move citizen-card authentication and validation (Security-layer communication) to discrete module

3 files changed, 1020 insertions, 0 deletions

diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
new file mode 100644
index 000000000..1850ff671
--- /dev/null
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
@@ -0,0 +1,762 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.auth.validator.parep;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.OutputStreamWriter;
+
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.apache.xml.serialize.OutputFormat;
+import org.apache.xml.serialize.XMLSerializer;
+import org.apache.xpath.XPathAPI;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.ValidateException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.StringUtils;
+
+/**
+ * This class implements a set of utility methods.
+ * 
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class ParepUtils {
+
+  /**
+   * Determines whether a string is null or empty
+   * 
+   * @param str the string to check.
+   * @return <code>true</code> if the string is null or empty,
+   *         <code>false</code> otherwise.
+   */
+  public static boolean isEmpty(String str) {
+    return str == null || "".equals(str);
+  }
+
+  /**
+   * Reads a XML document from an input stream (namespace-aware).
+   * 
+   * @param is
+   *          the input stream to read from.
+   * @return the read XML document.
+   * @throws SZRGWClientException
+   *           if an error occurs reading the document from the input stream.
+   */
+  public static Document readDocFromIs(InputStream is) throws SZRGWClientException {
+    try {
+      DocumentBuilderFactory f = DocumentBuilderFactory.newInstance();
+      f.setNamespaceAware(true);
+      return f.newDocumentBuilder().parse(is);
+    } catch (Exception e) {
+      throw new SZRGWClientException(e);
+    }
+  }
+
+//  /*
+//   * 
+//   */
+//  public static String extractRepresentativeID(Element mandate) throws ValidateException {
+//    try {
+//      Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+//      nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+//      Node resultNode = XPathAPI.selectSingleNode(mandate, "//md:Mandate/attribute::MandateID", nameSpaceNode);
+//      if (resultNode != null) {
+//        // because following line is not ready for JDK 1.4.x we need to get the childnode; 
+//        // return resultNode.getTextContent();
+//        Node textNode = resultNode.getFirstChild();
+//        if (textNode != null) {
+//          return textNode.getNodeValue();
+//        }
+//      }
+//      return null;
+//    } catch (Exception e) {
+//      throw new ValidateException("validator.62", null);
+//    }
+//  }
+
+
+  /**
+   * Dumps all bytes from an input stream to the given output stream.
+   * 
+   * @param is
+   *          the input stream to dump from.
+   * @param os
+   *          the output stream to dump to.
+   * @throws IOException
+   *           if an error occurs while dumping.
+   */
+  public static void dumpInputOutputStream(InputStream is, OutputStream os) throws IOException {
+    if (is == null) {
+      return;
+    }
+    int ch;
+    while ((ch = is.read()) != -1) {
+      os.write(ch);
+    }
+  }
+
+  /**
+   * Gets a string that represents the date a mandate was issued.
+   * 
+   * @param mandate
+   *          the mandate to extract the issuing date from.
+   * @return the issuing date of the given mandate.
+   * @throws SZRGWClientException
+   *           if an exception occurs extracting the issuing date of the
+   *           mandate.
+   */
+  public static String getMandateIssuedDate(Element mandate) throws SZRGWClientException {
+    try {
+      Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+
+      Node dateNode = XPathAPI.selectSingleNode(mandate, "//md:Issued/md:Date/text()", nameSpaceNode);
+
+      if (dateNode == null) {
+        throw new Exception("Date in Mandate-Issued not found.");
+      }
+      return dateNode.getNodeValue();
+    } catch (Exception e) {
+      throw new SZRGWClientException(e);
+    }
+  }
+
+  /**
+   * Gets a string that represents the place a mandate was issued.
+   * 
+   * @param mandate
+   *          the mandate to extract the issuing place from.
+   * @return the issuing place of the given mandate.
+   * @throws SZRGWClientException
+   *           if an exception occurs extracting the issuing place of the
+   *           mandate.
