Merge branch 'eSense_eIDAS_development' into moa-id-3.2_(OPB)

Conflicts:
	id/server/idserverlib/pom.xml
	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java
	id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java

8 files changed, 758 insertions, 288 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index 022ec9def..038a35d42 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -14,9 +14,10 @@ import javax.activation.CommandMap;
 import javax.activation.MailcapCommandMap;
 
 import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigLoader;
 import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector;
+import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory;
 import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.util.SSLUtils;
 import at.gv.egovernment.moa.logging.Logger;
@@ -157,7 +158,7 @@ public class MOAIDAuthInitializer {
         
         // Starts the session cleaner thread to remove unpicked authentication data
         AuthenticationSessionCleaner.start();
-        AuthConfigLoader.start();
+        MOAGarbageCollector.start();
     }
     
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 57a5316e8..fe29dd2b7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -32,7 +32,9 @@ import java.security.PrivateKey;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Date;
+import java.util.Iterator;
 import java.util.List;
+import java.util.Map.Entry;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
@@ -62,6 +64,7 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameTy
 import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
@@ -69,6 +72,7 @@ import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
@@ -790,16 +794,24 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 	
 		//set STORK attributes
 		if (extractor.containsAttribute(PVPConstants.EID_STORK_TOKEN_NAME)) {				
-			authData.setStorkAuthnResponse(extractor.getSingleAttributeValue(PVPConstants.EID_STORK_TOKEN_NAME));				
-			authData.setForeigner(true);
+			try {
+				authData.setGenericData(AuthenticationSessionStorageConstants.STORK_RESPONSE, 
+						extractor.getSingleAttributeValue(PVPConstants.EID_STORK_TOKEN_NAME));
+				authData.setForeigner(true);
+				
+			} catch (SessionDataStorageException e) {
+				Logger.warn("STORK Response can not stored into generic authData.", e);
+				
+			}				
 			
-		}
-	
-		if (!extractor.getSTORKAttributes().isEmpty()) {
-			authData.setStorkAttributes(extractor.getSTORKAttributes());
-			authData.setForeigner(true);
 			
 		}
+	
+//		if (!extractor.getSTORKAttributes().isEmpty()) {
+//			authData.setStorkAttributes(extractor.getSTORKAttributes());
+//			authData.setForeigner(true);
+//			
+//		}
 				
 		authData.setSsoSession(true);
 		authData.setInterfederatedSSOSession(true);
@@ -889,10 +901,22 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 		
 		authData.setBkuURL(session.getBkuURL());
 		
-		authData.setStorkAttributes(session.getStorkAttributes());
-		authData.setStorkAuthnResponse(session.getStorkAuthnResponse());
-		authData.setStorkRequest(session.getStorkAuthnRequest());
-		
+		//copy all generic authentication information to authData
+		if (session.getGenericSessionDataStorage() != null &&  
+				!session.getGenericSessionDataStorage().isEmpty()) {
+			Iterator<Entry<String, Object>> copyInterator = session.getGenericSessionDataStorage().entrySet().iterator();
+			while (copyInterator.hasNext()) {
+				Entry<String, Object> element = copyInterator.next();
+				try {
+					authData.setGenericData(element.getKey(), element.getValue());
+					
+				} catch (SessionDataStorageException e) {
+					Logger.warn("Can not add generic authData with key:" + element.getKey(), e);
+					
+				}				
+			}									
+		}
+								
 		authData.setSignerCertificate(session.getEncodedSignerCertificate());
 		authData.setAuthBlock(session.getAuthBlock());
 		
@@ -923,9 +947,12 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 			}
 			
 			if (MiscUtil.isEmpty(authData.getCcc())) {
-				if (authData.getStorkAuthnRequest() != null) {
-					authData.setCcc(authData.getStorkAuthnRequest().getCitizenCountryCode());
-					Logger.info("Can not extract country from certificate -> Use country from STORK request.");
+				String storkCCC = authData.getGenericData(
+						AuthenticationSessionStorageConstants.STORK_CCC, String.class);
+				
+				if (MiscUtil.isNotEmpty(storkCCC)) {
+					authData.setCcc(storkCCC);
+					Logger.info("Can not extract country from certificate -> Use country:" + storkCCC + " from STORK request.");
 					
