkwg1oR3wttTYcQ+uFk
+0qCoYsLHPmNmFGYZrt00lbulpieIS/YGdFmdtQn7vip/y7LOGEU02m84Lpo=
+-----END CERTIFICATE-----
diff --git a/validation-services-parent/validation-commons/src/test/resources/certificates/O_CONNE_USLIK_TESTNUMBER_MARY_NN_60001016970.cer b/validation-services-parent/validation-commons/src/test/resources/certificates/O_CONNE_USLIK_TESTNUMBER_MARY_NN_60001016970.cer
new file mode 100644
index 000000000..d72f07471
--- /dev/null
+++ b/validation-services-parent/validation-commons/src/test/resources/certificates/O_CONNE_USLIK_TESTNUMBER_MARY_NN_60001016970.cer
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF7TCCA9WgAwIBAgIQWzVMMHSNjKlgLOaOHI80yzANBgkqhkiG9w0BAQsFADBr
+MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1
+czEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxHzAdBgNVBAMMFlRFU1Qgb2YgRVNU
+RUlELVNLIDIwMTUwIBcNMjEwMjE3MDk0OTAyWhgPMjAzMDEyMTcyMzU5NTlaMIGf
+MQswCQYDVQQGEwJFRTE9MDsGA1UEAww0T+KAmUNPTk5Fxb0txaBVU0xJSyBURVNU
+TlVNQkVSLE1BUlkgw4ROTiw2MDAwMTAxNjk3MDEnMCUGA1UEBAweT+KAmUNPTk5F
+xb0txaBVU0xJSyBURVNUTlVNQkVSMRIwEAYDVQQqDAlNQVJZIMOETk4xFDASBgNV
+BAUTCzYwMDAxMDE2OTcwMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOwJrrlh5
+ZbsvpgMJNJxpTuCkponBjBIhOu8z8OBTQOI2iIWbj3UibfIzXq74vtac040JsPmK
+zVYwYMG+dpv50KOCAh8wggIbMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgZAMHUG
+A1UdIARuMGwwXwYKKwYBBAHOHwMBAzBRMB4GCCsGAQUFBwICMBIMEE9ubHkgZm9y
+IFRFU1RJTkcwLwYIKwYBBQUHAgEWI2h0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRv
+b3JpdW0vQ1BTMAkGBwQAi+xAAQIwHQYDVR0OBBYEFHOLcRMj+jKDO0FbHgwVTsKl
+BOwFMIGKBggrBgEFBQcBAwR+MHwwCAYGBACORgEBMAgGBgQAjkYBBDBRBgYEAI5G
+AQUwRzBFFj9odHRwczovL3NrLmVlL2VuL3JlcG9zaXRvcnkvY29uZGl0aW9ucy1m
+b3ItdXNlLW9mLWNlcnRpZmljYXRlcy8TAkVOMBMGBgQAjkYBBjAJBgcEAI5GAQYB
+MB8GA1UdIwQYMBaAFEnA8kQ5ZdWbRjsNOGCDsdYtKIamMIGDBggrBgEFBQcBAQR3
+MHUwLAYIKwYBBQUHMAGGIGh0dHA6Ly9haWEuZGVtby5zay5lZS9lc3RlaWQyMDE1
+MEUGCCsGAQUFBzAChjlodHRwczovL3NrLmVlL3VwbG9hZC9maWxlcy9URVNUX29m
+X0VTVEVJRC1TS18yMDE1LmRlci5jcnQwNAYDVR0fBC0wKzApoCegJYYjaHR0cHM6
+Ly9jLnNrLmVlL3Rlc3RfZXN0ZWlkMjAxNS5jcmwwDQYJKoZIhvcNAQELBQADggIB
+AJqY/7FokQfuqmAZlPD1uVkfr31HEREtP+vIx6D+LvnmWkT0yneiNdgU5Wf9YqB7
+jsWd8LYsmPx/jEMOfm+vRJLEVZERsNGdKa/23lRSLHwfzWDy2MYaggfsODoDNnsC
++/uEy9h+1nIXYytpDha5vHdx4j6cEiKTj/HChVy/ezp6qCyEWOKnnDaTjL79xXrG
+LooURRi3VPGZKSHj3wEBtYBn/kJGjPFuN88TTByal5L5ZR5R4b07Z5YDr3gdAY5+
+yJYGiOBKx9Erj3PraHZ8kAvTiZsUUnCbaa9VwlKt2wO1Y84IcoQlNFbQFFMqIXP7
+ffXW6vkGwNKm1PcV2STyGakSV7ukHY/VeWaInLuEaRwQ2gulmIbwllQmOysmid7O
+iH+GHxBEq2dgj0CaP9l2Bjmro/JOsuQxBRvq4AdVW1TbLNFnC3cwZk+ZbfQMtZ4W
+YPoOZRGvmTM2ylKT1WnoSZ1HZ7aS5yS3RB+ATVVOkTF1xp55ItbPlo9Gk+4+w3zT
+4VoA91HWp7mN2Lo1zqeICrL+6xUUeHLaGnq6757T/RNaWuXWvNG0uXzKZ8NWuTPy
+zrCFWZFNhUsXiTNOaXJ2nftMtFcv5+5YE5YqvMNp1SIPuPHLpsjllT5jRFYsGbmT
+dRPh89fObKh8MwWrSV45TxokwbD0t88oJ7pIOMFvv+dp
+-----END CERTIFICATE-----
diff --git a/validation-services-parent/validation-commons/src/test/resources/certificates/_RIN_W_KY_M_R_L_Z_11404176865.cer b/validation-services-parent/validation-commons/src/test/resources/certificates/_RIN_W_KY_M_R_L_Z_11404176865.cer
new file mode 100644
index 000000000..5ed563bce
--- /dev/null
+++ b/validation-services-parent/validation-commons/src/test/resources/certificates/_RIN_W_KY_M_R_L_Z_11404176865.cer
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFrjCCA5agAwIBAgIQUwvkG7xZfERXDit8E7z6DDANBgkqhkiG9w0BAQsFADBr
+MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1
+czEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxHzAdBgNVBAMMFlRFU1Qgb2YgRVNU
+RUlELVNLIDIwMTUwHhcNMTYwNDEzMTEyMDI4WhcNMjEwNDEyMjA1OTU5WjCBtDEL
+MAkGA1UEBhMCRUUxDzANBgNVBAoMBkVTVEVJRDEaMBgGA1UECwwRZGlnaXRhbCBz
+aWduYXR1cmUxMTAvBgNVBAMMKMW9w5VSSU7DnFfFoEtZLE3DhFLDnC1Mw5bDllos
+MTE0MDQxNzY4NjUxFzAVBgNVBAQMDsW9w5VSSU7DnFfFoEtZMRYwFAYDVQQqDA1N
+w4RSw5wtTMOWw5ZaMRQwEgYDVQQFEwsxMTQwNDE3Njg2NTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAJrWrja4BY6nlDXf/46So37NcJoDAB8d6pZr2XxM
+4cCv3MqAKAuf8oew38jc+/20oBiMo9bSWfTrjCtunuyJxBi6/xX1SwXqXpCIcAeA
+tL8SA4NRuWQGEFxGRJtPUNpzVkiIBI5u+yENpxvGFOW7777u0E7E3p/Jx6Y6HflI
+CQPm48zjzeBytJ+m6v6EdObnOpeJtusaZ+Yg/hmrCRRgJeRtnjJIw5LmLrjqm185
+BFtgwFH0J8iAr18FSua5yLP343s4vZx8np1NqmdJrlHt5IjX2D3+QAObJmh/U+id
+oNdThlJlst/cj5/y496vR+PhSWIWzqv//xYH41qIkXDjD+UCAwEAAaOCAQIwgf8w
+CQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBkAwOwYDVR0gBDQwMjAwBgkrBgEEAc4f
+AwEwIzAhBggrBgEFBQcCARYVaHR0cHM6Ly93d3cuc2suZWUvY3BzMB0GA1UdDgQW
+BBQ27kyYhup5RKLxTM1gxY+BDz/N0jAiBggrBgEFBQcBAwQWMBQwCAYGBACORgEB
+MAgGBgQAjkYBBDAfBgNVHSMEGDAWgBRJwPJEOWXVm0Y7DThgg7HWLSiGpjBBBgNV
+HR8EOjA4MDagNKAyhjBodHRwOi8vd3d3LnNrLmVlL2NybHMvZXN0ZWlkL3Rlc3Rf
+ZXN0ZWlkMjAxNS5jcmwwDQYJKoZIhvcNAQELBQADggIBAHUUiGcIgXB3INd78mGF
+yIz+u8+TLPON0va0mRuugy1TEH0eWZqNhv2+7vvzd8CLoOp4aHrUwvx7zGaND/bO
+w4dC1dO5zsXh1EziNAfaNqzYP2QQ4BckqZeGl0+d7OVyP5/HgZOYI90qYLvkjWSn
+eSFXZ2BN8Jku6l0dUnhsQqCoLKl0j4F+1u+GwC9pjzm2aVoYRs3CcNgkAa1O3SKK
+9PXpz/chFE1dfvT8xPagroVkzDCZ4o6Rp+8OPBPYacQhdIH6DyagPcbdKz1S0EC8
+q+7qm1C8bM05oyYfkoBLU6afgRGHcpRMFQRBnsu7o1LQIMsRF5dWWTqL4FLLw6iF
+exZA6z3HMilu+yolLxURaD3oWMcWzLKi0Ic88T8LNyz5ksWDDZXAoso0ZDTAh/Da
+FEdeQs9MnOkGzrvswrEG2MUs33XHhp988TWgRQGAJU/JZQR057I/UxfikYRhZ5oM
+7qPBy4oDh3VlhMsY5yHuK400Xi202xoXVS+VG33xB7KCvbwuemZSlVewxTX0ZJg5
+qTcwIXRMlsWffqyVWpnxjnvWmqO01nrbgjlpBAbDDT2R/JXPOjVpgjhQGEmNmVj3
+OvfjvLlXXP7CZ4Vxwxy0aBPPvVHoyWjFycsqm4EFGSGkcB17NcP3dlj7ZwloBobg
+ittrqXcLf8qik7sGgHnaa7Cc
+-----END CERTIFICATE-----
diff --git a/validation-services-parent/validation-commons/src/test/resources/certificates/innovaatik_b4b.cer b/validation-services-parent/validation-commons/src/test/resources/certificates/innovaatik_b4b.cer
new file mode 100644
index 000000000..c77ea210b
--- /dev/null
+++ b/validation-services-parent/validation-commons/src/test/resources/certificates/innovaatik_b4b.cer
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEKDCCAxCgAwIBAgIQfwGW2oazzwRRG2TKZu8AdjANBgkqhkiG9w0BAQUFADBs
+MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1
+czEfMB0GA1UEAwwWVEVTVCBvZiBFU1RFSUQtU0sgMjAxMTEYMBYGCSqGSIb3DQEJ
+ARYJcGtpQHNrLmVlMB4XDTEzMDIxMzEwMDI1MFoXDTE4MDIxMjEwMDI1MFowgZ4x
+ITAfBgkqhkiG9w0BCQEWEmluZm9AaW5ub3ZhYXRpay5lZTERMA8GA1UEBRMIMTE0
+Mzk5NjMxCzAJBgNVBAYTAkVFMREwDwYDVQQIEwhUYXJ0dW1hYTEOMAwGA1UEBxMF
+VGFydHUxHTAbBgNVBAoUFElubm92YWF0aWsgR3J1cHAgT8OcMRcwFQYDVQQDEw5p
+bm5vdmFhdGlrLWI0YjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABL+cSVDC2hvi
+MH5MU+weip56pQCj4d4ga1X29y2b83StoC8nxMGSTLogEDgXCJJHvA4u/BwMUsyO
+1Qyb5tO+ckKjggFcMIIBWDAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIGQDCBmQYD
+VR0gBIGRMIGOMIGLBgorBgEEAc4fAwIBMH0wWAYIKwYBBQUHAgIwTB5KAEEAaQBu
+AHUAbAB0ACAAdABlAHMAdABpAG0AaQBzAGUAawBzAC4AIABPAG4AbAB5ACAAZgBv
+AHIAIAB0AGUAcwB0AGkAbgBnAC4wIQYIKwYBBQUHAgEWFWh0dHA6Ly93d3cuc2su
+ZWUvY3BzLzAdBgNVHQ4EFgQU69eHyJ8FdiT19pNl7PRz6W9lXL4wGAYIKwYBBQUH
+AQMEDDAKMAgGBgQAjkYBATAfBgNVHSMEGDAWgBRBtv7FsbG0UxOM+vpi0DRtbSI0
+CjBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vd3d3LnNrLmVlL3JlcG9zaXRvcnkv
+Y3Jscy90ZXN0X2VzdGVpZDIwMTEuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQAf03Jr
+AfrBqZNaozt++8g2qAR2dJWvCBgVZtGbuK80y3As0UFzVEndZsyhF79N4epRR70M
+WWt2MhNWUh2zy0nDFsIe7bSfcltxbtMeKccr6ItsJcEOPqMCQ5O0qaOs89+e8wIi
+y/Q5n+NMYw4lMpoVkpLWM8G4XxwRB1K88YEadwjmhVqCJ44m8DD4+YhRjdTFIdNV
+cJD/cEBI+HGkI+5+g8irCSxzC5MWRQLrS0+8noac3XJfGSC4l4xGDnMI8t454vbt
+Pud5c+vpen8iyfyvPd/d8W1k+43xdfgK+lBytxcd1E4V7iUEuYhRdkAFqesKoC7R
+xgn6DbdnEruWw4Vn
+-----END CERTIFICATE-----

From 3c65e96559ac57ac4172ed2117f3ae142fbb92bf Mon Sep 17 00:00:00 2001
From: Aare Nurm <aare.nurm@nortal.com>
Date: Fri, 6 May 2022 14:32:10 +0300
Subject: [PATCH 5/8] SIVA-342 Addition of SignedBy assertions

---
 .../AsiceValidationFailIT.java                |   6 ++
 .../AsiceValidationPassIT.java                |  52 +++++++++++++++++-
 .../AsicsValidationPassIT.java                |   3 +
 .../integrationtest/BdocValidationFailIT.java |   7 ++-
 .../integrationtest/BdocValidationPassIT.java |  10 +++-
 .../integrationtest/DdocValidationFailIT.java |   3 +
 .../integrationtest/DdocValidationPassIT.java |   7 ++-
 .../integrationtest/PdfValidationPassIT.java  |   2 +
 .../XadesHashcodeValidationFailIT.java        |   1 +
 .../XadesHashcodeValidationPassIT.java        |   1 +
 ...idSidSignatureWithCertWithoutPnoInCn.asice | Bin 0 -> 21549 bytes
 11 files changed, 88 insertions(+), 4 deletions(-)
 create mode 100644 siva-parent/siva-test/src/test/resources/bdoc/test/timestamp/validSidSignatureWithCertWithoutPnoInCn.asice

