Fixed internal exception handling

23 files changed, 390 insertions, 326 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index 85d5c2a46..59eaa90b1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -1,6 +1,5 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x;
 
-import java.io.IOException;
 import java.io.StringWriter;
 import java.util.List;
 
@@ -8,12 +7,8 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerConfigurationException;
-import javax.xml.transform.TransformerException;
 import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.TransformerFactoryConfigurationError;
 import javax.xml.transform.dom.DOMSource;
 import javax.xml.transform.stream.StreamResult;
 
@@ -21,7 +16,6 @@ import org.joda.time.DateTime;
 import org.opensaml.Configuration;
 import org.opensaml.common.xml.SAMLConstants;
 import org.opensaml.saml2.core.NameIDType;
-import org.opensaml.saml2.metadata.ArtifactResolutionService;
 import org.opensaml.saml2.metadata.ContactPerson;
 import org.opensaml.saml2.metadata.EntitiesDescriptor;
 import org.opensaml.saml2.metadata.EntityDescriptor;
@@ -30,14 +24,11 @@ import org.opensaml.saml2.metadata.KeyDescriptor;
 import org.opensaml.saml2.metadata.NameIDFormat;
 import org.opensaml.saml2.metadata.SingleSignOnService;
 import org.opensaml.xml.io.Marshaller;
-import org.opensaml.xml.io.MarshallingException;
-import org.opensaml.xml.security.SecurityException;
 import org.opensaml.xml.security.credential.Credential;
 import org.opensaml.xml.security.credential.UsageType;
 import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
 import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
 import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureException;
 import org.opensaml.xml.signature.Signer;
 import org.w3c.dom.Document;
 
@@ -47,8 +38,8 @@ import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.logging.Logger;
 
 public class MetadataAction implements IAction {
 
@@ -133,7 +124,7 @@ public class MetadataAction implements IAction {
 						redirectSingleSignOnService);
 			}
 
-			if (PVPConfiguration.getInstance().getIDPResolveSOAPService() != null) {
+			/*if (PVPConfiguration.getInstance().getIDPResolveSOAPService() != null) {
 				ArtifactResolutionService artifactResolutionService = SAML2Utils
 						.createSAMLObject(ArtifactResolutionService.class);
 
@@ -146,7 +137,7 @@ public class MetadataAction implements IAction {
 				
 				idpSSODescriptor.getArtifactResolutionServices().add(
 						artifactResolutionService);
-			}
+			}*/
 
 			idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
 			
@@ -199,33 +190,10 @@ public class MetadataAction implements IAction {
 
 			httpResp.getOutputStream().close();
 
-		} catch (CredentialsNotAvailableException e) {
-			e.printStackTrace();
-		} catch (SecurityException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		} catch (ParserConfigurationException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		} catch (MarshallingException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		} catch (SignatureException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		} catch (TransformerConfigurationException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		} catch (TransformerFactoryConfigurationError e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		} catch (IOException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		} catch (TransformerException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}
+		} catch (Exception e) {
+			Logger.error("Failed to generate metadata", e);
+			throw new MOAIDException("pvp2.13", null);
+		} 
 	}
 
 	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 11f7fb257..c5fa53973 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -190,7 +190,6 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
 			config.setRequest(moaRequest);
 			config.setTarget(PVPConfiguration.getInstance().getTargetForSP(entityID));
 			
-			//TODO: Implement check for Mandate Attributes if mandate request
 			String useMandate = request.getParameter(PARAM_USEMANDATE);
 			if(useMandate != null) {
 				if(useMandate.equals("true")) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
index a8c3dab48..e9d802e17 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
@@ -1,12 +1,5 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
 
