add EAAF module for MOA-Sig integration

42 files changed, 1430 insertions, 4 deletions

diff --git a/eaaf_modules/eaaf_module_moa-sig/pom.xml b/eaaf_modules/eaaf_module_moa-sig/pom.xml
new file mode 100644
index 00000000..98a7ddaf
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/pom.xml
@@ -0,0 +1,230 @@
+<?xml version="1.0"?>
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>at.gv.egiz.eaaf</groupId>
+    <artifactId>eaaf_modules</artifactId>
+    <version>1.x</version>
+  </parent>
+  <artifactId>eaaf_module_moa-sig</artifactId>
+  <version>${egiz.eaaf.version}</version>
+
+  <name>MOA-Sig signature verification module</name>
+
+  <licenses>
+    <license>
+      <name>European Union Public License, version 1.2 (EUPL-1.2)</name>
+      <url>https://opensource.org/licenses/EUPL-1.2</url>
+      <distribution>repo</distribution>
+    </license>
+  </licenses>
+
+  <developers>
+    <developer>
+      <name>Thomas Lenz</name>
+      <email>thomas.lenz@egiz.gv.at</email>
+      <organization>eGovernment Innovation Center (EGIZ)</organization>
+      <organizationUrl>https://www.egiz.gv.at</organizationUrl>
+    </developer>
+  </developers>
+  
+  <repositories>
+  	<repository>
+    	<id>MOA</id>
+      	<name>MOA Dependencies</name>
+      	<releases>
+      		<enabled>true</enabled>
+      		<checksumPolicy>ignore</checksumPolicy>
+      	</releases>
+        <layout>default</layout>
+        <url>file://${basedir}/repository</url>
+     </repository>
+  </repositories>
+  
+  <dependencies>
+	<dependency>		   
+		<groupId>at.gv.egiz.components</groupId>
+    	<artifactId>egiz-spring-api</artifactId>
+	</dependency>
+	<dependency>
+	 	<groupId>at.gv.egiz.eaaf</groupId>
+  		<artifactId>eaaf_core_api</artifactId>
+	</dependency>
+	
+	<dependency>
+  		<groupId>joda-time</groupId>
+    	<artifactId>joda-time</artifactId>
+  	</dependency>
+  	<dependency>
+  		<groupId>org.apache.commons</groupId>
+    	<artifactId>commons-lang3</artifactId> 
+  	</dependency>
+		
+	<dependency>
+		<groupId>MOA.spss.server</groupId>
+		<artifactId>moa-sig-lib</artifactId>
+		<exclusions>
+			<exclusion> 
+				<groupId>commons-logging</groupId>
+				<artifactId>commons-logging</artifactId>
+			</exclusion>
+			<exclusion>
+				<artifactId>*</artifactId>
+				<groupId>axis</groupId>
+			</exclusion>
+		</exclusions>
+	</dependency>
+	<dependency>
+		<groupId>MOA.spss</groupId>
+		<artifactId>common</artifactId>
+	</dependency>
+	<dependency>
+		<groupId>MOA.spss</groupId>
+		<artifactId>tsl_lib</artifactId>
+	</dependency>					
+	<dependency>
+		<groupId>iaik.prod</groupId>
+		<artifactId>iaik_cms</artifactId>
+	</dependency>					
+	<dependency>
+		<groupId>iaik.prod</groupId>
+		<artifactId>iaik_cpades</artifactId>
+	</dependency>
+	<dependency>
+		<groupId>iaik.prod</groupId>
+		<artifactId>iaik_cpxlevel</artifactId>
+	</dependency>						
+	<dependency>
+		<groupId>iaik.prod</groupId>
+		<artifactId>iaik_eccelerate</artifactId>
+	</dependency>		
+  	<dependency>
+		<groupId>iaik.prod</groupId>
+		<artifactId>iaik_eccelerate_addon</artifactId>
+	</dependency>							
+	<dependency>
+		<groupId>iaik.prod</groupId>
+		<artifactId>iaik_eccelerate_cms</artifactId>
+	</dependency>		
+	<dependency>
+   		<groupId>iaik.prod</groupId>
+     	<artifactId>iaik_jce_full</artifactId>
+   	</dependency>
+	<dependency>
+		<groupId>iaik.prod</groupId>
+	  	<artifactId>iaik_jsse</artifactId>
+	</dependency>		
+	<dependency>
+   		<groupId>iaik.prod</groupId>
+     	<artifactId>iaik_moa</artifactId>
+   	</dependency>		
+	<dependency> 
+		<groupId>iaik.prod</groupId>
+		<artifactId>iaik_pki_module</artifactId>
+	</dependency>		
+	<dependency>
+		<groupId>iaik.prod</groupId>
+		<artifactId>iaik_sva</artifactId> 
+	</dependency>		
+	<dependency>
+		<groupId>iaik.prod</groupId>
+		<artifactId>iaik_tsp</artifactId>
+	</dependency>		
+	<dependency> 
+		<groupId>iaik.prod</groupId>
+		<artifactId>iaik_util</artifactId>
+	</dependency>				
+	<dependency>
+		<groupId>iaik.prod</groupId>
+		<artifactId>iaik_xades</artifactId>
+	</dependency>
+	<dependency>
+		<groupId>iaik.prod</groupId>
+		<artifactId>iaik_xsect</artifactId>
+	</dependency>	
+	
+	
+	<dependency>
+  		<groupId>junit</groupId>
+      	<artifactId>junit</artifactId>
+   		<scope>test</scope>
+	</dependency>
+  	<dependency>
+		<groupId>org.springframework</groupId>
+		<artifactId>spring-test</artifactId>
+		<scope>test</scope>
+	</dependency>
+  	<dependency>
+  		<groupId>org.apache.commons</groupId>
+    	<artifactId>commons-lang3</artifactId>
+    	<scope>test</scope>
+  	</dependency>
+	
+	  	  	
+  </dependencies>
+  
+  <build>
+   	<resources>
+  		<resource>
+  			<directory>src/main/resources</directory>
+  		</resource>
+  	</resources>
+  
+     <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-compiler-plugin</artifactId>
+        <version>3.8.0</version>
+        <configuration>
+          <source>${java.version}</source>
+          <target>${java.version}</target>
+        </configuration>
+      </plugin>
+
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-jar-plugin</artifactId>
+        <version>3.1.1</version>
+        <configuration>
+        	<archive>
+            	<manifest>
+              		<addClasspath>true</addClasspath>
+              		<addDefaultImplementationEntries>true</addDefaultImplementationEntries>
+              		<addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
+            	</manifest>
+          	</archive>            
+        </configuration>
+      </plugin>
+
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-clean-plugin</artifactId>
+        <version>3.1.0</version>
+        <configuration>
+          <filesets>
+            <fileset>
+              <directory>test-output</directory>
+            </fileset>
+          </filesets>
+        </configuration>
+      </plugin>
+      
+      <!-- enable co-existence of testng and junit -->
+	  <plugin>
+	  	<artifactId>maven-surefire-plugin</artifactId>
+		<version>${surefire.version}</version>
+		<configuration>
+			<threadCount>1</threadCount>					
+		</configuration>
+		<dependencies>
+			<dependency>
+				<groupId>org.apache.maven.surefire</groupId>
+					<artifactId>surefire-junit47</artifactId>
+					<version>${surefire.version}</version>
+				</dependency>
+			</dependencies>
+	  </plugin>
+  	</plugins>
+  </build>
+</project>
diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/common/3.1.2/common-3.1.2.jar b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/common/3.1.2/common-3.1.2.jar
new file mode 100644
index 00000000..243273f4
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/common/3.1.2/common-3.1.2.jar
diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/server/moa-sig-lib/3.1.2/moa-sig-lib-3.1.2.jar b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/server/moa-sig-lib/3.1.2/moa-sig-lib-3.1.2.jar
new file mode 100644
index 00000000..06be8763
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/server/moa-sig-lib/3.1.2/moa-sig-lib-3.1.2.jar
diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/tsl_lib/2.0.2/tsl_lib-2.0.2.jar b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/tsl_lib/2.0.2/tsl_lib-2.0.2.jar
new file mode 100644
index 00000000..22f1f7d6
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/tsl_lib/2.0.2/tsl_lib-2.0.2.jar
diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_ixsil/1.2.2.5/iaik_ixsil-1.2.2.5.pom b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_ixsil/1.2.2.5/iaik_ixsil-1.2.2.5.pom
new file mode 100644
index 00000000..af6c7876
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_ixsil/1.2.2.5/iaik_ixsil-1.2.2.5.pom
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>iaik.prod</groupId>
+  <artifactId>iaik_ixsil</artifactId>
+  <version>1.2.2.5</version>
+  <description>POM was created from install:install-file</description>
+</project>
diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jsse/4.4/iaik_jsse-4.4.pom b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jsse/4.4/iaik_jsse-4.4.pom
new file mode 100644
index 00000000..f61afb3c
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jsse/4.4/iaik_jsse-4.4.pom
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>iaik.prod</groupId>
+  <artifactId>iaik_jsse</artifactId>
+  <version>4.4</version>
+  <description>POM was created from install:install-file</description>
+</project>
diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_util/0.23/iaik_util-0.23.pom b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_util/0.23/iaik_util-0.23.pom
new file mode 100644
index 00000000..9611eb92
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_util/0.23/iaik_util-0.23.pom
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>iaik.prod</groupId>
+  <artifactId>iaik_util</artifactId>
+  <version>0.23</version>
