refactor PVP Metadata provider functionality

6 files changed, 596 insertions, 26 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java
new file mode 100644
index 000000000..e321c9d05
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java
@@ -0,0 +1,172 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.builder;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.ServiceException;
+import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
+import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SignatureVerificationUtils {
+	  /** shortcut for XMLNS namespace URI */
+	  private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI;
+	  /** shortcut for MOA namespace URI */
+	  private static final String MOA_NS_URI = Constants.MOA_NS_URI;
+	  /** The DSIG-Prefix */
+	  private static final String DSIG = Constants.DSIG_PREFIX + ":";
+	  
+	  /** The document containing the <code>VerifyXMLsignatureRequest</code> */
+	  private Document requestDoc_;
+	  /** the <code>VerifyXMLsignatureRequest</code> root element */
+	  private Element requestElem_;
+	
+	  
+	  public SignatureVerificationUtils() throws BuildException {
+		  try {
+		        DocumentBuilder docBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();        
+		        requestDoc_ = docBuilder.newDocument();
+		        requestElem_ = requestDoc_.createElementNS(MOA_NS_URI, "VerifyXMLSignatureRequest");
+		        requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns", MOA_NS_URI);
+		        requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns:" + Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
+		        requestDoc_.appendChild(requestElem_); 
+		        
+		  } catch (Throwable t) {
+		        throw new BuildException(
+		          "builder.00", 
+		          new Object[] {"VerifyXMLSignatureRequest", t.toString()}, 
+		          t);
+		  }
+	  }
+	  
+	  public VerifyXMLSignatureResponse verify(byte[] signature, String trustProfileID) throws MOAIDException {		  
+		  try {
+			  //build signature-verification request
+			  Element domVerifyXMLSignatureRequest = build(signature, trustProfileID);
+
+			  //send signature-verification to MOA-SP 
+			  Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
+			  		.verifyXMLSignature(domVerifyXMLSignatureRequest);
+			
+			// parses the <VerifyXMLSignatureResponse>
+			VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
+					domVerifyXMLSignatureResponse).parseData();
+			
+			return verifyXMLSignatureResponse;
+			  
+		  } catch (ParseException e) {
+			  Logger.error("Build signature-verification request FAILED." ,e);
+			  throw e;
+			
+		  } catch (ServiceException e) {
+			  Logger.error("MOA-SP signature verification FAILED." ,e);
+			  throw e;
+			  
+		}
+		 				  
+	  }
+	  
+	/**
+	   * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
+	   * from an IdentityLink with a known trustProfileID which 
+	   * has to exist in MOA-SP
+	   * @param signature - The XML signature as byte[]
+	   * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
+	   * 
+	   * @return Element - The complete request as Dom-Element
+	   * 
+	   * @throws ParseException
+	   */
+	  private Element build(byte[] signature, String trustProfileID)
+	    throws ParseException 
+	  { 
+	    try {
+	      // build the request
+	      Element verifiySignatureInfoElem = 
+	        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
+	      requestElem_.appendChild(verifiySignatureInfoElem);
+	      Element verifySignatureEnvironmentElem = 
+	        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
+	      verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
+	      Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content");
+	      verifySignatureEnvironmentElem.appendChild(base64ContentElem);
+
+	      // insert the base64 encoded signature	      
+	      String base64EncodedAssertion = Base64Utils.encode(signature);
+	      //replace all '\r' characters by no char.
+	      StringBuffer replaced = new StringBuffer();
+	      for (int i = 0; i < base64EncodedAssertion.length(); i ++) {
+	        char c = base64EncodedAssertion.charAt(i);
+	        if (c != '\r') {
+	          replaced.append(c);
+	        }
+	      }
+	      base64EncodedAssertion = replaced.toString();
+	      Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion);
+	      base64ContentElem.appendChild(base64Content);      
+	     
+	      // specify the signature location
+	      Element verifySignatureLocationElem = 
+	        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
+	      verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
+	      Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature");
+	      verifySignatureLocationElem.appendChild(signatureLocation);      
+	      
+	      // signature manifest params
+	      Element signatureManifestCheckParamsElem = 
+	        requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
+	      requestElem_.appendChild(signatureManifestCheckParamsElem);
+	      signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false");
+
+	      Element returnHashInputDataElem = 
+	        requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
+	      requestElem_.appendChild(returnHashInputDataElem);
+
+	      //add trustProfileID
+	      Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
+	      trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
+	      requestElem_.appendChild(trustProfileIDElem);
+	    } catch (Throwable t) {
+	      throw new ParseException("builder.00", 
+	        new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t);