 				}
 								
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java
new file mode 100644
index 000000000..e321c9d05
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java
@@ -0,0 +1,172 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.builder;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.ServiceException;
+import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
+import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SignatureVerificationUtils {
+	  /** shortcut for XMLNS namespace URI */
+	  private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI;
+	  /** shortcut for MOA namespace URI */
+	  private static final String MOA_NS_URI = Constants.MOA_NS_URI;
+	  /** The DSIG-Prefix */
+	  private static final String DSIG = Constants.DSIG_PREFIX + ":";
+	  
+	  /** The document containing the <code>VerifyXMLsignatureRequest</code> */
+	  private Document requestDoc_;
+	  /** the <code>VerifyXMLsignatureRequest</code> root element */
+	  private Element requestElem_;
+	
+	  
+	  public SignatureVerificationUtils() throws BuildException {
+		  try {
+		        DocumentBuilder docBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();        
+		        requestDoc_ = docBuilder.newDocument();
+		        requestElem_ = requestDoc_.createElementNS(MOA_NS_URI, "VerifyXMLSignatureRequest");
+		        requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns", MOA_NS_URI);
+		        requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns:" + Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
+		        requestDoc_.appendChild(requestElem_); 
+		        
+		  } catch (Throwable t) {
+		        throw new BuildException(
+		          "builder.00", 
+		          new Object[] {"VerifyXMLSignatureRequest", t.toString()}, 
+		          t);
+		  }
+	  }
+	  
+	  public VerifyXMLSignatureResponse verify(byte[] signature, String trustProfileID) throws MOAIDException {		  
+		  try {
+			  //build signature-verification request
+			  Element domVerifyXMLSignatureRequest = build(signature, trustProfileID);
+
+			  //send signature-verification to MOA-SP 
+			  Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
+			  		.verifyXMLSignature(domVerifyXMLSignatureRequest);
+			
+			// parses the <VerifyXMLSignatureResponse>
+			VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
+					domVerifyXMLSignatureResponse).parseData();
+			
+			return verifyXMLSignatureResponse;
+			  
+		  } catch (ParseException e) {
+			  Logger.error("Build signature-verification request FAILED." ,e);
+			  throw e;
+			
+		  } catch (ServiceException e) {
+			  Logger.error("MOA-SP signature verification FAILED." ,e);
+			  throw e;
+			  
+		}
+		 				  
+	  }
+	  
+	/**
+	   * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
+	   * from an IdentityLink with a known trustProfileID which 
+	   * has to exist in MOA-SP
+	   * @param signature - The XML signature as byte[]
+	   * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
+	   * 
+	   * @return Element - The complete request as Dom-Element
+	   * 
+	   * @throws ParseException
+	   */
+	  private Element build(byte[] signature, String trustProfileID)
+	    throws ParseException 
+	  { 
+	    try {
+	      // build the request
+	      Element verifiySignatureInfoElem = 
+	        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
+	      requestElem_.appendChild(verifiySignatureInfoElem);
+	      Element verifySignatureEnvironmentElem = 
+	        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
+	      verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
+	      Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content");
+	      verifySignatureEnvironmentElem.appendChild(base64ContentElem);
+
+	      // insert the base64 encoded signature	      
+	      String base64EncodedAssertion = Base64Utils.encode(signature);
+	      //replace all '\r' characters by no char.
+	      StringBuffer replaced = new StringBuffer();
+	      for (int i = 0; i < base64EncodedAssertion.length(); i ++) {
+	        char c = base64EncodedAssertion.charAt(i);
+	        if (c != '\r') {
+	          replaced.append(c);
+	        }
+	      }
+	      base64EncodedAssertion = replaced.toString();
+	      Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion);
+	      base64ContentElem.appendChild(base64Content);      
+	     
+	      // specify the signature location
+	      Element verifySignatureLocationElem = 
+	        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
+	      verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
+	      Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature");
+	      verifySignatureLocationElem.appendChild(signatureLocation);      
+	      
+	      // signature manifest params
+	      Element signatureManifestCheckParamsElem = 
+	        requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
+	      requestElem_.appendChild(signatureManifestCheckParamsElem);
+	      signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false");
+
+	      Element returnHashInputDataElem = 
+	        requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
+	      requestElem_.appendChild(returnHashInputDataElem);
+
+	      //add trustProfileID
+	      Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
+	      trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
+	      requestElem_.appendChild(trustProfileIDElem);
+	    } catch (Throwable t) {
+	      throw new ParseException("builder.00", 
+	        new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t);
+	    }
+
+	    return requestElem_;
+	  }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 59482c4a8..ae3ec9a9b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -44,13 +44,15 @@ import java.security.cert.CertificateException;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
+import java.util.Map;
 