+  <description>POM was created from install:install-file</description>
+</project>
diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_cms/5.1/iaik_cms-5.1.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_cms/5.1/iaik_cms-5.1.jar
new file mode 100644
index 00000000..6aff9745
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_cms/5.1/iaik_cms-5.1.jar
diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_cpades/2.5.1_moa/iaik_cpades-2.5.1_moa.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_cpades/2.5.1_moa/iaik_cpades-2.5.1_moa.jar
new file mode 100644
index 00000000..f225f27a
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_cpades/2.5.1_moa/iaik_cpades-2.5.1_moa.jar
diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_cpxlevel/0.9_moa/iaik_cpxlevel-0.9_moa.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_cpxlevel/0.9_moa/iaik_cpxlevel-0.9_moa.jar
new file mode 100644
index 00000000..3caa1610
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_cpxlevel/0.9_moa/iaik_cpxlevel-0.9_moa.jar
diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_eccelerate/5.01/iaik_eccelerate-5.01.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_eccelerate/5.01/iaik_eccelerate-5.01.jar
new file mode 100644
index 00000000..0d83fc5b
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_eccelerate/5.01/iaik_eccelerate-5.01.jar
diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_eccelerate_addon/5.01/iaik_eccelerate_addon-5.01.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_eccelerate_addon/5.01/iaik_eccelerate_addon-5.01.jar
new file mode 100644
index 00000000..957fa5a8
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_eccelerate_addon/5.01/iaik_eccelerate_addon-5.01.jar
diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_eccelerate_cms/5.01/iaik_eccelerate_cms-5.01.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_eccelerate_cms/5.01/iaik_eccelerate_cms-5.01.jar
new file mode 100644
index 00000000..ed4e816e
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_eccelerate_cms/5.01/iaik_eccelerate_cms-5.01.jar
diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_ixsil/1.2.2.5/iaik_ixsil-1.2.2.5.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_ixsil/1.2.2.5/iaik_ixsil-1.2.2.5.jar
new file mode 100644
index 00000000..9ac61d5c
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_ixsil/1.2.2.5/iaik_ixsil-1.2.2.5.jar
diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_jce_full/5.52_moa/iaik_jce_full-5.52_moa.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_jce_full/5.52_moa/iaik_jce_full-5.52_moa.jar
new file mode 100644
index 00000000..4ce6c247
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_jce_full/5.52_moa/iaik_jce_full-5.52_moa.jar
diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_jsse/4.4/iaik_jsse-4.4.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_jsse/4.4/iaik_jsse-4.4.jar
new file mode 100644
index 00000000..15b32042
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_jsse/4.4/iaik_jsse-4.4.jar
diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_moa/2.06/iaik_moa-2.06.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_moa/2.06/iaik_moa-2.06.jar
new file mode 100644
index 00000000..edc2d0f9
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_moa/2.06/iaik_moa-2.06.jar
diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_pki_module/2.01_moa/iaik_pki_module-2.01_moa.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_pki_module/2.01_moa/iaik_pki_module-2.01_moa.jar
new file mode 100644
index 00000000..9d59aef2
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_pki_module/2.01_moa/iaik_pki_module-2.01_moa.jar
diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_sva/1.0.3_moa/iaik_sva-1.0.3_moa.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_sva/1.0.3_moa/iaik_sva-1.0.3_moa.jar
new file mode 100644
index 00000000..9a551784
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_sva/1.0.3_moa/iaik_sva-1.0.3_moa.jar
diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_tsp/2.32_eval/iaik_tsp.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_tsp/2.32_eval/iaik_tsp.jar
new file mode 100644
index 00000000..fbd9abd2
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_tsp/2.32_eval/iaik_tsp.jar
diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_util/0.23/iaik_util-0.23.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_util/0.23/iaik_util-0.23.jar
new file mode 100644
index 00000000..1bc0cde7
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_util/0.23/iaik_util-0.23.jar
diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_xades/2.13_moa/iaik_xades-2.13_moa.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_xades/2.13_moa/iaik_xades-2.13_moa.jar
new file mode 100644
index 00000000..0f111e24
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_xades/2.13_moa/iaik_xades-2.13_moa.jar
diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_xsect/2.13_moa/iaik_xsect-2.13_moa.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_xsect/2.13_moa/iaik_xsect-2.13_moa.jar
new file mode 100644
index 00000000..95f18efc
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/prod/iaik_xsect/2.13_moa/iaik_xsect-2.13_moa.jar
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java
new file mode 100644
index 00000000..420fe5dc
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java
@@ -0,0 +1,53 @@
+package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api;
+
+import java.util.List;
+
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ICMSSignatureVerificationResponse;
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXMLSignatureVerificationResponse;
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceException;
+
+public interface ISignatureVerificationService {
+
+	/**
+	 * Verify a CAdES or CMS signature
+	 * <br><br>
+	 * <i>This method only validates the first CMS or CAdES signature of more than one signature exists</i>
+	 *  
+	 * @param signature Enveloped CMS or CAdES signature
+	 * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration
+	 * @return @link {@link ICMSSignatureVerificationResponse}, or null if no signature was found 
+	 * @throws MOASigServiceException on signatue-verification error
+	 */
+	ICMSSignatureVerificationResponse verifyCMSSignature(byte[] signature, String trustProfileID)
+			throws MOASigServiceException;
+
+
+
+	/**
+	 * Verify a XML or XAdES signature
+	 * <br><br>
+	 * <i>This method only validates the first XML or XAdES signature of more than one signature exists</i>
+	 * 
+	 * @param signature Serialized XML or XAdES signature
+	 * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration
+	 * @return @link {@link IXMLSignatureVerificationResponse}, or null if no signature was found 
+	 * @throws MOASigServiceException on signatue-verification error
+	 */
+	IXMLSignatureVerificationResponse verifyXMLSignature(byte[] signature, String trustProfileID)
+			throws MOASigServiceException;
+
+	/**
+	 * Verify a XML or XAdES signature
+	 * <br><br>
+	 * <i>This method only validates the first XML or XAdES signature of more than one signature exists</i>
+	 * 
+	 * @param signature Serialized XML or XAdES signature
+	 * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration
+	 * @param verifyTransformsInfoProfileID {@link List} of XML Transformations that should be used for signature-verification
+	 * @return @link {@link IXMLSignatureVerificationResponse}, or null if no signature was found 
+	 * @throws MOASigServiceException on signatue-verification error
+	 */
+	IXMLSignatureVerificationResponse verifyXMLSignature(byte[] signature, String trustProfileID,
+			List<String> verifyTransformsInfoProfileID) throws MOASigServiceException;
+
+}
\ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ICMSSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ICMSSignatureVerificationResponse.java
new file mode 100644
index 00000000..57426751
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ICMSSignatureVerificationResponse.java
@@ -0,0 +1,5 @@
+package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data;
+
+public interface ICMSSignatureVerificationResponse extends IGenericSignatureVerificationResponse {
+
+}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java
new file mode 100644
index 00000000..00d98c86
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java
@@ -0,0 +1,69 @@
+package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data;
+
+import iaik.x509.X509Certificate;
+import java.util.Date;
+
+import org.springframework.lang.Nullable;
+
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceException;
+
+
+public interface IGenericSignatureVerificationResponse {
+
+	/**
+	 * Returns the signing time
+	 * 
+	 * @return Signing time, or null if signature contains no time information
+	 */
+	@Nullable
+	Date getSigningDateTime();
+	
+	/**
+	   * Returns the signatureCheckCode.
