approved changes

15 files changed, 103 insertions, 181 deletions

diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java
index 907b9bf68..9f602aba1 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java
@@ -102,9 +102,4 @@ public final class AuthenticationAttributesImpl extends AbstractSignableSAMLObje
 		vIDPAuthenAttr = prepareForAssignment(this.vIDPAuthenAttr, newVIDPAuthenAttr);
 	}
 
-	@Override
-	public int hashCode() {
-		LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
-		return super.hashCode();
-	}
 }
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java
index 003d56b46..aa4c725f1 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java
@@ -77,9 +77,4 @@ public class CitizenCountryCodeImpl extends AbstractSAMLObject implements Citize
 		return null;
 	}
 
-	@Override
-	public int hashCode() {
-		LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
-		return super.hashCode();
-	}
 }
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java
index b5d194c7f..13cc3d287 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java
@@ -77,9 +77,4 @@ public class EIDCrossBorderShareImpl extends AbstractSAMLObject implements EIDCr
 		return null;
 	}
 
-	@Override
-	public int hashCode() {
-		LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
-		return super.hashCode();
-	}
-}
\ No newline at end of file
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java
index f2762e327..2e3f6ab7e 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java
@@ -78,9 +78,4 @@ public class EIDCrossSectorShareImpl extends AbstractSAMLObject implements EIDCr
 		return null;
 	}
 
-	@Override
-	public int hashCode() {
-		LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
-		return super.hashCode();
-	}
-}
\ No newline at end of file
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java
index 423cf8b25..e74ce1fec 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java
@@ -77,9 +77,4 @@ public class QAAAttributeImpl extends AbstractSAMLObject implements QAAAttribute
 		return null;
 	}
 
-	@Override
-	public int hashCode() {
-		LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
-		return super.hashCode();
-	}
 }
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java
index e7ac7213b..2537d3794 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java
@@ -213,9 +213,4 @@ public class RequestedAttributeImpl extends AbstractSAMLObject implements Reques
 		this.unknownAttributes = newUnknownAttr;
 	}
 
-	@Override
-	public int hashCode() {
-		LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
-		return super.hashCode();
-	}
 }
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java
index 276697d6a..7f09d611f 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java
@@ -77,9 +77,4 @@ public class SPApplicationImpl extends AbstractSAMLObject implements SPApplicati
 		return null;
 	}
 
-	@Override
-	public int hashCode() {
-		LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
-		return super.hashCode();
-	}
 }
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java
index 404a90079..ea9085867 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java
@@ -77,9 +77,4 @@ public class SPCountryImpl extends AbstractSAMLObject implements SPCountry {
 		return null;
 	}
 
-	@Override
-	public int hashCode() {
-		LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
-		return super.hashCode();
-	}
 }
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java
index cea51a5a8..03dea20ed 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java
@@ -77,9 +77,4 @@ public class SPIDImpl extends AbstractSAMLObject implements SPID {
 		return null;
 	}
 
-	@Override
-	public int hashCode() {
-		LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
-		return super.hashCode();
-	}
 }
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java
index 4089f0862..41b3d8998 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java
@@ -101,9 +101,4 @@ public final class SPInformationImpl extends AbstractSignableSAMLObject implemen
 		this.spId = prepareForAssignment(this.spId, newSPId);
 	}
 
-	@Override
-	public int hashCode() {
-		LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
-		return super.hashCode();
-	}
 }
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java
index 054481744..ed0a75f35 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java
@@ -77,9 +77,4 @@ public class SPInstitutionImpl extends AbstractSAMLObject implements SPInstituti
 		return null;
 	}
 
-	@Override
-	public int hashCode() {
-		LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
-		return super.hashCode();
-	}
 }
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java
index 6e23d7f24..1cd5fb761 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java
@@ -72,6 +72,7 @@ import eu.stork.peps.exceptions.SAMLEngineException;
  * The Class HWSign. Module of sign.
  * 
  * @author fjquevedo
+ * @author advania
  */
 public final class SignHW implements SAMLEngineSignI {
 
@@ -79,14 +80,19 @@ public final class SignHW implements SAMLEngineSignI {
 	private static final String CONF_FILE = "configurationFile";
 
 	/**
-	 * The Constant KEYSTORE_TYPE. private static final String KEYSTORE_TYPE = "keystoreType"
+	 * The Constant KEYSTORE_TYPE.
 	 */
+	private static final String KEYSTORE_TYPE = "keystoreType";
 
 	/** The logger. */
 	private static final Logger LOG = LoggerFactory.getLogger(SignHW.class.getName());
 
 	/** The stork own key store. */
 	private KeyStore storkOwnKeyStore = null;
+	/**
+	 * The soft trust key store.
+	 */
+	private SignSW swTrustStore = null;
 