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.UnrecoverableKeyException;
-import java.security.cert.CertificateException;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
index ced20ce9c..acadd3cb4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
@@ -70,8 +70,7 @@ public class SoapBinding implements IDecoder, IEncoder {
 	public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
 			StatusResponseType response, String targetLocation)
 			throws MessageEncodingException, SecurityException {
-		HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder();
-		// TODO
+		
 	}
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
new file mode 100644
index 000000000..2038ef5a5
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -0,0 +1,228 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion;
+
+import java.util.Iterator;
+
+import org.joda.time.DateTime;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeStatement;
+import org.opensaml.saml2.core.Audience;
+import org.opensaml.saml2.core.AudienceRestriction;
+import org.opensaml.saml2.core.AuthnContext;
+import org.opensaml.saml2.core.AuthnContextClassRef;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.AuthnStatement;
+import org.opensaml.saml2.core.Conditions;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.RequestedAuthnContext;
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.core.SubjectConfirmation;
+import org.opensaml.saml2.core.SubjectConfirmationData;
+import org.opensaml.saml2.metadata.AttributeConsumingService;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.NameIDFormat;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoAuthContextException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class PVP2AssertionBuilder implements PVPConstants {
+	public static Assertion buildAssertion(AuthnRequest authnRequest, 
+			AuthenticationSession authSession, EntityDescriptor peerEntity) throws PVP2Exception {
+		Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);
+
+		RequestedAuthnContext reqAuthnContext = authnRequest
+				.getRequestedAuthnContext();
+
+		if (reqAuthnContext == null) {
+			throw new NoAuthContextException();
+		}
+
+		boolean stork_qaa_1_4_found = false;
+
+		Iterator<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext
+				.getAuthnContextClassRefs().iterator();
+
+		while (reqAuthnContextClassRefIt.hasNext()) {
+			AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt
+					.next();
+			String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split(
+					"\\s+");
+			for (int i = 0; i < qaa_uris.length; i++) {
+				if (qaa_uris[i].trim().equals(STORK_QAA_1_4)) {
+					stork_qaa_1_4_found = true;
+					break;
+				}
+			}
+		}
+
+		if (!stork_qaa_1_4_found) {
+			throw new QAANotSupportedException(STORK_QAA_1_4);
+		}
+		
+		reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs()
+				.iterator();
+		StringBuilder authContextsb = new StringBuilder();
+		while (reqAuthnContextClassRefIt.hasNext()) {
+			AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt
+					.next();
+			String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split(
+					"\\s+");
+			for (int i = 0; i < qaa_uris.length; i++) {
+				if (qaa_uris[i].trim().equals(STORK_QAA_1_4)
+						|| qaa_uris[i].trim().equals(STORK_QAA_1_3)
+						|| qaa_uris[i].trim().equals(STORK_QAA_1_2)
+						|| qaa_uris[i].trim().equals(STORK_QAA_1_1)) {
+					authContextsb.append(qaa_uris[i].trim());
+					authContextsb.append(" ");
+				}
+			}
+
+		}
+		AuthnContextClassRef authnContextClassRef = SAML2Utils
+				.createSAMLObject(AuthnContextClassRef.class);
+		authnContextClassRef.setAuthnContextClassRef(authContextsb.toString());
+		AuthnContext authnContext = SAML2Utils
+				.createSAMLObject(AuthnContext.class);
+		authnContext.setAuthnContextClassRef(authnContextClassRef);
+
+		AuthnStatement authnStatement = SAML2Utils
+				.createSAMLObject(AuthnStatement.class);
+		String remoteSessionID = SAML2Utils.getSecureIdentifier();
+		authnStatement.setAuthnInstant(new DateTime());
+		// currently dummy id ...
+		authnStatement.setSessionIndex(remoteSessionID);
+		authnStatement.setAuthnContext(authnContext);
+
+		assertion.getAuthnStatements().add(authnStatement);
+		
+		SPSSODescriptor spSSODescriptor = peerEntity
+				.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+
+		Integer aIdx = authnRequest.getAttributeConsumingServiceIndex();
+		int idx = 0;
+
+		if (aIdx != null) {
+			idx = aIdx.intValue();
+		}
+
+		AttributeConsumingService attributeConsumingService = spSSODescriptor