+	   * @return int
+	   */
+	int getSignatureCheckCode();
+	
+	/**
+	   * Returns the certificateCheckCode.
+	   * @return int
+	   */
+	int getCertificateCheckCode();
+
+	/**
+	   * Returns the qualifiedCertificate.
+	   * @return boolean
+	   */
+	boolean isQualifiedCertificate();
+
+	/**
+	   * Returns the X509 certificate.
+	   * @return X509Certificate, or null if no certificate information exists
+	   * @throws MOASigServiceException if X509 certificate can not be deserialized
+	   */
+	@Nullable
+	X509Certificate getX509Certificate() throws MOASigServiceException;
+
+	
+	/**
+	 * Returns the X509 certificate in serialized form
+	 * 
+	 * @return Serialized X509 certificate, or null if no certificate information exists
+	 */
+	@Nullable
+	byte[] getX509CertificateEncoded();
+	
+	/**
+	   * Returns the publicAuthority.
+	   * @return boolean
+	   */
+	boolean isPublicAuthority();
+	
+	/**
+	   * Returns the publicAuthorityCode.
+	   * @return String OID, or null if no OID exists
+	   */
+	@Nullable
+	String getPublicAuthorityCode();
+
+}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IXMLSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IXMLSignatureVerificationResponse.java
new file mode 100644
index 00000000..3e86fb63
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IXMLSignatureVerificationResponse.java
@@ -0,0 +1,37 @@
+package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IXMLSignatureVerificationResponse extends IGenericSignatureVerificationResponse {
+
+
+	/**
+	   * Returns the xmlDSIGManifestCheckCode.
+	   * @return int
+	   */
+	int getXmlDSIGManifestCheckCode();
+
+	/**
+	   * Returns the xmlDsigSubjectName.
+	   * @return String
+	   */
+	String getXmlDsigSubjectName();
+
+	
+	/**
+	   * Returns the xmlDSIGManigest.
+	   * @return boolean
+	   */
+	boolean isXmlDSIGManigest();
+
+
+	/**
+	   * Returns the the resulting code of the signature manifest check.
+	   *
+	   * @return The code of the sigature manifest check.
+	   */
+	int getSignatureManifestCheckCode();
+
+}
\ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MOASigServiceBuilderException.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MOASigServiceBuilderException.java
new file mode 100644
index 00000000..ded3f900
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MOASigServiceBuilderException.java
@@ -0,0 +1,14 @@
+package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions;
+
+public class MOASigServiceBuilderException extends MOASigServiceException {
+
+	private static final long serialVersionUID = 5178393157255309476L;
+
+	public MOASigServiceBuilderException(String errorId, Object[] params) {
+		super(errorId, params);
+	}
+
+	public MOASigServiceBuilderException(String errorId, Object[] params, Throwable e) {
+		super(errorId, params, e);
+	}
+}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MOASigServiceConfigurationException.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MOASigServiceConfigurationException.java
new file mode 100644
index 00000000..f3c02fe1
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MOASigServiceConfigurationException.java
@@ -0,0 +1,11 @@
+package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions;
+
+public class MOASigServiceConfigurationException extends MOASigServiceException {
+
+	private static final long serialVersionUID = -4710795384615456488L;
+
+	public MOASigServiceConfigurationException(String errorId, Object[] params, Throwable e) {
+		super(errorId, params, e);
+	}
+
+}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MOASigServiceException.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MOASigServiceException.java
new file mode 100644
index 00000000..243b4b1d
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MOASigServiceException.java
@@ -0,0 +1,26 @@
+package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions;
+
+import at.gv.egiz.eaaf.core.exceptions.EAAFServiceException;
+
+public class MOASigServiceException extends EAAFServiceException {
+
+	private static final long serialVersionUID = -6088238428550563658L;
+	private static final String MOA_SIG_SERVICE_ID = "MOA-SIG-VERIFY";
+	
+	public MOASigServiceException(String errorId, Object[] params) {
+		super(errorId, params);
+		
+	}
+	
+	public MOASigServiceException(String errorId, Object[] params, Throwable e) {
+		super(errorId, params, e);
+		
+	}
+
+	@Override
+	protected String getServiceIdentifier() {
+		return MOA_SIG_SERVICE_ID;
+		
+	}
+
+}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MOASigServiceParserException.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MOASigServiceParserException.java
new file mode 100644
index 00000000..63a51001
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MOASigServiceParserException.java
@@ -0,0 +1,14 @@
+package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions;
+
+public class MOASigServiceParserException extends MOASigServiceException {
+
+	private static final long serialVersionUID = 5178393157255309476L;
+
+	public MOASigServiceParserException(String errorId, Object[] params) {
+		super(errorId, params);
+	}
+
+	public MOASigServiceParserException(String errorId, Object[] params, Throwable e) {
+		super(errorId, params, e);
+	}
+}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MOASigSpringResourceProvider.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MOASigSpringResourceProvider.java
new file mode 100644
index 00000000..ecda7eb1
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MOASigSpringResourceProvider.java
@@ -0,0 +1,27 @@
+package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl;
+
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+
+import at.gv.egiz.components.spring.api.SpringResourceProvider;
+
+public class MOASigSpringResourceProvider implements SpringResourceProvider {
+
+	@Override
+	public Resource[] getResourcesToLoad() {
+		ClassPathResource moaSigConfig = new ClassPathResource("/moa-sig-service.beans.xml", MOASigSpringResourceProvider.class);							
+		return new Resource[] {moaSigConfig};
+	}
+
+	@Override
+	public String[] getPackagesToScan() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getName() {
+		return "Signature-verification service based on MOA-Sig (MOA-SPSS)";
+	}
+
+}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java
new file mode 100644
index 00000000..b2ea5cb7
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java
@@ -0,0 +1,348 @@
+package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl;
+
+import java.io.ByteArrayInputStream;
+import java.security.Provider;
+import java.security.Security;
+import java.security.cert.CertificateEncodingException;
+import java.util.List;
+
+import javax.annotation.PostConstruct;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.lang.Nullable;
+import org.springframework.stereotype.Service;
+import org.springframework.util.Base64Utils;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureVerificationService;
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ICMSSignatureVerificationResponse;
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXMLSignatureVerificationResponse;
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceBuilderException;
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceConfigurationException;
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceException;