+	    }
+
+	    return requestElem_;
+	  }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
new file mode 100644
index 000000000..72a7d3ba1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
@@ -0,0 +1,142 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.auth.invoke;
+
+import java.util.Vector;
+
+import javax.xml.namespace.QName;
+import javax.xml.rpc.Call;
+import javax.xml.rpc.Service;
+import javax.xml.rpc.ServiceFactory;
+
+import org.apache.axis.message.SOAPBodyElement;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.exception.ServiceException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.api.SignatureVerificationService;
+import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser;
+import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * Invoker of the <code>SignatureVerification</code> web service of MOA-SPSS.<br>
+ * Either invokes the web service, or calls the corresponding API, depending on configuration data.
+ * 
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class SignatureVerificationInvoker {
+  /** This QName Object identifies the SignatureVerification endpoint of the web service */
+  private static final QName SERVICE_QNAME = new QName("SignatureVerification");
+
+  /**
+   * Method verifyXMLSignature.
+   * @param request to be sent
+   * @return Element with the answer
+   * @throws ServiceException if an error occurs
+   */
+  public Element verifyXMLSignature(Element request) throws ServiceException {
+    return doCall(SERVICE_QNAME, request);
+  }
+
+  /**
+   * Method doCall.
+   * @param serviceName the name of the service
+   * @param request the request to be sent
+   * @return Element the answer
+   * @throws ServiceException if an error occurs
+   */
+  protected Element doCall(QName serviceName, Element request) throws ServiceException {
+    ConnectionParameter authConnParam = null;
+    try {
+      Service service = ServiceFactory.newInstance().createService(serviceName);
+      Call call = service.createCall();
+      SOAPBodyElement body = new SOAPBodyElement(request);
+      SOAPBodyElement[] params = new SOAPBodyElement[] { body };
+      Vector responses;
+      SOAPBodyElement response;
+
+      String endPoint;
+      AuthConfiguration authConfigProvider = AuthConfigurationProviderFactory.getInstance();
+      authConnParam = authConfigProvider.getMoaSpConnectionParameter();
+      //If the ConnectionParameter do NOT exist, we try to get the api to work....
+      if (authConnParam != null && MiscUtil.isNotEmpty(authConnParam.getUrl())) {
+        Logger.debug("Connecting using auth url: " + authConnParam.getUrl() + ", service " + serviceName.getNamespaceURI() + " : " + serviceName.getLocalPart() + " : "+ serviceName.getPrefix());
+        endPoint = authConnParam.getUrl();
+        call.setTargetEndpointAddress(endPoint);
+        responses = (Vector) call.invoke(serviceName, params);
+        Logger.debug("Got responses: " + responses.size()); // TODO handle axis 302 response when incorrect service url is used
+        response = (SOAPBodyElement) responses.get(0);
+        return response.getAsDOM();
+      }
+      else {
+        SignatureVerificationService svs = SignatureVerificationService.getInstance();
+        VerifyXMLSignatureRequest vsrequest = new VerifyXMLSignatureRequestParser().parse(request);
+		
+        VerifyXMLSignatureResponse vsresponse = svs.verifyXMLSignature(vsrequest);
+        Document result = new VerifyXMLSignatureResponseBuilder().build(vsresponse);
+
+        //Logger.setHierarchy("moa.id.auth");
+        return result.getDocumentElement();
+      }
+    }
+    catch (Exception ex) {
+      if (authConnParam != null) {
+	      throw new ServiceException("service.00", new Object[] { ex.toString()}, ex);
+      } else {
+        throw new ServiceException("service.03", new Object[] { ex.toString()}, ex);
+      }
+    }
+  }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
new file mode 100644
index 000000000..7bce406e0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
@@ -0,0 +1,211 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.auth.parser;
+
+import iaik.utils.Base64InputStream;
+import iaik.x509.X509Certificate;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * Parses a <code>&lt;VerifyXMLSignatureResponse&gt;</code> returned by
+ * MOA-SPSS.
+ * This class implements the Singleton pattern
+ * 
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+
+
+public class VerifyXMLSignatureResponseParser {
+  //
+  // XPath namespace prefix shortcuts
+  //
+  /** Xpath prefix for reaching MOA Namespaces */
+  private static final String MOA = Constants.MOA_PREFIX + ":";
+  /** Xpath prefix for reaching DSIG Namespaces */
+  private static final String DSIG = Constants.DSIG_PREFIX + ":";
+  /** Xpath expression to the root element */    
+  private static final String ROOT = "/" + MOA + "VerifyXMLSignatureResponse/";
+  
+    /** Xpath expression to the X509SubjectName element */  
+  private static final String DSIG_SUBJECT_NAME_XPATH = 
+      ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + 
+      DSIG + "X509SubjectName";        
+  /** Xpath expression to the X509Certificate element */  
+  private static final String DSIG_X509_CERTIFICATE_XPATH = 
+      ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + 
+          DSIG + "X509Certificate";        
+  /** Xpath expression to the PublicAuthority element */  
+  private static final String PUBLIC_AUTHORITY_XPATH =
+     ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + 
+      MOA + "PublicAuthority";        