+import org.apache.commons.collections4.map.HashedMap;
 
-import eu.stork.peps.auth.commons.IPersonalAttributeList;
-import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;
 import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
  * Session data to be stored between <code>AuthenticationServer</code> API calls.
@@ -215,129 +217,28 @@ public class AuthenticationSession implements Serializable {
 	 * accept. The infobox identifiers are comma separated.
 	 */
 	private String pushInfobox;
-	
-	/**
-	 * The STORK AuthRequest to be sent to the C-PEPS
-	 */
-	private STORKAuthnRequest storkAuthnRequest;
-	
-	private String storkAuthnResponse;
-	
+		
 	// private AuthenticationData authData;
 	
 	// protocol selection
 	private String action;
 	private String modul;
 	
+	private String processInstanceId;
+	
 	private boolean authenticated;
 	private boolean authenticatedUsed = false;
 	
 	private boolean ssoRequested = false;
-	
+		
 	private String QAALevel = null;
-	
-//	private OAuth20SessionObject oAuth20SessionObject;
-	
-	// /**
-	// * Indicates if target from configuration is used or not
-	// */
-	// private boolean useTargetFromConfig;
-	
-	// /**
-	// * Authentication data for the assertion
-	// */
-	// private AuthenticationData assertionAuthData;
-	//
-	// /**
-	// * Persondata for the assertion
-	// */
-	// private String assertionPrPerson;
-	//
-	// /**
-	// * Authblock for the assertion
-	// */
-	// private String assertionAuthBlock;
-	//
-	// /**
-	// * Identitylink assertion for the (MOA) assertion
-	// */
-	// private String assertionIlAssertion;
-	//
-	// /**
-	// * Signer certificate (base64 encoded) for the assertion
-	// */
-	// private String assertionSignerCertificateBase64;
-	//
-	// /**
-	// * bussiness service for the assertion
-	// */
-	// boolean assertionBusinessService;
-	//
-	// /**
-	// * timestamp logging when authentication session has been created
-	// */
-	// private Date timestampStart;
-	// private CreateXMLSignatureResponse XMLCreateSignatureResponse;
-	
+		
 	private VerifyXMLSignatureResponse XMLVerifySignatureResponse;
 	
 	private boolean isForeigner;
-
-	private IPersonalAttributeList storkAttributes;
 	
+	private Map<String, Object> genericSessionDataStorate = new HashedMap<String, Object>();
 	
-	//Temporary store SignRequest for local processing
-	private String signedDoc;
-	//Temporary store SAMLResponse for processing after user signed signedDoc locally
-	private String SAMLResponse;
-	//
-	private StringBuffer returnURL;
-	private IPersonalAttributeList authnResponseGetPersonalAttributeList;
-	private String authnContextClassRef;
-	// private String requestedProtocolURL = null;
-	
-	private String processInstanceId;
-	
-	public String getAuthnContextClassRef() {
-		return authnContextClassRef;
-	}
-
-	public void setAuthnContextClassRef(String authnContextClassRef) {
-		this.authnContextClassRef = authnContextClassRef;
-	}
-
-	public IPersonalAttributeList getAuthnResponseGetPersonalAttributeList() {
-		return authnResponseGetPersonalAttributeList;
-	}
-
-	public void setAuthnResponseGetPersonalAttributeList(IPersonalAttributeList authnResponseGetPersonalAttributeList) {
-		this.authnResponseGetPersonalAttributeList = authnResponseGetPersonalAttributeList;
-	}
-
-	public String getSAMLResponse() {
-		return SAMLResponse;
-	}
-
-	public void setSAMLResponse(String samlResponse) {
-		SAMLResponse = samlResponse;
-	}
-
-	public StringBuffer getReturnURL() {
-		return returnURL;
-	}
-
-	public void setReturnURL(StringBuffer returnURL) {
-		this.returnURL = returnURL;
-	}
-
-	public String getSignedDoc() {
-		return signedDoc;
-	}
-
-	public void setSignedDoc(String signedDoc) {
-		this.signedDoc = signedDoc;
-	}
-
 	public String getModul() {
 		return modul;
 	}
@@ -353,15 +254,7 @@ public class AuthenticationSession implements Serializable {
 	public void setAction(String action) {
 		this.action = action;
 	}
-	
-	// public AuthenticationData getAuthData() {
-	// return authData;
-	// }
-	//
-	// public void setAuthData(AuthenticationData authData) {
-	// this.authData = authData;
-	// }
-	
+		
 	public boolean isAuthenticatedUsed() {
 		return authenticatedUsed;
 	}
@@ -378,14 +271,6 @@ public class AuthenticationSession implements Serializable {
 		this.authenticated = authenticated;
 	}
 	