diff --git a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/AsiceValidationFailIT.java b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/AsiceValidationFailIT.java
index 37f9a528c..b3ff37b05 100644
--- a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/AsiceValidationFailIT.java
+++ b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/AsiceValidationFailIT.java
@@ -62,6 +62,7 @@ public void asiceInvalidSingleSignature() {
                 .body("signatureForm", Matchers.is(SIGNATURE_FORM_ASICE))
                 .body("signatures[0].signatureFormat", Matchers.is(SIGNATURE_FORMAT_XADES_LT))
                 .body("signatures[0].indication", Matchers.is(TOTAL_FAILED))
+                .body("signatures[0].signedBy", Matchers.is("NURM,AARE,38211015222"))
                 .body("signatures[0].subjectDistinguishedName.commonName", Matchers.is("NURM,AARE,38211015222"))
                 .body("signatures[0].subjectDistinguishedName.serialNumber", Matchers.is("38211015222"))
                 .body("signatures[0].subIndication", Matchers.is(SUB_INDICATION_HASH_FAILURE))
@@ -256,6 +257,7 @@ public void asiceNotTrustedOcspCert() {
                 .body("signatures[0].indication", Matchers.is(TOTAL_FAILED))
                 .body("signatures[0].subIndication", Matchers.is(SUB_INDICATION_FORMAT_FAILURE))
                 .body("signatures[0].errors.content", Matchers.hasItems(LTV_PROCESS_NOT_ACCEPTABLE))
+                .body("signatures[0].signedBy", Matchers.is("SINIVEE,VEIKO,36706020210"))
                 .body("signatures[0].certificates.size()", Matchers.is(1))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName",  Matchers.is("SINIVEE,VEIKO,36706020210"))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content",  Matchers.startsWith("MIIEPzCCAyegAwIBAgIQH0FobucEcidPGVN0HUUgATANBgkqhk"))
@@ -420,6 +422,7 @@ public void asiceBaselineBesSignatureLevel() {
                 .body("signatures[0].signatureFormat", Matchers.is(SIGNATURE_FORMAT_XADES_B))
                 .body("signatures[0].indication", Matchers.is(TOTAL_FAILED))
                 .body("signatures[0].errors.content", Matchers.hasItems(LTV_PROCESS_NOT_ACCEPTABLE))
+                .body("signatures[0].signedBy", Matchers.is("UUKKIVI,KRISTI,48505280278"))
                 .body("signatures[0].certificates.size()", Matchers.is(1))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName",  Matchers.is("UUKKIVI,KRISTI,48505280278"))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content",  Matchers.startsWith("MIIEojCCA4qgAwIBAgIQPKphkF8jscxRrFRhBsxlhjANBgkqhk"))
@@ -452,6 +455,7 @@ public void asiceBaselineEpesSignatureLevel() {
                 .body("signatures[0].signatureFormat", Matchers.is(SIGNATURE_FORMAT_XADES_B))
                 .body("signatures[0].indication", Matchers.is(TOTAL_FAILED))
                 .body("signatures[0].errors.content", Matchers.hasItems(LTV_PROCESS_NOT_ACCEPTABLE))
+                .body("signatures[0].signedBy", Matchers.is("MÄNNIK,MARI-LIIS,47101010033"))
                 .body("signatures[0].certificates.size()", Matchers.is(1))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName",  Matchers.is("MÄNNIK,MARI-LIIS,47101010033"))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content",  Matchers.startsWith("MIIE/TCCA+WgAwIBAgIQJw9uhQnKff9RdnVKwzk1OzANBgkqhk"))
@@ -483,6 +487,7 @@ public void asiceSignersCertNotTrusted() {
                 .body("signatures[0].indication", Matchers.is(TOTAL_FAILED))
                 .body("signatures[0].errors[0].content", Matchers.is(CERT_PATH_NOT_TRUSTED))
                 .body("signatures[0].errors[1].content", Matchers.is(LTV_PROCESS_NOT_ACCEPTABLE))
+                .body("signatures[0].signedBy", Matchers.is("signer1"))
                 .body("signatures[0].certificates.size()", Matchers.is(2))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName",  Matchers.is("signer1"))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content",  Matchers.startsWith("MIICHDCCAYWgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAqMQswCQ"))
@@ -641,6 +646,7 @@ public void asiceBaselineTSignature() {
                 .body("signatures[0].signatureFormat", Matchers.is(SIGNATURE_FORMAT_XADES_T))
                 .body("signatures[0].indication", Matchers.is(TOTAL_FAILED))
                 .body("signatures[0].errors.content", Matchers.hasItem(LTV_PROCESS_NOT_ACCEPTABLE))
+                .body("signatures[0].signedBy", Matchers.is("ŽAIKOVSKI,IGOR,37101010021"))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName",  Matchers.is("ŽAIKOVSKI,IGOR,37101010021"))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content",  Matchers.startsWith("MIIEjzCCA3egAwIBAgIQZTNeodpzkAxPgpfyQEp1dTANBgkqhk"))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].issuer.commonName",  Matchers.startsWith("TEST of ESTEID-SK 2011"))
diff --git a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/AsiceValidationPassIT.java b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/AsiceValidationPassIT.java
index 95167d76b..60ced81d8 100644
--- a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/AsiceValidationPassIT.java
+++ b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/AsiceValidationPassIT.java
@@ -57,6 +57,7 @@ public void validAsiceSingleSignature() {
                 .body("signatures[0].indication", Matchers.is(TOTAL_PASSED))
                 .body("signatures[0].info.bestSignatureTime", Matchers.is("2016-10-11T09:36:10Z"))
                 .body("validationLevel", Matchers.is(VALIDATION_LEVEL_ARCHIVAL_DATA))
+                .body("signatures[0].signedBy", Matchers.is("NURM,AARE,38211015222"))
                 .body("signatures[0].certificates.size()", Matchers.is(3))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName",  Matchers.is("NURM,AARE,38211015222"))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content",  Matchers.startsWith("MIIE3DCCAsSgAwIBAgIQSsqdjzAQgvpX80krgJy83DANBgkqhk"))
@@ -77,7 +78,7 @@ public void validAsiceSingleSignature() {
      *
      * Requirement: http://open-eid.github.io/SiVa/siva3/appendix/validation_policy/#POLv4
      *
-     * Title: Asice TM with multiple valid signatures
+     * Title: Asice with multiple valid signatures
      *
      * Expected Result: The document should pass the validation
      *
@@ -116,6 +117,9 @@ public void asiceDifferentCertificateCountries() {
                 .then().rootPath(VALIDATION_CONCLUSION_PREFIX)
                 .body("signatureForm", Matchers.is(SIGNATURE_FORM_ASICE))
                 .body("signatures[0].indication", Matchers.is(TOTAL_PASSED))
+                .body("signatures[0].signedBy", Matchers.is("PELANIS,MINDAUGAS,37412260478"))
+                .body("signatures[0].subjectDistinguishedName.commonName",  Matchers.is("MINDAUGAS PELANIS"))
+                .body("signatures[0].subjectDistinguishedName.serialNumber",  Matchers.is("37412260478"))
                 .body("signatures[0].certificates.size()", Matchers.is(3))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName",  Matchers.is("MINDAUGAS PELANIS"))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content",  Matchers.startsWith("MIIGJzCCBQ+gAwIBAgIObV8h37aTlaYAAQAEAckwDQYJKoZIhv"))
@@ -151,6 +155,7 @@ public void asiceBaselineLtProfileValidSignature() {
                 .body("signatures[0].signatureFormat", Matchers.is(SIGNATURE_FORMAT_XADES_LT))
                 .body("signatures[0].indication", Matchers.is(TOTAL_PASSED))
                 .body("signatures[0].info.bestSignatureTime", Matchers.is("2016-05-23T10:06:23Z"))
+                .body("signatures[0].signedBy", Matchers.is("UUKKIVI,KRISTI,48505280278"))
                 .body("signatures[0].certificates.size()", Matchers.is(3))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName",  Matchers.is("UUKKIVI,KRISTI,48505280278"))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content",  Matchers.startsWith("MIIEojCCA4qgAwIBAgIQPKphkF8jscxRrFRhBsxlhjANBgkqhk"))
@@ -186,6 +191,7 @@ public void asiceBaselineLtaProfileValidSignature() {
                 .body("signatures[0].signatureFormat", Matchers.is(SIGNATURE_FORMAT_XADES_LTA))
                 .body("signatures[0].indication", Matchers.is(TOTAL_PASSED))
                 .body("signatures[0].info.bestSignatureTime", Matchers.is("2014-10-30T18:50:35Z"))
+                .body("signatures[0].signedBy", Matchers.is("METSMA,RAUL,38207162766"))
                 .body("signatures[0].certificates.size()", Matchers.is(4))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName",  Matchers.is("METSMA,RAUL,38207162766"))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content",  Matchers.startsWith("MIIEmzCCA4OgAwIBAgIQFQe7NKtE06tRSY1vHfPijjANBgkqhk"))
@@ -250,6 +256,7 @@ public void asiceSk2015CertificateChainValidSignature() {
                 .body("signatures[0].signatureFormat", Matchers.is(SIGNATURE_FORMAT_XADES_LT))
                 .body("signatures[0].signatureLevel", Matchers.is(SIGNATURE_LEVEL_QESIG))
                 .body("signatures[0].indication", Matchers.is(TOTAL_PASSED))
+                .body("signatures[0].signedBy", Matchers.is("LUKIN,LIISA,47710110274"))
                 .body("signatures[0].certificates.size()", Matchers.is(3))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName",  Matchers.is("LUKIN,LIISA,47710110274"))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content",  Matchers.startsWith("MIIFfzCCA2egAwIBAgIQL+hzDhb7R0xWi+03fxcZKDANBgkqhk"))
@@ -284,6 +291,7 @@ public void asiceKlass3Sk2010CertificateChainValidSignature() {
                 .body("signatures[0].signatureFormat", Matchers.is(SIGNATURE_FORMAT_XADES_LT))
                 .body("signatures[0].signatureLevel", Matchers.is(SIGNATURE_LEVEL_QESIG))
                 .body("signatures[0].indication", Matchers.is(TOTAL_PASSED))
+                .body("signatures[0].signedBy", Matchers.is("Wilson OÜ digital stamp"))
                 .body("signatures[0].subjectDistinguishedName.commonName", Matchers.is("Wilson OÜ digital stamp"))
                 .body("signatures[0].subjectDistinguishedName.serialNumber", Matchers.is("12508548"))
                 .body("signatures[0].certificates.size()", Matchers.is(3))
@@ -381,6 +389,7 @@ public void asiceEccSignatureShouldPass() {
                 .body("signatureForm", Matchers.is(SIGNATURE_FORM_ASICE))
                 .body("signatures[0].indication", Matchers.is(TOTAL_PASSED))
                 .body("signatures[0].warnings", Matchers.emptyOrNullString())
+                .body("signatures[0].signedBy", Matchers.is("MÄNNIK,MARI-LIIS,47101010033"))
                 .body("signatures[0].subjectDistinguishedName.commonName", Matchers.is("MÄNNIK,MARI-LIIS,47101010033"))
                 .body("signatures[0].subjectDistinguishedName.serialNumber", Matchers.is("47101010033"))
                 .body("validationLevel", Matchers.is(VALIDATION_LEVEL_ARCHIVAL_DATA))
@@ -410,6 +419,7 @@ public void asicePssSignatureShouldPass() {
                 .body("signatures[0].indication", Matchers.is(TOTAL_PASSED))
                 .body("signatures[0].warnings", Matchers.emptyOrNullString())
                 .body("signatures[0].signatureMethod", Matchers.is("http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1"))
+                .body("signatures[0].signedBy", Matchers.is("ŽÕRINÜWŠKY,MÄRÜ-LÖÖZ,11404176865"))
                 .body("signatures[0].subjectDistinguishedName.commonName", Matchers.is("ŽÕRINÜWŠKY,MÄRÜ-LÖÖZ,11404176865"))
                 .body("signatures[0].subjectDistinguishedName.serialNumber", Matchers.is("11404176865"))
                 .body("validationLevel", Matchers.is(VALIDATION_LEVEL_ARCHIVAL_DATA))
@@ -452,6 +462,46 @@ public void asiceWithEmptyDataFilesShouldPass() {
                 .body("validSignaturesCount", Matchers.is(1));
     }
 
+    /**
+     * TestCaseID: Asice-ValidationPass-15
+     * <p>
+     * TestType: Automated
+     * <p>
+     * Requirement: http://open-eid.github.io/SiVa/siva3/appendix/validation_policy/#common_POLv3_POLv4
+     * <p>
+     * Title: ASICE with new Smart-ID certificate profile without personal number in CommonName
+     * <p>
+     * Expected Result: The document should pass
+     * <p>
+     * File: validSidSignatureWithCertWithoutPnoInCn.asice
+     */
+
+    @Test
+    public void validSignatureSignerCertDoNotHavePersonalNumberInCnShouldPass() {
+        setTestFilesDirectory("bdoc/test/timestamp/");
+        post(validationRequestFor("validSidSignatureWithCertWithoutPnoInCn.asice"))
+                .then().rootPath(VALIDATION_CONCLUSION_PREFIX)
+                .body("signatureForm", Matchers.is(SIGNATURE_FORM_ASICE))
+                .body("signatures[0].signatureFormat", Matchers.is(SIGNATURE_FORMAT_XADES_LT))
+                .body("signatures[0].indication", Matchers.is(TOTAL_PASSED))
+                .body("signatures[0].signedBy", Matchers.is("TESTNUMBER,QUALIFIED OK1,30303039914"))
+                .body("signatures[0].subjectDistinguishedName.commonName",  Matchers.is("TESTNUMBER,QUALIFIED OK1"))
+                .body("signatures[0].subjectDistinguishedName.serialNumber",  Matchers.is("PNOEE-30303039914"))
+                .body("signatures[1].signatureFormat", Matchers.is(SIGNATURE_FORMAT_XADES_LT))
+                .body("signatures[1].indication", Matchers.is(TOTAL_PASSED))
+                .body("signatures[1].signedBy", Matchers.is("TESTNUMBER,BOD,39912319997"))
+                .body("signatures[1].subjectDistinguishedName.commonName",  Matchers.is("TESTNUMBER,BOD"))
+                .body("signatures[1].subjectDistinguishedName.serialNumber",  Matchers.is("PNOEE-39912319997"))
+                .body("signatures[1].certificates.size()", Matchers.is(3))
+                .body("signatures[1].certificates.findAll{it.type == 'SIGNING'}[0].commonName",  Matchers.is("TESTNUMBER,BOD"))
+                .body("signatures[1].certificates.findAll{it.type == 'SIGNING'}[0].content",  Matchers.startsWith("MIIIojCCBoqgAwIBAgIQJ5zu8nauSO5hSFPXGPNAtzANBgkqhk"))
+                .body("signatures[1].certificates.findAll{it.type == 'SIGNATURE_TIMESTAMP'}[0].commonName",  Matchers.is("DEMO SK TIMESTAMPING AUTHORITY 2020"))
+                .body("signatures[1].certificates.findAll{it.type == 'SIGNATURE_TIMESTAMP'}[0].content",  Matchers.startsWith("MIIEgzCCA2ugAwIBAgIQcGzJsYR4QLlft+S73s/WfTANBgkqhk"))
+                .body("signatures[1].certificates.findAll{it.type == 'REVOCATION'}[0].commonName",  Matchers.is("DEMO of EID-SK 2016 AIA OCSP RESPONDER 2018"))
+                .body("signatures[1].certificates.findAll{it.type == 'REVOCATION'}[0].content",  Matchers.startsWith("MIIFQDCCAyigAwIBAgIQSKlAnTgs72Ra5xCvMScb/jANBgkqhk"))
+                .body("signaturesCount", Matchers.is(2))
+                .body("validSignaturesCount", Matchers.is(2));
+    }
 