+				.getAttributeConsumingServices().get(idx);
+
+		AttributeStatement attributeStatement = SAML2Utils
+				.createSAMLObject(AttributeStatement.class);
+
+		Subject subject = SAML2Utils.createSAMLObject(Subject.class);
+		NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
+		boolean foundFormat = false;
+		Iterator<NameIDFormat> formatIt = spSSODescriptor.getNameIDFormats()
+				.iterator();
+		while (formatIt.hasNext()) {
+			if (formatIt.next().getFormat().equals(NameID.PERSISTENT)) {
+				foundFormat = true;
+				break;
+			}
+		}
+		if (!foundFormat) {
+			// TODO use correct exception
+			throw new NameIDFormatNotSupportedException("");
+		}
+
+		// TODO: Check if we need to hide source pin
+		/*
+		 * if(authSession.getUseMandate()) { Element mandate =
+		 * authSession.getMandate(); if(authSession.getBusinessService()) { //
+		 * Hide Source PIN! ParepUtils.HideStammZahlen(mandate, true, null,
+		 * authSession.getDomainIdentifier(), true); } else {
+		 * ParepUtils.HideStammZahlen(mandate, false, authSession.getTarget(),
+		 * null, true); } }
+		 */
+
+		Iterator<RequestedAttribute> it = attributeConsumingService
+				.getRequestAttributes().iterator();
+		while (it.hasNext()) {
+			RequestedAttribute reqAttribut = it.next();
+			try {
+				Attribute attr = PVPAttributeBuilder.buildAttribute(
+						reqAttribut.getName(), authSession);
+				if (attr == null) {
+					if (reqAttribut.isRequired()) {
+						throw new UnprovideableAttributeException(
+								reqAttribut.getName());
+					}
+				} else {
+					attributeStatement.getAttributes().add(attr);
+				}
+			} catch (PVP2Exception e) {
+				Logger.error(
+						"Attribute generation failed! for "
+								+ reqAttribut.getFriendlyName(), e);
+				if (reqAttribut.isRequired()) {
+					throw new UnprovideableAttributeException(
+							reqAttribut.getName());
+				}
+			}
+		}
+
+		if (attributeStatement.getAttributes().size() > 0) {
+			assertion.getAttributeStatements().add(attributeStatement);
+		}
+
+		subjectNameID.setFormat(NameID.PERSISTENT);
+		subjectNameID.setNameQualifier(authSession.getAssertionAuthData()
+				.getIdentificationType());
+		subjectNameID.setValue(authSession.getAssertionAuthData()
+				.getIdentificationValue());
+		// }
+
+		subject.setNameID(subjectNameID);
+
+		SubjectConfirmation subjectConfirmation = SAML2Utils
+				.createSAMLObject(SubjectConfirmation.class);
+		subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
+		SubjectConfirmationData subjectConfirmationData = SAML2Utils
+				.createSAMLObject(SubjectConfirmationData.class);
+		subjectConfirmationData.setInResponseTo(authnRequest.getID());
+		subjectConfirmationData.setNotOnOrAfter(new DateTime().plusMinutes(20));
+		subjectConfirmationData.setRecipient(peerEntity.getEntityID());
+
+		subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
+
+		subject.getSubjectConfirmations().add(subjectConfirmation);
+
+		Conditions conditions = SAML2Utils.createSAMLObject(Conditions.class);
+		AudienceRestriction audienceRestriction = SAML2Utils
+				.createSAMLObject(AudienceRestriction.class);
+		Audience audience = SAML2Utils.createSAMLObject(Audience.class);
+
+		audience.setAudienceURI(peerEntity.getEntityID());
+		audienceRestriction.getAudiences().add(audience);
+		conditions.setNotBefore(new DateTime());
+		conditions.setNotOnOrAfter(new DateTime().plusMinutes(20));
+		conditions.getAudienceRestrictions().add(audienceRestriction);
+
+		assertion.setConditions(conditions);
+
+		Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+		issuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName());
+		issuer.setFormat(NameID.ENTITY);
+		assertion.setIssuer(issuer);
+		assertion.setSubject(subject);
+		assertion.setID(SAML2Utils.getSecureIdentifier());
+		assertion.setIssueInstant(new DateTime());
+
+		return assertion;
+	}
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java
new file mode 100644
index 000000000..51c4b7e72
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java
@@ -0,0 +1,19 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class BindingNotSupportedException extends PVP2Exception {
+
+	public BindingNotSupportedException(String binding) {
+		super("pvp2.11", new Object[] {binding});
+		this.statusCodeValue = StatusCode.UNSUPPORTED_BINDING_URI;
+	}
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = -7227603941387879360L;
+
+	
+	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
index d8dd3729a..521b55580 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
@@ -1,11 +1,12 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
 