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.parser.VerifyXMLSignatureResponseParser;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.Configurator;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
+import at.gv.egovernment.moa.spss.api.impl.VerifyCMSSignatureRequestImpl;
+import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser;
+import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moaspss.logging.LoggingContext;
+import at.gv.egovernment.moaspss.logging.LoggingContextManager;
+import at.gv.egovernment.moaspss.util.Constants;
+import iaik.asn1.structures.AlgorithmID;
+import iaik.security.ec.provider.ECCelerate;
+import iaik.security.provider.IAIK;
+
+
+/**
+ * @author tlenz
+ *
+ */
+@Service
+public class SignatureVerificationService implements ISignatureVerificationService {	
+	private static final Logger log = LoggerFactory.getLogger(SignatureVerificationService.class);
+	
+	private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI;
+	private static final String MOA_NS_URI = Constants.MOA_NS_URI;
+	private static final String DSIG = Constants.DSIG_PREFIX + ":";
+	
+	private at.gv.egovernment.moa.spss.api.SignatureVerificationService svs; 
+
+	@PostConstruct
+	private void initialize() throws MOASigServiceConfigurationException {
+		log.info("Initializing MOA-Sig signature-verification service ... ");
+		
+        log.info("Loading Java security providers.");
+        IAIK.addAsProvider();                
+        ECCelerate.addAsProvider();
+		                
+        try {
+        	LoggingContextManager.getInstance().setLoggingContext(
+                    new LoggingContext("startup"));
+        	log.debug("MOA-Sig library initialization process ... ");
+        	Configurator.getInstance().init();        	
+        	log.info("MOA-Sig library initialization complete ");
+        	                       
+         } catch (final MOAException e) {
+        	 log.error("MOA-SP initialization FAILED!", e.getWrapped()); 
+             throw new MOASigServiceConfigurationException("service.moasig.04", new Object[] { e
+                      .toString() }, e);
+		}
+        
+        Security.insertProviderAt(IAIK.getInstance(), 0);
+        
+        final ECCelerate eccProvider = ECCelerate.getInstance();
+        if (Security.getProvider(eccProvider.getName()) != null)
+        	Security.removeProvider(eccProvider.getName());	        	
+        Security.addProvider(new ECCelerate());
+        
+        fixJava8_141ProblemWithSSLAlgorithms();
+		
+        if (log.isDebugEnabled()) {
+        	log.debug("Loaded Security Provider:");
+        	final Provider[] providerList = Security.getProviders();
+        	for (int i=0; i<providerList.length; i++)
+        		log.debug(i + ": " + providerList[i].getName() + " Version " + providerList[i].getVersion());        		
+        	
+        }
+        
+        log.debug("Instanzing SignatureVerificationService implementation ... ");
+		svs = at.gv.egovernment.moa.spss.api.SignatureVerificationService.getInstance();
+		
+		log.info("MOA-Sig signature-verification service initialized");
+	}
+	
+	
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.ISignatureVerificationService#verifyCMSSignature(byte[], java.lang.String)
+	 */
+	@Override
+	@Nullable
+	public ICMSSignatureVerificationResponse verifyCMSSignature(byte[] signature, String trustProfileID) throws MOASigServiceException {	 
+		try {
+			final VerifyCMSSignatureRequest cmsSigVerifyReq = buildVerfifyCMSRequest(signature, trustProfileID, false, false);
+			final VerifyCMSSignatureResponse cmsSigVerifyResp = svs.verifyCMSSignature(cmsSigVerifyReq );
+			return parseCMSVerificationResult(cmsSigVerifyResp);
+									
+		} catch (final MOAException e) {
+			log.warn("CMS signature verification has an error.", e);
+			throw new MOASigServiceException("service.03", new Object[] { e.toString()}, e);
+			  
+		} catch (final CertificateEncodingException e) {
+			log.warn("Can NOT serialize X509 certificate from CMS/CAdES signature-verification response", e);
+			throw new MOASigServiceException("service.03", new Object[] { e.toString()}, e);
+			
+		}
+		  
+	}
+	 
+	private ICMSSignatureVerificationResponse parseCMSVerificationResult(VerifyCMSSignatureResponse cmsSigVerifyResp) throws CertificateEncodingException {
+		
+		if (cmsSigVerifyResp.getResponseElements() == null ||
+				cmsSigVerifyResp.getResponseElements().isEmpty()) {
+			log.info("No CMS signature FOUND. ");
+			return null;
+			
+		}
+		
+		if (cmsSigVerifyResp.getResponseElements().size() > 1)
+			log.warn("CMS or CAdES signature contains more than one technical signatures. Only validate the first signature");
+		
+		final VerifyCMSSignatureResponseElement firstSig = (VerifyCMSSignatureResponseElement) cmsSigVerifyResp.getResponseElements().get(0);
+		
+		final at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data.VerifyCMSSignatureResponse result = 
+				new at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data.VerifyCMSSignatureResponse();
+	
+		//parse results into response container
+		result.setSignatureCheckCode(firstSig.getSignatureCheck().getCode());
+		result.setCertificateCheckCode(firstSig.getCertificateCheck().getCode());
+		
+		if (firstSig.getSignerInfo() != null) {
+			result.setSigningDateTime(firstSig.getSignerInfo().getSigningTime());
+			result.setX509CertificateEncoded(firstSig.getSignerInfo().getSignerCertificate().getEncoded());
+			result.setQualifiedCertificate(firstSig.getSignerInfo().isQualifiedCertificate());
+		
+			result.setPublicAuthority(firstSig.getSignerInfo().isPublicAuthority());
+			result.setPublicAuthorityCode(firstSig.getSignerInfo().getPublicAuhtorityID());
+			
+		} else
+			log.info("CMS or CAdES verification result contains no SignerInfo");		
+		
+		return result;
+	}
+
+
+
+	/* (non-Javadoc)
+	 * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.ISignatureVerificationService#verifyXMLSignature(byte[], java.lang.String)
+	 */
+	@Override
+	public IXMLSignatureVerificationResponse verifyXMLSignature(byte[] signature, String trustProfileID) throws MOASigServiceException {	
+		return verifyXMLSignature(signature, trustProfileID, null);
+		  
+	}
+	  
+	/* (non-Javadoc)
+	 * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.ISignatureVerificationService#verifyXMLSignature(byte[], java.lang.String, java.util.List)
+	 */
+	@Override
+	public IXMLSignatureVerificationResponse verifyXMLSignature(byte[] signature, String trustProfileID,  List<String> verifyTransformsInfoProfileID) throws MOASigServiceException {		  
+		try {
+			//build signature-verification request
+			 final Element domVerifyXMLSignatureRequest = buildVerifyXMLRequest(signature, trustProfileID, verifyTransformsInfoProfileID);
+
+			//send signature-verification to MOA-Sig			  	
+			final VerifyXMLSignatureRequest vsrequest = new VerifyXMLSignatureRequestParser().parse(domVerifyXMLSignatureRequest);		
+		    final VerifyXMLSignatureResponse vsresponse = svs.verifyXMLSignature(vsrequest);
+		    final Document result = new VerifyXMLSignatureResponseBuilder(true).build(vsresponse);
+			  			
+			// parses the <IXMLSignatureVerificationResponse>
+			final IXMLSignatureVerificationResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(result.getDocumentElement()).parseData();
+			
+			return verifyXMLSignatureResponse;
+			  
+		} catch (final MOASigServiceException e) {
+			  throw e;
+			  
+		} catch (final MOAException e) {
+			  log.warn("MOA-Sig signature-verification has an internal error."