     @Override
     protected String getTestFilesDirectory() {
diff --git a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/AsicsValidationPassIT.java b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/AsicsValidationPassIT.java
index 708d40682..8289aea4b 100644
--- a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/AsicsValidationPassIT.java
+++ b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/AsicsValidationPassIT.java
@@ -69,6 +69,7 @@ public void validDdocInsideValidAsics() {
                 .body("signatures[0].info.signatureProductionPlace.stateOrProvince", Matchers.is("ei tea"))
                 .body("signatures[0].info.signatureProductionPlace.city", Matchers.is("tõrva"))
                 .body("signatures[0].info.signatureProductionPlace.postalCode", Matchers.is(" "))
+                .body("signatures[0].signedBy", Matchers.is("SOONSEIN,SIMMO,38508134916"))
                 .body("signatures[0].certificates.findAll{it.type == 'REVOCATION'}[0].commonName",  Matchers.is("ESTEID-SK 2007 OCSP RESPONDER"))
                 .body("signatures[0].certificates.findAll{it.type == 'REVOCATION'}[0].content",  Matchers.startsWith("MIIDnDCCAoSgAwIBAgIERZ0acjANBgkqhkiG9w0BAQUFADBbMQ"))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName",  Matchers.is("SOONSEIN,SIMMO,38508134916"))
@@ -108,6 +109,7 @@ public void validDdocInsideValidAsicsScsExtension() {
                 .body("signatures[0].indication", Matchers.is("TOTAL-PASSED"))
                 .body("signatures[0].claimedSigningTime", Matchers.is("2012-10-03T07:46:31Z"))
                 .body("signatures[0].info.bestSignatureTime", Matchers.is("2012-10-03T07:46:51Z"))
+                .body("signatures[0].signedBy", Matchers.is("LUKIN,LIISA,47710110274"))
                 .body("timeStampTokens[0].indication", Matchers.is("TOTAL-PASSED"))
                 .body("timeStampTokens[0].signedBy", Matchers.is("SK TIMESTAMPING AUTHORITY"))
                 .body("timeStampTokens[0].signedTime", Matchers.is("2017-08-10T12:40:40Z"))
@@ -143,6 +145,7 @@ public void validBdocInsideValidAsics() {
                 .body("signatures[0].info.signatureProductionPlace.stateOrProvince", Matchers.is("Harju"))
                 .body("signatures[0].info.signatureProductionPlace.city", Matchers.is("Tallinn"))
                 .body("signatures[0].info.signatureProductionPlace.postalCode", Matchers.is("22333"))
+                .body("signatures[0].signedBy", Matchers.is("NURM,AARE,38211015222"))
                 .body("signatures[0].subjectDistinguishedName.serialNumber", Matchers.is("38211015222"))
                 .body("signatures[0].subjectDistinguishedName.commonName", Matchers.is("NURM,AARE,38211015222"))
                 .body("signatures[1].signatureFormat", Matchers.is("XAdES_BASELINE_LT_TM"))
diff --git a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/BdocValidationFailIT.java b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/BdocValidationFailIT.java
index 2fae050e6..80d5f8315 100644
--- a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/BdocValidationFailIT.java
+++ b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/BdocValidationFailIT.java
@@ -62,6 +62,7 @@ public void bdocInvalidSingleSignature() {
                 .then().rootPath(VALIDATION_CONCLUSION_PREFIX)
                 .body("signatureForm", Matchers.is("ASiC-E"))
                 .body("signatures[0].indication", Matchers.is("TOTAL-FAILED"))
+                .body("signatures[0].signedBy", Matchers.is("MÄNNIK,MARI-LIIS,47101010033"))
                 .body("signatures[0].certificates.size()", Matchers.is(3))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName",  Matchers.is("MÄNNIK,MARI-LIIS,47101010033"))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content",  Matchers.startsWith("MIIFHTCCBAWgAwIBAgIQDq1SanUB71xO+wbqIO72rDANBgkqhk"))
@@ -262,6 +263,7 @@ public void bdocNotTrustedOcspCert() {
                 .body("signatures[0].indication", Matchers.is("TOTAL-FAILED"))
                 .body("signatures[0].subIndication", Matchers.is("FORMAT_FAILURE"))
                 .body("signatures[0].errors.content", Matchers.hasItems("The result of the LTV validation process is not acceptable to continue the process!"))
+                .body("signatures[0].signedBy", Matchers.is("SINIVEE,VEIKO,36706020210"))
                 .body("signatures[0].certificates.size()", Matchers.is(2))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName",  Matchers.is("SINIVEE,VEIKO,36706020210"))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content",  Matchers.startsWith("MIIEPzCCAyegAwIBAgIQH0FobucEcidPGVN0HUUgATANBgkqhk"))
@@ -292,6 +294,7 @@ public void bdocNotTrustedTsaCert() {
                 .body("signatures[0].indication", Matchers.is("TOTAL-FAILED"))
                 .body("signatures[0].info.bestSignatureTime", Matchers.is("2014-05-19T10:45:19Z"))
                 .body("signatures[0].errors.content", Matchers.hasItems("Signature has an invalid timestamp"))
+                .body("signatures[0].signedBy", Matchers.is("ŽAIKOVSKI,IGOR,37101010021"))
                 .body("signatures[0].certificates.size()", Matchers.is(3))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName",  Matchers.is("ŽAIKOVSKI,IGOR,37101010021"))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content",  Matchers.startsWith("MIIEjzCCA3egAwIBAgIQZTNeodpzkAxPgpfyQEp1dTANBgkqhk"))
@@ -424,6 +427,7 @@ public void bdocBaselineBesSignatureLevel() {
                 .body("signatures[0].subjectDistinguishedName.serialNumber", Matchers.notNullValue())
                 .body("signatures[0].subjectDistinguishedName.commonName", Matchers.notNullValue())
                 .body("signatures[0].errors.content", Matchers.hasItems("The result of the LTV validation process is not acceptable to continue the process!"))
+                .body("signatures[0].signedBy", Matchers.is("UUKKIVI,KRISTI,48505280278"))
                 .body("signatures[0].certificates.size()", Matchers.is(1))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName",  Matchers.is("UUKKIVI,KRISTI,48505280278"))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content",  Matchers.startsWith("MIIEojCCA4qgAwIBAgIQPKphkF8jscxRrFRhBsxlhjANBgkqhk"))
@@ -453,6 +457,7 @@ public void bdocBaselineEpesSignatureLevel() {
                 .body("signatures[0].signatureFormat", Matchers.is("XAdES_BASELINE_B_EPES"))
                 .body("signatures[0].indication", Matchers.is("TOTAL-FAILED"))
                 .body("signatures[0].errors.content", Matchers.hasItems("The result of the LTV validation process is not acceptable to continue the process!"))
+                .body("signatures[0].signedBy", Matchers.is("MÄNNIK,MARI-LIIS,47101010033"))
                 .body("signatures[0].certificates.size()", Matchers.is(1))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName",  Matchers.is("MÄNNIK,MARI-LIIS,47101010033"))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content",  Matchers.startsWith("MIIE/TCCA+WgAwIBAgIQJw9uhQnKff9RdnVKwzk1OzANBgkqhk"))
@@ -482,6 +487,7 @@ public void bdocSignersCertNotTrusted() {
                 .body("signatures[0].info.bestSignatureTime", Matchers.is("2013-10-11T08:15:47Z"))
                 .body("signatures[0].errors[0].content", Matchers.is("Unable to build a certificate chain until a trusted list!"))
                 .body("signatures[0].errors[1].content", Matchers.is("The result of the LTV validation process is not acceptable to continue the process!"))
+                .body("signatures[0].signedBy", Matchers.is("signer1"))
                 .body("signatures[0].certificates.size()", Matchers.is(2))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName",  Matchers.is("signer1"))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content",  Matchers.startsWith("MIICHDCCAYWgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAqMQswCQ"))
@@ -709,7 +715,6 @@ public void bdocCertificateValidityOutOfOcspRange() {
                 .then().rootPath(VALIDATION_CONCLUSION_PREFIX)
                 .body("signatureForm", Matchers.is("ASiC-E"))
                 .body("signatures[0].indication", Matchers.is("INDETERMINATE"))
-
                 .body("signatures[0].errors.content", Matchers.hasItem("Signature has been created with expired certificate"))
                 .body("validSignaturesCount", Matchers.is(0));
     }
diff --git a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/BdocValidationPassIT.java b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/BdocValidationPassIT.java
index d3eb5df35..7ee8e7f8c 100644
--- a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/BdocValidationPassIT.java
+++ b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/BdocValidationPassIT.java
@@ -56,6 +56,7 @@ public void validSignature() {
                 .body("signatureForm", Matchers.is(SIGNATURE_FORM_ASICE))
                 .body("signatures[0].signatureFormat", Matchers.is(SIGNATURE_FORMAT_XADES_LT_TM))
                 .body("signatures[0].indication", Matchers.is(TOTAL_PASSED))
+                .body("signatures[0].signedBy", Matchers.is("NURM,AARE,38211015222"))
                 .body("signatures[0].certificates.size()", Matchers.is(2))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName",  Matchers.is("NURM,AARE,38211015222"))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content",  Matchers.startsWith("MIIEmDCCA4CgAwIBAgIQP0r+1SmYLpVSgfYqBWYcBzANBgkqhk"))
@@ -138,6 +139,9 @@ public void bdocDifferentCertificateCountries() {
                 .then().rootPath(VALIDATION_CONCLUSION_PREFIX)
                 .body("signatureForm", Matchers.is("ASiC-E"))
                 .body("signatures[0].indication", Matchers.is("TOTAL-PASSED"))
+                .body("signatures[0].signedBy", Matchers.is("PELANIS,MINDAUGAS,37412260478"))
+                .body("signatures[0].subjectDistinguishedName.commonName",  Matchers.is("MINDAUGAS PELANIS"))
+                .body("signatures[0].subjectDistinguishedName.serialNumber",  Matchers.is("37412260478"))
                 .body("signatures[0].certificates.size()", Matchers.is(3))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName",  Matchers.is("MINDAUGAS PELANIS"))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content",  Matchers.startsWith("MIIGJzCCBQ+gAwIBAgIObV8h37aTlaYAAQAEAckwDQYJKoZIhv"))
@@ -244,6 +248,7 @@ public void bdocBaselineLtaProfileValidSignature() {
                 .body("signatures[0].signatureFormat", Matchers.is("XAdES_BASELINE_LTA"))
                 .body("signatures[0].indication", Matchers.is("TOTAL-PASSED"))
                 .body("signatures[0].info.bestSignatureTime", Matchers.is("2014-10-30T18:50:35Z"))
+                .body("signatures[0].signedBy", Matchers.is("METSMA,RAUL,38207162766"))
                 .body("signatures[0].certificates.size()", Matchers.is(3))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName",  Matchers.is("METSMA,RAUL,38207162766"))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content",  Matchers.startsWith("MIIEmzCCA4OgAwIBAgIQFQe7NKtE06tRSY1vHfPijjANBgkqhk"))
@@ -325,6 +330,7 @@ public void bdocKlass3Sk2010CertificateChainValidSignature() {
                 .body("signatures[0].signatureFormat", Matchers.is("XAdES_BASELINE_LT"))
                 .body("signatures[0].signatureLevel", Matchers.is("QESIG"))
                 .body("signatures[0].indication", Matchers.is("TOTAL-PASSED"))
+                .body("signatures[0].signedBy", Matchers.is("Wilson OÜ digital stamp"))
                 .body("validSignaturesCount", Matchers.is(1));
     }
 
@@ -483,6 +489,7 @@ public void bdocWithEccTimeMarkShouldPass() {
                 .body("signatures[0].signatureFormat", Matchers.is("XAdES_BASELINE_LT_TM"))
                 .body("signatures[0].signatureLevel", Matchers.is("QESIG"))
                 .body("signatures[0].indication", Matchers.is("TOTAL-PASSED"))
+                .body("signatures[0].signedBy", Matchers.is("MÄNNIK,MARI-LIIS,47101010033"))
                 .body("signatures[0].subjectDistinguishedName.serialNumber", Matchers.is("47101010033"))
                 .body("signatures[0].subjectDistinguishedName.commonName", Matchers.is("MÄNNIK,MARI-LIIS,47101010033"))
                 .body("validSignaturesCount", Matchers.is(1))
@@ -581,13 +588,14 @@ public void bdocMalformedBdocWithInvalidMimetypeInManifestShouldPass() {
      */
 
     @Test
-    public void validSignatureTestOfOCSPResponder2020ForTimeMarkShoulPass() {
+    public void validSignatureTestOfOCSPResponder2020ForTimeMarkShouldPass() {
         setTestFilesDirectory("bdoc/test/timemark/");
         post(validationRequestFor("test_of_OCSP_responder_2020.bdoc"))
                 .then().rootPath(VALIDATION_CONCLUSION_PREFIX)
                 .body("signatureForm", Matchers.is(SIGNATURE_FORM_ASICE))
                 .body("signatures[0].signatureFormat", Matchers.is(SIGNATURE_FORMAT_XADES_LT_TM))
                 .body("signatures[0].indication", Matchers.is(TOTAL_PASSED))
+                .body("signatures[0].signedBy", Matchers.is("ŽAIKOVSKI,IGOR,37101010021"))
                 .body("signatures[0].certificates.size()", Matchers.is(2))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName",  Matchers.is("ŽAIKOVSKI,IGOR,37101010021"))
                 .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content",  Matchers.startsWith("MIIFvjCCA6agAwIBAgIQN7pWa1fk0oJaAwZD/BO7MjANBgkqhk"))
diff --git a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/DdocValidationFailIT.java b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/DdocValidationFailIT.java
index 5047da3b2..f8b5a17fc 100644
--- a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/DdocValidationFailIT.java
+++ b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/DdocValidationFailIT.java
@@ -269,6 +269,9 @@ public void ddocSignersCertNotTrusted() {
                 .body("signatures[1].errors.content", Matchers.hasItems("Signers cert not trusted, missing CA cert!", "Signing certificate issuer information does not match"))
                 .body("signatures[1].errors.size()", Matchers.is(3))
                 .body("signatures[1].indication", Matchers.is(TOTAL_FAILED))
+                .body("signatures[1].signedBy", Matchers.is("Ramlot,Guy Marc,65030202936"))
+                .body("signatures[1].subjectDistinguishedName.commonName",  Matchers.is("Guy Ramlot (Signature)"))
+                .body("signatures[1].subjectDistinguishedName.serialNumber",  Matchers.is("65030202936"))
                 .body("signatures[1].certificates.findAll{it.type == 'SIGNING'}[0].commonName",  Matchers.is("Guy Ramlot (Signature)"))
                 .body("signatures[1].certificates.findAll{it.type == 'SIGNING'}[0].content",  Matchers.startsWith("MIID5DCCAsygAwIBAgIQEAAAAAAA6b6vobxT/DKUOzANBgkqhk"))
                 .body("validSignaturesCount", Matchers.is(1))
diff --git a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/DdocValidationPassIT.java b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/DdocValidationPassIT.java
index c7b2f309b..5aace2dfc 100644
--- a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/DdocValidationPassIT.java
+++ b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/DdocValidationPassIT.java
@@ -185,6 +185,7 @@ public void ddocKlass3SkCertificateChainValidSignature() {
                 .body("signatureForm", Matchers.is(SIGNATURE_FORM_DDOC_13))
                 .body("signatures[0].signatureFormat", Matchers.is(SIGNATURE_FORMAT_DIGIDOC_XML_13))
                 .body("signatures[0].indication", Matchers.is(TOTAL_PASSED))
+                .body("signatures[0].signedBy", Matchers.is("SK: dokumendi kinnitus"))
                 .body("signatures[0].certificates.findAll{it.type == 'REVOCATION'}[0].commonName",  Matchers.is("KLASS3-SK OCSP RESPONDER"))
                 .body("signaturesCount", Matchers.is(1))
                 .body("validSignaturesCount", Matchers.is(1));
@@ -210,6 +211,7 @@ public void ddocKlass3Sk2010CertificateChainValidSignature() {
                 .body("signatureForm", Matchers.is(SIGNATURE_FORM_DDOC_13))
                 .body("signatures[0].signatureFormat", Matchers.is(SIGNATURE_FORMAT_DIGIDOC_XML_13))
                 .body("signatures[0].indication", Matchers.is(TOTAL_PASSED))
+                .body("signatures[0].signedBy", Matchers.is("Sertifitseerimiskeskus AS Klienditoe osakond"))
                 .body("signatures[0].certificates.findAll{it.type == 'REVOCATION'}[0].commonName",  Matchers.is("KLASS3-SK 2010 OCSP RESPONDER"))
                 .body("signaturesCount", Matchers.is(1))
                 .body("validSignaturesCount", Matchers.is(1));
@@ -237,6 +239,7 @@ public void ddocEsteidSk2007CertificateChainValidSignature() {
                 .body("signatures[0].indication", Matchers.is(TOTAL_PASSED))
                 .body("signatures[0].warnings[0].content", Matchers.is("Old and unsupported format: DIGIDOC-XML version: 1.1"))
                 .body("signatures[0].warnings.size()", Matchers.is(1))
+                .body("signatures[0].signedBy", Matchers.is("SOONSEIN,SIMMO,38508134916"))
                 .body("signatures[0].certificates.findAll{it.type == 'REVOCATION'}[0].commonName",  Matchers.is("ESTEID-SK 2007 OCSP RESPONDER"))
                 .body("signaturesCount", Matchers.is(1))
                 .body("validSignaturesCount", Matchers.is(1));
@@ -249,7 +252,7 @@ public void ddocEsteidSk2007CertificateChainValidSignature() {
      *
      * Requirement: http://open-eid.github.io/SiVa/siva3/appendix/validation_policy/#POLv4
      *
-     * Title: Ddoc v1.1 ESTEID-SK 2007 certificate chain with valid signature
+     * Title: Ddoc v1.1 ESTEID-SK 2015 certificate chain with valid signature
      *
      * Expected Result: The document should pass the validation
      *
@@ -262,6 +265,7 @@ public void ddocEsteidSk2015CertificateChainValidSignature() {
                 .body("signatureForm", Matchers.is(SIGNATURE_FORM_DDOC_13))
                 .body("signatures[0].signatureFormat", Matchers.is(SIGNATURE_FORMAT_DIGIDOC_XML_13))
                 .body("signatures[0].indication", Matchers.is(TOTAL_PASSED))
+                .body("signatures[0].signedBy", Matchers.is("LUKIN,LIISA,47710110274"))
                 .body("signatures[0].certificates.findAll{it.type == 'REVOCATION'}[0].commonName",  Matchers.is("SK OCSP RESPONDER 2011"))
                 .body("signaturesCount", Matchers.is(1))
                 .body("validSignaturesCount", Matchers.is(1));
@@ -369,6 +373,7 @@ public void ddocEsteidSk2011Ocsp2011CertificateChainValidSignature() {
                 .body("signatures[0].warnings[0].content", Matchers.is("X509IssuerName has none or invalid namespace: null"))
                 .body("signatures[0].warnings[1].content", Matchers.is("X509SerialNumber has none or invalid namespace: null"))
                 .body("signatures[0].warnings.size()", Matchers.is(2))
+                .body("signatures[0].signedBy", Matchers.is("PELANIS,MINDAUGAS,37412260478"))
                 .body("signatures[0].certificates.findAll{it.type == 'REVOCATION'}[0].commonName",  Matchers.is("SK OCSP RESPONDER 2011"))
                 .body("signaturesCount", Matchers.is(1))
                 .body("validSignaturesCount", Matchers.is(1));
diff --git a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/PdfValidationPassIT.java b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/PdfValidationPassIT.java
index 191f635c6..f54613eca 100644
--- a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/PdfValidationPassIT.java
+++ b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/PdfValidationPassIT.java
@@ -57,6 +57,7 @@ public void validSignaturesRemainValidAfterSigningCertificateExpires() {
                 .body("signatures[0].signatureFormat", Matchers.is("PAdES_BASELINE_LT"))
                 .body("signatures[0].signatureLevel", Matchers.is("QESIG"))
                 .body("signatures[0].indication", Matchers.is("TOTAL-PASSED"))
+                .body("signatures[0].signedBy", Matchers.is("Veiko Sinivee"))
                 .body("validSignaturesCount", Matchers.is(1))
                 .body("signaturesCount", Matchers.is(1));
 