-	// public String getRequestedProtocolURL() {
-	// return requestedProtocolURL;
-	// }
-	//
-	// public void setRequestedProtocolURL(String requestedProtocolURL) {
-	// this.requestedProtocolURL = requestedProtocolURL;
-	// }
-	
 	/**
 	 * Constructor for AuthenticationSession.
 	 * 
@@ -395,8 +280,7 @@ public class AuthenticationSession implements Serializable {
 	public AuthenticationSession(String id, Date created) {
 		sessionID = id;
 		sessionCreated = created;
-		// setTimestampStart();
-//		infoboxValidators = new ArrayList();
+		
 	}
 	
 	public X509Certificate getSignerCertificate() {
@@ -760,98 +644,7 @@ public class AuthenticationSession implements Serializable {
 	public void setIssueInstant(String issueInstant) {
 		this.issueInstant = issueInstant;
 	}
-	
-//	/**
-//	 * Returns the iterator to the stored infobox validators.
-//	 * 
-//	 * @return Iterator
-//	 */
-//	public Iterator getInfoboxValidatorIterator() {
-//		if (infoboxValidators == null) return null;
-//		return infoboxValidators.iterator();
-//	}
-	
-	// /**
-	// * Adds an infobox validator class to the stored infobox validators.
-	// *
-	// * @param infoboxIdentifier
-	// * the identifier of the infobox the validator belongs to
-	// * @param infoboxFriendlyName
-	// * the friendly name of the infobox
-	// * @param infoboxValidator
-	// * the infobox validator to add
-	// */
-	// public Iterator addInfoboxValidator(String infoboxIdentifier,
-	// String infoboxFriendlyName, InfoboxValidator infoboxValidator) {
-	// if (infoboxValidators == null)
-	// infoboxValidators = new ArrayList();
-	// Vector v = new Vector(3);
-	// v.add(infoboxIdentifier);
-	// v.add(infoboxFriendlyName);
-	// v.add(infoboxValidator);
-	// infoboxValidators.add(v);
-	// return infoboxValidators.iterator();
-	// }
-	
-//	/**
-//	 * Tests for pending input events of the infobox validators.
-//	 * 
-//	 * @return true if a validator has a form to show
-//	 */
-//	public boolean isValidatorInputPending() {
-//		boolean result = false;
-//		Iterator iter = getInfoboxValidatorIterator();
-//		if (iter != null) {
-//			while (!result && iter.hasNext()) {
-//				Vector infoboxValidatorVector = (Vector) iter.next();
-//				InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2);
-//				if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) result = true;
-//			}
-//		}
-//		return result;
-//	}
-	
-	// /**
-	// * Returns the first pending infobox validator.
-	// *
-	// * @return the infobox validator class
-	// */
-	// public InfoboxValidator getFirstPendingValidator() {
-	// Iterator iter = getInfoboxValidatorIterator();
-	// if (iter != null) {
-	// while (iter.hasNext()) {
-	// Vector infoboxValidatorVector = (Vector) iter.next();
-	// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
-	// .get(2);
-	// String form = infoboxvalidator.getForm();
-	// if (!ParepUtils.isEmpty(form))
-	// return infoboxvalidator;
-	// }
-	// }
-	// return null;
-	// }
-	
-	// /**
-	// * Returns the input form of the first pending infobox validator input
-	// * processor.
-	// *
-	// * @return the form to show
-	// */
-	// public String getFirstValidatorInputForm() {
-	// Iterator iter = getInfoboxValidatorIterator();
-	// if (iter != null) {
-	// while (iter.hasNext()) {
-	// Vector infoboxValidatorVector = (Vector) iter.next();
-	// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
-	// .get(2);
-	// String form = infoboxvalidator.getForm();
-	// if (!ParepUtils.isEmpty(form))
-	// return form;
-	// }
-	// }
-	// return null;
-	// }
-	
+		
 	/**
 	 * Returns domain identifier (the register and number in the register parameter).
 	 * <code>null</code> in the case of not a business service.
@@ -954,26 +747,7 @@ public class AuthenticationSession implements Serializable {
 	public void setMandateReferenceValue(String mandateReferenceValue) {
 		this.mandateReferenceValue = mandateReferenceValue;
 	}
-	
-	/**
-	 * Gets the STORK SAML AuthnRequest
-	 * 
-	 * @return STORK SAML AuthnRequest
-	 */
-	public STORKAuthnRequest getStorkAuthnRequest() {
-		return storkAuthnRequest;
-	}
-	
-	/**
-	 * Sets the STORK SAML AuthnRequest
-	 * 
-	 * @param storkAuthnRequest
-	 *            STORK SAML AuthnRequest
-	 */
-	public void setStorkAuthnRequest(STORKAuthnRequest storkAuthnRequest) {
-		this.storkAuthnRequest = storkAuthnRequest;
-	}
-	
+		
 	public String getCcc() {
 		return ccc;
 	}
@@ -1054,24 +828,8 @@ public class AuthenticationSession implements Serializable {
 	}
 