+			  		+ " MsgCode: " + e.getMessageId()
+			  		+ " Msg: " + e.getMessage(),
+			  		e);
+			  throw new MOASigServiceException("service.moasig.03", new Object[]{e.getMessage()}, e);
+			  
+		}		
+	}
+	  
+	/**
+	 * Build a VerifyCMS-Siganture request for MOA-Sig.
+	 * <br><br>
+	 * This builder only generates verification-request for enveloped CMS or CAdES signatures
+	 * <br>
+	 * This 
+	 * 
+	 * @param signature CMS or CAdES signature 
+	 * @param trustProfileID trustProfileID MOA-Sig Trust-Profile
+	 * @param isPdfSignature Make CAdES signature as part of an PAdES document
+	 * @param performExtendedValidation To extended validation. See MOA-Sig documentation for detailed information
+	 * @return 
+	 */
+	private VerifyCMSSignatureRequest buildVerfifyCMSRequest(byte[] signature, String trustProfileID, 
+			boolean isPdfSignature, boolean performExtendedValidation) {
+		final VerifyCMSSignatureRequestImpl verifyCMSSignatureRequest = new VerifyCMSSignatureRequestImpl();
+		verifyCMSSignatureRequest.setDateTime(null);
+		verifyCMSSignatureRequest.setCMSSignature(new ByteArrayInputStream(signature));
+		verifyCMSSignatureRequest.setDataObject(null);
+		verifyCMSSignatureRequest.setTrustProfileId(trustProfileID);
+		verifyCMSSignatureRequest.setSignatories(VerifyCMSSignatureRequest.ALL_SIGNATORIES);
+		verifyCMSSignatureRequest.setPDF(isPdfSignature);
+		verifyCMSSignatureRequest.setExtended(performExtendedValidation);
+		return verifyCMSSignatureRequest;
+		
+	}
+	
+	/**
+	 * Build a VerifyXML-Signature request for MOA-Sig
+	 * 
+	 * @param signature Serialized XML signature
+	 * @param trustProfileID MOA-Sig Trust-Profile
+	 * @param verifyTransformsInfoProfileID {@link List} of Transformation-Profiles used for validation
+	 * @return
+	 * @throws MOASigServiceBuilderException
+	 */
+	private Element buildVerifyXMLRequest(byte[] signature, String trustProfileID, List<String> verifyTransformsInfoProfileID) throws MOASigServiceBuilderException { 
+		try {
+			//build empty document
+			final Document requestDoc_ = getNewDocumentBuilder(); 
+			final Element requestElem_ = requestDoc_.createElementNS(MOA_NS_URI, "VerifyXMLSignatureRequest");
+			requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns", MOA_NS_URI);
+	        requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns:" + Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
+	        requestDoc_.appendChild(requestElem_);
+			
+			
+			// build the request
+			final Element verifiySignatureInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
+			requestElem_.appendChild(verifiySignatureInfoElem);
+			final Element verifySignatureEnvironmentElem = requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
+			verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
+			final Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content");
+			verifySignatureEnvironmentElem.appendChild(base64ContentElem);
+
+			// insert the base64 encoded signature	      
+			String base64EncodedAssertion = Base64Utils.encodeToString(signature);
+			//replace all '\r' characters by no char.
+			final StringBuffer replaced = new StringBuffer();
+			for (int i = 0; i < base64EncodedAssertion.length(); i ++) {
+				final char c = base64EncodedAssertion.charAt(i);
+				if (c != '\r') {
+					replaced.append(c);
+				}
+			}
+			base64EncodedAssertion = replaced.toString();
+			final Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion);
+			base64ContentElem.appendChild(base64Content);      
+	     
+			// specify the signature location
+			final Element verifySignatureLocationElem = requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
+			verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
+			final Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature");
+			verifySignatureLocationElem.appendChild(signatureLocation);      
+	      
+			// signature manifest params
+			final Element signatureManifestCheckParamsElem = requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
+			requestElem_.appendChild(signatureManifestCheckParamsElem);
+			signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false");
+
+			//verify transformations
+			if (verifyTransformsInfoProfileID != null && !verifyTransformsInfoProfileID.isEmpty()) {
+				final Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
+				signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
+				for (final String element : verifyTransformsInfoProfileID) {
+					final Element verifyTransformsInfoProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID");
+					referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem);
+					verifyTransformsInfoProfileIDElem.appendChild(requestDoc_.createTextNode(element));
+	            
+				}
+			}
+	      	      
+			//hashinput data
+			final Element returnHashInputDataElem = requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
+			requestElem_.appendChild(returnHashInputDataElem);
+
+			//add trustProfileID
+			final Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
+			trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
+			requestElem_.appendChild(trustProfileIDElem);
+			
+			return requestElem_;
+			
+	    } catch (final Throwable t) {
+	    	log.warn("Can NOT build VerifyXML-Signature request for MOA-Sig", t);
+	    	throw new MOASigServiceBuilderException("service.moasig.03", new Object[] { t.getMessage() }, t);
+	      
+	    }
+	    
+	  }
+
+	/**
+	 * Get a new {@link Document} from {@link DocumentBuilder} in synchronized form, because 
+	 * {@link DocumentBuilderFactory} and {@link DocumentBuilder} are not thread-safe.
+	 * 
+	 * @return {@link Document}
+	 * @throws ParserConfigurationException
+	 */
+	private synchronized Document getNewDocumentBuilder() throws ParserConfigurationException {
+		final DocumentBuilder docBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); 
+		return docBuilder.newDocument();
+		
+	}
+	
+    private static void fixJava8_141ProblemWithSSLAlgorithms() {
+    	log.info("Change AlgorithmIDs to fix problems with Java8 >= 141 ...");
+        //new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[] { "MD5withRSA", "MD5/RSA",  }, null, true);
+        new AlgorithmID("1.2.840.113549.1.1.5", "sha1WithRSAEncryption", 
+        		new String[] { "SHA1withRSA" , "SHA1/RSA", "SHA-1/RSA", "SHA/RSA", }, null, true);
+        new AlgorithmID("1.2.840.113549.1.1.14", "sha224WithRSAEncryption", 
+        		new String[] { "SHA224withRSA", "SHA224/RSA", "SHA-224/RSA", }, null, true);
+        new AlgorithmID("1.2.840.113549.1.1.11", "sha256WithRSAEncryption", 
+        		new String[] { "SHA256withRSA", "SHA256/RSA", "SHA-256/RSA",  }, null, true);
+        new AlgorithmID("1.2.840.113549.1.1.12", "sha384WithRSAEncryption", 
+        		new String[] { "SHA384withRSA", "SHA384/RSA", "SHA-384/RSA",  }, null, true);
+        new AlgorithmID("1.2.840.113549.1.1.13", "sha512WithRSAEncryption", 
+        		new String[] { "SHA512withRSA", "SHA512/RSA", "SHA-512/RSA" }, null, true);
+        
+        log.info("Change AlgorithmIDs finished");
+    }
+}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java
new file mode 100644
index 00000000..f3c724d8
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java
@@ -0,0 +1,130 @@
+package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data;
+
+import java.io.Serializable;
+import java.security.cert.CertificateException;
+import iaik.x509.X509Certificate;
+import java.util.Date;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IGenericSignatureVerificationResponse;
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceException;
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceParserException;
+
+public class GenericSignatureVerificationResponse implements IGenericSignatureVerificationResponse, Serializable {
+
+	private static final long serialVersionUID = -7751001050689401118L;
+	private static final Logger log = LoggerFactory.getLogger(GenericSignatureVerificationResponse.class);
+	
+	
+	/** The signing time */
+	private Date signingDateTime;
+	
+	/** The signatureCheckCode to be stored */
+	private int signatureCheckCode;
+	
+	/** The certificateCheckCode to be stored */
+	private int certificateCheckCode;
+		
+	/** The publicAuthority to be stored */
+	private boolean publicAuthority;
+  
+	/** The publicAuthorityCode to be stored */
+	private String publicAuthorityCode;
+  
+	/** The qualifiedCertificate to be stored */
+	private boolean qualifiedCertificate;
+  	
+	private byte[] x509CertificateEncoded;
+	
+	@Override
+	public Date getSigningDateTime() {
+		return this.signingDateTime;
+		
+	}
+
+	@Override
+	public int getSignatureCheckCode() {
+		return this.signatureCheckCode;
+		
+	}
+
+	@Override
+	public int getCertificateCheckCode() {
+		return this.certificateCheckCode;
+		
+	}
+
+	@Override
+	public boolean isQualifiedCertificate() {
+		return this.qualifiedCertificate;
+		
+	}
+
+	@Override