+   */
+  public static String getMandateIssuedPlace(Element mandate) throws SZRGWClientException {
+    try {
+      Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+
+      Node placeNode = XPathAPI.selectSingleNode(mandate, "//md:Issued/md:Place/text()", nameSpaceNode);
+
+      if (placeNode == null) {
+        throw new Exception("Place in Mandate-Issued not found.");
+      }
+      return placeNode.getNodeValue();
+    } catch (Exception e) {
+      throw new SZRGWClientException(e);
+    }
+  }
+
+  /**
+   * Extracts the textual description of the mandate.
+   * 
+   * @param mandate
+   *          the mandate to extract the textual description from.
+   * @return the textual description of the mandate.
+   * @throws SZRGWClientException
+   *           if an exception occurs extracting the textual description.
+   */
+  public static String getMandateContent(Element mandate) throws SZRGWClientException {
+    try {
+      Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+
+      Node contentNode = XPathAPI.selectSingleNode(mandate, "//md:SimpleMandateContent/md:TextualDescription/text()", nameSpaceNode);
+
+      if (contentNode == null) {
+        throw new Exception("Content in Mandate not found.");
+      }
+      return contentNode.getNodeValue();
+    } catch (Exception e) {
+      throw new SZRGWClientException(e);
+    }
+  }
+
+  /**
+   * Extracts the md:Mandator element from a XML mandate element.
+   * 
+   * @param mandate
+   *          the md:Mandate element to extract the md:Mandator from.
+   * @return the md:Mandator element.
+   * @throws SZRGWClientException
+   *           if an error occurs extracting the md:Mandator element.
+   */
+  public static Element extractMandator(Element mandate) throws ParseException {
+    try {
+      
+      Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS);
+      Element mandator = (Element) XPathAPI.selectSingleNode(mandate, "//" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR, nameSpaceNode);
+      if (mandator == null) {
+        // if we got the Mandator itself
+        if (mandate.getLocalName().equals(SZRGWConstants.MANDATOR)) return mandate;
+      }
+      if (mandator == null)
+        return null;
+      String nsPrefix = mandator.getPrefix();
+      String nsUri = mandator.getNamespaceURI();
+      Element mandatorClone = (Element) mandator.cloneNode(true);
+      mandatorClone.setAttribute("xmlns:" + nsPrefix, nsUri);
+      return mandatorClone;
+    } catch (Exception e) {
+      throw new ParseException(e.toString(), null);
+    }
+  }
+  
+  /**
+   * Tells wether a mandator is a physical person or not.
+   * 
+   * @param mandator
+   *          the XML md:Mandator element to extract from.
+   * @return <code>true<code> if the mandator is a physical person, <code>false</code> otherwise.
+   */
+  public static boolean isPhysicalPerson(Element mandator) {
+    try {
+      Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+      DOMUtils.serializeNode(mandator);
+      
+      // check if physical person
+      Element physicalPerson = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:PhysicalPerson", nameSpaceNode);
+      
+      
+      // Element physicalPerson = (Element)XPathAPI.selectSingleNode(mandator,
+      // "descendant-or-self::pr:CorporateBody", nameSpaceNode);
+      return physicalPerson != null;
+    } catch (Exception e) {
+      e.printStackTrace();
+      return false;
+    }
+  }
+
+  /**
+   * Extracts the <code>pr:PhysicalPerson</code> or <code>pr:CorporateBody</code> 
+   * element from a XML mandate element.
+   * 
+   * @param mandate
+   *          the md:Mandate element to extract the person from.
+   * @return the <code>pr:PhysicalPerson</code> or <code>pr:CorporateBody</code> element.
+   * @throws ParseException
+   *           if an error occurs extracting the element.
+   */
+  public static Element extractPersonOfMandate(Element mandate) throws ParseException {
+    try {
+      
+      Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS);
+      nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+      Element person = (Element) XPathAPI.selectSingleNode(mandate, "//" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/pr:PhysicalPerson", nameSpaceNode);
+      if (person == null) {
+        person = (Element) XPathAPI.selectSingleNode(mandate, "//" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/pr:CorporateBody", nameSpaceNode);
+      }
+      if (person == null) return null;
+      String nsPrefix = person.getPrefix();
+      String nsUri = person.getNamespaceURI();
+      Element personClone = (Element) person.cloneNode(true);
+      personClone.setAttribute("xmlns:" + nsPrefix, nsUri);
+      return personClone;
+    } catch (Exception e) {
+      //e.printStackTrace();
+      throw new ParseException(e.toString(), null);
+    }
+  }
+
+  /**
+   * Benerates the </code>pr:Person</code> element form a 
+   * <code>pr:PhysicalPerson</code> or <code>pr:CorporateBody</code> 
+   * element of a XML mandate element.