 	/**
-	 * Memorizes the stork attribute list.
-	 *
-	 * @param personalAttributeList the new stork attributes
-	 */
-	public void setStorkAttributes(IPersonalAttributeList personalAttributeList) {
-		this.storkAttributes = personalAttributeList;
-	}
-	
-	/**
-	 * Recalls the stork attribute list.
-	 *
-	 * @return the stork attributes
-	 */
-	public IPersonalAttributeList getStorkAttributes() {
-		return this.storkAttributes;
-	}
-
-	/**
+	 * eIDAS QAA level
+	 * 
 	 * @return the qAALevel
 	 */
 	public String getQAALevel() {
@@ -1079,6 +837,8 @@ public class AuthenticationSession implements Serializable {
 	}
 
 	/**
+	 * set QAA level in eIDAS form
+	 * 
 	 * @param qAALevel the qAALevel to set
 	 */
 	public void setQAALevel(String qAALevel) {
@@ -1086,20 +846,6 @@ public class AuthenticationSession implements Serializable {
 	}
 
 	/**
-	 * @return the storkAuthnResponse
-	 */
-	public String getStorkAuthnResponse() {
-		return storkAuthnResponse;
-	}
-
-	/**
-	 * @param storkAuthnResponse the storkAuthnResponse to set
-	 */
-	public void setStorkAuthnResponse(String storkAuthnResponse) {
-		this.storkAuthnResponse = storkAuthnResponse;
-	}
-
-	/**
 	 * @return the sessionCreated
 	 */
 	public Date getSessionCreated() {
@@ -1121,5 +867,89 @@ public class AuthenticationSession implements Serializable {
 	public void setProcessInstanceId(String processInstanceId) {
 		this.processInstanceId = processInstanceId;
 	}
+
+	public Map<String, Object> getGenericSessionDataStorage() {
+		return genericSessionDataStorate;
+	}
+	
+	/**
+	 * Returns a generic session-data object with is stored with a specific identifier 
+	 * 
+	 * @param key The specific identifier of the session-data object
+	 * @return The session-data object or null if no data is found with this key
+	 */
+	public Object getGenericDataFromSession(String key) {
+		if (MiscUtil.isNotEmpty(key)) {
+			return genericSessionDataStorate.get(key);
+			
+		} 
+		
+		Logger.warn("Can not load generic session-data with key='null'");
+		return null;
+				
+	}
+	
+	/**
+	 * Returns a generic session-data object with is stored with a specific identifier 
+	 * 
+	 * @param key The specific identifier of the session-data object
+	 * @param clazz The class type which is stored with this key
+	 * @return The session-data object or null if no data is found with this key
+	 */
+	public <T> T getGenericDataFromSession(String key, final Class<T> clazz) {
+		if (MiscUtil.isNotEmpty(key)) {
+			Object data =  genericSessionDataStorate.get(key);
+			
+			if (data == null)
+				return null;
+			
+			try {
+				@SuppressWarnings("unchecked")
+				T test = (T) data;
+				return test;
+				
+			} catch (Exception e) {
+				Logger.warn("Generic authentication-data object can not be casted to requsted type", e);
+				return null;
+				
+			}
+			
+		} 
+		
+		Logger.warn("Can not load generic session-data with key='null'");
+		return null;
+				
+	}
+	
+	/**
+	 * Store a generic data-object to session with a specific identifier
+	 * 
+	 * @param key Identifier for this data-object
+	 * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
+	 * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage
+	 */
+	public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException {
+		if (MiscUtil.isEmpty(key)) {
+			Logger.warn("Generic session-data can not be stored with a 'null' key");
+			throw new SessionDataStorageException("Generic session-data can not be stored with a 'null' key", null);
+			
+		}
+		
+		if (object != null) {
+			if (!Serializable.class.isInstance(object)) {
+				Logger.warn("Generic session-data can only store objects which implements the 'Seralizable' interface");
+				throw new SessionDataStorageException("Generic session-data can only store objects which implements the 'Seralizable' interface", null);
+				
+			}						
+		}
+		
+		if (genericSessionDataStorate.containsKey(key))
+			Logger.debug("Overwrite generic session-data with key:" + key);
+		else
+			Logger.trace("Add generic session-data with key:" + key + " to session.");
+		
+		genericSessionDataStorate.put(key, object);
+	}
+	
