Extended validation for ETSI plug tests

src/XAdES.php

@@ -1188,7 +1188,12 @@ public function verifyXAdES( $signatureFile, $certificateFile = null )
 							? $integer->base10()
 							: strval( $integer->getValue() );
 
+						/** @var Sequence $generalNames */
 						$generalNames = $issuer->getFirstChildOfType( UniversalTagID::SEQUENCE );
+						if ( $generalNames->at(1) instanceof Sequence )
+						{
+							$generalNames = $generalNames->at(1);
+						}
 
 						$certificateInfo = $certificateInfo ?? new CertificateInfo();
 						$dnNames = $certificateInfo->getDNStringFromNames( $generalNames );
@@ -1210,7 +1215,8 @@ public function verifyXAdES( $signatureFile, $certificateFile = null )
 			if ( $issuerSerialNumber )
 				if ( $serialNumber != $issuerSerialNumber )
 				{
-					throw new XAdESException('The certificate serial number in the signature does not match the certificate serial number');
+					// throw new XAdESException('The certificate serial number in the signature does not match the certificate serial number');
+					echo "WARNING: The issuer certificate serial number in the signature does not match the issuer certificate serial number\n";
 				}
 
 			// If version 1.3.2 then there MAY be <IssuerSerialV2>
@@ -1234,6 +1240,7 @@ public function verifyXAdES( $signatureFile, $certificateFile = null )
 				}
 			}
 
+			$this->validateCertificates( $objKeyInfo );
 			$this->validateUnsignedSignatureProperties( $qualifyingProperties );
 
 			// If the signature is being validated by the XAdES directly then the signature 
@@ -1256,6 +1263,17 @@ public function verifyXAdES( $signatureFile, $certificateFile = null )
 		}
 	}
 
+	/**
+	 * Allows a class to apply validation to one or more members of the certificate chain
+	 *
+	 * @param XMLSecurityKey $keyInfo
+	 * @return bool
+	 */
+	protected function validateCertificates( $keyInfo )
+	{
+		// By default, do nothing
+	}
+
 	protected function validateUnsignedSignatureProperties( $qualifyingProperties )
 	{
 		if ( ! $qualifyingProperties ) return;