- Update MOA-SS Interface (CreateCMSignatureRequest)

- Whitelisting in MOA-SPSS

25 files changed, 1989 insertions, 8 deletions

diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
index fbf40be88..26cce1a82 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
@@ -35,6 +35,9 @@ import org.apache.commons.discovery.tools.DiscoverClass;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 
+import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse;
 import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
 import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
@@ -138,6 +141,26 @@ public abstract class SPSSFactory {
     List singleSignatureInfos);
 
   /**
+   * Create a new <code>CreateCMSSignatureRequest</code> object.
+   * 
+   * @param keyIdentifier The identifier for the key group to use for signing.
+   * @param singleSignatureInfos A <code>List</code> of 
+   * <code>SingleSignatureInfo</code> objects containing information about a
+   * single signature to be created.
+   * @return The <code>CreateCMSSignatureRequest</code> containing the above
+   * data.
+   * 
+   * @pre keyIdentifier != null && keyIdentifier.length() > 0
+   * @pre singleSignatureInfos != null
+   * @pre forall Object o in singleSignatureInfos | 
+   *        o instanceof at.gv.egovernment.moa.spss.api.common.SingleSignatureInfo 
+   * @post return != null
+   */
+  public abstract CreateCMSSignatureRequest createCreateCMSSignatureRequest(
+    String keyIdentifier,
+    List singleSignatureInfos);
+  
+  /**
    * Create a new <code>SingleSignatureInfo</code> object.
    * 
    * @param dataObjectInfos The data objects that will be signed (including
@@ -156,6 +179,23 @@ public abstract class SPSSFactory {
   public abstract SingleSignatureInfo createSingleSignatureInfo(
     List dataObjectInfos,
     CreateSignatureInfo createSignatureInfo, boolean securityLayerConform);
+  
+  /**
+   * Create a new <code>SingleSignatureInfo</code> object.
+   * 
+   * @param dataObjectInfo The data object that will be signed.
+   * @param securityLayerConform If <code>true</code>, a Security Layer conform
+   * signature manifest is created, otherwise not.
+   * @return The <code>SingleSignatureInfo</code> containing the above data.
+   * 
+   * @post return != null
+   */
+  public abstract at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo createSingleSignatureInfoCMS(	
+    at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo,
+    boolean securityLayerConform);
+  
+
+  
 
   /**
    * Create a new <code>DataObjectInfo</code> object.
@@ -182,6 +222,22 @@ public abstract class SPSSFactory {
     CreateTransformsInfoProfile createTransformsInfoProfile);
 
   /**
+   * Create a new <code>DataObjectInfo</code> object.
+   * 
+   * @param structure The type of signature to create.
+   * @param dataObject The data object that will be signed.
+   * @return The <code>DataObjectInfo</code> containing the above data.
+   * 
+   * @pre DataObjectInfo.STRUCTURE_DETACHED.equals(structure) ||
+   *      DataObjectInfo.STRUCTURE_ENVELOPING.equals(structure)
+   * @pre dataObject != null
+   * @post return != null
+   */
+  public abstract at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo createDataObjectInfo(
+    String structure,
+    CMSDataObject dataObject);
+  
+  /**
    * Create a new <code>CreateTransformsInfoProfile</code> object containing a
    * reference to a locally stored profile.
    * 
@@ -321,6 +377,37 @@ public abstract class SPSSFactory {
    */
   public abstract CreateXMLSignatureResponse createCreateXMLSignatureResponse(List responseElements);
 