 	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionStorageConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionStorageConstants.java
new file mode 100644
index 000000000..648dcf6f1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionStorageConstants.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.data;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AuthenticationSessionStorageConstants {
+
+	public static final String PREFIX_STORK = "stork_"; 
+	public static final String PREFIX_eIDAS = "eIDAS_";
+	
+	public static final String STORK_ATTRIBUTELIST = PREFIX_STORK + "attributelist";
+	public static final String STORK_REQUEST = PREFIX_STORK + "request";
+	public static final String STORK_RESPONSE = PREFIX_STORK + "response";
+	public static final String STORK_CCC = PREFIX_STORK + "ccc";
+	
+	public static final String eIDAS_ATTRIBUTELIST = PREFIX_eIDAS + "attributeList";
+	public static final String eIDAS_RESPONSE = PREFIX_eIDAS + "response";
+}
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/SessionDataStorageException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/SessionDataStorageException.java
new file mode 100644
index 000000000..203be784e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/SessionDataStorageException.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.exception;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SessionDataStorageException extends MOAIDException {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 5743057708136365929L;
+
+	/**
+	 * @param messageId
+	 * @param parameters
+	 */
+	public SessionDataStorageException(String messageId, Object[] parameters) {
+		super(messageId, parameters);
+		
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
new file mode 100644
index 000000000..72a7d3ba1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
@@ -0,0 +1,142 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.auth.invoke;
+
+import java.util.Vector;
+
+import javax.xml.namespace.QName;
+import javax.xml.rpc.Call;
+import javax.xml.rpc.Service;
+import javax.xml.rpc.ServiceFactory;
+
+import org.apache.axis.message.SOAPBodyElement;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.exception.ServiceException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.api.SignatureVerificationService;
+import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser;
+import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * Invoker of the <code>SignatureVerification</code> web service of MOA-SPSS.<br>
+ * Either invokes the web service, or calls the corresponding API, depending on configuration data.
+ * 
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class SignatureVerificationInvoker {
+  /** This QName Object identifies the SignatureVerification endpoint of the web service */
+  private static final QName SERVICE_QNAME = new QName("SignatureVerification");
+
+  /**
+   * Method verifyXMLSignature.
+   * @param request to be sent
+   * @return Element with the answer
+   * @throws ServiceException if an error occurs
+   */
+  public Element verifyXMLSignature(Element request) throws ServiceException {
+    return doCall(SERVICE_QNAME, request);
+  }
+
+  /**
+   * Method doCall.
+   * @param serviceName the name of the service
+   * @param request the request to be sent
+   * @return Element the answer
+   * @throws ServiceException if an error occurs
+   */
+  protected Element doCall(QName serviceName, Element request) throws ServiceException {
+    ConnectionParameter authConnParam = null;
+    try {
+      Service service = ServiceFactory.newInstance().createService(serviceName);
+      Call call = service.createCall();
+      SOAPBodyElement body = new SOAPBodyElement(request);
+      SOAPBodyElement[] params = new SOAPBodyElement[] { body };
+      Vector responses;
+      SOAPBodyElement response;
+
+      String endPoint;
+      AuthConfiguration authConfigProvider = AuthConfigurationProviderFactory.getInstance();
+      authConnParam = authConfigProvider.getMoaSpConnectionParameter();
+      //If the ConnectionParameter do NOT exist, we try to get the api to work....