+import org.opensaml.saml2.core.StatusCode;
+
 public class InvalidAssertionConsumerServiceException extends PVP2Exception {
 
-	public InvalidAssertionConsumerServiceException(String messageId,
-			Object[] parameters) {
-		super(messageId, parameters);
-		// TODO Auto-generated constructor stub
+	public InvalidAssertionConsumerServiceException(int idx) {
+		super("pvp2.00", new Object[]{idx});
+		this.statusCodeValue = StatusCode.REQUESTER_URI;
 	}
 
 	/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java
index b3eb61d46..799d26ccb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java
@@ -1,9 +1,12 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
 
+import org.opensaml.saml2.core.StatusCode;
+
 public class InvalidDateFormatException extends PVP2Exception {
 
 	public InvalidDateFormatException() {
-		super("Invalid date format", null);
+		super("pvp2.02", null);
+		this.statusCodeValue = StatusCode.REQUESTER_URI;
 	}
 
 	/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java
index dbee8d696..41a56639a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java
@@ -5,7 +5,7 @@ import org.opensaml.saml2.core.StatusCode;
 public class MandateAttributesNotHandleAbleException extends PVP2Exception {
 
 	public MandateAttributesNotHandleAbleException() {
-		super("Mandate attributes not listed in attribute consumer service", null);
+		super("pvp2.03", null);
 		this.statusCodeValue = StatusCode.REQUESTER_URI;
 	}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
new file mode 100644
index 000000000..7dc9d5645
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
@@ -0,0 +1,14 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+public class NameIDFormatNotSupportedException extends PVP2Exception {
+
+	public NameIDFormatNotSupportedException(String nameIDFormat) {
+		super("pvp2.12", new Object[] {nameIDFormat});
+	}
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = -2270762519437873336L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java
index 0d464ccfa..cd81de30f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java
@@ -1,5 +1,7 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
 
+import org.opensaml.saml2.core.StatusCode;
+
 public class NoAuthContextException extends PVP2Exception {
 
 	/**
@@ -7,8 +9,9 @@ public class NoAuthContextException extends PVP2Exception {
 	 */
 	private static final long serialVersionUID = 7040652043174500992L;
 
-	public NoAuthContextException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
+	public NoAuthContextException() {
+		super("pvp2.04", null);
+		this.statusCodeValue = StatusCode.REQUESTER_URI;
 	}
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java
new file mode 100644
index 000000000..6af97301f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java
@@ -0,0 +1,21 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class NoCredentialsException extends PVP2Exception {
+
+	public static final String MOA_IDP_TARGET = "MOA-ID";
+	
+	public NoCredentialsException(String target) {
+		super("pvp2.08", new Object[] {target});
+		this.statusCodeValue = StatusCode.REQUEST_DENIED_URI;
+	}
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = -9086515080686076313L;
+
+	
+	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java
index a7cb74657..d24905f68 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java
@@ -3,7 +3,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
 public class NoMandateDataAvailableException  extends PVP2Exception {
 
 	public NoMandateDataAvailableException() {
-		super("No mandate data available", null);
+		super("pvp2.06", null);
 	}
 
 	/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java
new file mode 100644
index 000000000..a9bd8104e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java
@@ -0,0 +1,18 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+public class PVP2EncodingException extends PVP2Exception {
+
+	public PVP2EncodingException() {
+		super("pvp2.01", null);
+	}
+	
+	public PVP2EncodingException(Throwable wrapped) {
+		super("pvp2.01", null, wrapped);
+	}
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = -1348774139990071020L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java
index 1e4cf15b8..990a76562 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java
@@ -12,10 +12,12 @@ public abstract class PVP2Exception extends MOAIDException {
 	public PVP2Exception(String messageId, Object[] parameters,
 			Throwable wrapped) {
 		super(messageId, parameters, wrapped);
+		this.statusMessageValue = this.getMessage();
 	}
 
 	public PVP2Exception(String messageId, Object[] parameters) {
 		super(messageId, parameters);
+		this.statusMessageValue = this.getMessage();
 	}
 	
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java
new file mode 100644
index 000000000..be22be859
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java
@@ -0,0 +1,18 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+
+public class QAANotSupportedException extends PVP2Exception {
+
+	public QAANotSupportedException(String qaa) {
+		super("pvp2.05", new Object[] {qaa});
+		this.statusCodeValue = StatusCode.REQUESTER_URI;
+	}
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = -3964192953884089323L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java
index 871c6f4bd..e0f576205 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java
@@ -4,8 +4,13 @@ import org.opensaml.saml2.core.StatusCode;
 
 public class SAMLRequestNotSignedException extends PVP2Exception {
 
-	public SAMLRequestNotSignedException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
+	public SAMLRequestNotSignedException() {
+		super("pvp2.07", null);
+		this.statusCodeValue = StatusCode.REQUESTER_URI;
+	}
+	
+	public SAMLRequestNotSignedException(Throwable e) {
+		super("pvp2.07", null, e);
 		this.statusCodeValue = StatusCode.REQUESTER_URI;
 	}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java
index 99940335b..029470b94 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java
@@ -5,8 +5,8 @@ import org.opensaml.saml2.core.StatusCode;
 
 public class SAMLRequestNotSupported extends PVP2Exception {
 
-	public SAMLRequestNotSupported(String messageId, Object[] parameters) {
-		super(messageId, parameters);
+	public SAMLRequestNotSupported() {
+		super("pvp2.09", null);
 		this.statusCodeValue = StatusCode.REQUEST_UNSUPPORTED_URI;
 	}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java
index 6aeed47d7..0a91cc61a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java
@@ -9,7 +9,7 @@ public class UnprovideableAttributeException extends PVP2Exception {
 	private static final long serialVersionUID = 3972197758163647157L;
 
 	public UnprovideableAttributeException(String attributeName) {
-		super(attributeName, null);
+		super("pvp2.10", new Object[] {attributeName});
 		this.statusCodeValue = StatusCode.UNKNOWN_ATTR_PROFILE_URI;
 	}
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index 194138235..94189714e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -1,42 +1,22 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
 