@@ -111,6 +112,7 @@ public void validSignature() {
                 .body("signatures[0].signatureLevel", Matchers.is("QESIG"))
                 .body("signatures[0].indication", Matchers.is("TOTAL-PASSED"))
                 .body("signatures[0].warnings", Matchers.emptyOrNullString())
+                .body("signatures[0].signedBy", Matchers.is("NURM,AARE,38211015222"))
                 .body("signatures[0].subjectDistinguishedName.serialNumber", Matchers.notNullValue())
                 .body("signatures[0].subjectDistinguishedName.commonName", Matchers.notNullValue())
                 .body("validSignaturesCount", Matchers.is(1))
diff --git a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/XadesHashcodeValidationFailIT.java b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/XadesHashcodeValidationFailIT.java
index 292ea181f..fc6e494c7 100644
--- a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/XadesHashcodeValidationFailIT.java
+++ b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/XadesHashcodeValidationFailIT.java
@@ -56,6 +56,7 @@ public void dataFileHashAlgorithmDoesNotMatchWithSignatureDataFileHashAlgorithm(
                 .body("signatures[0].subIndication", Matchers.is("SIGNED_DATA_NOT_FOUND"))
                 .body("signatures[0].errors.content", Matchers.hasItems("The result of the LTV validation process is not acceptable to continue the process!"))
                 .body("signatures[0].info.bestSignatureTime", Matchers.is("2019-02-05T13:36:23Z"))
+                .body("signatures[0].signedBy", Matchers.is("MÄNNIK,MARI-LIIS,47101010033"))
                 .body("signatures[0].subjectDistinguishedName.serialNumber", Matchers.is("47101010033"))
                 .body("signatures[0].subjectDistinguishedName.commonName", Matchers.is("MÄNNIK,MARI-LIIS,47101010033"))
                 .body("validationLevel", Matchers.is("ARCHIVAL_DATA"))
diff --git a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/XadesHashcodeValidationPassIT.java b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/XadesHashcodeValidationPassIT.java
index 9d9d0015e..194641085 100644
--- a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/XadesHashcodeValidationPassIT.java
+++ b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/XadesHashcodeValidationPassIT.java
@@ -57,6 +57,7 @@ public void validXadesWithHashcodeFromAsice() throws IOException, SAXException,
                 .then().rootPath(VALIDATION_CONCLUSION_PREFIX)
                 .body("signatures[0].signatureFormat", Matchers.is("XAdES_BASELINE_LT"))
                 .body("signatures[0].indication", Matchers.is("TOTAL-PASSED"))
+                .body("signatures[0].signedBy", Matchers.is("MÄNNIK,MARI-LIIS,47101010033"))
                 .body("signatures[0].subjectDistinguishedName.serialNumber", Matchers.is("47101010033"))
                 .body("signatures[0].subjectDistinguishedName.commonName", Matchers.is("MÄNNIK,MARI-LIIS,47101010033"))
                 .body("validationLevel", Matchers.is("ARCHIVAL_DATA"))
diff --git a/siva-parent/siva-test/src/test/resources/bdoc/test/timestamp/validSidSignatureWithCertWithoutPnoInCn.asice b/siva-parent/siva-test/src/test/resources/bdoc/test/timestamp/validSidSignatureWithCertWithoutPnoInCn.asice
new file mode 100644
index 0000000000000000000000000000000000000000..d2444b150eb34fba37eda848cddb37b6b34220c2
GIT binary patch
literal 21549
zcmbT+Q*b6<)G+$knK%>Mwv#7z@+1@6w(W^+ClgF;+qP}n<~RTMJN4e3b8)(ASMA=t
zdsVG<)vNbUK?WQG4g>@S1mu#xNI8P|Rg4e>1mwT*ZwbW4!p6ke!`{Te-rm~6$iUgc
z&X&>D)|kP>*~x;zz{$dh-h|fE!d~HD5Ofe27?}SF^6$O>y)gdG<iwPP=%wVv8Ep(~
zElf?EoEhA0tfLi#e)KURypJW(p22Y{E4JK%xeG2rhAk8=X5{srpZ;J%7T&|uin%nd
z$2BsqTKOq$ZLr9YC-hWGDxk$h@MMYDeo4VogoepHomXn5tvk~<Q!iDez<fc1NxD@S
zwLuOLHD=EBWQFWp&7t~JR`<0uv4I>oCeMJ$HsL%Fla-()4$p8bxFvO2RlU(j6}+a|
zN2|R-9rOhdrm5m=W*LiR>Q!|95#xThsK>Y}0HPoR4RZsK0oMFWNEQ_2-~Inv%JBbo
zIRDGi!q$wz+1;5|dO~J&nqI1s3iN-1>_d1MBK+I(ujv0DL9qTk{olGdS(w=xIJ-ES
zI5GWKx=Zinx_$AK%WA4Z3EA)(vYFXAhz{Zo@*79+oZsXfuW#@<N?nBnj~l*et+N=0
z;i43A>AY@Nol9e)pPzu`wl@p;_uW~J?oWhIxUUbTwE>$u^Sf<dSL-YAuX|uW7KfC2
zquks2wA}l>-`Cf(z59S)dpxX_Mr;S{a49e}H-?hEe_L0q`_r3n_;_2sxYX|>Bc^|U
zxoH|mBrEu05#k%{7wr4``rJ*~zb&x+d3$91;(cC6*Ud1p9?b+3NEye4?~<?^|9y84
zG`w4%jy>q-4l1Av7v>TbW{T;hnn1;io@W&|hD|ci!;wO(9bIeAbzW(hB>ho7Ob|0%
zlI+~kJPI^UZvHgtSoWI(KY<9SCh(SAei1>)n`8v!cH#Hy`67q;;*5p1UC!&h5q~gk
zh#&+41m<Mx8vsSbKDg%JyNn2r;1Bn}80xR5`?MeX%pTn_=Pv@@NAZNIU!zm_(cgD+
zsav^wA&W_0KiaT!awz<+?yr8cRz_qC*&6{DG1oh2bt0X}$KEAzQ%kwlA;If9xSP?k
ziX@NUr#lLE$E{Q9m!jH`jYbhKZu>WV-``K$L$(;aIfmSdYMag8C}W^di0;PU8_s>+
zW#4b(e-K{YkK<6B-l)mG*$T8HWfEJxd%ip!`^_830|f5$079?{&@}w5q>KW&yREJ_
znISDE>LQ530g?KW55by63cRcA=a*dm`pA1uRqchCoplq4D(!g?H->PX%7#^cJ4D~^
zeo~w~>^r`9@NHeWJDt2fURF<n=xG$t1K85>GR4OlidE%!+z*e3RVL<2sczx@u4a>b
z<uP-wT{dz!RB%Es1DuulRUz?sJo!a5Mku%F)+{ZKr}4MruvM$V41TQ#gQLUd--mm9
zj(uK9dyfa<LeOfnm6n+PG$l@GK|gEGVoapd#fBw;*DvH-tYV16C(4oy&OYB?SY%+A
zF>7kFJIGoH*02zh;4kKnWKc1u*D*FH^@`*`xm_%uZ2G-;h9AB&jn_(bhzK_u*_qYu
zg^joqEyMYfqG$ZC*+f-w$p&E`%k8xNqT2x63r>s+cD~S)2aOrC!<8-EP6>?*-e$45
zy;sRNKb(2E3QU91ygamlkG1u0>#X-*?l?<C`C59SzP!mr$L90kKh^$h7s|XL6bI`N
zT`g#;1LvgYH;8f4xC4TsK+qkImh}9q?2{pqV33mJ-GYV=uAD2AKIz_k<|&rbh(Yls
zC#`jc>8kCUbYON0i<e+cgDQn)qH_5X8`9pWvn8Qy(u?p&AmKM3BS2PaTEPOvlvg59
zf5Vev>bgZ*1jaM(E@iqeoS|@@@sDM*&PTI%sGKXtAu~WA!w!a__*V*)tB@BY4X52u
zEDeLIoP`kCS44{R_H1#HEfZ(9<m}2JQt4-E1hf4mZ(vwf3LQ2D*@!Ukm{XFRzQt>l
z%ik5qi8TY?MQBE@bibAJv#g@jnj7~&cwxzMtcOPa_O!bO9g#mv_l4sMzU6F-&G@m3
z1sOvOUCvcP?$Jqa?|btu)U8n@Lp6~BK7_rl=_#GlmdCmZ3&E8p7sz}5_y<=^dcbUx
zgvQbN%5_tB9tJgA4&zk4@7%*lIhVB#ej$GRliBe=sl2nLD?b_o!8ESIv3!GynJ`iL
zs*T~uHhb7JRh&ymH5lX4M(CAn7W-tV!Cextd>OC#=}{}vN@r&26=DMx<~E$iA&JJu
zK*=d8-w{VeZYIq{CB2*3|NaQlLe{4ZWfh!T!c<6`5S-Ua&)38X;l<0+Imvi7!719u
zL~2xi?9TdAcw~8I!Ij;Uq|QnmQ=m4NbSxG54pXJ-^ohG~gDFnGkNM*x$QSbCLh{z=
zt(_!-M16*B(T%$`3_U$kT$pgWy{E!ICUzx8E~8uKO}<Q7m%!?}7Y$xAeyArNVUcF2
zW+r61C8W1Lav+`KUBNtok~sA5Jvoy$xtqS5%uCr1yCVYkD@@NB){x<|7s1=9E%Y&u
z@@w2kQ?()!o~e=*vV4}?{FN~pCS%FNGMV^@K4FSuL2-g!Ut1mw+V(O!mOaI3z29CH
zG{G$;9IdoXwI#gmUb$752T!k>LQ2V#A#lmv&rTY$iIouJ?9`b>*5gua{p>o$&Z=ER
zpU+MBnJ(0mP&)EW$zrRq99WR^)|kq&e!C-_xXuW$_?(UrhY$&;SgnXZ$_;7Y-)%`#
zh;w63%VKm|%M{yE3~M86I+B?YT)vBBkGPiYRY&P)rwXYz*H)9aq)s~lU2-W5ZWDy0
zYunR^<MD;!iSW{0V;1|K-o*reNod#@%;1WUiQ4nE1@zsE<B)DTL~x^bXoF^+FR;%S
z-mt39s?P930DC`B`gCL<hDXuV;Q!3`M=NZ=*0?({Uqn4MnXpD|#u2!iWaCq;5A1_S
z@kfX7nRIE7{}x*>KpdjeGWWrDfUn#&Q_WWSTU<5~6Aj7Z1^Oz8VSQ&M1VAa1)~={}
zoaE=rYcg~SM?LdE(aDx6&xNv3Y2&(0Kq;T9vbz60qeUZ2{UzN*_alY+*x$A#g8vl{
z;SxRd0OcLL%7}q;fZ6PDqs(8~KmGTg9!TWZ$9%OKLMG+@EwW`c?s{$=2ZUK95bF!v
zo0hn%w6VzSacJRU>%gc+byM;0oTq2i_C;GimE~}3k<=V5srJc{^eYcMy(-V{H`M}U
ztuS_Z_VZ+rO+?}TRj4ksp+lxlen4fr=M|CnAjz!Wq_G>{XBE7g6UBp->k?gStTkvC
zp!&`n<Z@0o2Lzpyp>s;m=RTk&lk70c^^h72pVFUp^_c892Mr8%WN=AfXeP#<IW)pX
zd%Vn*!7RNK3j^O$ShyT#c^lU>Jxo(1R|tMMx_M>I8KrQOCFqk$bonZilrcl>Pm%2_
zIm~9WN4lv>mAO9`6uXG}%=~`VAe)<5qIv%H1tRPkv>QsGDPm3ga_+f=Hw*nxPHdDt
z`=!!#c;dofai(|YV@-igpQ$TzjfkdC8~<*-8bBpmFUk~K+8DZMfKK{xWC<lp$W6T4
zwg>I#`ngi-;@qTN^f`lj@sMWgRSPCZl1b{b*Y#*4^6dqdcrxu>g>N{6$M6Y<UD9@p
z<<|>ONbZU)Ml1p*pk>!~@}sSYFMoMZ-MzTM@~IG0y+^_M0hLt83H+(mcVS*GzUg9C
zXO~K9s+!3io1_AD)(1O;$na0yZoVOM8;U*V0f*%<O${*OqhgE{n$?J+k87wzP(mN3
zag{S}y{e2isZ2@NIJY_&x>`P<L1(HsQHNLoLGvwrf!t=^l9xxP@zJwrxGS<!U``PI
z;p$Piq=S`i<BS0Lhu;g5cgHHh{Q^BSzz{?xVHf4+nB%BZxYEcS#y6@fvw1MtPYS?Z
z9PC*kaaIgbUz~>^4c?2Y1eqLgH)>G(<J{$zIs%=|KvA}ih&ediBZI(w&YtURgm}Zq
z8m(7*uQS_3^ipJcgVa4Z29HT1ngx>6><6E7jFnqB@?-kVK#C@W)9=aGMM_KN5$KwP
zLSh2-k4hkp*ehMJP|q(CO_pObKM|%iuneCfkkLgNu>(q)X)hWx?y)dx$J&x7m?Jr%
z2xvBADHPtfVTP>TNV`u?ya3&S<w96=sqvppg_4;K-3yO^WDC=&I|-?ezY`i+fh;X|
zuiMyWD81?)2Ytu4-#Sl$+`fVe2)z68^Wxu1RSyeZeeLZXG!3VJ;N{*vhP!Iug1e_j
z4PW3e5;h(?vM4d3PHOyyBJq?t1>1ujI&_7^)VnfpQ}Q7k!{P2;lPfXjo)Z<AdegXv
zK%IcwePcaArmc!zt**4#uDQL#cvjvffZ&e1GB;?n0KReD+E83oNKDYd51#iNW@s07
z2u>4Mjb&GE!yhz(^>{|kJ<LjQjw*x_yqpeqD6q;{cbh*E_e*Cis8@||b!^!#5_V+a
zy$?5=Kgw4R%jS^nFx@m=R}ZDTUL!<jhkba{z1hXX8#EFrZ&m6?W1s8SXOHsjFZ-~%
zoNd5w1%}UdNm)$dWOE4B!zM{)2pUCI#0w>NJf0#MR-gRYsB!c(S`RHr2o>I@8spN#
zHL~4#!}m;K{-|vh<=_!iESpzqr~FIUy-svv^~z$2j)HPJ6E(e8jIF)hQ_xV^A>)o<
zQxgXHd@JV+UxOSw11|UorM4>@fm5nVr?ZU0J@sZiYt3x);Y6^8jzPj_o+nwnzuA$#
zkL;B!jy-)=Ce;cbZipNb%o9HeRnE~Sb>ql<h(X=gQ=s-wlWD&7m?#0IZL9lU0k3|~
zp|IOy--PM|o|_E6*S@U2&6IpW!6<XB{QBonBOb;u^+8n&uo7H56BX8AMXU>7wxIYp
z9>nIFK_6PaO9L@_UYDBT%9y*|^_(p9{teUQ)(PjKc4^|Lo8*EG#Yw$aVv8h)!-`ru
zX?*T<;!9GqePv9Et6Y8jp?L+V^@cynAv!l79gp;8g-H##F;@JsZty{a7&S3S*qtKa
znSd}jOcrK-qiGTb-mqz;@dmtM(PwB2+~=09)LkF61uck$>#7qooi}X2htGso39s<4
z#ZM5GKe&H53RFf@B^ZdH*;E<dVe(1p2c-eL@xF#p{&%O@zPgRCr}RU0g0W@ns7m6G
z+OgbH^$f{7JM5=;c(IFl0>EnPg+;9zF=EkC(J+Oki9c7yvaaE6uF+z$L&wV-o6)V%
zYc=xsy^`-#eC5Z9xGF!Xb*)dLVZ4#90D9h`-^JHq0hkyTeE&Ky&cS25A#~MPYcICf
zpK>P!7cZ*2gyvF=v#75aUx&xJ7dKclFYD9YAMBqeorl-SC7dV+x$${jz7u9F4~HIl
zYFr^^fU^fTtlzsxL{Ff6>qKvy4|kl%a9_S}wOh^2zD66*3Cn-0ySv8$-_v~<QQ6;u
zEtbgLyc_x(<lraM6VdR_A?MY=z+YDlV;;KeuhJAO@N-}BSdT`G+tp$HOn*C*pJHp?
zCQ!E-%R;+9<;%NQD@?u@OaZkd_q}aj5J5AqfE~SBy;;5Ral3AR=Cpk35JRT7H(DVg
z2vG(YPw$?6-aEoIyTZrBN83&Z$=H;$VTB?QZp3e)@1eR}{>O4vfXhLr-kGw5#W(No
zJeUBqk=yNCL=q-234MrRMv1}k*T5Vh7;u!m`}?le*F?xJ{Oi;6aK6u1@7ym~PMO5z
z1TQ^(z|zaFp++D47(nOu3mrPa`Ehl`S}s8;-qhPKZ$H9$7e4;-n_2I(o8x@o&n~;K
z_PkGrX`o++DxmS2t=~`aPEY-!@}%*gg1I8sj<}~u;I|@r@GSS2f05!FXfW!7h@{{s
zG*&l}L4-Kd4-&xlc{BZ1`yhwI3trJ#+ULP~POV?774)~j%iHn`Ns*Q!dU$q`g-)K7
zh(<c6&EK(W6M4vxzJ%7kcmz4nNJhWbYBtIKu~?JwBa5zsQm2jaJ7wEANWAWv^RhT1
zpck86ytWuY+E<S^nb`c5McV@qHQScCPB|z<qkQ+6Gf&JLwm`L+WTV|UEz4m_Y<4Ci
zWAraMr(o_X(!_IBaSxo4|Cv0At`I?o|6k2`vs@A&HCWde!m7`lndr=cHS{#T{fJJ}
zFFntYUBQq;{lF2&s_`wC;tITJ5~L3ozU?Tzw2vP5qika4$-}~*Lt04kx0ZJN_8Iwc
zmz3Ed4&2GVCJc7BACqWBq?#HP6Qq=$)K+*owGW{y4{CV502lJ%W4(S0UF3RCKP^=M
zgwXG;CjG5lC#R*{%NId>k!Z0WwO0Ka$y7i4>N}dE!8HEbk}tpcVHTOCIT-!Qcf*L)
zZ;P?Kh_$sKz$Gv$$2}x2pL;>>Q((s3dW-l47`pqD*3;k9;_6sTarC<gtKSr9<NCf~
z@iqmEII35=@KlBwAb_}wUr&qfX>{?^)C{SEwu-R!>Kx}`vyps#RVZ)UMwUUwpsvc&
zZehGC=1@@LTXxJ9NhI~wKyA5Jy{}H2)qQ^R2j28$;X4OGj!GJ;Q`X(z_}a)e+^{}8
z8+@j)sqLe4dyGW~LDxe!mKWptemUd#%9VawC$bj(6BMNm#iaUg{d1$OmEp`>KWyH|
zJ10~OYExppL$x{#y$2O;>O(jh9SR!v02`mCq<jI(Fkeh5x<k}s?u|(>K7RbJBU1AM
z`1MFap^jP4Zs^qV!bVJ7dOUj(Os=_LK`Pt4DHfm7@*mv>{wCa_7|EL`kbzESIG6hi
zYK>(^SW^%pnR*$*dm|?Io>+7#l$?@_+Nm9iX>v~;frqYrZcY|Y0%DR=AX0C}vRO>o
ze@j+h;<U${EJ|p2@2wC65p)CVwV9Ln?4!lKyxmhNg|c6wEjueoBkN=(s<iw=5Io%a
z`vQLFQS5*m2iUGoYCzRz@Sfw*ZN%}ng%(#~g{L$sg01y$p2tMihD4yziM9RWQmZWV
z*Dd7La%NbCE_tTPWc}+gKoLRqN-~{7K0OAQK_Iz1%w%Ms#CLMijB0*-4-TTq7w)uz