+   * 
+   * @param mandate
+   *          the md:Mandate element to extract the person from.
+   * @return the <code>pr:Person</code> element.
+   * @throws ParseException
+   *           if an error occurs extracting the element.
+   */
+  public static Element extractPrPersonOfMandate(Element mandate) throws ParseException {
+
+    try {
+      Document document = ParepUtils.createEmptyDocument();
+      Element root = document.createElement(SZRGWConstants.PD_PREFIX + SZRGWConstants.PERSON);
+      root.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+      root.setAttribute("xmlns:" + Constants.XSI_PREFIX, Constants.XSI_NS_URI);
+
+      Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS);
+      nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+      Element person = (Element) XPathAPI.selectSingleNode(mandate, "//" 
+          + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/" + SZRGWConstants.PD_PREFIX + SZRGWConstants.PHYSICALPERSON, nameSpaceNode);
+      if (person == null) {
+        person = (Element) XPathAPI.selectSingleNode(mandate, "//" 
+            + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/" + SZRGWConstants.PD_PREFIX + SZRGWConstants.CORPORATEBODY, nameSpaceNode);
+      }
+      if (person != null) {
+        root.setAttribute(Constants.XSI_PREFIX + ":type", SZRGWConstants.PD_PREFIX + person.getLocalName());
+        if (person != null) {
+          NodeList nl = person.getChildNodes();
+          for (int i = 0; i < nl.getLength(); i++) {
+            Node testNode = nl.item(i);
+            if (Node.ELEMENT_NODE == testNode.getNodeType()) {
+              root.appendChild(document.importNode(testNode, true));
+            }
+          }
+        }
+      }
+      
+      return root;
+    } catch (Exception e) {
+      //e.printStackTrace();
+      throw new ParseException(e.toString(), null);
+    }
+  }
+  
+  /**
+   * Extracts the name of the mandator as a string representation.
+   * 
+   * @param mandator
+   *          the XML md:Mandator element to extract from.
+   * @return the mandator name as a string.
+   */
+  public static String extractMandatorName(Element mandator) {
+    try {
+      Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+      // first check if physical person
+      Element name = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:GivenName", nameSpaceNode);
+      if (name != null) {
+        String givenName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()", nameSpaceNode).getNodeValue();
+        String familyName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()", nameSpaceNode).getNodeValue();
+
+        return givenName + " " + familyName;
+      }
+
+      // check if corporate body
+      Node fullName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:FullName/text()", nameSpaceNode);
+      if (fullName != null) {
+        return fullName.getNodeValue();
+      }
+      return "";
+    } catch (Exception e) {
+      //e.printStackTrace();
+      return "";
+    }
+  }
+
+  /**
+   * Extracts specific text of an element of a given md:Mandator element.
+   * 
+   * @param mandator
+   *          the XML md:Mandator to extract from.
+   * @return the resulting text of the mandator element.
+   */
+  public static String extractText(Element mandator, String xpath) {
+    try {
+      Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+      Node textNode = XPathAPI.selectSingleNode(mandator, xpath, nameSpaceNode);
+      if (textNode == null)
+        return null;
+      return textNode.getNodeValue();
+    } catch (Exception e) {
+      e.printStackTrace();
+      return null;
+    }
+  }
+
+  /**
+   * Extracts the date of birth of the mandator of a given md:Mandator element.
+   * 
+   * @param mandator
+   *          the XML md:Mandator to extract from.
+   * @return the dob of the mandator.