-import java.util.Iterator;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.joda.time.DateTime;
 import org.opensaml.common.xml.SAMLConstants;
 import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeStatement;
-import org.opensaml.saml2.core.Audience;
-import org.opensaml.saml2.core.AudienceRestriction;
-import org.opensaml.saml2.core.AuthnContext;
-import org.opensaml.saml2.core.AuthnContextClassRef;
 import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.AuthnStatement;
-import org.opensaml.saml2.core.Conditions;
 import org.opensaml.saml2.core.Issuer;
 import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.RequestedAuthnContext;
 import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.core.Subject;
-import org.opensaml.saml2.core.SubjectConfirmation;
-import org.opensaml.saml2.core.SubjectConfirmationData;
 import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
 import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.NameIDFormat;
-import org.opensaml.saml2.metadata.RequestedAttribute;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.ws.message.encoder.MessageEncodingException;
 import org.opensaml.xml.security.SecurityException;
-import org.w3c.dom.Element;
 
 import at.gv.egovernment.moa.id.MOAIDException;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
 import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding;
@@ -44,13 +24,10 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoAuthContextException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSupported;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.logging.Logger;
 
@@ -63,222 +40,20 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
 	public void process(MOARequest obj, HttpServletRequest req,
 			HttpServletResponse resp) throws MOAIDException {
 		if (!handleObject(obj)) {
-			throw new MOAIDException("INVALID HANDLER SELECETED", null);
+			throw new MOAIDException("pvp2.13", null);
 		}
 
 		AuthnRequest authnRequest = (AuthnRequest) obj.getSamlRequest();
-
-		RequestedAuthnContext reqAuthnContext = authnRequest
-				.getRequestedAuthnContext();
-
-		if (reqAuthnContext == null) {
-			throw new NoAuthContextException("No Authn Context provided!", null);
-		}
-
-		boolean stork_qaa_1_4_found = false;
-
-		Iterator<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext
-				.getAuthnContextClassRefs().iterator();
-
-		while (reqAuthnContextClassRefIt.hasNext()) {
-			AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt
-					.next();
-			String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split(
-					"\\s+");
-			for (int i = 0; i < qaa_uris.length; i++) {
-				if (qaa_uris[i].trim().equals(STORK_QAA_1_4)) {
-					stork_qaa_1_4_found = true;
-					break;
-				}
-			}
-		}
-
-		if (!stork_qaa_1_4_found) {
-			throw new NoAuthContextException(
-					"QAA not available Only supported QAA: " + STORK_QAA_1_4,
-					null);
-		}
+		EntityDescriptor peerEntity = obj.getEntityMetadata();
+		
 
 		AuthenticationSession authSession = AuthenticationManager
 				.getAuthenticationSession(req.getSession());
 