zleKk6H!)#x;JJ=pvMorWbI|6#)bByRXL4ildJWU3rkjq_mDh-qb{(DXi)N3$mi04$
zp2m0)3kE{UVZ8pd^{h~P`g0y?m-u|$QuQ8uo}qHEtAv20w8IT;R(Un-`7*bhU3g9Y
zgfR?^Gw%OFoo3ewgteX99q*kFZRO1E3b4drKf-MJjnNC?{!w(WR<Q@IIuLzJ$@g$$
zSLIpfJXK8w53&*twV*oNXV$i|j|fW>--t(fL_o>85Oh#P{%eK9WXS#^T{^iu{RpDI
zRoWB>=935l%TNwF>gr<d*JNVqo$E1isI}K09N-<pJanG+##4nWU3}zE+R~0<5*-IT
zybBhjWi}kKcVTISUdTd1<$}@#+Q4Y>gIJM2V(FXnPw~-0$h@XYznQpU?ET7c)K*h)
z*CFOSX)zHhs_6pOCk2pGjLC@jQ0hY?5{QLEJPt!_%R$1$47@D%C8-J{;nnU}ryLb=
zh}{KNw1U;qbO6vNWX2CEE@IKp(N}^iN=JEX(QTp$cA3NcB_=yQ6-l{;Gsb3-ybjuR
zX1AUPAm@K$*BPtq=9Mj!2D<eDMvCSSN^~|`-ho9&J3{y#(Qmz!qE7`t^@U6zUU%$A
z3gZT6T3%sGho*1~3E=GvFrm?f6;^o6gig(pBy{XCl?k`#o5}c8kmvo<VJ4VKCdO?1
z@hAXh!$n)~yQTDs10J=#P#>*gJn{hjQHy75;*DFLPO3^v_a&!C6;eQ*vV>i!W~e}&
zJwwrN$X5{2ML^cJZ}2cySDYwNo4or>FCEgFKijWf(u~2*keC$C5$EKucQ+o)SIN_g
zU`9IXudgE7`)Zrj&~d-uxl?|acK;fNJ8yWvq(H8bWq^6Ol=srYa+5A$a89=mA4&6>
zqD?Rk`)j|Cr$%juv2{9i_3Jyd+Z)4af%K?GVuF}e7<+Qv&=b2#sU)e5F5^`Mky3{B
zLQU-0*q_m5Nn-?ezIaOmhM;15>yJ|r4KA!=wtXQ$a{gx0w}#|IVNLs2wpaITPSO;G
zu4D9i=Gq{G9Y1RG9Lx=6{nhI07{^@ef*VkFFlj$zD7-W$8R@Mys9iC@RtT9o$%+|+
zjK?`TB2O(lla{{pw?P5)I|kN8zs?`Uy}JW&azA1H)M@kTaWolNTtNw7bmeHVK<knT
zmSW*aagCO9IeW=qkY;EXkQql!6vw<DOH`A@{+Fj^c}h6r8~$B0bEt%_7tvZhZdEo~
zdx^9ieKH%darwiP`}rb*0dZedT9*Kq;k6OZ7={*^o`mQZX!A>miH}TJR|=K@%N(aF
z-~&bDHAqf3h2Ni%8<@-Kv9HAJiWGdPu7thmQ3JKhg1&7>##1e~^-V9|751#{2RaAt
z%m5vro-7Qi!VBYpy1gZ;r=`89v!T-do2~hC8~jKt9@Q@`Gd8mW>TB)b@5#p-$#1fx
z`{@{h^f$qnK&6=$?{ihwyu3RNCXZIDCrj(esfuxnzmbUT+nfX%b|t0H1SnZDbP6_$
zU`w4yjzJ~N$9(u6>wZ-*p-i>}<RMu*6GY32<(EX-IWZ76F*Aj^%d_M>1n5w{stzS0
zzco04?=EDF(v?v2EX-N82(QkQ*k~zrsABV0^k(Y<+W}ghMP3Lilcx5cV#MK8#lrLo
zrX#x6>ncbaU@H3<0YS^J5x7?d*c+`pfoU^)v&%Og!94G-5q-Fv3co->@EG=vutzGR
z#na{n7v`19`FxN*FsLBw*<vxW$zr5X4N2*3P}qY&E)p>NY^!zqe`OowrF&~yXZm<D
zNO-bJmWjQVliURg?-6oNZGkWp<He;;+yFrO>Avw-KA}NU_O^Pf`p+Q4{U9}CkG&zS
ze?D0;O?vBG6Se6rj(1m4`T#RZVhc~P)Eojf9WYYw(aPJDD?672Z^3@zg#Pk(q7Nk5
zNfAe?OLv&I1aEgVs9`f~_T(=QE!TL7gs)mgCLt_;KWKoV@n1h!@^GcTKEM2v;1VcP
z)S;Zp{8t95E^Ub0M!56k=OB4YSOF?XyUr{##zwl!q)?!y?dbkur`_cTQzZrJ<IM;W
z$V!D;+ZpY7g=g9&WY3V%N{kho6>Oe&%ASPIn6?4tl0H+;NX$e<!4efweF<0FR|^GF
z;{m){6Y5)65<wj}`^c1WEwkwMjk8Xnbu>9rdL~0ve%s~)UVhJ5nosco7WkBFDsIz|
z-U}1e?m=D>Vi@0n=uYcb3@wYowtF9qy3R*|;CGO~_p-3t7u@EJT3+V%-(F5dk*YeB
z8io=3yE?)te}wOH;pg|&Y*Od$sU`I48##t+Gq)_eYK#S`+LXf#zm1=Ti$PO@Zzx43
z@vP+Q+;78<W&Nrdt%^zK8Tp7(3FFDHw;!a4AIrzlSRox<p$|gD#Pb5e&V>qxl$jcg
zHsg*_{k8*f-W$Uh8dG1hOT!%+d(T*rZzJc<3EX4RDZcyeW4?mqy(>BHU3Q*M_`rsE
z@Evl2MsB4%2IEEC;d2fJ>^#B=&fBuGUJ8|VDzN%B1RIa8$RpXU8aksuP~e!doaV+1
z1$bzbq%D(Foq=0j&h+c5Gcd+?r03vur_=(oaf@IgiC`wvpwK>sE}NnA@00%wjCnH9
zzpmN(wV@m=+hU)bLT8A`Bv3s2VNO+v0*YQ_JzFa9Pq2iyG47kG*2@9aMT0vt&8yI`
zyg5Qa{K$5Jm5f!22UKSc_pmbV#zC1@+K9{;uIXs7C>clR9l=dfF5+orPh+CDC{=nW
z#tesNimm2Kn-{(l?Ju3VsS%#*5o=Q><R&(^5OUm}EUiM*y4)!~h2qp4%fz*R|J`oX
zT70pyi=h5}ZB*CjbcSAXR-T<Ry<K8Mz~;s)RsT5NgHwfRw5@tn$Ie|O+YR;cSOq<$
z)E=enH^42&C$d7!;v$KM;hGD3n)HC|&v$&kvB~(<^!sz=_AKW&L-2xkbA{zIOL&zx
z%%J;q>D!^x{j^{DsR9r}J-8<j*keEeZh&WS?Tly+;@-M0T|l8dB09IGa@?XEp?|dl
z&7i&0QH9EE<Jcs^(y@tn@qJbfG&fO?koG2V@eHJ<X`^YeYYTl^*;=CdUISeggXjLx
zamU3{ryuQ&{$5ALKsVA~<o|`HhSz>Lb2yrft&p0Pyp#4q6QpsFmSrPfA$RPp`Npn8
z6>l{Y`+7nAQh~77dq-VuzPl7MYM7+YNtar;?Pj$|S9V+j+i?!AarQ^+*YjGCdK^j}
zPW}*dN6Lz%c~GIGj_EpvfJk2@Ub(4HR_DN~2~AT%-R`e!3%c&cc$M)6d{kPv+J1O%
z{iF^O_*6qJyYp(!hK5MN;_LG`nn`!~&Uq!skq&WNVh1~d=7R{`e$Vb*SOyuvVlgXx
zw5Ljj&=L5JQ`i(Eiq{;f85xCzA>{-MN6!e(4F{BD^{+JEk9+Dv8}R-&dx3f??^Xpa
z=sJYx1ej0~BFSAQ**ZK>of-HEg`Z&%x8uS3(`+t7%ol+u6WIBAtdl-W8ZyhuA?)8s
zlNnFYH#XHlth&rLUfxqGON}JByo3xj*oL(Hw5oX7zW#OJBGU<LulZf`A(wwpPqYL)
zFQw4w96x-!RTb{fwM*}~38SxH!zeA|UC0wdtgXDpd2ixL3yspxp$c(GDDiES+H?qf
z+&hvBB0w1)?xZL=x6eM^o_W5o$7cR)#z&-SnLWBP9UoMNQU+D?esY-CO$?ehS~%Nk
zOHZ9t9eTIDAKmMp(D^mp3_+Z(>pw)s|4LuTdYGxq_06#|9#|>$wJbhlp5D_KsFveA
z2xis&&9-<j7go(qVY5puFc0LEDR=6`3JBjK7dFH>ICI0Of{8udnK8fwT8J!5?aI0Y
z&8+k}Vw>T|bvGk!HL><_>8$XemOY|d3OMi+UG!;;_TI9Qw2hew1=*VTYW-0S)H0aM
z`XlS2Oy=;NAF~Itu|6CySWsKKspLcV2D4y%$9?Nx2rLngi52s+wj5MG<8dw4Y3XN?
z(q`B^Pj7Hx2q8QCRAMxS8DY2yZg*z0@y<sOE(;Sbj62~)bT3ALPC*UMBJPZh`=%%C
z+>c?j&uP*#OVfRYGilwh?>j@V#U@~uhdS(wP|2LPWi>Nvz4w(LgMg3VsZo{T@tJlm
z!O#1}slv;>WE+wLx$kM{W#rH`KROv`h@twS`pgh$H`VkRjCXf+j{J3WzJ0QGeO!0(
z{6WJ&CUO?4=R1244X$<c<CR}5FO@UG@r5d!b;+ef4F8YAn!nZ_#G2Tr=uku&tCM~N
zdrY1T=)y@1Vj2?4oUa-TL8*zqTKiKLx}#n4tPa;TgKn{s(pFB7Ju^Y24i?f9+a?dM
z$FSvkjc1!%KXnAud?I~Kx6~YINP!K;iT3{IJ>DYPP#?~g&fO9?{2EDvdHWV70U8ND
z>CkF-!HB_?>AwBZ6(u|aa5-{go5%Rf-87B#36?dJkVJ49oS33m*m-W3mwOQio^=87
z7;45DLw>NG^w>3NL7^;(P_f%Xl*nQ!PNgM&1sxv9$&(9XAnj~46o7;a7`Fz!;v`4V
zFr}X3eW6NJXtuhwrZ|OBE;pq`B3_8ZK<co>r!O<e$QunY)jvSzeShW&2^eTCu4%V>
zHmT+?>A@0ct)QSC&y4)dk+rv{uDX1$w2eRP&%%rdgF`}<lm%Ps^z+>tlo&qMSQ1yq
zMo1;>8RK{R7H+bo@Pn^ETi0>h4Y!(ESK$-bO6QpKOaft4;kh8zF)=nV>Eq7$U+`2a
zx*Th)d^Do<akjnllAXU9fE4Y&+|%zOe+(C~=m-v+f1D@}q~wlu;%D-b!w(o)S4qRn
zutlfKpK0>%>zGdtPQODoSKd3`7inMo#?i?d6_JJky2a?qQ~Mu40M1ix)roIIFlo)v
zrZ)n0S}qP%dSJ6x{jF>uUS6<PzYP8wou8I4e4O7s&}QHD#LJf^ePzjKCoI*XUNiS~
zRBq*n(e`|otkHj$m*h%z{;KRYw<}HA{2>eKaV@>&`#V9dc3*B4U$(JaVfUU;X;Y|H
z^iC<Fg37Gm0_Y<H(a6&UAgx~O?=KY@*!=E`4|-|TxpUZfTHf~sbnzV64XZ_hpYeS~
zZG~SyF!;^38(lSgl__d5x?mb3s6pY|Jy#+0$*Q4Rk1RC^05(Xa;`$!Bt-xtQ?7d_v
zGy+@m)o83&lyEC^`kKt>I;|w@b#v;e^@6Frvda5yy_q%l(p&cyM2MauwZZ?=0Hepq
z_X+^WHw9EAwRDbqwZ;aPs}RpUOvovr=j7>E%i*@aBcbG_?Xr_9;}xvPRJKCna3?0)
zLS0P&;^PY2Xc&b<U7bB^ufNSf+(F{58fLe!aQO$PVf?q%Y4UhM>*bH!kwZQ}hU5<k
zk|5c#uztP=5~7)$gwwK4HMT2TxZYP+ZX`dD=c4O6EnHj_6iy>~roNi@k<uKM1EbKe
zUP&w=9J^P5^I~_CqV})Eh;0gnh*kzJ`Kf0EDGw<@yj~cLiND9DM8yUPPJmp?jBOE-
zn?XB|k?`dYG1D>SBwI>p`wk<5;^{#HgE>}|@9J9Ct2)?tY|4gPERunpdlkXvGx9pb
zL*V(fVNrd%d?z;oZG}6PlP&DP0FNzjfeeY2U3N@6DQtjLdz%0Z1C2Gy+Fs7H<CDK<
z5SYm_)=Wq%Vr6tme9um<8?t16UUrmOa1zjh0n0>hxlXN(y;ZGhuJ|sw7{eqPJ%Mv&
zu#qWSaG_|+fs*FDp%T9oF!vb13z8bg4BuHbV?B-V($Q0X>ZJ8FVqA%JW80!kQMWn%
z0#djKX*Ow_jS_aBHm&vX`UpvSy76V!wA&p__YD*Bk*7%mcj2W)mMJlwAaR(Vm>YAF
zi2j-oX8zH>jJN<;&)*KjWgoVOB)Bz)x4WVWD%-tabYVA@av(rRAlGY$yt~678`A*(
z{*DrtQJFw{M`1*grsGFL%0djQ!!UIRL<Bc{mkDUvxiW1hnWXsQ#{w>#AEK2{UiNR{
z_S2{zaFd^>Rg8>AN9+vrCKTpr3B74K({c|(U{s&ezBYhEHKpgA64aW6FWyOe>&zI{
zFJ3+U-%HFe`#QE#)I~ZCwD7crj}i4q!50u2A9oUY)q#><j{vw!?@t;C5yithU+2^N
zv;(87LSUBxeyz4aGN%@NWB{$*C-H7dt@|O+B!%${h4b)&bk2SS6v39pJ!o?*ba66t
zb(t2a|Jgp37(ja$3+cG{2n%}|tYz4_*Ct&x<pt57#syex*t4z46U8?^rG^_tJJjK0
zMb=^Cktkw5TnRv-sT-Qdb+k83M+Qw=>mQaXq#3M>HD8N|s%|s1X^BM5nUxyEt{ya5
ztoL4gRx?^=2=YO0vQ2hj?1U=%l~DnckyqZ7FED^);Y&6U)V9XFO=XMy_)2lTNMB|=
zC?s}6-Cv|;0?zl;V^b&*n?;_DD-Fp3rfzf4*WcNN=(%CL&cPvNUM2rYmcSEjU+%U#
ze}a?9<Rb9%<V2?^I!MMxj6YU%X=5PjkHw6#nN)XN0<3iB?-p@t>`I<&hYXW~5g1c;
z1h{l~FQB^G%8%%sZisRD??I08^eLMU*Pe&<a~zvfzb@kU)(6P5-z<Q@fkzP6lbQn$
z8t?I7b&hGY2NgySP?*H7;iqre=v^Nz6+VHfd`z;JId$a{9mj2Mfjz_3>Nol61Gq`T
zkE<{~dp2dnr!+LjY3>#f7l6WOd+z%kKpvBg77N-VH;fl@#J8WM!oiLnmq_Xik;--$
z`WKd;V)}A=Kbf`OpE%-qJDYPt<7c19mlMXfqQe!Ek`>z(9J`JOAiLZkwYG3ViI5{~
zc4$}-<0uXzf=cf?G$R|kwE(KUX$B<fNdVJ0S609?q{0qyZ%H4b6+!nEvXsb@Xyoz(
zGq1|$#W-tfdU?qo%fiHBRCGZ`^frd&zyY<V6tN2N`rb+%yXh1Tw}!J==CK$35hy_}
z^UXL>TSBLO$5AK+(&#J=p>c`cyMxYhnb!eVs4A#14k;mkGJ^;2Xr{~j$3$PIJ^B3C
z-EU-sm@)VvOzfJ5bws^SC4&3QS6PUIQ{tXJXWth!eJ6$yZO|pbDPMq?g_)gov1Lur
z1?!7)>|sP*I)RX~T5UZG9XYQoJg+Uh@4mc9R?@tx5l7cta2H&K<-&y(BG+pzl=jp1
z+U|Fj%ctGt&A(Z9W51tO==ai(Z!_~yy_x;ux$4=Y(`o<HQ^pQIm$&=oW_iCa&6D@?
z!dzX#&!gNw+`eD40N>~LZ^-}nqt_fPt}_(~h!pVuhg@X-f8=7qIoChAsI1IyDL)&I
zzB;Rd_OQjP$jEsj#yFd(=T|zhUndLvzjTpOm@*Lp1`HS1tGW^7aQoZI=8W*DfiR-#
z^HAc%>}Hs7j^ipJf70)D)};mb5(_{uTA?u5Y&>NIG;PLyzn*XR=Y@T{lA|p(MRp+m
zCl?80Qr33us`K@HJ7V|u?Le3w2d7WD&;f2fKm3_McY6>%5xx;VANH&LfFa#JK5zH^
zqc@MUCK|rFam~;M$Pl1$ATd0n3I~ACm!PzdJEM5-z-jZ8on!bI6K3=RQ7}`iuwASa
z0~AmBI6KCFaB;G&S%$~Dy(z4}ZKeMft1%<ync+2{;=YP;$m^bx-ya0V`*BC9Z7A39
zWaI0B^u__fua)@b!-Og~qYCJE7J4&pkE96mwNaRCYT+j<^2RaqHLr(tMtL$!s4eqx
zILwScWOV0Cuzc(DA{$TG{GVH7{5};)-O{@4^OW|3>_h+tP^Z0r!0yNv=V8Iv(ka;0
z_Io908#b0)klN@Lp*l%J8GBe=QE<t{n<4YvQ6lP@mS;S=vi-)AtJ04pym}hn4%qHE
zxg1h6`WRxHdXoGem?Z)e_4UkkEx0DI0AQZptO@`s4HAC%4HjM>Ila~3*Hzht#HN1B
zg@XESA9VW$%4*sCKFOeor8s7i)Mu~&f0GRul}ff*6oniO32TP8UQ(s2KQ*GRN@Sz>
zDx_TATl?vtUEm`q@E|98R1CM8obZ(l3+CIs(ZvwkOu2>U>HGP#Y)YgdHmc*m+bXY^
zM`oePRFZ>m2=42@e>V~lza|g-I75{cyjX4AZ?Gu~hPY<58r<3=7u}t7R8=V}7en<?
zsHHDlu2WbVK2FHdLMR~DVeF@o9DSkTztVTd%nwzoz6~FEPqX;-?M!$zbq2lU4|{lK
zo-t(3$=vdg=h6D^9>Zot?9{Fw1s3ELKeTa)lZMeY7@p~mG8DA5SeC-_8Bbr6_~%)7
z+73-0S5@wI9Hw1kn@C*~wcvDHF6xIOpUdLBQCuE`6sRSzyzcaIn45vH5_5{i25zu)
zKt0PIjKDD|5xqi1-YpF^t+#_+gw|O1WYU6-N(cUu-L}NPK95rl?Qso1-T|?M-=W(7
z<Ik@yy4&->teFKH$un)I3}Ff#R3VS>i>8r<nSv{I6LRT4b`hR^-fki81i*zNL@kt@
z8dh<s3J~6)oZ#43zK4SW&dJ~+EENHOgA5Zww>f*XcIF0Nr)O$voG_2@tZN~?9s7p)
z!w+^S9qb87>8ZHE3wFktCc$P(^lT`>L-9@S(;MMNNZDcMb1I+;;IC~M?nB75n6I!9
zWlm|`CD4WVibZ{hCD#Il-r_)4ag;2ps+D#=Yu;G3?9D95$8w*w!yuUqnR-K#gyl)c
zTkZ}qrAa`$;}fUHlhQ&>I}yaG3=Y7bcVaXkF&6<s6{v2t7;ssogKSFOc+B4;&SW|%
z*+oZ^8WHIyawkQcvcT5}mSAh6kYH4k2caimL!5FR;N&jDM2Jn@ShcTE7Vzs+M+-Em
z%OD})J^)P57?Y}6jWpM3%tO^*c`||juet4!l=rorNi1qla@@+g#?WUN&p5j~`MO2C
z4uc~5=ibPr31-V@M(c;m>1t1%vTEiYS?|Kx(@p%iTyoS~fOc}kF=@49M<RWi91>(G
zw~Dgr&;m;$*As}_Rw@G$?lR>)%sSZZ>i{r*my*NyerEr7JxD(E0EU1?$~xK&_Alg|
ziyP3fht?i2FRs@R=byCC)LZs!Y3sw_i3dvsF1QpReS`1NZAhd?Q!UN`R!>%<ub9GH
z`4L&RdZZH=kgybZ{nbAoXm`vcA_(X8R20$M6N*Z&(i0;k<6F(8PXu;txK?>Qo4NPL
zaB;Y=3dIi>?{zWwYW>kIe&CHNWLy4#w}FZ>%iwF5%sQ+ImQLh@ZKca*<eXP>`uWuK
zyE^m6@{)6VU6{~w;6|O0kZNnST)Nfn5!`7ud##Rs8DAw-l#N1HSwaUg1ff*>p6Zv1
z#>k%b$OI|Z2z|3D22e><obL=W(ms~G(KuE-#;RzoVNUd;+3RT7i(KVfsJr_qNE>t0
zh=15faoT}=ie7aMbTWBU>b#S%NP4;2SH106xZyCIwm<Gp3wyJaj0zjGKZGW^yHP@;
z?69unmZPduSVdw(rC8X7Quj`qJ_g!-&G)Y9-?{H7!DKs`2PXD^hpa5C;RqIUBrQ6^
z_zsr5zZ|FYU;o_Ni5MK0$ZUvKp_eWyhoP2(Z6(_lhY@l%X;dqF#GgN4%az{C+R<fR
zHaQRmTd;nNazFp%W<6u|2IX1xd8u82_bt4D>-RABsDk;q)p#$P;IuoS8<>u?Bg_(%
zUS2qGx+rNDExcDlb0FXqs*#V50fQkF5Dv$ddDX>Zw9)@aPQ*jW>DZn8(Se$^=6n`-
z-rh6VqHKB}7tHy4)(XDmUTpBtqOGn^QeW;7Zjp!Yn7RkfAV)38{3z`T7{5gRBsD9z
zm?`JEgjbcfP>DRZW(p6vf^B!mGwr-z&&YlW%UJVt)dI{KqWCPFuwk%d%4)GTZQQX4
zks>+qcb7IJRkMjX#yKq_5&?O2PQMY?luHfw)U{UcS%+wKe;zwI^creu<q-^VfHnEu
z$V&elt_`}z1260cC9Q%qAG~R)#7|vCJgMt5z}$~B9VuYgtR7)w%x4j~dK2qQH;e<=
zD^4d-d=i}*%{-?33qlM#)9;vjcb*>?H32OFhA>SuWnng%Pnk;E+38<D#pnXA#{YzF
ziwUPEFHUEdEHO$??4oI&bo!Uxu{|;A^R1!p)0<hty-!A7|5~@TB(%W8bS(tvWU9mT
zcxa3@_!mB0g_BKQr`2lkv7gO`6k&UC;TPMVOEn4hb@O!G-Gq!rI0?+9ICsUoB)05&
zAA*Sh9cZuU>M)>5Gu9vo>{{gJHJ3^sFrth995)5mEp}DJ))@P9SCDOs=mQ;Kdt`~L
zPpt9zS_Y-II%qavT0*~Ko*YMvYaVucbQbG~TteH%(&?3qcAoKQ<l>Qmx_yMLwU!6l
zdl|3mC~i!cNac*WgsfG4UWP5qMxOq`0mqW8>jGz<i$_z{9;P|9a!pr^4t$l$hO1(y
zL1ka)Epic{%>Bs7Z9|Zobimjg&#1TH&@Egv=PlZrxguzGy6p*wHYOxZWK3ukL*W%Y
z<L2X+>H6g+*}d`hZj?kf;KfI<C5A3y0#??T%V0oWlIV(9;Lp3tnty%HU*|~4jt5gb
z8caT_P&``3vllo}YWx_%2-}|4Ae{i8NO(H|hB$}rPa4K#>`SWh!@Ha`A*I^!$dEpO