+   */
+  public static String extractMandatorDateOfBirth(Element mandator) {
+    try {
+      Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+      Node dobName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:DateOfBirth/text()", nameSpaceNode);
+      if (dobName == null)
+        return null;
+      return dobName.getNodeValue();
+    } catch (Exception e) {
+      e.printStackTrace();
+      return null;
+    }
+  }
+
+  /**
+   * Extracts the full name of the mandators corporate body of a given
+   * md:Mandator element.
+   * 
+   * @param mandator
+   *          the XML md:Mandator to extract from.
+   * @return the full name of the mandator.
+   */
+  public static String extractMandatorFullName(Element mandator) {
+    try {
+      Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+      Node fullName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:CorporateBody/pr:FullName/text()", nameSpaceNode);
+      if (fullName == null)
+        return null;
+      return fullName.getNodeValue();
+    } catch (Exception e) {
+      e.printStackTrace();
+      return null;
+    }
+  }
+
+  /**
+   * Extracts the identification value of the mandator of a given mandate.
+   * 
+   * @param mandator
+   *          the XML md:Mandator element.
+   * @return the identification value.
+   */
+  public static String extractMandatorWbpk(Element mandator) {
+    try {
+      Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+      Node idValue = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Identification/pr:Value/text()", nameSpaceNode);
+      if (idValue != null) {
+        return idValue.getNodeValue();
+      }
+      return "";
+    } catch (Exception e) {
+      e.printStackTrace();
+      return "";
+    }
+  }
+
+  /**
+   * Extracts the identification type of the mandator of a given mandate.
+   * 
+   * @param mandator
+   *          the XML md:Mandator element.
+   * @return the identification type.
+   */
+  public static String extractMandatorIdentificationType(Element mandator) {
+    try {
+      Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+      Node idType = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Identification/pr:Type/text()", nameSpaceNode);
+      if (idType != null) {
+        return idType.getNodeValue();
+      }
+      return "";
+    } catch (Exception e) {
+      e.printStackTrace();
+      return "";
+    }
+  }
+
+  /*
+   * 
+   */
+  public static String getIdentification(Element personElement, String element) throws ParseException {
+    try {
+
+      Element nameSpaceNode = personElement.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+      return XPathAPI.selectSingleNode(personElement, "descendant-or-self::pr:Identification/pr:" + element + "/text()", nameSpaceNode)
+          .getNodeValue();
+    } catch (Exception e) {
+      throw new ParseException(e.toString(), null);
+    }
+  }
+
+//  /*
+//   * 
+//   */
+//  private static Element extractRepresentative(Element mandate) throws SZRGWClientException {
+//    try {
+//      Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+//      nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+//      Element mandator = (Element) XPathAPI.selectSingleNode(mandate, "//md:Representative/child::*[1]", nameSpaceNode);
+//      String nsPrefix = mandator.getPrefix();
+//      String nsUri = mandator.getNamespaceURI();
+//
+//      Element mandatorClone = (Element) mandator.cloneNode(true);
+//      mandatorClone.setAttribute("xmlns:" + nsPrefix, nsUri);
+//
+//      return mandatorClone;
+//    } catch (Exception e) {
+//      throw new SZRGWClientException(e);
+//    }
+//  }
+
+  /**
+   * Serializes a XML element to a given output stream.
+   * 
+   * @param element
+   *          the XML element to serialize.
+   * @param out
+   *          the output streamt o serialize to.
+   * @throws IOException
+   *           if an I/O error occurs during serialization.