+  /** Xpath expression to the PublicAuthorityCode element */  
+  private static final String PUBLIC_AUTHORITY_CODE_XPATH =
+     PUBLIC_AUTHORITY_XPATH + "/" + MOA + "Code";        
+  /** Xpath expression to the QualifiedCertificate element */  
+   private static final String QUALIFIED_CERTIFICATE_XPATH =
+     ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + 
+      MOA + "QualifiedCertificate";        
+   
+  /** Xpath expression to the SignatureCheckCode element */    
+  private static final String SIGNATURE_CHECK_CODE_XPATH = 
+   ROOT + MOA + "SignatureCheck/" + MOA + "Code";
+  /** Xpath expression to the XMLDSIGManifestCheckCode element */    
+  private static final String XMLDSIG_MANIFEST_CHECK_CODE_XPATH = 
+   ROOT + MOA + "XMLDSIGManifestCheck/" + MOA + "Code";
+  /** Xpath expression to the SignatureManifestCheckCode element */    
+  private static final String SIGNATURE_MANIFEST_CHECK_CODE_XPATH = 
+   ROOT + MOA + "SignatureManifestCheck/" + MOA + "Code";
+  /** Xpath expression to the CertificateCheckCode element */      
+  private static final String CERTIFICATE_CHECK_CODE_XPATH = 
+   ROOT + MOA + "CertificateCheck/" + MOA + "Code";
+  
+    
+  /** This is the root element of the XML-Document provided by the Security Layer Card*/
+  private Element verifyXMLSignatureResponse;
+
+  /**
+   * Constructor for VerifyXMLSignatureResponseParser.
+   * A DOM-representation of the incoming String will be created
+   * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as String
+   * @throws ParseException on any parsing error
+   */
+  public VerifyXMLSignatureResponseParser(String xmlResponse) throws ParseException{
+   try {
+  InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8"));
+  
+  verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(s); 
+     }
+     catch (Throwable t) {
+      throw new ParseException("parser.01", new Object[] { t.toString() }, t);
+    } 
+  }
+  
+  /**
+   * Constructor for VerifyXMLSignatureResponseParser.
+   * A DOM-representation of the incoming Inputstream will be created
+   * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as InputStream
+   * @throws Exception on any parsing error
+   */
+  public VerifyXMLSignatureResponseParser(InputStream xmlResponse) throws Exception
+  {
+    try {
+       verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(xmlResponse);                        
+    }
+     catch (Throwable t) {
+      throw new ParseException("parser.01", null, t);
+    } 
+  } 
+  
+   /**
+   * Constructor for VerifyXMLSignatureResponseParser.
+   * The incoming Element will be used for further operations
+   * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as Element
+   */
+  public VerifyXMLSignatureResponseParser(Element xmlResponse)
+  {
+      verifyXMLSignatureResponse =xmlResponse;                        
+  
+  }
+  
+  /**
+   * Parse identity link from <code>&lt;InfoboxReadResponse&gt;</code>
+   * @return Identity link
+   * @throws ParseException on any parsing error
+   */
+
+  public VerifyXMLSignatureResponse parseData() throws ParseException {
+
+    VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse();
+
+    try {
+    	
+      String s = DOMUtils.serializeNode(verifyXMLSignatureResponse);
+      respData.setXmlDsigSubjectName(XPathUtils.getElementValue(verifyXMLSignatureResponse,DSIG_SUBJECT_NAME_XPATH,""));
+      Element e = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,QUALIFIED_CERTIFICATE_XPATH);
+      respData.setQualifiedCertificate(e!=null);
+
+      Base64InputStream in = new Base64InputStream(new ByteArrayInputStream(XPathUtils.getElementValue(
+        verifyXMLSignatureResponse,DSIG_X509_CERTIFICATE_XPATH,"").getBytes("UTF-8")),true);
+
+      respData.setX509certificate(new X509Certificate(in));
+      Element publicAuthority = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_XPATH);
+      respData.setPublicAuthority(publicAuthority != null);
+      respData.setPublicAuthorityCode(XPathUtils.getElementValue(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_CODE_XPATH,""));
+      respData.setSignatureCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_CHECK_CODE_XPATH,"")).intValue());
+
+      String xmlDsigCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,XMLDSIG_MANIFEST_CHECK_CODE_XPATH,null);
+      if (xmlDsigCheckCode!=null) { 
+        respData.setXmlDSIGManigest(true);
+        respData.setXmlDSIGManifestCheckCode(new Integer(xmlDsigCheckCode).intValue());
+      } else {
+        respData.setXmlDSIGManigest(false);
+      }
+      String signatureManifestCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_MANIFEST_CHECK_CODE_XPATH,null);
+      if (signatureManifestCheckCode != null) {
+        respData.setSignatureManifestCheckCode(new Integer(signatureManifestCheckCode).intValue());
+      }
+      respData.setCertificateCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,CERTIFICATE_CHECK_CODE_XPATH,"")).intValue());             
+    }
+    catch (Throwable t) {
+      throw new ParseException("parser.01", null, t);
+    }        
+    return respData;
+  }
+  
+  
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index f33cadc41..f4c099878 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -60,7 +60,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MetadataFilterChain;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPMetadataFilterChain;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
@@ -422,8 +422,8 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
 		internalProvider = chainProvider;
 	}
 	