zjuBKWK9GT~Oe}@0jD;CE5AHXBAH(Aaq86n?qAt_nRv&2YbE4%1Q9Xmwe_WzcyuO%i
z_vI0TYZs1u8UGI=u0iZOo_(C5HKrLmXiCkY|LpZXPn1^#9mj@`q37X~_9PTcnN2&z
zM3%=)z^;n;5Iyt&9@0sqGm9~BEON6grW8sZg33gk%mQ3@Cj`CEyHDXBNV*JL1mhbV
z4QL~rC6Bc>cVyCS59$1p2DZmG2I;92%L%@-9a2!DR3#X^@BnUu-IETWLd+L267o1f
zjIC44SFqQYV`XzGUb^NiJAmh473vQkc}!M?(zpX->s|^>fmws^u%CyjdcZgQ!ebRE
z6@yn>TlEOk5ptT*VYepD5h6+9UNEC0Ea(Y-Fx*O80XEvoCE92;+M4GUpQ-pGw<jg3
z^yLrUG#IiX>j45=bDw%xs-tD@o5|Ouh5pO3DZAD<(jzT7`zEUx1};-esVYr}j$;~m
zP?7)|k*@cA3jt-GO0rNol}w%AhxEfN2riu25j%9a8!p9~i@$VYb4!|p7Oc!8h8b91
zk7!ZF2&XTN?>4c>=M3m`24c-dbW9e+Hdim*kMkWj`_cl)+&KS<#I;>gIFp3`L}Cbs
z9a!99-Ic41W|qTrd38dy@p*?%wjcq)&-O-8JM7211|8AOimV&wNC=FsICE#9{K5~6
zPqO?Nd}2&*C9XdH@impOCUOKu=26T^Uz0^!V7i7())@*z`}~})10WYZ_(uZn$h~U7
zD?L;T_0Up5$i^V`k0=XD7m`*+?d#RV`rwSqQP%)&0g&XjqS@tp*cMeI*(c-ekWT-l
zVgc3(zUXRD&g~hO)s%E4&(|>#U@DH&?(dUMeh4!kWjM@1I8Q~NF0iLiygtrM&NiH9
zB;;*)nsW_>*0va&x&+7HrF%H>H6+^dbM~NQMp0L@HR*gxn6s^mXFQO7U=-pWUHP||
z!|-f#gOG90FRdkequVtVJuKC-##hu}iqX!AzNI-;zP0$bq7^tCh-Z$%2PY$1_ZV=r
zAHBw6Gvt!QItS5Qx9(L6=evsn!5b`j{Gn$tYf@B-gU*@baFuCcrBkV5P-#-U=_*bp
zA6^`7K^Qg}6gNLga&kNhuP884c!K3P!8%toBv4l9+Vi1YIZsUCWBbW-r!%r^4~qzU
zIvkkGggc6R50U`DUv07Sb-7J%o_eYa*rypyW;Gf$VbPElGv^y?FR)!PeBcpdX*RJJ
zMcnP2IHHeq#<$WrS<(c#tEL8GOLmgUWOEN}0S2dp+Rk7Z#4V&N!GRU*KWeF`hAV=u
z>kMe@1izYhKF%lIUVeN)t(+^S5B=+q{FJP}Oyv!9jJ0Nuw%M|$>vpw*{r*69ib@=q
zy%ZDr+4l(mhxL3vPODD=*LGi(2@e#8AFM2M&y(KdtlMkvU46`a#pZK*2FM|RfD=k&
zr=I)msnl+v)b)QY$MXBj3G{wfYKN`Q_j|kd{Wl$7FVz!t-~3$Cn5=*0s@aayqk;Lk
zsl9L77X*NILIWboM-T#U(&9tHaPHdc)mH*9g!=NbfwAw6cHFDGG&mH+{PJgLV>V&i
z1+=QM!0H_m6O6$(=y%kY_g8w$#~m70&?&dr^a-=ZupcZKF_ELt)G#!kuf&(gcW{GW
z&2}Z{kJH<tBCIm!lA>L}iJtmXd9m;F5+lCHbt(tD;@WpaAC_kq5mv<Rz#)RJJw%WY
zUO+f2)E<*O5m(gS$nuc@-}@j4VJN&eAhstL$aw>F*U0El-FSa{^NF@I(O%}<ed&K6
zRLj0r7w}U_{F*EDd^wY;`E-$8MsZ&-nDsrqS<YwV^nHKZM!1ai`tfo5>+{aH8UHIX
z;k(b!POKWkEY{%OJrX45lNt&QPnhIko*XU@Xa*B1AO@4;BV9lxL_#Jti}il1*L{Ao
zMc)+NKg_f^d_hU*HS~2@RhmzQUvtarjxwK36)_+`-;g&~SXwoa$@c5`nWosbXe^<1
z>>o<ZP7!>4(l$vb$|fvNnVk0?ReE+$IV{~Eli~6eT7Hy+y0O@zXwBdw`jmnCV_ug9
zflf35LA*riJc_UKS2hy5*1W;g!uVRqJ!av!6qNrL`Xmj9=qb%XDv|yZ_+9c|J~vqf
z3q{E#$zJM#5WIRBn#U9IT@uYsd0*T#<6Q)dX4d{*EBuev;iZg2i>g!MqRae$Dlunx
z3$eLOXPW})#ihY+kWtcCknemduH?#L4t}o^`Y+d(Ta<;FO7g|l;U5zNKKTM=EA<z*
zQ!!Jj(OORFI`gsDAD+iW#Z?dT($}AGcy)Iz{Z|*CHN50y(4Vt!G2W|sg&F}kO<`tA
zDdN?s6&YcXpp83(y?x|P>W8d0hNbWD8SUlj39s*7Jjrg{5(f=Dww1%6e!W;vXDy|}
zH)W5_`-$3%M%D)pgSvCj++&lINH^bDGD6Ipgpm6~lba!FXc>mGq5S%OH=PHh@v20F
zA1_S7ZX;E{j%n``D)65C+xOnE&$_OJx?7u#d3j5mpT*i}=$GcRqCHm^8+A^|l@w##
zu-YP!+C8f#QJXF`nmJc5{BJkpJ?-{)HIhpemietKxi0cADe_r{+b2x&?wenEw8fls
z;&fiKJA7(acPS!9mM#pMxl#F;9>S@&sKz$^%>ILkfW-C^x7J9XQ60voGBC@=z%y1f
zl@8Hn0WF$YESG^EQB=9s0Urdna)^M?aZYat8|Tv(2Zu<`wUg&{v6P1?(}G}Lop{I?
zgk6fH<r)3-E*7@b?U_WIc2RtlX{J8gm3fwSu#<CfRt0o3Tai?~wO{{vL@zA5RA^4g
z#|`BU4NaS;xL!-}n@!ENP9RDGt55>eL^v9SY{XhL(&*nl8m0M_bUj>T;~TiF<cz$e
z04tZZ<NkIQ*tG#W<zqWwT}7GmLC$z7xyaV~j6IP-Nv8v4Gnd`!q7GDfPA-S5Rtqt0
zPH=T4l}8m$J<n-yGbfNiT#H722HisyOw}y`?k#@T7Dcrd()_`U!;I!UOb%V@&LoFk
zCP&4O2wU`EoKsI(p63Wked3=-j1DZzm+qAL=Mmq~P0Zjx^}Pz+)~U#4@Rn^k)0hU)
zm*h<u2~n(*53%Q_sd48<%<gI&oaFX-=k->4pCNo__5T!>vV4on#XgP^SbyHw+<oDe
zo%<BDsp7xBp!fGX-){!hEj=6Yd!L`n&ppF^#_Ul_*5&zyA88WwZdCpAh|LlpPIdx5
zkc~W+m6t~-t`KND4sz7dD#MVPLzS<TZ2x&g-<tnCq8Cpdh|e643KHSzUX<E_YGlP_
z8?zdSuK7knd5)yPvMP3eEmm?_UGhJV=wWG^4x@t%hESUVFYe}gTJqE@<I#K{C*%5A
zN&sr2X5QQMv%0^5Qs!W9P~P%8PnsnrC`jpWH$%MOL|ZbPxCIw`<7{?r1Vc!I6>ey^
zNFsfHe(FDu$Zxt7sBq}oA5?0~@1j*@?UlG>)%r)Dv>xKB;azYgA>IE*bmB`RNfw2L
zJ{>nl%O_!l^@2_Z5B9I~?T+VA7TwRkD1pa2u2m>r`I*BYpu*yItM%45T2?K{Zwl@u
zxA|ry)XS5{aF*CFAeBkb)D76CP9VeNUYOMqKWbt>Cb$^Ou4j}F75;%lUPHyx`&9L{
zu2%@T$>u<wJDf+}T;$bh0RtsF0S9fuS9-k`q_n*JmJVIv77D=oe;_fy9ZhQ6gzA?u
zRpQirR<m;1dm7`@zS!%H3vWo1WQ5_!%R4>JnzNdzkB#5Q5AZ0$GwvfA7UMVG{{e}<
zQHv8O<tmupGe0AC%_B^btW*PS5<}((0r5e=F}2FM$7sBR_eU0+#)(5o!@`K3cKM<S
z$i4#n{!=nml?!dtnqHyS%WD1}iFFKI{H#QVGOCttY|6?DzD9x<OYS3YfxV%IG;Z&*
zM7k-3%)1N)I%BAz7glQ{xUL$r#_a@|T97!*)Te+>+uj6d@8rvGzn5`0W(i)yA6^4^
zcOy@ZaUx#^{EK~@1sc_@KGawvQPD>O*}(Rx`y>d*`hcrSTWc_$BhV5@H#s><=#nK`
zK{L3JXw+qqL0HfO=>}C6WG;I)REXOTawt(sSnthZ^5u%$5+5+y?k1pBOImGu4|5j4
zQAYj2jG@%O#ht@(OzN9CJ^JrWu`XhMG_LcDe1SqjIxj_?q7<BXT+&}%84(3!YC24i
zZYgKgV_p?kZuuiTj%X|2!??l@J;k&Pa#of;+p!VuqYKG1#Z=1a!C%A3R$J*tb3BxV
zRQkr@Qjzlir;YoJX6ye0I9^4m8b!_8X>Dy0d(|klLy9V5S5Zw-o2V7F2~}#>7DCmm
z5u>VBtQxhYV(-2CkKgS1o&Wbfx%a{MbI-Yt?z!i6-_)(lQwi$<RASkirgs=PlhSW|
zPwDP?9}v_k8y}yxc3}MBs)aJt4ym9^b=(;Y<&nMch)w14G#@tT;JuN%QQxWjRSeH9
zViIksW;8K_BXVPmyzO>b<t&bc*%DOy9H#K?YM+XA$C!Qpi1@o$ISI(?-Aid*iX0GT
z;R31ZSe~sl?H#u-d!!b1^N(WJ-G2Er)${6OH|F8Ehx!Vn<T{O=OQtYtC7RBo_IS4B
zc|1ro8K`mbLm4V54`thIJB*|aO^l@(Gg#zyQ8ZkD#8SJiML#UuU{Tw(!kS|JOh_W^
zirdGfZ{y9@4<v)Pwt0o$64_nJO_uc|nI)5?sSs0&4=Bl2ll1~I9vZi1@o;s+iC4ED
zLcXikX?J~jIWIC7pDIc(XghS2+8Kp#I`LI71LNP02VYbMF$nUjt4Pr;OSr*P+ni<B
znuI`dous}pVIBwJC(o`Z$Pp?EKHIXF^8MB~SbJH|6L&>}UzdlH!TFjDZeJCkh09{z
z>~owRg*JN^5h2U<Gc{>OxUPPDn}~`WQ<Pjou(d!+J1ld1%KCH&gxuHU<q}8ErPST*
zAchYhAobIo#veDEaNh~H5lrVK7D+gNLib+;uXAfW%2vu%)v?n7!`W#Yuh&{&RC&o8
zE37I9b>2q@dpXkx?qyMX>8}P53#e%uu}|in=nyknwAVB2+8XtV?qfh8wgcJCW+S?j
zF2>F8I_qTLwy=CqOpP*R5@f6C<W!+Y9?a~L^6QRtIBu`%PmZi8-cBKUCum!E*IL7f
z+(xwI+H<8(L<~a!yhudQdcW<p=Jym`F%BYfn?ST9J*Gd`maU4@M1eApw4*2yvxCYg
zd->(V>cOwsi_t4U$7@-E>dyU-$c&!k$|XhKEeD9+wDY+UYy8Npm3J<ukH2yEhD_Fm
zCJt~?Nbn<BPy)ValK!GI!Kp6?RI`LFe1DM2ru^!Y=+kMw+p4-rJKfr93wM1zkuy0U
zB)tmRZE8;x`e%`g14`ENT`}jmUgobf*}p}i2VNw`%soxh&c%F<_fx#m)SIdx3)w+)
zze2M&NGVmj1}|;XHFn_67NbtKAnF7~4T3J`UM8`_l+uJuYDtDF7zE3K+bVp}v}(8{
z>Vs@A4eLXMEUGhRKL)sI&dzY`eIu0R5lwk2Kt+w;!0%)7*+A9v5!qE$@{R>3(>Pq}
z^!Ra-gvqJU*AMbL(m^)SE}yceCDT9uOaUZ~6ZRhTJi}3E_M8$ytTMZjk5?7lKRMUW
zraFj{zt}NI5L>HK-@6l@Z|oR~YFYmv7H<UXN*aI7V^DOP^~G|0nDWz{ih^5GWfDJP
z+E1TlP(|NK7@Q;F=&Onteoic!>wpu9yn%^x>U)a@p7Q~r6<>Msi>g_PN5uj#yIVBz
zY}N=e#f-__fgv#Wlr-Euo&IW|INMg7HFJvf&v<0{Ahz9(uSV|25=-mC!?}&PiT=+{
zmYLI{kG0&Yk@^Y@+}rWX;bR(n)M3h{_5R+xF^Rh)@uvxwRSJ??8v8L!@hI<6FCSXG
zNHibFPnJ6ad@`;Mc$sr#KNjxw-ZkaB(0*4O37O|oA!Q*N@9q6VR^Ij7J8+mc9+8dj
z`HaE_iyEo2*<&~!9!6ej5Vy!BAI6KsbhBcure(xtos(A^@e+xtfIw^3O(Z*qV?(X8
z3RnNqL%?z9PqI919A<VLc+zlwe{y3g<vf$&(D!G9@Nu5PgmQ-2>FH1R`oa3DzeVB-
zy*yS3FA||Z=cc&IXo(g-`%gwm&rq4|4HaR%_wvc7{G?@Ox)MnB{X%l2l#08Fek?7v
z<^jhN@A+ScPR)>N9>Z)qZN4BdxB+Y@6NX{e*qoQO6G3?N7-1{asN~72rz}i1+{;z@
za>z}3y<S!_l7OPa>}qtFEpa#32$sdsidA}HkpJ1Dew1wdou}Puo5rkPf^cBikLEPO
zcpPst<gt(edSkz6{84Wft*6A5a*_L`AJ(I&K5_tTC{&_|>kStlE(Yaj^maQt_`-u7
z#fI0OSirFBWOU=|LoS8Q74Cgf--_&xDZ|7<Bxi}`?`c5dbJaekq4&1;Or>x=nRt;{
zwB||SH<Ok2tzHp@7l{#$Tp75sAElmw0s~8hYL2wDn94%<H?-FvVewZjGGD#ScP2lQ
zzz_1SZeA~~S>a^<cq;61xB%`PzXCtIiY_C+28kAn6tyFTzX7z}C!ty(O;BM>%)Be9
z253(exkX0Jq0Grk3gEpga?j0DaW%ee42}{m-t&Jp>>?ik^<hmt3b!}e5;OYYqFtpU
zZ)zc+V&rYOCV3e~V*4wUjo5AbflofgxZ-UL^k}h?N3Z;w^BJr(=jo6z!=9r&^Yjk2
zE|6<Qot{E!e?QS<2B7w^T|`3bq38o0=_zd{9k<;qPXPracTHaxL)wHl@?d&$<<O2-
z*$2i}_@-8VZK}3M%4==5V=g7%nf29!S*&Zr(yJE`evEJD5cve*iXM|pm$mrR6AnMt
zZkRBbKmJJ*X~R7AT&<33WIXeI386OGh@>}NYp&lkJ?csAiv->>by4s;abCCHZS5Lh
zcBJ2Vnzlj1DJ;ZA(#vcVVujEHbYuCPmbm#Q3+<_y%^u(Rxk|Ww5Zxi8qngwd;>48&
z2>?-%9=$HRX2(O)J{b1U@Sb8Q$^d4TsS_w;IWTGRmf0@uOHhP(c<a&>9SMER*Q%}8
z^N)9_3k2q@vAPK1G&dJP`s~q)_l1>izL)D>hSDKwOw&un?QaT%-og=PGKdh_FdVj+
zr30N{S$K~au9SmV@L=B5VWJegO(vy$oWc1EZ$H~vr)Ol>>Z9*9Y!4;lTm~r|$tOf)
zttQAjL+DB*s>h#VI$RFUk`jm$Z@5{MM87&o_exJ&6qL*N=4t=hg-NpLyfmH?adI<l
zf}hXOwk_tfhu6u=inY6Qu^#53n-b=~G9A(ET`p5Q$Ql;THp$cN6mBTnsE9|$wEhim
zuWa7X7=)yCmok8vhdE!n25_m5FNH*8_)DrWAsFRMZq^BQo$4o`;7}Ud;BN**xnL{p
zLT~2|j2paSD4T3edF6my`3W@b{@|+d$wH{hQKU)1a2zf^cqVm85BRvzD(K7r5zZK0
zWsvEbMpY)|z?~4{cIwq3!!Br_(wD8>ct@6B<%&k6>q`YdXzh4ZYqC$QV2wxzLoQlA
zZmC1GmE|K<(vQIFQgSEYH~fXy39k6^<j-3M#>b}y&2F)@laZm8y{G4av<|oAOD;g7
z^zze!(Wh(^G;~l3dFqw~&uAtRddg_N=U3N_#4bSMpv>b(>dz#j-WaP(r!O0Ld{-ik
za%qFY8luIAMArJAD$Cr{2)Al(2%80Cr@*7*)hFd6Dbktb8K#C21_?dNN+deY&czN)
zK8$rM??K#o5`l2iWi3qb;VwN%-RsyWO|qPr^u|=NH&l;;<2OoFD`$`X0Ey|d)+ph|
z5Bu8{CzZH#0oc9x1=?U|HvQ`&1C))XwJ+V^51IlvrKN0r-m3c2zODbh*^WTE9XQ`5
z;vepAo>#=o=;%^7Cxm)$eBIZ<e@%=mDTedB&(rJDmaDTny;kBQS!MpR{c9pp0fz-Y
z!$im&JtUr8!t`H@O^;2Tv1=8Npra{Wa3N;J#*LSe7&VlWNm||;SAWrcQ=T3$&fqTX
z-smhI>~EG1%LSjm$^rA|qVvGjA1EqXd=kn~NVHwQH`c%OACc%(w)mGwJo-x{x?!~^
z%^tZfgK#_3`JaQV!sg!HFb1!yN|_%gl0NY}J%4lRO+}SYNe%sVO^p&e;@+{~EHfQ*
za<;o1i%x?GQ5AqsnHp%Pm(0#Tc(hL}H57wQ?#elRW3ic+g>3XL(?5m3&s46;qcHST
zLvRou39qyolh3ZdAN@q+YFj$ISeB2eg^}Wam)%7H*1WyC6S=N|4K4O8B^p_rsI6^M
z`H8I1ygh{j357#7DuTy^1Pr!JVFt;xZHSP<wd<w<Y_D~g<}^hnabYh)A}DnnpoGiA
z8g@Rn#N=Pc3Uv3t{b7b@j6%w;y1-cGll99hjIS4YHZO7LT4bLIi~EFU#L>cR3xi=~
z1r(2eDl%>pGS*dkfav>PS(~nE!nD3;@z^{~y$LNGTxI^2wq3laDPLH>?!ZK!+VPq_
z(vCirmaV_<zE5Uq6EA}vPwYvX*JCyWls-@(1jwiqQdJx!9;RncYtnB*xn3*?;a)1P
zp{09!(&O1w>nsd3^`$3*n#w-T_V9I=qu63^VTn<`BC_nODZBeo{_Ul;PN6zvkPqch
zQnfb1!Zx*%nstni$?6mgOpG)BoJz$yrDk-a-i@hxe#t)l;3j(yV0BwM!Xqb;Z~#?8
z-25O{S=D4>2Zmt-K|xts(YnX?JhB?7DO^O4+F509_xEYfXR8*40^db`E_ED2_KMYx
zq>tr?cMleQ*5L0*S;hV+P~><rzFKqBKzmFK^__j`xQUe~1_U}0EbUwECO@ocLejl7
zF|-MXP#(J0e5Ws;ME)rfOBSR7*B3<1s}Eg|E=1xHUL-0gCHfO7pM!+xi1*LT{uGHr
zR<Y(fe~UzkX}oxO9s#Q}E0lseZoW}7@!V4-{;uWWUx*ae4BxRp2p)|Iff6@3^f1R<
zr*^<6Mb_z~F`ix^tEITZndeFg*&?kcdV)D8Mtl9RPeFTmf}eI*UY%OzXG3!|+B0H|
zlG?S>6bkD7QOqfts<2=`VP)-7-%Y(2WsRK_)WvJUXO$U|OQ7x0>>Fk;kG&JHKa)C*
zPUU81{Z|-+kM30G+!z%4+}*-&kH$XFLg)r?qtC$h#@9R0=eoI*8|bUephuPU>}JQ(
z+_)r}r3mP#nxK*KUe9og6?WOg|6z^wbI2Ju8JFV!#Yv3h4UonC64Z#Iz6HYCG)CXF
zx^k1M6*_xI8D=mSLA+hDM{so#FA}ro(<}9@@glK6QlX+^9#vMTs{2iRKr}}y!GEhH
zWibsPSl-R2MimK)r$~py1<?uwdrE_S9$(@zKvub`4D#4-zvmIpt1jSlPY0%M$(Z*0
z%Jc<Vh<TieNRn9kpu%VKw|n#jBIpzab}Mv%@S50pE>1EHcdJH&2L9z8?H?<Sj|7T*
z=$k_?o50d2Hb*m10J-BiL8b{%VVPG@r6Hf+#73P-jEvbx8~xQDu|8cc`##d@<9BjV
zb4kH`<O03f{>kE$sK~w5lUwEU^bS*F`>D)=ObPlTiiH{1T@n!e4t-4d;}|BU=HdWF
z&K-+i1ULClWYsp!18tl9KlV7}x-y_y@11#?=R5uEm9Rl4Hr`JI;nZSdsVqF$5@mHm
zVocxI?#N1^mv7&_WZ8c(dX!NpTn|Ntx3`;BAc(}cr+@_}+f8zKk|<Mp{GxY`|8J7`
zUFb>o)!GFX(?HdigWr5&Njfh`qGtXU?zOU?flh#rM`q=O_U+q$lf-0;enwiou3M{+
z3z8U9ML}79()hr4_uw=SC&^VH4H-@TlO(cn?0<w1=Z*{gy1GM06P4r^@WxaJr8}7j
zu&5f>#x;GO&G>|r=FD2~Ap4mWCyKiN+!V9WqG|GuHZOMuC1f0ZYmg_0bu>aP$oSnC
z-J`56E&HP?b&|LB%ARo5{UHd3+I!uYs5z`_y}WvdH)hC91ey=-&j2${H{5Cz)bK4!
zgCl_N7o0+jNXV$cX~-)dERn=eK$cfU@8F)sGY5P7Bt9a2n$QP*wK0crz-x3yo$i*K
zHbE7)MDC8|Ml))@^A^|7an;M|#Z4VJ)0xs~s)Vms7%|S@iX%70aILfx@I6y{Y1|^`
zpi(y-0h#IM#ztVSIkQ)s>>ZImu<cj*H4DB^%jVeB6C*bB@j@Uj6tDbc5ldLlO=M21
z-47L%WlrI2=mc1dcz^<7UX%IZIo;;M^wj0^Q<JQX>04*pYyDLIit{z6*=Vzal|NBp
zat7#*E*>S4{(%w+E|Xn^74hlH|5vlbHx++df440`ngo|`T>3X(`FrK@B47FMdVoLu
zC(8JH%<{h@es4Tp<RJfDlK6DwZ*j=~Zv35CUL+v@U4HnD|J?gOLCF73`Tdz(OriK^
qj0FGxo$?3H)KXXCP_ehOSAkjs9YC7IS1xuD;}1>zt-JLvuKowaU+s_p