+      if (authConnParam != null && MiscUtil.isNotEmpty(authConnParam.getUrl())) {
+        Logger.debug("Connecting using auth url: " + authConnParam.getUrl() + ", service " + serviceName.getNamespaceURI() + " : " + serviceName.getLocalPart() + " : "+ serviceName.getPrefix());
+        endPoint = authConnParam.getUrl();
+        call.setTargetEndpointAddress(endPoint);
+        responses = (Vector) call.invoke(serviceName, params);
+        Logger.debug("Got responses: " + responses.size()); // TODO handle axis 302 response when incorrect service url is used
+        response = (SOAPBodyElement) responses.get(0);
+        return response.getAsDOM();
+      }
+      else {
+        SignatureVerificationService svs = SignatureVerificationService.getInstance();
+        VerifyXMLSignatureRequest vsrequest = new VerifyXMLSignatureRequestParser().parse(request);
+		
+        VerifyXMLSignatureResponse vsresponse = svs.verifyXMLSignature(vsrequest);
+        Document result = new VerifyXMLSignatureResponseBuilder().build(vsresponse);
+
+        //Logger.setHierarchy("moa.id.auth");
+        return result.getDocumentElement();
+      }
+    }
+    catch (Exception ex) {
+      if (authConnParam != null) {
+	      throw new ServiceException("service.00", new Object[] { ex.toString()}, ex);
+      } else {
+        throw new ServiceException("service.03", new Object[] { ex.toString()}, ex);
+      }
+    }
+  }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
new file mode 100644
index 000000000..7bce406e0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
@@ -0,0 +1,211 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.auth.parser;
+
+import iaik.utils.Base64InputStream;
+import iaik.x509.X509Certificate;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * Parses a <code>&lt;VerifyXMLSignatureResponse&gt;</code> returned by
+ * MOA-SPSS.
+ * This class implements the Singleton pattern
+ * 
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+
+
+public class VerifyXMLSignatureResponseParser {
+  //
+  // XPath namespace prefix shortcuts
+  //
+  /** Xpath prefix for reaching MOA Namespaces */
+  private static final String MOA = Constants.MOA_PREFIX + ":";
+  /** Xpath prefix for reaching DSIG Namespaces */
+  private static final String DSIG = Constants.DSIG_PREFIX + ":";
+  /** Xpath expression to the root element */    
+  private static final String ROOT = "/" + MOA + "VerifyXMLSignatureResponse/";
+  
+    /** Xpath expression to the X509SubjectName element */  
+  private static final String DSIG_SUBJECT_NAME_XPATH = 
+      ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + 
+      DSIG + "X509SubjectName";        
+  /** Xpath expression to the X509Certificate element */  
+  private static final String DSIG_X509_CERTIFICATE_XPATH = 
+      ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + 
+          DSIG + "X509Certificate";        
+  /** Xpath expression to the PublicAuthority element */  
+  private static final String PUBLIC_AUTHORITY_XPATH =
+     ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + 
+      MOA + "PublicAuthority";        
+  /** Xpath expression to the PublicAuthorityCode element */  
+  private static final String PUBLIC_AUTHORITY_CODE_XPATH =
+     PUBLIC_AUTHORITY_XPATH + "/" + MOA + "Code";        
+  /** Xpath expression to the QualifiedCertificate element */  
+   private static final String QUALIFIED_CERTIFICATE_XPATH =
+     ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + 
+      MOA + "QualifiedCertificate";        
+   
+  /** Xpath expression to the SignatureCheckCode element */    
+  private static final String SIGNATURE_CHECK_CODE_XPATH = 
+   ROOT + MOA + "SignatureCheck/" + MOA + "Code";
+  /** Xpath expression to the XMLDSIGManifestCheckCode element */    
+  private static final String XMLDSIG_MANIFEST_CHECK_CODE_XPATH = 
+   ROOT + MOA + "XMLDSIGManifestCheck/" + MOA + "Code";
+  /** Xpath expression to the SignatureManifestCheckCode element */    
+  private static final String SIGNATURE_MANIFEST_CHECK_CODE_XPATH = 
+   ROOT + MOA + "SignatureManifestCheck/" + MOA + "Code";