-	private MetadataFilterChain buildMetadataFilterChain(OAAuthParameter oaParam, String metadataURL, byte[] certificate) throws CertificateException {
-		MetadataFilterChain filterChain = new MetadataFilterChain(metadataURL, certificate);
+	private PVPMetadataFilterChain buildMetadataFilterChain(OAAuthParameter oaParam, String metadataURL, byte[] certificate) throws CertificateException {
+		PVPMetadataFilterChain filterChain = new PVPMetadataFilterChain(metadataURL, certificate);
 		filterChain.getFilters().add(new SchemaValidationFilter());
 		
 		if (oaParam.isInderfederationIDP()) {
@@ -435,7 +435,7 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
 		return filterChain;		
 	}
 	
-	private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, byte[] certificate, String oaName, MetadataFilterChain filter) {
+	private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, byte[] certificate, String oaName, PVPMetadataFilterChain filter) {
 		HTTPMetadataProvider httpProvider = null;
 		Timer timer= null;
 		MOAHttpClient httpClient = null;
@@ -470,7 +470,7 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
 			//httpProvider.setRefreshDelayFactor(0.1F);
 			
 			if (filter == null) {			
-				filter = new MetadataFilterChain(metadataURL, certificate);
+				filter = new PVPMetadataFilterChain(metadataURL, certificate);
 			}
 			httpProvider.setMetadataFilter(filter);
 			httpProvider.initialize();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java
new file mode 100644
index 000000000..4c1da747b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
+
+import java.security.cert.CertificateException;
+
+import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
+
+/**
+ * @author tlenz
+ *
+ */
+public class PVPMetadataFilterChain extends MetadataFilterChain {
+
+		
+	/**
+	 * @throws CertificateException 
+	 * 
+	 */
+	public PVPMetadataFilterChain(String url, byte[] certificate) throws CertificateException {
+		addDefaultFilters(url, certificate);
+	}
+	
+	public void addDefaultFilters(String url, byte[] certificate) throws CertificateException {
+		addFilter(new MetadataSignatureFilter(url, certificate));
+		
+	}
+
+
+
+
+
+	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java
index 4e1d939ff..e7412a0fc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java
@@ -20,9 +20,8 @@
  * The "NOTICE" text file is part of the distribution. Any derivative works
  * that you distribute must include a readable copy of the "NOTICE" text file.
  */
-package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
+package at.gv.egovernment.moa.id.saml2;
 
-import java.security.cert.CertificateException;
 import java.util.ArrayList;
 import java.util.List;
 
@@ -39,25 +38,23 @@ import at.gv.egovernment.moa.logging.Logger;
 public class MetadataFilterChain implements MetadataFilter {
 
 	private List<MetadataFilter> filters = new ArrayList<MetadataFilter>();
-	
+		
 	/**
-	 * @throws CertificateException 
+	 * Return all actually used Metadata filters
 	 * 
+	 * @return List of Metadata filters
 	 */
-	public MetadataFilterChain(String url, byte[] certificate) throws CertificateException {
-		addDefaultFilters(url, certificate);
-	}
-	
-	public void addDefaultFilters(String url, byte[] certificate) throws CertificateException {
-		filters.add(new MetadataSignatureFilter(url, certificate));
-		
+	public List<MetadataFilter> getFilters() {
+		return filters;
 	}
 	
 	/**
-	 * @return the filter
+	 * Add a new Metadata filter to filterchain
+	 * 
+	 * @param filter 
 	 */
-	public List<MetadataFilter> getFilters() {
-		return filters;
+	public void addFilter(MetadataFilter filter) {
+		filters.add(filter);
 	}
 	
 	
@@ -67,16 +64,10 @@ public class MetadataFilterChain implements MetadataFilter {
 	@Override
 	public void doFilter(XMLObject arg0) throws FilterException {
 		for (MetadataFilter filter : filters) {
-			Logger.trace("Use MOAMetadatafilter " + filter.getClass().getName());
+			Logger.trace("Use MOAMetadataFilter " + filter.getClass().getName());
 			filter.doFilter(arg0);
 		}
 
 	}
 
-
-
-
-
-
-	
 }