literal 0
HcmV?d00001


From 43eeb511525a617bd3dcc98296191d7f0556e0b5 Mon Sep 17 00:00:00 2001
From: Risto Seene <39149669+rsarendus@users.noreply.github.com>
Date: Thu, 19 May 2022 15:56:02 +0300
Subject: [PATCH 6/8] SIVA-344 Update dependencies

---
 pom.xml                                          | 16 ++++++++--------
 siva-parent/pom.xml                              |  2 +-
 siva-parent/siva-sample-application/pom.xml      | 10 +++++-----
 siva-parent/siva-webapp/pom.xml                  |  4 ++--
 .../generic-validation-service/pom.xml           |  5 ++---
 validation-services-parent/pom.xml               |  2 +-
 .../pom.xml                                      |  2 +-
 .../xroad-validation-service/pom.xml             |  6 +++---
 8 files changed, 23 insertions(+), 24 deletions(-)

diff --git a/pom.xml b/pom.xml
index f5d6202a3..3555cf317 100644
--- a/pom.xml
+++ b/pom.xml
@@ -112,13 +112,13 @@
         <commons.codec.version>1.15</commons.codec.version>
         <commons.collections.version>4.4</commons.collections.version>
         <commons.io.version>2.11.0</commons.io.version>
-        <jackson.version>2.13.2</jackson.version>
+        <jackson.version>2.13.3</jackson.version>
         <json.version>20220320</json.version>
         <logback.version>1.2.11</logback.version>
-        <lombok.version>1.18.22</lombok.version>
+        <lombok.version>1.18.24</lombok.version>
         <snakeyaml.version>1.30</snakeyaml.version>
-        <spring.boot.version>2.6.6</spring.boot.version>
-        <xmlsec.version>2.1.7</xmlsec.version>
+        <spring.boot.version>2.6.7</spring.boot.version>
+        <xmlsec.version>2.1.8</xmlsec.version>
 
         <sonar.java.coveragePlugin>jacoco</sonar.java.coveragePlugin>
         <sonar.dynamicAnalysis>reuseReports</sonar.dynamicAnalysis>
@@ -131,7 +131,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-project-info-reports-plugin</artifactId>
-                <version>3.1.2</version>
+                <version>3.3.0</version>
             </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
@@ -146,7 +146,7 @@
             </plugin>
             <plugin>
                 <artifactId>maven-pmd-plugin</artifactId>
-                <version>3.15.0</version>
+                <version>3.16.0</version>
             </plugin>
         </plugins>
     </reporting>
@@ -156,7 +156,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.9.0</version>
+                <version>3.10.1</version>
                 <configuration>
                     <forceJavacCompilerUse>true</forceJavacCompilerUse>
                     <source>${language.level}</source>
@@ -225,7 +225,7 @@
                     <plugin>
                         <groupId>org.owasp</groupId>
                         <artifactId>dependency-check-maven</artifactId>
-                        <version>6.2.2</version>
+                        <version>7.1.0</version>
                         <configuration>
                             <assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled>
                             <failOnError>false</failOnError>
diff --git a/siva-parent/pom.xml b/siva-parent/pom.xml
index 809e30a1e..5aaf125d1 100644
--- a/siva-parent/pom.xml
+++ b/siva-parent/pom.xml
@@ -40,7 +40,7 @@
     </modules>
 
     <properties>
-        <cxf.version>3.5.0</cxf.version>
+        <cxf.version>3.5.2</cxf.version>
     </properties>
 
     <dependencyManagement>
diff --git a/siva-parent/siva-sample-application/pom.xml b/siva-parent/siva-sample-application/pom.xml
index a601833b4..83cf236e2 100644
--- a/siva-parent/siva-sample-application/pom.xml
+++ b/siva-parent/siva-sample-application/pom.xml
@@ -88,14 +88,14 @@
         <dependency>
             <groupId>eu.michael-simons</groupId>
             <artifactId>wro4j-spring-boot-starter</artifactId>
-            <version>0.10.1</version>
+            <version>0.10.4</version>
         </dependency>
 
         <!-- Caching in memory file store -->
         <dependency>
             <groupId>com.github.ben-manes.caffeine</groupId>
             <artifactId>caffeine</artifactId>
-            <version>3.0.5</version>
+            <version>3.0.6</version>
         </dependency>
 
         <!-- Apache commons -->
@@ -106,7 +106,7 @@
         <dependency>
             <groupId>org.zeroturnaround</groupId>
             <artifactId>zt-zip</artifactId>
-            <version>1.14</version>
+            <version>1.15</version>
             <type>jar</type>
         </dependency>
         <dependency>
@@ -170,7 +170,7 @@
         <dependency>
             <groupId>com.jayway.jsonpath</groupId>
             <artifactId>json-path</artifactId>
-            <version>2.6.0</version>
+            <version>2.7.0</version>
         </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.dataformat</groupId>
@@ -203,7 +203,7 @@
         <dependency>
             <groupId>net.sourceforge.htmlunit</groupId>
             <artifactId>htmlunit</artifactId>
-            <version>2.56.0</version>
+            <version>2.61.0</version>
             <scope>test</scope>
         </dependency>
 
diff --git a/siva-parent/siva-webapp/pom.xml b/siva-parent/siva-webapp/pom.xml
index d7698418c..7359973e4 100644
--- a/siva-parent/siva-webapp/pom.xml
+++ b/siva-parent/siva-webapp/pom.xml
@@ -96,13 +96,13 @@
         <dependency>
             <groupId>org.springframework.cloud</groupId>
             <artifactId>spring-cloud-starter-sleuth</artifactId>
-            <version>3.1.1</version>
+            <version>3.1.2</version>
         </dependency>
 