+  /** Xpath expression to the CertificateCheckCode element */      
+  private static final String CERTIFICATE_CHECK_CODE_XPATH = 
+   ROOT + MOA + "CertificateCheck/" + MOA + "Code";
+  
+    
+  /** This is the root element of the XML-Document provided by the Security Layer Card*/
+  private Element verifyXMLSignatureResponse;
+
+  /**
+   * Constructor for VerifyXMLSignatureResponseParser.
+   * A DOM-representation of the incoming String will be created
+   * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as String
+   * @throws ParseException on any parsing error
+   */
+  public VerifyXMLSignatureResponseParser(String xmlResponse) throws ParseException{
+   try {
+  InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8"));
+  
+  verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(s); 
+     }
+     catch (Throwable t) {
+      throw new ParseException("parser.01", new Object[] { t.toString() }, t);
+    } 
+  }
+  
+  /**
+   * Constructor for VerifyXMLSignatureResponseParser.
+   * A DOM-representation of the incoming Inputstream will be created
+   * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as InputStream
+   * @throws Exception on any parsing error
+   */
+  public VerifyXMLSignatureResponseParser(InputStream xmlResponse) throws Exception
+  {
+    try {
+       verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(xmlResponse);                        
+    }
+     catch (Throwable t) {
+      throw new ParseException("parser.01", null, t);
+    } 
+  } 
+  
+   /**
+   * Constructor for VerifyXMLSignatureResponseParser.
+   * The incoming Element will be used for further operations
+   * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as Element
+   */
+  public VerifyXMLSignatureResponseParser(Element xmlResponse)
+  {
+      verifyXMLSignatureResponse =xmlResponse;                        
+  
+  }
+  
+  /**
+   * Parse identity link from <code>&lt;InfoboxReadResponse&gt;</code>
+   * @return Identity link
+   * @throws ParseException on any parsing error
+   */
+
+  public VerifyXMLSignatureResponse parseData() throws ParseException {
+
+    VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse();
+
+    try {
+    	
+      String s = DOMUtils.serializeNode(verifyXMLSignatureResponse);
+      respData.setXmlDsigSubjectName(XPathUtils.getElementValue(verifyXMLSignatureResponse,DSIG_SUBJECT_NAME_XPATH,""));
+      Element e = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,QUALIFIED_CERTIFICATE_XPATH);
+      respData.setQualifiedCertificate(e!=null);
+
+      Base64InputStream in = new Base64InputStream(new ByteArrayInputStream(XPathUtils.getElementValue(
+        verifyXMLSignatureResponse,DSIG_X509_CERTIFICATE_XPATH,"").getBytes("UTF-8")),true);
+
+      respData.setX509certificate(new X509Certificate(in));
+      Element publicAuthority = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_XPATH);
+      respData.setPublicAuthority(publicAuthority != null);
+      respData.setPublicAuthorityCode(XPathUtils.getElementValue(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_CODE_XPATH,""));
+      respData.setSignatureCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_CHECK_CODE_XPATH,"")).intValue());
+
+      String xmlDsigCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,XMLDSIG_MANIFEST_CHECK_CODE_XPATH,null);
+      if (xmlDsigCheckCode!=null) { 
+        respData.setXmlDSIGManigest(true);
+        respData.setXmlDSIGManifestCheckCode(new Integer(xmlDsigCheckCode).intValue());
+      } else {
+        respData.setXmlDSIGManigest(false);
+      }
+      String signatureManifestCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_MANIFEST_CHECK_CODE_XPATH,null);
+      if (signatureManifestCheckCode != null) {
+        respData.setSignatureManifestCheckCode(new Integer(signatureManifestCheckCode).intValue());
+      }
+      respData.setCertificateCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,CERTIFICATE_CHECK_CODE_XPATH,"")).intValue());             
+    }
+    catch (Throwable t) {
+      throw new ParseException("parser.01", null, t);
+    }        
+    return respData;
+  }
+  
+  
+}