 	/**
 	 * Gets the stork own key store.
@@ -160,6 +166,12 @@ public final class SignHW implements SAMLEngineSignI {
 			throw new SAMLEngineException(e);
 		} finally {
 			IOUtils.closeQuietly(inputStr);
+			/**
+			 * Init the soft keystore to validate with. trustStoreConfig is read from the SignModule config file and should refer to the keystore containing trusted certificates.
+			 */
+			swTrustStore = new SignSW();
+			swTrustStore.init(properties.getProperty("trustStoreConfig"));
+			swTrustStore.loadCryptServiceProvider();
 		}
 	}
 
@@ -204,7 +216,7 @@ public final class SignHW implements SAMLEngineSignI {
 				X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName());
 				X509Principal issuerDNConf = new X509Principal(issuer);
 
-				if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.equals(issuerDN, issuerDNConf)) {
+				if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.X509equals(issuerDN, issuerDNConf)) {
 					alias = aliasCert;
 					find = true;
 				}
@@ -339,56 +351,14 @@ public final class SignHW implements SAMLEngineSignI {
 	 *             exception in validate signature
 	 */
 	public SAMLObject validateSignature(final SignableSAMLObject tokenSaml) throws SAMLEngineException {
-		LOG.info("Start signature validation.");
+		LOG.info("Start signature validation HW.");
+		/*
+		 * we are using the soft signature class to validate the signatures. This way we use the same key store code and validation that is used there.
+		 */
 		try {
-
-			// Validate structure signature
-			final SAMLSignatureProfileValidator signProfValidator = new SAMLSignatureProfileValidator();
-
-			// Indicates signature id conform to SAML Signature profile
-			signProfValidator.validate(tokenSaml.getSignature());
-
-			String aliasCert;
-			X509Certificate certificate;
-
-			final List<Credential> trustedCred = new ArrayList<Credential>();
-
-			for (final Enumeration<String> e = storkOwnKeyStore.aliases(); e.hasMoreElements();) {
-				aliasCert = e.nextElement();
-				final BasicX509Credential credential = new BasicX509Credential();
-				certificate = (X509Certificate) storkOwnKeyStore.getCertificate(aliasCert);
-				credential.setEntityCertificate(certificate);
-				trustedCred.add(credential);
-			}
-
-			final KeyInfo keyInfo = tokenSaml.getSignature().getKeyInfo();
-			final List<X509Certificate> listCertificates = KeyInfoHelper.getCertificates(keyInfo);
-
-			if (listCertificates.size() != 1) {
-				throw new SAMLEngineException("Only must be one certificate");
-			}
-
-			// Exist only one certificate
-			final BasicX509Credential entityX509Cred = new BasicX509Credential();
-			entityX509Cred.setEntityCertificate(listCertificates.get(0));
-
-			final ExplicitKeyTrustEvaluator keyTrustEvaluator = new ExplicitKeyTrustEvaluator();
-			if (!keyTrustEvaluator.validate(entityX509Cred, trustedCred)) {
-				throw new SAMLEngineException("Certificate it is not trusted.");
-			}
-
-			final SignatureValidator sigValidator = new SignatureValidator(entityX509Cred);
-
-			sigValidator.validate(tokenSaml.getSignature());
-
-		} catch (final ValidationException e) {
-			LOG.error("ValidationException.", e);
-			throw new SAMLEngineException(e);
-		} catch (final KeyStoreException e) {
-			LOG.error("ValidationException.", e);
-			throw new SAMLEngineException(e);
-		} catch (final CertificateException e) {
-			LOG.error("CertificateException.", e);
+			swTrustStore.validateSignature(tokenSaml);
+		} catch (Exception e) {
+			LOG.error("SW ValidationException.", e);
 			throw new SAMLEngineException(e);
 		}
 		return tokenSaml;
@@ -408,6 +378,12 @@ public final class SignHW implements SAMLEngineSignI {
 
 		try {
 			inputStream = SignHW.class.getResourceAsStream("/" + properties.getProperty(CONF_FILE));
+			final Provider pkcs11Provider = new sun.security.pkcs11.SunPKCS11(inputStream);
+			if (Security.getProperty(pkcs11Provider.getName()) == null) {
+				Security.insertProviderAt(pkcs11Provider, Security.getProviders().length);
+			}
+
+			storkOwnKeyStore = KeyStore.getInstance(properties.getProperty(KEYSTORE_TYPE), pkcs11Provider);
 