+	public X509Certificate getX509Certificate() throws MOASigServiceException {
+		if (x509CertificateEncoded != null) {
+			try {
+				return new X509Certificate(x509CertificateEncoded);
+				
+			} catch (CertificateException e) {
+				log.error("Can NOT parse X509 certifcate in " + GenericSignatureVerificationResponse.class.getName(), e);
+				throw new MOASigServiceParserException("service.moasig.01", null, e);
+			}
+			
+		}
+		
+		return null;
+		
+	}
+
+	@Override
+	public byte[] getX509CertificateEncoded() {
+		return this.getX509CertificateEncoded();
+		
+	}
+	
+	@Override
+	public boolean isPublicAuthority() {
+		return this.publicAuthority;
+		
+	}
+
+	@Override
+	public String getPublicAuthorityCode() {
+		return this.publicAuthorityCode;
+		
+	}
+
+	public void setSigningDateTime(Date signingDateTime) {
+		this.signingDateTime = signingDateTime;
+	}
+
+	public void setSignatureCheckCode(int signatureCheckCode) {
+		this.signatureCheckCode = signatureCheckCode;
+	}
+
+	public void setCertificateCheckCode(int certificateCheckCode) {
+		this.certificateCheckCode = certificateCheckCode;
+	}
+
+	public void setPublicAuthority(boolean publicAuthority) {
+		this.publicAuthority = publicAuthority;
+	}
+
+	public void setPublicAuthorityCode(String publicAuthorityCode) {
+		this.publicAuthorityCode = publicAuthorityCode;
+	}
+
+	public void setQualifiedCertificate(boolean qualifiedCertificate) {
+		this.qualifiedCertificate = qualifiedCertificate;
+	}
+
+	public void setX509CertificateEncoded(byte[] x509CertificateEncoded) {
+		this.x509CertificateEncoded = x509CertificateEncoded;
+	}
+	
+	
+
+}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyCMSSignatureResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyCMSSignatureResponse.java
new file mode 100644
index 00000000..2c177c71
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyCMSSignatureResponse.java
@@ -0,0 +1,9 @@
+package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data;
+
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ICMSSignatureVerificationResponse;
+
+public class VerifyCMSSignatureResponse extends GenericSignatureVerificationResponse implements ICMSSignatureVerificationResponse{
+
+	private static final long serialVersionUID = 708260904158070696L;
+
+}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyXMLSignatureResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyXMLSignatureResponse.java
new file mode 100644
index 00000000..0646bda7
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyXMLSignatureResponse.java
@@ -0,0 +1,93 @@
+package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data;
+
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXMLSignatureVerificationResponse;
+
+/**
+ * 
+ * 
+ * @author tlenz
+ *
+ */
+
+public class VerifyXMLSignatureResponse extends GenericSignatureVerificationResponse implements IXMLSignatureVerificationResponse {
+
+  private static final long serialVersionUID = 8386070769565711601L;
+
+/** The xmlDsigSubjectName to be stored */
+  private String xmlDsigSubjectName;
+
+  /** The xmlDSIGManifestCheckCode to be stored */
+  private int xmlDSIGManifestCheckCode;
+  /** The xmlDSIGManigest to be stored */
+  private boolean xmlDSIGManigest;
+
+  /**
+   * The result of the signature manifest check. The default value <code>-1</code>
+   * indicates that the signature manifest has not been checked.
+   */
+  private int signatureManifestCheckCode = -1;
+  
+
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getXmlDSIGManifestCheckCode()
+ */
+  @Override
+public int getXmlDSIGManifestCheckCode() {
+    return xmlDSIGManifestCheckCode;
+  }
+
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getXmlDsigSubjectName()
+ */
+  @Override
+public String getXmlDsigSubjectName() {
+    return xmlDsigSubjectName;
+  }
+
+
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setXmlDSIGManifestCheckCode(int)
+ */
+public void setXmlDSIGManifestCheckCode(int xmlDSIGManifestCheckCode) {
+    this.xmlDSIGManifestCheckCode = xmlDSIGManifestCheckCode;
+  }
+
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setXmlDsigSubjectName(java.lang.String)
+ */
+public void setXmlDsigSubjectName(String xmlDsigSubjectName) {
+    this.xmlDsigSubjectName = xmlDsigSubjectName;
+  }
+
+
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#isXmlDSIGManigest()
+ */
+  @Override
+public boolean isXmlDSIGManigest() {
+    return xmlDSIGManigest;
+  }
+
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setXmlDSIGManigest(boolean)
+ */
+public void setXmlDSIGManigest(boolean xmlDSIGManigest) {
+    this.xmlDSIGManigest = xmlDSIGManigest;
+  }
+
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getSignatureManifestCheckCode()
+ */
+  @Override
+public int getSignatureManifestCheckCode() {
+    return signatureManifestCheckCode;
+  }
+
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setSignatureManifestCheckCode(int)
+ */           
+public void setSignatureManifestCheckCode(int signatureManifestCheckCode) {
+    this.signatureManifestCheckCode = signatureManifestCheckCode;
+  }
+  
+}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/parser/VerifyXMLSignatureResponseParser.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/parser/VerifyXMLSignatureResponseParser.java
new file mode 100644
index 00000000..e581394b
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/parser/VerifyXMLSignatureResponseParser.java
@@ -0,0 +1,180 @@
+package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.parser;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+
+import org.joda.time.DateTime;
+import org.joda.time.format.ISODateTimeFormat;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.lang.NonNull;
+import org.w3c.dom.Element;
+
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXMLSignatureVerificationResponse;
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceException;
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceParserException;
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moaspss.util.Constants;
+import at.gv.egovernment.moaspss.util.DOMUtils;
+import at.gv.egovernment.moaspss.util.XPathUtils;
+import iaik.utils.Base64InputStream;
+import iaik.x509.X509Certificate;
+
+
+public class VerifyXMLSignatureResponseParser {
+	private static final Logger log = LoggerFactory.getLogger(VerifyXMLSignatureResponseParser.class);
+	
+  //
+  // XPath namespace prefix shortcuts
+  //
+  /** Xpath prefix for reaching MOA Namespaces */
+  private static final String MOA = Constants.MOA_PREFIX + ":";
+  /** Xpath prefix for reaching DSIG Namespaces */
+  private static final String DSIG = Constants.DSIG_PREFIX + ":";
+  /** Xpath expression to the root element */    
+  private static final String ROOT = "/" + MOA + "VerifyXMLSignatureResponse/";
+  
+    /** Xpath expression to the X509SubjectName element */  
+  private static final String DSIG_SUBJECT_NAME_XPATH = 
+      ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + 
+      DSIG + "X509SubjectName";        
+  /** Xpath expression to the X509Certificate element */  
+  private static final String DSIG_X509_CERTIFICATE_XPATH = 
+      ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + 
+          DSIG + "X509Certificate";        
+  /** Xpath expression to the PublicAuthority element */  
+  private static final String PUBLIC_AUTHORITY_XPATH =
+     ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + 
+      MOA + "PublicAuthority";        
+  /** Xpath expression to the PublicAuthorityCode element */  
+  private static final String PUBLIC_AUTHORITY_CODE_XPATH =
+     PUBLIC_AUTHORITY_XPATH + "/" + MOA + "Code";        
+  /** Xpath expression to the QualifiedCertificate element */  
+   private static final String QUALIFIED_CERTIFICATE_XPATH =
+     ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + 
+      MOA + "QualifiedCertificate";        
+   
+  /** Xpath expression to the SignatureCheckCode element */    
+  private static final String SIGNATURE_CHECK_CODE_XPATH = 
+   ROOT + MOA + "SignatureCheck/" + MOA + "Code";
+  /** Xpath expression to the XMLDSIGManifestCheckCode element */    
+  private static final String XMLDSIG_MANIFEST_CHECK_CODE_XPATH = 
+   ROOT + MOA + "XMLDSIGManifestCheck/" + MOA + "Code";
+  /** Xpath expression to the SignatureManifestCheckCode element */    
+  private static final String SIGNATURE_MANIFEST_CHECK_CODE_XPATH = 
+   ROOT + MOA + "SignatureManifestCheck/" + MOA + "Code";
+  /** Xpath expression to the CertificateCheckCode element */      
+  private static final String CERTIFICATE_CHECK_CODE_XPATH = 
+   ROOT + MOA + "CertificateCheck/" + MOA + "Code";
+  
+  private static final String SIGNING_TIME_XPATH = 
+		  ROOT + MOA + "SigningTime";
+    
+    
+  /** This is the root element of the XML-Document provided by the Security Layer Card*/
+  private Element verifyXMLSignatureResponse;
+
+  /**
+   * Constructor for VerifyXMLSignatureResponseParser.