 		// authSession.getM
 
-		Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);
-
-		reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs()
-				.iterator();
-		StringBuilder authContextsb = new StringBuilder();
-		while (reqAuthnContextClassRefIt.hasNext()) {
-			AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt
-					.next();
-			String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split(
-					"\\s+");
-			for (int i = 0; i < qaa_uris.length; i++) {
-				if (qaa_uris[i].trim().equals(STORK_QAA_1_4)
-						|| qaa_uris[i].trim().equals(STORK_QAA_1_3)
-						|| qaa_uris[i].trim().equals(STORK_QAA_1_2)
-						|| qaa_uris[i].trim().equals(STORK_QAA_1_1)) {
-					authContextsb.append(qaa_uris[i].trim());
-					authContextsb.append(" ");
-				}
-			}
-
-		}
-		AuthnContextClassRef authnContextClassRef = SAML2Utils
-				.createSAMLObject(AuthnContextClassRef.class);
-		authnContextClassRef.setAuthnContextClassRef(authContextsb.toString());
-		AuthnContext authnContext = SAML2Utils
-				.createSAMLObject(AuthnContext.class);
-		authnContext.setAuthnContextClassRef(authnContextClassRef);
-
-		AuthnStatement authnStatement = SAML2Utils
-				.createSAMLObject(AuthnStatement.class);
-		String remoteSessionID = SAML2Utils.getSecureIdentifier();
-		authnStatement.setAuthnInstant(new DateTime());
-		// currently dummy id ...
-		authnStatement.setSessionIndex(remoteSessionID);
-		authnStatement.setAuthnContext(authnContext);
-
-		assertion.getAuthnStatements().add(authnStatement);
-		EntityDescriptor peerEntity = obj.getEntityMetadata();
-		SPSSODescriptor spSSODescriptor = peerEntity
-				.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-
-		Integer aIdx = authnRequest.getAttributeConsumingServiceIndex();
-		int idx = 0;
-
-		if (aIdx != null) {
-			idx = aIdx.intValue();
-		}
-
-		AttributeConsumingService attributeConsumingService = spSSODescriptor
-				.getAttributeConsumingServices().get(idx);
-
-		AttributeStatement attributeStatement = SAML2Utils
-				.createSAMLObject(AttributeStatement.class);
-
-		Subject subject = SAML2Utils.createSAMLObject(Subject.class);
-		NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
-		boolean foundFormat = false;
-		Iterator<NameIDFormat> formatIt = spSSODescriptor.getNameIDFormats()
-				.iterator();
-		while (formatIt.hasNext()) {
-			if (formatIt.next().getFormat().equals(NameID.PERSISTENT)) {
-				foundFormat = true;
-				break;
-			}
-		}
-		if (!foundFormat) {
-			// TODO use correct exception
-			throw new SAMLRequestNotSupported(NameID.PERSISTENT
-					+ " not supported by SP", null);
-		}
-
-		//TODO: Check if we need to hide source pin
-		/*if(authSession.getUseMandate()) {
-			Element mandate = authSession.getMandate();
-			if(authSession.getBusinessService()) {
-				// Hide Source PIN!
-				ParepUtils.HideStammZahlen(mandate, true, null, authSession.getDomainIdentifier(), true);
-			} else {
-				ParepUtils.HideStammZahlen(mandate, false, authSession.getTarget(), null, true);
-			}
-		}*/
+		Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession, peerEntity);
 		
-/*		if (authSession.getUseMandate()) {
-			Element mandate = authSession.getMandate();
-			
-			Document document = mandate.getOwnerDocument();
-			DOMImplementationLS domImplLS = (DOMImplementationLS) document
-			    .getImplementation();
-			LSSerializer serializer = domImplLS.createLSSerializer();
-			String str = serializer.writeToString(mandate);
-			Logger.info("Full Mandate: " + str);
-			//TODO: extract attributes for mandates
-			Logger.info("Assertion Authdata getAssertionID: " + authSession.getAssertionAuthData().getAssertionID());
-			Logger.info("Assertion Authdata getBkuURL: " + authSession.getAssertionAuthData().getBkuURL());
-			Logger.info("Assertion Authdata getBPK: " + authSession.getAssertionAuthData().getBPK());
-			Logger.info("Assertion Authdata getDateOfBirth: " + authSession.getAssertionAuthData().getDateOfBirth());
-			Logger.info("Assertion Authdata getFamilyName: " + authSession.getAssertionAuthData().getFamilyName());
-			Logger.info("Assertion Authdata getGivenName: " + authSession.getAssertionAuthData().getGivenName());
-			Logger.info("Assertion Authdata getIdentificationType: " + authSession.getAssertionAuthData().getIdentificationType());
-			Logger.info("Assertion Authdata getIdentificationValue: " + authSession.getAssertionAuthData().getIdentificationValue());
-			Logger.info("Assertion Authdata getWBPK: " + authSession.getAssertionAuthData().getWBPK());
-			Logger.info("Assertion getMandateData: " + authSession.getMandateData());
-			Logger.info("Assertion getMandateReferenceValue: " + authSession.getMandateReferenceValue());
-		} else {
-*/
-			Iterator<RequestedAttribute> it = attributeConsumingService
-					.getRequestAttributes().iterator();
-			while (it.hasNext()) {
-				RequestedAttribute reqAttribut = it.next();
-				try {
-				Attribute attr = PVPAttributeBuilder.buildAttribute(
-						reqAttribut.getName(), authSession);
-				if (attr == null) {
-					if (reqAttribut.isRequired()) {
-						throw new UnprovideableAttributeException(
-								reqAttribut.getName());
-					}
-				} else {
-					attributeStatement.getAttributes().add(attr);
-				}
-				} catch(PVP2Exception e) {
-					Logger.error("Attribute generation failed! for " + reqAttribut.getFriendlyName(), e);
-				}
-			}
-
-			if (attributeStatement.getAttributes().size() > 0) {
-				assertion.getAttributeStatements().add(attributeStatement);
-			}
-
-			subjectNameID.setFormat(NameID.PERSISTENT);
-			subjectNameID.setNameQualifier(authSession.getAssertionAuthData()
-					.getIdentificationType());
-			subjectNameID.setValue(authSession.getAssertionAuthData()
-					.getIdentificationValue());
-//		}
-
-		subject.setNameID(subjectNameID);
-
-		SubjectConfirmation subjectConfirmation = SAML2Utils
-				.createSAMLObject(SubjectConfirmation.class);
-		subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
-		SubjectConfirmationData subjectConfirmationData = SAML2Utils
-				.createSAMLObject(SubjectConfirmationData.class);
-		subjectConfirmationData.setInResponseTo(authnRequest.getID());
-		subjectConfirmationData.setNotOnOrAfter(new DateTime().plusMinutes(20));
-		subjectConfirmationData.setRecipient(peerEntity.getEntityID());
-
-		subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
-
-		subject.getSubjectConfirmations().add(subjectConfirmation);
-
-		Conditions conditions = SAML2Utils.createSAMLObject(Conditions.class);
-		AudienceRestriction audienceRestriction = SAML2Utils
-				.createSAMLObject(AudienceRestriction.class);
-		Audience audience = SAML2Utils.createSAMLObject(Audience.class);
-
-		audience.setAudienceURI(peerEntity.getEntityID());
-		audienceRestriction.getAudiences().add(audience);
-		conditions.setNotBefore(new DateTime());
-		conditions.setNotOnOrAfter(new DateTime().plusMinutes(20));
-		conditions.getAudienceRestrictions().add(audienceRestriction);
-
-		assertion.setConditions(conditions);
-
-		// assertion.getAttributeStatements().add(CitizenTokenBuilder.buildCitizenToken(obj,
-		// authSession));
-
-		Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
-		issuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName());
-		issuer.setFormat(NameID.ENTITY);
-		assertion.setIssuer(issuer);
-		assertion.setSubject(subject);
-		assertion.setID(SAML2Utils.getSecureIdentifier());
-		assertion.setIssueInstant(new DateTime());
-
 		Response authResponse = SAML2Utils.createSAMLObject(Response.class);
 