+   */
+  public static void serializeElement(Element element, OutputStream out) throws IOException {
+    OutputFormat format = new OutputFormat();
+    format.setOmitXMLDeclaration(true);
+    format.setEncoding("UTF-8");
+    format.setPreserveSpace(true);
+    XMLSerializer serializer = new XMLSerializer(new OutputStreamWriter(out, "UTF-8"), format);
+    serializer.serialize(element);
+  }
+
+  public static void serializeElementAsDocument(Element element, OutputStream out) throws IOException {
+    OutputFormat format = new OutputFormat();
+    format.setOmitXMLDeclaration(false);
+    format.setEncoding("UTF-8");
+    format.setPreserveSpace(true);
+    XMLSerializer serializer = new XMLSerializer(new OutputStreamWriter(out, "UTF-8"), format);
+    serializer.serialize(element);
+  }
+
+  public static void serializeElementWithoutEncoding(Element element, OutputStream out) throws IOException {
+    OutputFormat format = new OutputFormat();
+    format.setOmitXMLDeclaration(true);
+    format.setEncoding("UTF-8");
+    format.setPreserveSpace(true);
+    XMLSerializer serializer = new XMLSerializer(new OutputStreamWriter(out), format);
+    serializer.serialize(element);
+  }
+
+  public static void saveStringToFile(String str, File file) throws IOException {
+    FileOutputStream fos = new FileOutputStream(file);
+    fos.write(str.getBytes());
+    fos.flush();
+    fos.close();
+  }
+
+  public static void saveBytesToFile(byte[] str, File file) throws IOException {
+    FileOutputStream fos = new FileOutputStream(file);
+    fos.write(str);
+    fos.flush();
+    fos.close();
+  }
+
+  public static void saveElementToFile(Element elem, File file) throws IOException {
+    FileOutputStream fos = new FileOutputStream(file);
+    serializeElementWithoutEncoding(elem, fos);
+    fos.flush();
+    fos.close();
+  }
+
+  /**
+   * Creates an empty XML document.
+   * 
+   * @return a newly created empty XML document.
+   * @throws SZRGWClientException
+   *           if an error occurs creating the empty document.
+   */
+  public static Document createEmptyDocument() throws SZRGWClientException {
+    try {
+      DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+      factory.setNamespaceAware(true);
+      return factory.newDocumentBuilder().newDocument();
+    } catch (Exception e) {
+      throw new SZRGWClientException(e);
+    }
+  }
+
+
+  /**
+   * Tells if the Validator of an Infobox is enabled. If the corresponding application
+   * specific configuration element <code>EnableInfoboxValidator</code> is missing, a default value <code>true</code> is assumed
+   * 
+   * @param applicationSpecificParams
+   *          the XML element of the infobox configuration.
+   * @return the boolean value of the determination.
+   * @throws ConfigurationException
+   *           if an error occurs reading the configuration.
+   */
+  public static boolean isValidatorEnabled(Element applicationSpecificParams) throws ConfigurationException {
+    try {
+      Element nameSpaceNode = applicationSpecificParams.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+      
+      //ParepUtils.serializeElement(applicationSpecificParams, System.out);
+      Node validatorEnabledNode = XPathAPI.selectSingleNode(applicationSpecificParams, Constants.MOA_ID_CONFIG_PREFIX
+          + ":EnableInfoboxValidator/text()", nameSpaceNode);
+      if (validatorEnabledNode != null) {
+        return BoolUtils.valueOf(validatorEnabledNode.getNodeValue());
+      }
+      return true;
+    } catch (Exception e) {
+      // e.printStackTrace();
+      throw new ConfigurationException("config.02", null);
+    }
+  }
+
+  /**
+   * Delivers a String with the description of the register which is described 
+   * through the identification Type of a corporate body of the persondata schema 
+   * 
+   * @param identificationType
+   *          the identification type.
+   * @return the register description.
+   */
+  public static String getRegisterString(String identificationType) {
+    String corporateBase = Constants.URN_PREFIX_BASEID + "+";
+    if (ParepUtils.isEmpty(identificationType) || !identificationType.startsWith(corporateBase)) return null;
+    String register = identificationType.substring(corporateBase.length());
+    if (ParepUtils.isEmpty(register)) return null;
+    if (register.equals("FN") || register.equals("XFN")) return "Firmenbuchnummer";
+    if (register.equals("VR") || register.equals("XZVR") || register.equals("XVR") || register.equals("ZVR")) return "Nummer im Vereinsregister";
+    if (register.equals("ERSB") || register.equals("XERSB")) return "Nummer im Ergänzungsregister für sonstige Betroffene";
+    return null;
+  }
+  
+  /**
+   * Hides Stammzahlen in the given element 
+   * 
+   * @param hideElement The element where Stammzahlen should be replaced.
+   * @param businessApplication For decision whether to calc a bPK or wbPK.
+   * @param target Target for calculating a bPK.