+   * A DOM-representation of the incoming String will be created
+   * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as String
+   * @throws MOASigServiceParserException on any parsing error
+   */
+  public VerifyXMLSignatureResponseParser(String xmlResponse) throws MOASigServiceParserException {
+	  try {
+		  final InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8"));  
+		  verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(s);
+		  
+     } catch (final Throwable t) {
+    	 log.warn("Can not parse MOA-Sig response." , t);
+    	 throw new MOASigServiceParserException("service.moasig.02", new Object[] { t.toString() }, t);
+    	 
+     } 
+  }
+  
+  /**
+   * Constructor for VerifyXMLSignatureResponseParser.
+   * A DOM-representation of the incoming Inputstream will be created
+   * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as InputStream
+   * @throws MOASigServiceParserException on any parsing error
+   */
+  public VerifyXMLSignatureResponseParser(InputStream xmlResponse) throws MOASigServiceParserException {
+	  try {
+		  verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(xmlResponse);
+		  
+	  } catch (final Throwable t) {
+		  log.warn("Can not parse MOA-Sig response." , t);
+		  throw new MOASigServiceParserException("service.moasig.02", new Object[] { t.toString() }, t);
+    	 
+	  } 
+  } 
+  
+   /**
+   * Constructor for VerifyXMLSignatureResponseParser.
+   * The incoming Element will be used for further operations
+   * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as Element
+   */
+  public VerifyXMLSignatureResponseParser(Element xmlResponse) {
+	  verifyXMLSignatureResponse =xmlResponse;                        
+  
+  }
+  
+/**
+   * Parse MOA-Sig signatur-verification result into {@link IXMLSignatureVerificationResponse} 
+   * 
+   * @return {@link IXMLSignatureVerificationResponse}
+   * @throws MOASigServiceException on any parsing error
+   */
+  @NonNull
+  public IXMLSignatureVerificationResponse parseData() throws MOASigServiceException {
+    try {
+    	final VerifyXMLSignatureResponse respData = new VerifyXMLSignatureResponse();
+    	respData.setXmlDsigSubjectName(XPathUtils.getElementValue(verifyXMLSignatureResponse,DSIG_SUBJECT_NAME_XPATH,""));
+    	final Element e = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,QUALIFIED_CERTIFICATE_XPATH);
+    	respData.setQualifiedCertificate(e!=null);
+
+     	final Base64InputStream in = new Base64InputStream(new ByteArrayInputStream(XPathUtils.getElementValue(
+        verifyXMLSignatureResponse,DSIG_X509_CERTIFICATE_XPATH,"").getBytes("UTF-8")),true);
+
+     	respData.setX509CertificateEncoded(new X509Certificate(in).getEncoded());
+      
+     	final Element publicAuthority = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_XPATH);
+     	respData.setPublicAuthority(publicAuthority != null);
+     	respData.setPublicAuthorityCode(XPathUtils.getElementValue(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_CODE_XPATH,""));
+     	respData.setSignatureCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_CHECK_CODE_XPATH,"")).intValue());
+
+     	final String xmlDsigCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,XMLDSIG_MANIFEST_CHECK_CODE_XPATH,null);
+     	if (xmlDsigCheckCode!=null) { 
+     		respData.setXmlDSIGManigest(true);
+     		respData.setXmlDSIGManifestCheckCode(new Integer(xmlDsigCheckCode).intValue());
+     		
+     	} else {
+     		respData.setXmlDSIGManigest(false);
+     		
+     	}
+     	
+     	final String signatureManifestCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_MANIFEST_CHECK_CODE_XPATH,null);
+     	if (signatureManifestCheckCode != null) {
+     		respData.setSignatureManifestCheckCode(new Integer(signatureManifestCheckCode).intValue());
+     		
+     	}
+     	respData.setCertificateCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,CERTIFICATE_CHECK_CODE_XPATH,"")).intValue());
+      
+     	final String signingTimeElement = XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNING_TIME_XPATH,"");
+     	if (signingTimeElement != null && !signingTimeElement.isEmpty()) {
+     		final DateTime datetime = ISODateTimeFormat.dateOptionalTimeParser().parseDateTime(signingTimeElement);
+     		respData.setSigningDateTime(datetime.toDate());
+    	  
+     	}
+     	
+     	return respData;
+     	
+    } catch (final Throwable t) {
+    	log.warn("Can not parse MOA-Sig response." , t);
+    	throw new MOASigServiceParserException("service.moasig.02", new Object[] { t.toString() }, t);
+    }        
+
+  }
+  
+  
+}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
new file mode 100644
index 00000000..ebc25602
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
@@ -0,0 +1 @@
+at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.MOASigSpringResourceProvider
\ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/moa-sig-service.beans.xml b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/moa-sig-service.beans.xml
new file mode 100644
index 00000000..17907130
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/moa-sig-service.beans.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:context="http://www.springframework.org/schema/context"
+	xmlns:tx="http://www.springframework.org/schema/tx"
+	xmlns:aop="http://www.springframework.org/schema/aop"
+	xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+	<context:annotation-config />
+
+	<bean 	id="moaSigService" 
+			class="at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.SignatureVerificationService" />			
+																						
+</beans>
\ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/properties/status_messages_en.properties b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/properties/status_messages_en.properties
new file mode 100644
index 00000000..8802c35d
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/properties/status_messages_en.properties
@@ -0,0 +1,4 @@
+service.moasig.01=Can not deserialize X509 certificate
+service.moasig.02=Can not parse XML signature verification response. Reason: {0}
+service.moasig.03=Signature verification operation has an internal error. Reason: {0}