 		Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
@@ -289,19 +64,21 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
 		authResponse.getAssertions().add(assertion);
 		authResponse.setStatus(SAML2Utils.getSuccessStatus());
 
-		aIdx = authnRequest.getAssertionConsumerServiceIndex();
-		idx = 0;
+		Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
+		int idx = 0;
 
 		if (aIdx != null) {
 			idx = aIdx.intValue();
 		}
+		
+		SPSSODescriptor spSSODescriptor = peerEntity
+				.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
 
 		AssertionConsumerService consumerService = spSSODescriptor
 				.getAssertionConsumerServices().get(idx);
 
 		if (consumerService == null) {
-			throw new InvalidAssertionConsumerServiceException("IDX " + idx
-					+ " is not a valid consumer service index!", null);
+			throw new InvalidAssertionConsumerServiceException(idx);
 		}
 		String oaURL = consumerService.getLocation();
 
@@ -320,18 +97,18 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
 		}
 
 		if (binding == null) {
-			throw new InvalidAssertionConsumerServiceException("Binding "
-					+ consumerService.getBinding() + " is not supported", null);
+			throw new BindingNotSupportedException(consumerService.getBinding());
 		}
 
 		try {
 			binding.encodeRespone(req, resp, authResponse, oaURL);
 			// TODO add remoteSessionID to AuthSession ExternalPVPSessionStore
 		} catch (MessageEncodingException e) {
-			e.printStackTrace();
+			Logger.error("Message Encoding exception", e);
+			throw new MOAIDException("pvp2.01", null, e);
 		} catch (SecurityException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
+			Logger.error("Security exception", e);
+			throw new MOAIDException("pvp2.01", null, e);
 		}
 	}
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
index 9496ecb31..29c960dd6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
@@ -41,6 +41,6 @@ public class RequestManager {
 		}
 		