+   * @param registerID Necessary string for calculating a wbPK (example <code>FN+4096i</code>).
+   * @param blank Switch for behaviour.
+   *          <code>true</code> if Stammzahlen are blinded. All occurences will be replaced by empty strings.
+   *          <code>false</code> calculates (w)bPKs and changes also the <code>pr:Identifivation/pr:Type</code> elements.
+   * @return The element where Stammzahlen are hidden.
+   */
+  public static Element HideStammZahlen(Element hideElement, boolean businessApplication, String target, String registerID, boolean blank) 
+    throws BuildException {
+    try {
+      if (hideElement != null) {
+        Element nameSpaceNode = hideElement.getOwnerDocument().createElement("NameSpaceNode");
+        nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+        NodeList identifications = XPathAPI.selectNodeList(hideElement, "descendant-or-self::pr:Identification", nameSpaceNode);
+        for (int i = 0; i < identifications.getLength(); i++) {
+          Element identificationElement = (Element) identifications.item(i);
+          Node idTypeNode = XPathAPI.selectSingleNode(identificationElement, "descendant-or-self::pr:Identification/pr:Type/text()", nameSpaceNode);
+          if (idTypeNode != null && Constants.URN_PREFIX_BASEID.equals(idTypeNode.getNodeValue())) {
+            Node idValueNode = XPathAPI.selectSingleNode(identificationElement, "descendant-or-self::pr:Identification/pr:Value/text()", nameSpaceNode);
+            if (idValueNode == null || ParepUtils.isEmpty(idValueNode.getNodeValue())) {
+              Logger.error("HideStammZahlen: Problem beim Parsen des erhaltenen Elements - Value Element(-Inhalt) von pr:Identification nicht vorhanden.");
+              throw new BuildException("builder.02", null);
+            }
+            if (blank) {
+              idValueNode.setNodeValue("");
+            } else {
+              String idValue = idValueNode.getNodeValue();
+              if (businessApplication) {
+                // wbPK berechnen
+                idTypeNode.setNodeValue(Constants.URN_PREFIX_WBPK + "+" + registerID);
+                String bpkBase64 = new BPKBuilder().buildWBPK(idValueNode.getNodeValue(), registerID);
+                idValueNode.setNodeValue(bpkBase64);
+
+              } else {
+                // bPK berechnen
+                idTypeNode.setNodeValue(Constants.URN_PREFIX_BPK);
+                String bpkBase64 = new BPKBuilder().buildBPK(idValueNode.getNodeValue(), target);
+                idValueNode.setNodeValue(bpkBase64);
+              }
+            }
+          }
+        }
+      }
+    } catch (Exception e) {
+      throw new BuildException("builder.02", null);
+    }
+    return hideElement;
+  }
+
+  /**
+   * Replaces each substring of string <code>s</code> that matches the given
+   * <code>search</code> string by the given <code>replace</code> string.
+   * 
+   * @param s         The string where the replacement should take place.
+   * @param search    The pattern that should be replaced.
+   * @param replace   The string that should replace all each <code>search</code>
+   *                  string within <code>s</code>.
+   * @return          A string where all occurrence of <code>search</code> are
+   *                  replaced with <code>replace</code>.
+   */
+  public static String replaceAll (String s, String search, String replace) {
+    if (replace==null) replace = "";
+    return StringUtils.replaceAll(s, search, replace);
+  }
+
+  
+//  public static void main(String[] args) throws Exception {
+//    Document mandate = readDocFromIs(new FileInputStream("c:/Doku/work/Organwalter/schemas/Vertretung_OW_Max_Mustermann.xml"));
+//    Document mandate = readDocFromIs(new FileInputStream("c:/mandator.xml"));
+//    Document mandate = readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1.xml"));
+//    Element mandatorElement = extractMandator(mandate.getDocumentElement());
+//    System.out.println(extractMandatorName(mandatorElement));
+//    System.out.println(extractMandatorDateOfBirth(mandatorElement));
+//    System.out.println(extractMandatorWbpk(mandatorElement));
+//    //serializeElement(mandatorElement, System.out);
+//      serializeElement((extractPrPersonOfMandate(mandate.getDocumentElement())), System.out);
+//  }
+  
+}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java
new file mode 100644
index 000000000..85c213169
--- /dev/null
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java
@@ -0,0 +1,88 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+/**
+ * This class implements the basic exception type for the SZR-gateway client
+ * 
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class SZRGWClientException extends Exception {
+
+  /**
+	 * 
+	 */
+	private static final long serialVersionUID = 26538259471017714L;
+
+/*
+   * see super constructor.