         <dependency>
             <groupId>co.elastic.logging</groupId>
             <artifactId>logback-ecs-encoder</artifactId>
-            <version>1.3.2</version>
+            <version>1.4.0</version>
         </dependency>
 
         <dependency>
diff --git a/validation-services-parent/generic-validation-service/pom.xml b/validation-services-parent/generic-validation-service/pom.xml
index 7b6411974..f882d029c 100644
--- a/validation-services-parent/generic-validation-service/pom.xml
+++ b/validation-services-parent/generic-validation-service/pom.xml
@@ -58,11 +58,10 @@
                 </exclusion>
             </exclusions>
         </dependency>
-        <!-- TODO: this overrides vulnerable pdfbox version in DSS; remove this after pdfbox version in DSS has been updated above 2.0.22! -->
         <dependency>
             <groupId>org.apache.pdfbox</groupId>
             <artifactId>pdfbox</artifactId>
-            <version>2.0.24</version>
+            <version>2.0.26</version>
         </dependency>
         <dependency>
             <groupId>org.digidoc4j.dss</groupId>
@@ -76,7 +75,7 @@
         <dependency>
             <groupId>com.google.guava</groupId>
             <artifactId>guava</artifactId>
-            <version>31.0.1-jre</version>
+            <version>31.1-jre</version>
         </dependency>
 
         <!-- Spring Boot -->
diff --git a/validation-services-parent/pom.xml b/validation-services-parent/pom.xml
index 2b39288b9..c0b63ed73 100644
--- a/validation-services-parent/pom.xml
+++ b/validation-services-parent/pom.xml
@@ -97,7 +97,7 @@
             <dependency>
                 <groupId>org.cryptacular</groupId>
                 <artifactId>cryptacular</artifactId>
-                <version>1.2.4</version>
+                <version>1.2.5</version>
             </dependency>
             <dependency>
                 <groupId>com.fasterxml.jackson.core</groupId>
diff --git a/validation-services-parent/timemark-container-validation-service/pom.xml b/validation-services-parent/timemark-container-validation-service/pom.xml
index 8d94fd703..82b0c35ec 100644
--- a/validation-services-parent/timemark-container-validation-service/pom.xml
+++ b/validation-services-parent/timemark-container-validation-service/pom.xml
@@ -51,7 +51,7 @@
         <dependency>
             <groupId>org.apache.pdfbox</groupId>
             <artifactId>pdfbox</artifactId>
-            <version>2.0.24</version>
+            <version>2.0.26</version>
         </dependency>
         <dependency>
             <groupId>org.apache.santuario</groupId>
diff --git a/validation-services-parent/xroad-validation-service/pom.xml b/validation-services-parent/xroad-validation-service/pom.xml
index aced3438d..7111cd2d7 100644
--- a/validation-services-parent/xroad-validation-service/pom.xml
+++ b/validation-services-parent/xroad-validation-service/pom.xml
@@ -79,7 +79,7 @@
         <dependency>
             <groupId>org.zeroturnaround</groupId>
             <artifactId>zt-zip</artifactId>
-            <version>1.14</version>
+            <version>1.15</version>
             <type>jar</type>
         </dependency>
         <dependency>
@@ -99,7 +99,7 @@
         <dependency>
             <groupId>co.elastic.logging</groupId>
             <artifactId>logback-ecs-encoder</artifactId>
-            <version>1.3.2</version>
+            <version>1.4.0</version>
         </dependency>
         <!-- Testing -->
         <dependency>
@@ -157,7 +157,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-antrun-plugin</artifactId>
-                        <version>3.0.0</version>
+                        <version>3.1.0</version>
                         <executions>
                             <execution>
                                 <id>repack</id>

From bcba04354c6f882a46feecf0046f783562de0efe Mon Sep 17 00:00:00 2001
From: Aare Nurm <aare.nurm@nortal.com>
Date: Fri, 20 May 2022 10:40:22 +0300
Subject: [PATCH 7/8] SIVA-342 Update SignedBy field definition

---
 docs/siva3/interfaces.md | 2 +-
 docs/version_info.md     | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/siva3/interfaces.md b/docs/siva3/interfaces.md
index 8dda433e0..86d043bb4 100644
--- a/docs/siva3/interfaces.md
+++ b/docs/siva3/interfaces.md
@@ -302,7 +302,7 @@ Structure of validationConclusion block
 | signatures[0]. signatureFormat | Signature. SignatureFormat | + | String | Format and profile (according to Baseline Profile) of the signature. See [XAdES Baseline Profile](http://www.etsi.org/deliver/etsi_ts/103100_103199/103171/02.01.01_60/ts_103171v020101p.pdf), [CAdES Baseline Profile](http://www.etsi.org/deliver/etsi_ts/103100_103199/103173/02.02.01_60/ts_103173v020201p.pdf) and [PAdES Baseline Profile](http://www.etsi.org/deliver/etsi_ts/103100_103199/103172/02.02.02_60/ts_103172v020202p.pdf) for detailed description of the Baseline Profile levels. Levels that are accepted in SiVa validation policy are described in [SiVa signature validation policy](/siva3/appendix/validation_policy) <br>**Possible values:**  <br> XAdES_BASELINE_B <br> XAdES_BASELINE_B_BES <br> XAdES_BASELINE_B_EPES <br> XAdES_BASELINE_T <br> XAdES_BASELINE_LT - long-term level XAdES signature where time-stamp is used as a assertion of trusted signing time<br> XAdES_BASELINE_LT_TM - long-term level XAdES signature where time-mark is used as a assertion of trusted signing time. Used in case of [BDOC](https://www.id.ee/wp-content/uploads/2021/06/bdoc-spec212-eng.pdf) signatures with time-mark profile and [DIGIDOC-XML](https://www.id.ee/wp-content/uploads/2020/08/digidoc_format_1.3.pdf) (DDOC) signatures.<br>  XAdES_BASELINE_LTA <br> CAdES_BASELINE_B <br> CAdES_BASELINE_T <br> CAdES_BASELINE_LT <br> CAdES_BASELINE_LTA<br> PAdES_BASELINE_B <br> PAdES_BASELINE_T <br> PAdES_BASELINE_LT <br> PAdES_BASELINE_LTA |
 | signatures[0]. signatureMethod | Signature. SignatureMethod | + | String | Signature method specification URI used in signature creation. |
 | signatures[0]. signatureLevel | Signature. SignatureLevel | - |String | Legal level of the signature, according to Regulation (EU) No 910/2014. <br> - **Possible values on positive validation result:**<br> QESIG <br> QESEAL <br> QES <br> ADESIG_QC <br> ADESEAL_QC <br> ADES_QC <br> ADESIG <br> ADESEAL <br> ADES <br> - **Possible values on indeterminate validation result:**<br> prefix INDETERMINATE is added to the level described in positive result. For example  INDETERMINATE_QESIG <br> - **Possible values on negative validation result:**<br>In addition to abovementioned<br> NOT_ADES_QC_QSCD <br> NOT_ADES_QC <br> NOT_ADES <br> NA <br> - In case of DIGIDOC-XML 1.0..1.3 formats, value is missing as the signature level is not checked by the JDigiDoc base library that is used for validation. However, the signatures can be indirectly regarded as QES level signatures, see also [SiVa Validation Policy](/siva3/appendix/validation_policy)<br> - In case of XROAD ASICE containers the value is missing as the asicverifier base library do not check the signature level.|
-| signatures[0].signedBy | Signature.SignedBy | + | String | Signers name and identification number, i.e. value of the CN field of the signer's certificate |
+| signatures[0].signedBy | Signature.SignedBy | + | String | In format of "surname, givenName, serialNumber" if  these fields are present in subject distinguished name field. In other cases, value of common name field. |
 | signatures[0].subjectDistinguishedName.serialNumber | Signature.SubjectDistinguishedName.SerialNumber | - | String | SERIALNUMBER value portion in signer's certificate's subject distinguished name |
 | signatures[0].subjectDistinguishedName.commonName | Signature.SubjectDistinguishedName.CommonName | - | String | CN (common name) value portion in signer's certificate's subject distinguished name |
 | signatures[0]. signatureScopes | Signature. SignatureScopes | - | Array | Contains information of the original data that is covered by the signature. |
diff --git a/docs/version_info.md b/docs/version_info.md
index 23cbc72ec..77eba9bca 100644
--- a/docs/version_info.md
+++ b/docs/version_info.md
@@ -15,3 +15,4 @@
 | 1.9                | 12.04.2021      | Markus Kivisalu                                       | Updated URL-s and reference links                                             |
 | 1.10               | 16.06.2021      | Risto Seene, Markus Kivisalu                          | SIVA 3.5 documentation additions                                              |
 | 1.11               | 20.04.2022      | Aare Nurm                                             | Roadmap added                                                                 |
+| 1.12               | 20.05.2022      | Aare Nurm                                             | SignedBy field description update                                             |

From 426d20c2df9abf237af7fcf79a024b91761e3654 Mon Sep 17 00:00:00 2001
From: Risto Seene <39149669+rsarendus@users.noreply.github.com>
Date: Fri, 20 May 2022 15:19:17 +0300
Subject: [PATCH 8/8] SIVA-345 Update version number to 3.5.3

---
 pom.xml                                                       | 2 +-
 siva-parent/pom.xml                                           | 4 ++--
 siva-parent/siva-distribution/pom.xml                         | 2 +-
 siva-parent/siva-monitoring/pom.xml                           | 2 +-
 siva-parent/siva-sample-application/pom.xml                   | 2 +-
 siva-parent/siva-signature-service/pom.xml                    | 2 +-
 siva-parent/siva-statistics/pom.xml                           | 2 +-
 siva-parent/siva-test/pom.xml                                 | 2 +-
 siva-parent/siva-validation-proxy/pom.xml                     | 2 +-
 siva-parent/siva-webapp/pom.xml                               | 2 +-
 validation-services-parent/generic-validation-service/pom.xml | 2 +-
 validation-services-parent/pom.xml                            | 2 +-
 .../timemark-container-validation-service/pom.xml             | 2 +-
 .../timestamptoken-validation-service/pom.xml                 | 2 +-
 validation-services-parent/tsl-loader/pom.xml                 | 2 +-
 validation-services-parent/validation-commons/pom.xml         | 2 +-
 validation-services-parent/xroad-validation-service/pom.xml   | 2 +-
 17 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/pom.xml b/pom.xml
index 3555cf317..d5bfad875 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@
 
     <groupId>ee.openid.siva</groupId>
     <artifactId>siva</artifactId>
-    <version>3.5.2</version>
+    <version>3.5.3</version>
     <packaging>pom</packaging>
     <name>SiVa Digitally signed documents validation service</name>
     <url>https://github.com/open-eid/SiVa</url>
diff --git a/siva-parent/pom.xml b/siva-parent/pom.xml
index 5aaf125d1..9de668f22 100644
--- a/siva-parent/pom.xml
+++ b/siva-parent/pom.xml
@@ -19,14 +19,14 @@
     <parent>
         <artifactId>siva</artifactId>
         <groupId>ee.openid.siva</groupId>
-        <version>3.5.2</version>
+        <version>3.5.3</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
     <artifactId>siva-parent</artifactId>
     <packaging>pom</packaging>
     <name>SiVa webapp and other core modules</name>
-    <version>3.5.2</version>
+    <version>3.5.3</version>
 
     <modules>
         <module>siva-validation-proxy</module>
diff --git a/siva-parent/siva-distribution/pom.xml b/siva-parent/siva-distribution/pom.xml
index 7c9eed12a..0cefd2e68 100644
--- a/siva-parent/siva-distribution/pom.xml
+++ b/siva-parent/siva-distribution/pom.xml
@@ -20,7 +20,7 @@
     <parent>
         <artifactId>siva-parent</artifactId>
         <groupId>ee.openid.siva</groupId>
-        <version>3.5.2</version>
+        <version>3.5.3</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/siva-parent/siva-monitoring/pom.xml b/siva-parent/siva-monitoring/pom.xml
index 96b0d15cb..2a98fd5b6 100644
--- a/siva-parent/siva-monitoring/pom.xml
+++ b/siva-parent/siva-monitoring/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <artifactId>siva-parent</artifactId>
         <groupId>ee.openid.siva</groupId>
-        <version>3.5.2</version>
+        <version>3.5.3</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/siva-parent/siva-sample-application/pom.xml b/siva-parent/siva-sample-application/pom.xml
index 83cf236e2..f29eb7228 100644
--- a/siva-parent/siva-sample-application/pom.xml
+++ b/siva-parent/siva-sample-application/pom.xml
@@ -18,7 +18,7 @@
     <parent>
         <artifactId>siva-parent</artifactId>
         <groupId>ee.openid.siva</groupId>
-        <version>3.5.2</version>
+        <version>3.5.3</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/siva-parent/siva-signature-service/pom.xml b/siva-parent/siva-signature-service/pom.xml
index f8144ebf7..7e73813b1 100644
--- a/siva-parent/siva-signature-service/pom.xml
+++ b/siva-parent/siva-signature-service/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <artifactId>siva-parent</artifactId>
         <groupId>ee.openid.siva</groupId>
-        <version>3.5.2</version>
+        <version>3.5.3</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/siva-parent/siva-statistics/pom.xml b/siva-parent/siva-statistics/pom.xml
index 5938df939..cade9cc33 100644
--- a/siva-parent/siva-statistics/pom.xml
+++ b/siva-parent/siva-statistics/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <artifactId>siva-parent</artifactId>
         <groupId>ee.openid.siva</groupId>
-        <version>3.5.2</version>
+        <version>3.5.3</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/siva-parent/siva-test/pom.xml b/siva-parent/siva-test/pom.xml
index e6bc0a975..bb389a601 100644
--- a/siva-parent/siva-test/pom.xml
+++ b/siva-parent/siva-test/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <artifactId>siva-parent</artifactId>
         <groupId>ee.openid.siva</groupId>
-        <version>3.5.2</version>
+        <version>3.5.3</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/siva-parent/siva-validation-proxy/pom.xml b/siva-parent/siva-validation-proxy/pom.xml
index 1d5735d72..83c49a0a9 100644
--- a/siva-parent/siva-validation-proxy/pom.xml
+++ b/siva-parent/siva-validation-proxy/pom.xml
@@ -18,7 +18,7 @@
     <parent>
         <artifactId>siva-parent</artifactId>
         <groupId>ee.openid.siva</groupId>
-        <version>3.5.2</version>
+        <version>3.5.3</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/siva-parent/siva-webapp/pom.xml b/siva-parent/siva-webapp/pom.xml
index 7359973e4..4db34555a 100644
--- a/siva-parent/siva-webapp/pom.xml
+++ b/siva-parent/siva-webapp/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <artifactId>siva-parent</artifactId>
         <groupId>ee.openid.siva</groupId>
-        <version>3.5.2</version>
+        <version>3.5.3</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/validation-services-parent/generic-validation-service/pom.xml b/validation-services-parent/generic-validation-service/pom.xml
index f882d029c..500f89c69 100644
--- a/validation-services-parent/generic-validation-service/pom.xml
+++ b/validation-services-parent/generic-validation-service/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <artifactId>validation-services-parent</artifactId>
         <groupId>ee.openid.siva</groupId>
-        <version>3.5.2</version>
+        <version>3.5.3</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/validation-services-parent/pom.xml b/validation-services-parent/pom.xml
index c0b63ed73..1500b8950 100644
--- a/validation-services-parent/pom.xml
+++ b/validation-services-parent/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <artifactId>siva</artifactId>
         <groupId>ee.openid.siva</groupId>
-        <version>3.5.2</version>
+        <version>3.5.3</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <packaging>pom</packaging>
diff --git a/validation-services-parent/timemark-container-validation-service/pom.xml b/validation-services-parent/timemark-container-validation-service/pom.xml
index 82b0c35ec..9145bb6a4 100644
--- a/validation-services-parent/timemark-container-validation-service/pom.xml
+++ b/validation-services-parent/timemark-container-validation-service/pom.xml
@@ -18,7 +18,7 @@
     <parent>
         <artifactId>validation-services-parent</artifactId>
         <groupId>ee.openid.siva</groupId>
-        <version>3.5.2</version>
+        <version>3.5.3</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/validation-services-parent/timestamptoken-validation-service/pom.xml b/validation-services-parent/timestamptoken-validation-service/pom.xml
index 28ccdcb29..f51d00c15 100644
--- a/validation-services-parent/timestamptoken-validation-service/pom.xml
+++ b/validation-services-parent/timestamptoken-validation-service/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <artifactId>validation-services-parent</artifactId>
         <groupId>ee.openid.siva</groupId>
-        <version>3.5.2</version>
+        <version>3.5.3</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/validation-services-parent/tsl-loader/pom.xml b/validation-services-parent/tsl-loader/pom.xml
index 9504fd82e..657f8b78c 100644
--- a/validation-services-parent/tsl-loader/pom.xml
+++ b/validation-services-parent/tsl-loader/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <artifactId>validation-services-parent</artifactId>
         <groupId>ee.openid.siva</groupId>
-        <version>3.5.2</version>
+        <version>3.5.3</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/validation-services-parent/validation-commons/pom.xml b/validation-services-parent/validation-commons/pom.xml
index 7060d65c2..cbf24c445 100644
--- a/validation-services-parent/validation-commons/pom.xml
+++ b/validation-services-parent/validation-commons/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <artifactId>validation-services-parent</artifactId>
         <groupId>ee.openid.siva</groupId>
-        <version>3.5.2</version>
+        <version>3.5.3</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/validation-services-parent/xroad-validation-service/pom.xml b/validation-services-parent/xroad-validation-service/pom.xml
index 7111cd2d7..bb553f00a 100644
--- a/validation-services-parent/xroad-validation-service/pom.xml
+++ b/validation-services-parent/xroad-validation-service/pom.xml
@@ -20,7 +20,7 @@
     <parent>
         <artifactId>validation-services-parent</artifactId>
         <groupId>ee.openid.siva</groupId>
-        <version>3.5.2</version>
+        <version>3.5.3</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>