+  
+  /**
+   * Create a new <code>CreateCMSSignatureResponse</code> object.
+   * 
+   * @param responseElements The elements of the response, either 
+   * <code>CMSSignatureResponse</code> objects, or 
+   * <code>ErrorResponse</code> objects.
+   * @return The new <code>CreateCMSSignatureResponse</code> containing the
+   * above data.
+   * 
+   * @pre responseElements != null && responseElements.size() > 0
+   * @pre forall Object o in responseElements | 
+   *        o instanceof at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse
+   * @post return != null
+   */
+  public abstract CreateCMSSignatureResponse createCreateCMSSignatureResponse(List responseElements);
+  
+  
+  /**
+   * Create a new <code>SignatureEnvironmentResponse</code> object.
+   * 
+   * @param signatureEnvironment The signature environment containing the
+   * signature.
+   * @return The <code>SignatureEnvironmentResponse</code> containing the
+   * <code>signatureEnvironment</code>.
+   * 
+   * @pre signatureEnvironment != null
+   * @post return != null
+   */
+  public abstract CMSSignatureResponse createCMSSignatureResponse(String base64value);
+  
   /**
    * Create a new <code>SignatureEnvironmentResponse</code> object.
    * 
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CMSSignatureResponse.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CMSSignatureResponse.java
new file mode 100644
index 000000000..10db67627
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CMSSignatureResponse.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmssign;
+
+
+/**
+ * Contains the signature if the signature creation was successful.
+ *  
+ * @version $Id$
+ */
+public interface CMSSignatureResponse
+  extends CreateCMSSignatureResponseElement {
+  /** 
+   * Gets the CMS signature (Base64 encoded).
+   * 
+   * @return The CMS signature
+   */
+  public String getCMSSignature();
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureRequest.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureRequest.java
new file mode 100644
index 000000000..9d5cd7a0d
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureRequest.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmssign;
+
+import java.util.List;
+
+
+/**
+ * Object that encapsulates a request to create a CMS Signature.
+ * 
+ * 
+ * @version $Id$
+ */
+public interface CreateCMSSignatureRequest {
+  /**
+   * Gets the identifier for the keys to be used for the signature.
+   * 
+   * @return The identifier for the keys to be used.
+   */
+  public String getKeyIdentifier();
+  /**
+   * Gets the information of the singleSignatureInfo elements. 
+   * 
+   * @return The information of singleSignatureInfo elements.
+   */
+  public List getSingleSignatureInfos();
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponse.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponse.java
new file mode 100644
index 000000000..6062a1162
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponse.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmssign;
+
+import java.util.List;
+
+/**
+ * Object that encapsulates the response on to a 
+ * <code>CreateCMSSignatureRequest</code> to create an XML signature.
+ * 
+ * @version $Id$
+ */
+public interface CreateCMSSignatureResponse {
+  /**
+   * Gets the response elements.
+   * 
+   * @return The response elements.
+   */
+  public List getResponseElements();
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponseElement.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponseElement.java
new file mode 100644
index 000000000..8e4e61145
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponseElement.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmssign;
+
+/**
+ * Base class for <code>CMSSignature</code> and 
+ * <code>ErrorResponse</code> elements in a 
+ * <code>CreateXMLSignatureResponse</code>.
+ * 
+ * @version $Id$
+ */
+public interface CreateCMSSignatureResponseElement {
+  /**
+   * Indicates that this object contains a <code>CMSSignature</code>.
+   */
+  public static final int CMS_SIGNATURE = 0;
+  /**
+   * Indicates that this objet contains an <code>ErrorResponse</code>.
+   */
+  public static final int ERROR_RESPONSE = 1;
+  
+  /**
+   * Gets the type of response object.
+   * 
+   * @return The type of response object, either 
+   * <code>CMS_SIGNATURE</code> or <code>ERROR_RESPONSE</code>.
+   */
+  public int getResponseType();
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/DataObjectInfo.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/DataObjectInfo.java
new file mode 100644
index 000000000..b9f363061
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/DataObjectInfo.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmssign;
+
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
+
+/**
+ * Encapsulates information required to create a single signature.
+ * 
+ * @version $Id$
+ */
+public interface DataObjectInfo {
+  /**
+   * Indicates that a detached signature will be created.
+   */
+  public static final String STRUCTURE_DETACHED = "detached"; 
+  /**
+   * Indicates that an enveloping signature will be created.
+   */
+  public static final String STRUCTURE_ENVELOPING = "enveloping";
+
+  /**
+   * Gets the structure of the signature.
+   * 
+   * @return The structure of the signature.
+   */
+  public String getStructure();
+
+  /**
+   * Gets information related to a single data object.
+   * 
+   * @return Information related to a single data object.
+   */
+  public CMSDataObject getDataObject();
+  
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java
new file mode 100644
index 000000000..1f87a50ca
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmssign;
+
+
+
+/**
+ * Encapsulates data to create a single signature.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface SingleSignatureInfo {
+  /**
+   * Gets the dataObjectInfo information.
+   * 
+   * @return The dataObjectInfo information.
+   */
+  public DataObjectInfo getDataObjectInfo();
+  
+  /**
+   * Check whether a Security Layer conform signature manifest will be created.
+   * 
+   * @return <code>true</code>, if a Security Layer conform signature manifest 
+   * will be created, <code>false</code> otherwise.
+   */
+  public boolean isSecurityLayerConform();
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSSignatureResponseImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSSignatureResponseImpl.java
new file mode 100644
index 000000000..b512dd0bd
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSSignatureResponseImpl.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse;
+
+/**
+ * Default implementation of <code>CMSSignatureResponse</code>.
+ * 
+ * @version $Id$
+ */
+public class CMSSignatureResponseImpl
+  implements CMSSignatureResponse {
+
+  /** The base64 value of the CMS signature. */
+  private String cmsSignature;
+
+  /** 
+   * Sets the CMS signature.
+   * 
+   * @param cmsSignature The Base64 encoded value CMS signature.
+   */
+  public void setCMSSignature(String cmsSignature) {
+    this.cmsSignature = cmsSignature;
+  }
+
+  public String getCMSSignature() {
+    return cmsSignature;
+  }
+
+  /**
+   * Gets the type of <code>CreateCMSSignatureResponseElement</code>.
+   * 
+   * @return CMS_SIGNATURE
+   */
+  public int getResponseType() {
+    return CMS_SIGNATURE;
+  }
+
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureRequestImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureRequestImpl.java
new file mode 100644
index 000000000..e8408bc55
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureRequestImpl.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest;
+
+/**
+ * Default implementation of <code>CreateCMSSignatureRequest</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class CreateCMSSignatureRequestImpl
+  implements CreateCMSSignatureRequest {
+
+  /** The identifier for selecting the private keys for creating the signature.*/
+  private String keyIdentifier;
+  /** Information for creating a single signature. */
+  private List singleSignatureInfos = new ArrayList();
+
+  /**
+   * Sets the identifier for selecting the private keys for creating the 
+   * signature.
+   * 
+   * @param keyIdentifier The identifier for selecting the private keys.
+   */
+  public void setKeyIdentifier(String keyIdentifier) {
+    this.keyIdentifier = keyIdentifier;
+  }
+
+  public String getKeyIdentifier() {
+    return keyIdentifier;
+  }
+
+  /**
+   * Sets the information for creating single signatures.
+   * 
+   * @param singleSignaureInfos The information for creating single signatures.
+   */
+  public void setSingleSignatureInfos(List singleSignaureInfos) {
+    this.singleSignatureInfos =
+      singleSignaureInfos != null
+        ? Collections.unmodifiableList(new ArrayList(singleSignaureInfos))
+        : null;
+  }
+
+  public List getSingleSignatureInfos() {
+    return singleSignatureInfos;
+  }
+
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureResponseImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureResponseImpl.java
new file mode 100644
index 000000000..d596058c6
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureResponseImpl.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse;
+
+/**
+ * Default implementation of <code>CreateCMSSignatureResponse</code>.
+ * 
+ * @version $Id$
+ */
+public class CreateCMSSignatureResponseImpl
+  implements CreateCMSSignatureResponse {
+
+  /** The elements contained in the response. */
+  private List responseElements = new ArrayList();
+
+  /**
+   * Sets the elements contained in the response.
+   * 
+   * @param responseElements The response elements.
+   */
+  public void setResponseElements(List responseElements) {
+    this.responseElements =
+      responseElements != null
+        ? Collections.unmodifiableList(new ArrayList(responseElements))
+        : null;
+  }
+
+  public List getResponseElements() {
+    return responseElements;
+  }
+
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/DataObjectInfoCMSImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/DataObjectInfoCMSImpl.java
new file mode 100644
index 000000000..702086b6f
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/DataObjectInfoCMSImpl.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
+
+/**
+ * Default implementation of <code>DataObjectInfo</code> for CMS.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class DataObjectInfoCMSImpl implements DataObjectInfo {
+  /** The signature structure type. */
+  private String stucture;
+  /** The data object to be signed. */
+  private CMSDataObject dataObject;
+
+  /**
+   * Sets the signature structure type.
+   * 
+   * @param structure The signature structure type.
+   */
+  public void setStructure(String structure) {
+    this.stucture = structure;
+  }
+
+  public String getStructure() {
+    return stucture;
+  }
+
+
+  /**
+   * Sets the data object to be signed.
+   * 
+   * @param dataObject The data object to be signed.
+   */
+  public void setDataObject(CMSDataObject dataObject) {
+    this.dataObject = dataObject;
+  }
+
+  public CMSDataObject getDataObject() {
+    return dataObject;
+  }
+
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
index a23a1d98f..7c1208e8f 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
@@ -25,6 +25,7 @@
 package at.gv.egovernment.moa.spss.api.impl;
 