+service.moasig.04=Configuration of MOA-Sig signature-verification library FAILED! Reason: {0}  
\ No newline at end of file
diff --git a/eaaf_modules/pom.xml b/eaaf_modules/pom.xml
index 585655b1..6f567ae8 100644
--- a/eaaf_modules/pom.xml
+++ b/eaaf_modules/pom.xml
@@ -1,8 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
- -->
-
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ --><project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 	<parent>
 		  <groupId>at.gv.egiz</groupId>
@@ -22,6 +20,7 @@
     <module>eaaf_module_pvp2_idp</module>
     <module>eaaf_module_pvp2_sp</module>
     <module>eaaf_module_auth_sl20</module>
-	</modules>
+    <module>eaaf_module_moa-sig</module>
+  </modules>
 	
 </project>
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 9243b7d3..e84910c3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,6 +24,28 @@
       	<at.gv.egiz.components.eventlog-api.version>0.4</at.gv.egiz.components.eventlog-api.version>
       	<at.gv.egiz.components.egiz-spring-api>0.2</at.gv.egiz.components.egiz-spring-api>
       	
+      	<MOA.spss.server.moa-sig-lib.version>3.1.2</MOA.spss.server.moa-sig-lib.version>
+  		<MOA.spss.tsl_lib.version>2.0.2</MOA.spss.tsl_lib.version>
+  	
+  		<!-- IAIK libs -->
+  		<iaik.prod.iaik_cms.version>5.1</iaik.prod.iaik_cms.version>
+		<iaik.prod.iaik_cpades.version>2.5.1_moa</iaik.prod.iaik_cpades.version>
+		<iaik.prod.iaik_cpxlevel.version>0.9_moa</iaik.prod.iaik_cpxlevel.version>
+		<iaik.prod.iaik_eccelerate.version>5.01</iaik.prod.iaik_eccelerate.version>
+		<iaik.prod.iaik_eccelerate_addon.version>5.01</iaik.prod.iaik_eccelerate_addon.version>
+		<iaik.prod.iaik_eccelerate_cms.version>5.01</iaik.prod.iaik_eccelerate_cms.version>
+		<iaik.prod.iaik_jce_full.version>5.52_moa</iaik.prod.iaik_jce_full.version>
+		<iaik.prod.iaik_jsse.version>4.4</iaik.prod.iaik_jsse.version>
+		<iaik.prod.iaik_moa.version>2.06</iaik.prod.iaik_moa.version>
+		<iaik.prod.iaik_pki_module.version>2.01_moa</iaik.prod.iaik_pki_module.version>
+		<iaik.prod.iaik_sva.version>1.0.3_moa</iaik.prod.iaik_sva.version>
+		<iaik.prod.iaik_tsp.version>2.32_eval</iaik.prod.iaik_tsp.version>
+		<iaik.prod.iaik_util.version>0.23</iaik.prod.iaik_util.version>
+		<iaik.prod.iaik_xades.version>2.13_moa</iaik.prod.iaik_xades.version>
+		<iaik.prod.iaik_xsect.version>2.13_moa</iaik.prod.iaik_xsect.version>
+      	
+      	
+      	<!-- Other third-party libs -->
       	<org.springframework.version>5.1.5.RELEASE</org.springframework.version>
       	<org.opensaml.version>2.6.6</org.opensaml.version>
 		<org.opensaml.xmltooling.version>1.4.6</org.opensaml.xmltooling.version>
@@ -106,6 +128,116 @@
     			<version>${at.gv.egiz.components.egiz-spring-api}</version>
     		</dependency>
     		
+    		
+    		<dependency>
+				<groupId>MOA.spss.server</groupId>
+				<artifactId>moa-sig-lib</artifactId>
+				<version>${MOA.spss.server.moa-sig-lib.version}</version>
+				<exclusions>
+					<exclusion> 
+						<groupId>commons-logging</groupId>
+						<artifactId>commons-logging</artifactId>
+					</exclusion>
+					<exclusion>
+						<artifactId>*</artifactId>
+						<groupId>axis</groupId>
+					</exclusion>
+				</exclusions>
+			</dependency>
+			<dependency>
+				<groupId>MOA.spss</groupId>
+				<artifactId>common</artifactId>
+				<version>${MOA.spss.server.moa-sig-lib.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>MOA.spss</groupId>
+				<artifactId>tsl_lib</artifactId>
+				<version>${MOA.spss.tsl_lib.version}</version>
+			</dependency>
+		  	
+		  		  	  
+	  		<!-- IAIK libs -->					
+			<dependency>
+				<groupId>iaik.prod</groupId>
+				<artifactId>iaik_cms</artifactId>
+				<version>${iaik.prod.iaik_cms.version}</version>			
+			</dependency>					
+		<dependency>
+			<groupId>iaik.prod</groupId>
+			<artifactId>iaik_cpades</artifactId>
+			<version>${iaik.prod.iaik_cpades.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>iaik.prod</groupId>
+			<artifactId>iaik_cpxlevel</artifactId>
+			<version>${iaik.prod.iaik_cpxlevel.version}</version>
+		</dependency>						
+		<dependency>
+			<groupId>iaik.prod</groupId>
+			<artifactId>iaik_eccelerate</artifactId>
+			<version>${iaik.prod.iaik_eccelerate.version}</version>
+		</dependency>		
+	  	<dependency>
+			<groupId>iaik.prod</groupId>
+			<artifactId>iaik_eccelerate_addon</artifactId>
+			<version>${iaik.prod.iaik_eccelerate_addon.version}</version>
+		</dependency>							
+		<dependency>
+			<groupId>iaik.prod</groupId>
+			<artifactId>iaik_eccelerate_cms</artifactId>
+			<version>${iaik.prod.iaik_eccelerate_cms.version}</version>
+		</dependency>		
+		<dependency>
+	   		<groupId>iaik.prod</groupId>
+	     	<artifactId>iaik_jce_full</artifactId>
+	     	<version>${iaik.prod.iaik_jce_full.version}</version>
+	   	</dependency>
+		<dependency>
+			<groupId>iaik.prod</groupId>
+		  	<artifactId>iaik_jsse</artifactId>
+	 		<version>${iaik.prod.iaik_jsse.version}</version>
+		</dependency>		
+		<dependency>
+	   		<groupId>iaik.prod</groupId>
+	     		<artifactId>iaik_moa</artifactId>
+	     		<version>${iaik.prod.iaik_moa.version}</version>
+	   	</dependency>		
+		<dependency> 
+			<groupId>iaik.prod</groupId>
+			<artifactId>iaik_pki_module</artifactId>
+			<version>${iaik.prod.iaik_pki_module.version}</version>
+		</dependency>		
+		<dependency>
+			<groupId>iaik.prod</groupId>
+			<artifactId>iaik_sva</artifactId>
+			<version>${iaik.prod.iaik_sva.version}</version>
+		</dependency>		
+		<dependency>
+			<groupId>iaik.prod</groupId>
+			<artifactId>iaik_tsp</artifactId>
+			<version>${iaik.prod.iaik_tsp.version}</version>
+		</dependency>		
+		<dependency>
+			<groupId>iaik.prod</groupId>
+			<artifactId>iaik_util</artifactId>
+			<version>${iaik.prod.iaik_util.version}</version>
+		</dependency>				
+		<dependency>
+			<groupId>iaik.prod</groupId>
+			<artifactId>iaik_xades</artifactId>
+			<version>${iaik.prod.iaik_xades.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>iaik.prod</groupId>
+			<artifactId>iaik_xsect</artifactId>
+			<version>${iaik.prod.iaik_xsect.version}</version>
+		</dependency>
+    		
+    		
+    		
+    		
+    		
+    		
     		<dependency>    	
     			<groupId>com.google.code.findbugs</groupId>
     		<artifactId>jsr305</artifactId>