 		} catch (final Exception e) {
 			throw new SAMLEngineException("Error loading CryptographicServiceProvider", e);
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java
index c91f11444..d5f01a4cc 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java
@@ -41,6 +41,7 @@ import eu.stork.peps.auth.engine.X509PrincipalUtil;
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang.NotImplementedException;
 import org.bouncycastle.jce.X509Principal;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.opensaml.Configuration;
 import org.opensaml.common.SAMLObject;
 import org.opensaml.common.SignableSAMLObject;
@@ -166,25 +167,25 @@ public final class SignP12 implements SAMLEngineSignI {
 		properties = new Properties();
 		try {
 			try {
-				LOG.debug("Fichero a cargar " + fileConf);
+				LOG.debug("Loading " + fileConf);
 				fileProperties = new FileInputStream(fileConf);
 				properties.loadFromXML(fileProperties);
 			} catch (Exception e) {
-				LOG.error("Fallo al cargar el recurso externo. Se reintenta como fichero interno.");
+				LOG.error("Failed to load external resource. Retrieving internal file.");
 				fileProperties = SignP12.class.getResourceAsStream("/" + fileConf);
 				if (fileProperties == null) {
 					fileProperties = Thread.currentThread().getContextClassLoader().getResourceAsStream(fileConf);
 					if (fileProperties == null) {
 						Enumeration<URL> files = ClassLoader.getSystemClassLoader().getResources(fileConf);
 						if (files != null && files.hasMoreElements()) {
-							LOG.info("Se han encontrado recurso/s. Se toma el primero.");
+							LOG.info("Found /s.");
 							fileProperties = ClassLoader.getSystemClassLoader().getResourceAsStream(files.nextElement().getFile());
 						} else {
-							throw new IOException("No se pudo recuperar el fichero: " + fileConf, e);
+							throw new IOException("Could not load file: " + fileConf, e);
 						}
 					}
 				}
-				LOG.debug("Recuperados " + fileProperties.available() + " bytes");
+				LOG.debug("Recovered " + fileProperties.available() + " bytes");
 				properties.loadFromXML(fileProperties);
 			}
 		} catch (InvalidPropertiesFormatException e) {
@@ -243,7 +244,7 @@ public final class SignP12 implements SAMLEngineSignI {
 				X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName());
 				X509Principal issuerDNConf = new X509Principal(issuer);
 
-				if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.equals(issuerDN, issuerDNConf)) {
+				if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.X509equals(issuerDN, issuerDNConf)) {
 					alias = aliasCert;
 					find = true;
 				}
@@ -455,23 +456,21 @@ public final class SignP12 implements SAMLEngineSignI {
 		FileInputStream fisTrustStore = null;
 
 		try {
-			// // Dynamically register Bouncy Castle provider.
-			// boolean found = false;
-			// // Check if BouncyCastle is already registered as a provider
-			// final Provider[] providers = Security.getProviders();
-			// for (int i = 0; i < providers.length; i++) {
-			// if (providers[i].getName().equals(
-			// BouncyCastleProvider.PROVIDER_NAME)) {
-			// found = true;
-			// }
-			// }
-			//
-			// // Register only if the provider has not been previously registered
-			// if (!found) {
-			// LOG.debug("SAMLCore: Register Bouncy Castle provider.");
-			// Security.insertProviderAt(new BouncyCastleProvider(), Security
-			// .getProviders().length);
-			// }
+			// Dynamically register Bouncy Castle provider.
+			boolean found = false;
+			// Check if BouncyCastle is already registered as a provider
+			final Provider[] providers = Security.getProviders();
+			for (int i = 0; i < providers.length; i++) {
+				if (providers[i].getName().equals(BouncyCastleProvider.PROVIDER_NAME)) {
+					found = true;
+				}
+			}
+
+			// Register only if the provider has not been previously registered
+			if (!found) {
+				LOG.debug("SAMLCore: Register Bouncy Castle provider.");
+				Security.insertProviderAt(new BouncyCastleProvider(), Security.getProviders().length);
+			}
 
 			p12Store = KeyStore.getInstance(properties.getProperty("keystoreType"));
 
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java
index e1ae2b8e2..1ca857e9e 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java
@@ -12,17 +12,34 @@
  * Licence for the specific language governing permissions and limitations under
  * the Licence.
  */
-
 package eu.stork.peps.auth.engine.core.impl;
 