 import java.io.InputStream;
+
 import java.math.BigInteger;
 import java.security.cert.X509Certificate;
 import java.util.Date;
@@ -35,6 +36,9 @@ import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 
 import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse;
 import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
 import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
@@ -90,6 +94,32 @@ public class SPSSFactoryImpl extends SPSSFactory {
     createXMLSignatureRequest.setSingleSignatureInfos(singleSignatureInfos);
     return createXMLSignatureRequest;
   }
+  
+  public CreateCMSSignatureRequest createCreateCMSSignatureRequest(
+    String keyIdentifier,
+    List singleSignatureInfos) {
+	  CreateCMSSignatureRequestImpl createCMSSignatureRequest =
+		      new CreateCMSSignatureRequestImpl();
+	  createCMSSignatureRequest.setKeyIdentifier(keyIdentifier);
+	  createCMSSignatureRequest.setSingleSignatureInfos(singleSignatureInfos);
+	  return createCMSSignatureRequest;
+	  
+  }
+  
+  public CreateCMSSignatureResponse createCreateCMSSignatureResponse(List responseElements) {
+	  CreateCMSSignatureResponseImpl createCMSSignatureResponse = new CreateCMSSignatureResponseImpl();
+	  createCMSSignatureResponse.setResponseElements(responseElements);
+	  return createCMSSignatureResponse;
+  }
+  
+  
+  public CMSSignatureResponse createCMSSignatureResponse(String base64value) {
+	  CMSSignatureResponseImpl cmsSignatureResponse = new CMSSignatureResponseImpl();
+	  cmsSignatureResponse.setCMSSignature(base64value);
+	  
+	  return cmsSignatureResponse;
+  }
+  
 