+   */
+  public SZRGWClientException() {
+    super();
+  }
+
+  /*
+   * see super constructor.
+   */
+  public SZRGWClientException(String arg0) {
+    super(arg0);
+  }
+
+  /*
+   * see super construction.
+   */
+  public SZRGWClientException(Throwable arg0) {
+    super(arg0);
+  }
+
+  /*
+   * see super constructor
+   */
+  public SZRGWClientException(String arg0, Throwable arg1) {
+    super(arg0, arg1);
+  }
+}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java
new file mode 100644
index 000000000..22b575489
--- /dev/null
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java
@@ -0,0 +1,170 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+
+import javax.net.ssl.SSLSocketFactory;
+
+import org.apache.commons.httpclient.params.HttpConnectionParams;
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+
+/**
+ * This class implements a secure protocol socket factory
+ * for the Apache HTTP client.
+ * 
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class SZRGWSecureSocketFactory implements SecureProtocolSocketFactory {
+
+  /**
+   * The SSL socket factory.
+   */
+  private SSLSocketFactory factory;
+  
+  /**
+   * Creates a new Secure socket factory for the
+   * Apache HTTP client.
+   * 
+   * @param factory the SSL socket factory to use.
+   */
+  public SZRGWSecureSocketFactory(SSLSocketFactory factory) {
+    this.factory = factory;
+  }
+  
+  
+  /**
+   * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int)
+   */
+  public Socket createSocket(
+      String host,
+      int port,
+      InetAddress clientHost,
+      int clientPort)
+      throws IOException, UnknownHostException {
+
+      return this.factory.createSocket(
+          host,
+          port,
+          clientHost,
+          clientPort
+      );
+  }
+
+  /**
+   * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int)
+   */
+  public Socket createSocket(String host, int port)
+      throws IOException, UnknownHostException {
+      return this.factory.createSocket(
+          host,
+          port
+      );
+  }
+
+  /**
+   * @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean)
+   */
+  public Socket createSocket(
+      Socket socket,
+      String host,
+      int port,
+      boolean autoClose)
+      throws IOException, UnknownHostException {
+      return this.factory.createSocket(
+          socket,
+          host,
+          port,
+          autoClose
+      );
+  }
+  
+  /**
+   * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int,org.apache.commons.httpclient.params.HttpConnectionParams)
+   */
+  public Socket createSocket(
+      String host,
+      int port,
+      InetAddress clientHost,
+      int clientPort,
+      HttpConnectionParams params)
+      throws IOException, UnknownHostException, org.apache.commons.httpclient.ConnectTimeoutException {
+
+      Socket socket = createSocket(host, port, clientHost, clientPort);
+      if (socket != null) {
+          // socket.setKeepAlive(false);
+          if (params.getReceiveBufferSize() >= 0)
+              socket.setReceiveBufferSize(params.getReceiveBufferSize());
+          if (params.getSendBufferSize() >= 0)
+              socket.setSendBufferSize(params.getSendBufferSize());
+          socket.setReuseAddress(true);
+          if (params.getSoTimeout() >= 0)
+              socket.setSoTimeout(params.getSoTimeout());
+      }
+      return socket;
+    
+  }
+
+  /**
+   * @see java.lang.Object#equals(java.lang.Object)
+   */
+  public boolean equals(Object obj) {
+      return ((obj != null) && obj.getClass().equals(SZRGWSecureSocketFactory.class));
+  }
+
+  /**
+   * @see java.lang.Object#hashCode()
+   */
+  public int hashCode() {
+      return SZRGWSecureSocketFactory.class.hashCode();
+  }
+  
+}
+