-import eu.stork.peps.auth.engine.X509PrincipalUtil;
-import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
-import eu.stork.peps.auth.engine.core.SAMLEngineSignI;
-import eu.stork.peps.exceptions.SAMLEngineException;
+import java.io.ByteArrayInputStream;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.Security;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.InvalidPropertiesFormatException;
+import java.util.List;
+import java.util.Properties;
+
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang.NotImplementedException;
 import org.bouncycastle.jce.X509Principal;
-//import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.opensaml.Configuration;
 import org.opensaml.common.SAMLObject;
 import org.opensaml.common.SignableSAMLObject;
@@ -41,25 +58,22 @@ import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager;
 import org.opensaml.xml.security.trust.ExplicitKeyTrustEvaluator;
 import org.opensaml.xml.security.trust.ExplicitX509CertificateTrustEvaluator;
 import org.opensaml.xml.security.x509.BasicX509Credential;
-import org.opensaml.xml.signature.*;
+import org.opensaml.xml.signature.KeyInfo;
 import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureConstants;
 import org.opensaml.xml.signature.SignatureException;
+import org.opensaml.xml.signature.SignatureValidator;
 import org.opensaml.xml.signature.Signer;
 import org.opensaml.xml.util.Base64;
 import org.opensaml.xml.validation.ValidationException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import java.io.ByteArrayInputStream;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.*;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.CertificateNotYetValidException;
-import java.security.cert.X509Certificate;
-import java.util.*;
+import eu.stork.peps.auth.engine.X509PrincipalUtil;
+import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
+import eu.stork.peps.auth.engine.core.SAMLEngineSignI;
+import eu.stork.peps.exceptions.SAMLEngineException;
+
 
 /**
  * The Class SWSign. Class responsible for signing and validating of messages SAML with a certificate store software.
@@ -215,16 +229,12 @@ public class SignSW implements SAMLEngineSignI {
 
 				final String serialNum = certificate.getSerialNumber().toString(16);
 
-				try {
-					X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName());
-					X509Principal issuerDNConf = new X509Principal(issuer);
+				X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName());
+				X509Principal issuerDNConf = new X509Principal(issuer);
 
-					if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.equals(issuerDN, issuerDNConf)) {
-						alias = aliasCert;
-						find = true;
-					}
-				} catch (Exception ex) {
-					LOG.error("Exception during signing: " + ex.getMessage()); // Added as a workaround for Bouncycastle email error
+				if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.X509equals(issuerDN, issuerDNConf)) {
+					alias = aliasCert;
+					find = true;
 				}
 			}
 			if (!find) {
@@ -344,7 +354,7 @@ public class SignSW implements SAMLEngineSignI {
 	 * @see eu.stork.peps.auth.engine.core.SAMLEngineSignI#validateSignature(org.opensaml.common.SignableSAMLObject)
 	 */
 	public final SAMLObject validateSignature(final SignableSAMLObject tokenSaml) throws SAMLEngineException {
-		LOG.info("Start signature validation.");
+		LOG.info("Start signature validation SW.");
 		try {
 
 			// Validate structure signature
@@ -440,23 +450,21 @@ public class SignSW implements SAMLEngineSignI {
 		LOG.info("Load Cryptographic Service Provider");
 		FileInputStream fis = null;
 		try {
-			// // Dynamically register Bouncy Castle provider.
-			// boolean found = false;
-			// // Check if BouncyCastle is already registered as a provider
-			// final Provider[] providers = Security.getProviders();
-			// for (int i = 0; i < providers.length; i++) {
-			// if (providers[i].getName().equals(
-			// BouncyCastleProvider.PROVIDER_NAME)) {
-			// found = true;
-			// }
-			// }
-			//
-			// // Register only if the provider has not been previously registered
-			// if (!found) {
-			// LOG.info("SAMLCore: Register Bouncy Castle provider.");
-			// Security.insertProviderAt(new BouncyCastleProvider(), Security
-			// .getProviders().length);
-			// }
+			// Dynamically register Bouncy Castle provider.
+			boolean found = false;
+			// Check if BouncyCastle is already registered as a provider
+			final Provider[] providers = Security.getProviders();
+			for (int i = 0; i < providers.length; i++) {
+				if (providers[i].getName().equals(BouncyCastleProvider.PROVIDER_NAME)) {
+					found = true;
+				}
+			}
+
+			// Register only if the provider has not been previously registered
+			if (!found) {
+				LOG.info("SAMLCore: Register Bouncy Castle provider.");
+				Security.insertProviderAt(new BouncyCastleProvider(), Security.getProviders().length);
+			}
 
 			storkOwnKeyStore = KeyStore.getInstance(properties.getProperty(KEYSTORE_TYPE));
 
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java
index d7d92ea74..bfb85e357 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java
@@ -125,10 +125,4 @@ public final class VIDPAuthenticationAttributesImpl extends AbstractSignableSAML
 	public void setSPInformation(SPInformation newSPInformation) {
 		this.spInformation = prepareForAssignment(this.spInformation, newSPInformation);
 	}
-
-	@Override
-	public int hashCode() {
-		LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
-		return super.hashCode();
-	}
 }