 		// not handled
-		throw new SAMLRequestNotSupported("NOTSUPPORTED", null);
+		throw new SAMLRequestNotSupported();
 	}
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
index 3a6d15ef6..db1241e6f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
@@ -13,8 +13,7 @@ public class SAMLSignatureValidator implements ISAMLValidator {
 	public void validateRequest(RequestAbstractType request)
 			throws MOAIDException {
 		if (request.getSignature() == null) {
-			throw new SAMLRequestNotSignedException("NOT SIGNED",
-					new Object[] {});
+			throw new SAMLRequestNotSignedException();
 		}
 
 		try {
@@ -22,15 +21,14 @@ public class SAMLSignatureValidator implements ISAMLValidator {
 			sigValidator.validate(request.getSignature());
 		} catch (ValidationException e) {
 			e.printStackTrace();
-			throw new MOAIDException("SIGNATURE VALIDATOR", new Object[] {});
+			throw new SAMLRequestNotSignedException(e);
 		}
 	}
 
 	public static void validateSignable(SignableSAMLObject signableObject)
 			throws MOAIDException {
 		if (signableObject.getSignature() == null) {
-			throw new SAMLRequestNotSignedException("NOT SIGNED",
-					new Object[] {});
+			throw new SAMLRequestNotSignedException();
 		}
 
 		try {
@@ -38,7 +36,7 @@ public class SAMLSignatureValidator implements ISAMLValidator {
 			sigValidator.validate(signableObject.getSignature());
 		} catch (ValidationException e) {
 			e.printStackTrace();
-			throw new MOAIDException("SIGNATURE VALIDATOR", new Object[] {});
+			throw new SAMLRequestNotSignedException(e);
 		}
 	}
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
index 1233d8dab..5bd0878a4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
@@ -8,65 +8,63 @@ import org.opensaml.xml.signature.SignatureValidator;
 import org.opensaml.xml.validation.ValidationException;
 
 import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
+import at.gv.egovernment.moa.logging.Logger;
 
 public class EntityVerifier {
 	public static void verify(EntityDescriptor entityDescriptor) throws MOAIDException {
 		if (entityDescriptor.getSignature() == null) {
-			throw new SAMLRequestNotSignedException("NOT SIGNED",
-					new Object[] {});
+			throw new SAMLRequestNotSignedException();
 		}
 
 		try {
 			SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
 			sigValidator.validate(entityDescriptor.getSignature());
 		} catch (ValidationException e) {
-			e.printStackTrace();
-			throw new MOAIDException("SIGNATURE VALIDATOR", new Object[] {});
+			Logger.error("Failed to validate Signature", e);
+			throw new SAMLRequestNotSignedException(e);
 		}
 		
 		Credential credential = CredentialProvider.getSPTrustedCredential(entityDescriptor.getEntityID());
 		if(credential == null) {
-			throw new MOAIDException("NO CREDENTIALS FOR " + entityDescriptor.getEntityID(), new Object[] {});
+			throw new NoCredentialsException(entityDescriptor.getEntityID());
 		}
 		
 		SignatureValidator sigValidator = new SignatureValidator(credential);
 		try {
 		    sigValidator.validate(entityDescriptor.getSignature());
 		} catch (ValidationException e) {
-		    // Indicates signature was not cryptographically valid, or possibly a processing error
-		    e.printStackTrace();
-		    throw new MOAIDException("FAILED TO VERIFY SIGNATURE", new Object[] {});
+			Logger.error("Failed to verfiy Signature", e);
+			throw new SAMLRequestNotSignedException(e);
 		}
 	}
 	
 	public static void verify(EntitiesDescriptor entityDescriptor) throws MOAIDException {
 		if (entityDescriptor.getSignature() == null) {
-			throw new SAMLRequestNotSignedException("NOT SIGNED",
-					new Object[] {});
+			throw new SAMLRequestNotSignedException();
 		}
 
 		try {
 			SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
 			sigValidator.validate(entityDescriptor.getSignature());
 		} catch (ValidationException e) {
-			e.printStackTrace();
-			throw new MOAIDException("SIGNATURE VALIDATOR", new Object[] {});
+			Logger.error("Failed to validate Signature", e);
+			throw new SAMLRequestNotSignedException(e);
 		}
 		
 		Credential credential = CredentialProvider.getTrustedCredential();
 		if(credential == null) {
-			throw new MOAIDException("NO CREDENTIALS FOR ", new Object[] {});
+			throw new NoCredentialsException("moaID IDP");
 		}
 		
 		SignatureValidator sigValidator = new SignatureValidator(credential);
 		try {
 		    sigValidator.validate(entityDescriptor.getSignature());
 		} catch (ValidationException e) {
-		    // Indicates signature was not cryptographically valid, or possibly a processing error
-		    e.printStackTrace();
-		    throw new MOAIDException("FAILED TO VERIFY SIGNATURE", new Object[] {});
+			Logger.error("Failed to verfiy Signature", e);
+			throw new SAMLRequestNotSignedException(e);
 		}
 	}