   public SingleSignatureInfo createSingleSignatureInfo(
     List dataObjectInfos,
@@ -101,6 +131,16 @@ public class SPSSFactoryImpl extends SPSSFactory {
     singleSignatureInfo.setSecurityLayerConform(securityLayerConform);
     return singleSignatureInfo;
   }
+  
+  public at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo createSingleSignatureInfoCMS(
+		  at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo,		    
+		    boolean securityLayerConform) {
+		    SingleSignatureInfoCMSImpl singleSignatureInfo = new SingleSignatureInfoCMSImpl();
+		    singleSignatureInfo.setDataObjectInfo(dataObjectInfo);
+		    singleSignatureInfo.setSecurityLayerConform(securityLayerConform);
+		    return singleSignatureInfo;
+		  }
+  
   public DataObjectInfo createDataObjectInfo(
     String structure,
     boolean childOfManifest,
@@ -113,6 +153,15 @@ public class SPSSFactoryImpl extends SPSSFactory {
     dataObjectInfo.setCreateTransformsInfoProfile(createTransformsInfoProfile);
     return dataObjectInfo;
   }
+  
+  public at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo createDataObjectInfo(
+		    String structure,
+		    CMSDataObject dataObject) {
+		    DataObjectInfoCMSImpl dataObjectInfo = new DataObjectInfoCMSImpl();
+		    dataObjectInfo.setStructure(structure);
+		    dataObjectInfo.setDataObject(dataObject);
+		    return dataObjectInfo;
+		  }
 
   public CreateTransformsInfoProfile createCreateTransformsInfoProfile(String profileID) {
 
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java
new file mode 100644
index 000000000..cb3651587
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo;
+import at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo;
+
+/**
+ * @version $Id$
+ */
+public class SingleSignatureInfoCMSImpl implements SingleSignatureInfo {
+
+  private DataObjectInfo dataObjectInfo = null;
+
+
+  private boolean securityLayerConform = true;
+
+  public void setDataObjectInfo(DataObjectInfo dataObjectInfo) {
+    this.dataObjectInfo = dataObjectInfo;
+  }
+
+  public DataObjectInfo getDataObjectInfo() {
+    return dataObjectInfo;
+  }
+
+
+
+  public void setSecurityLayerConform(boolean securityLayerConform) {
+    this.securityLayerConform = securityLayerConform;
+  }
+
+  public boolean isSecurityLayerConform() {
+    return securityLayerConform;
+  }
+
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java
new file mode 100644
index 000000000..737915ecd
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java
@@ -0,0 +1,247 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlbind;
+
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.traversal.NodeIterator;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo;
+import at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * A parser to parse <code>CreateCMSSignatureRequest</code> DOM trees into
+ * <code>CreateCMSSignatureRequest</code> API objects.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CreateCMSSignatureRequestParser {
+
+  //
+  // XPath expresssions to select elements in the CreateCMSSignatureRequest
+  //
+  private static final String MOA = Constants.MOA_PREFIX + ":";
+  private static final String KEY_IDENTIFIER_XPATH =
+    "/" + MOA + "CreateCMSSignatureRequest/" + MOA + "KeyIdentifier";
+  private static final String SINGLE_SIGNATURE_INFO_XPATH =
+    "/" + MOA + "CreateCMSSignatureRequest/" + MOA + "SingleSignatureInfo";
+  private static final String DATA_OBJECT_INFO_XPATH = MOA + "DataObjectInfo";
+  private static final String DATA_OBJECT_XPATH = MOA + "DataObject";
+  
+  private static final String SL_CONFORM_ATTR_NAME = "SecurityLayerConformity";
+
+  private static final String META_INFO_XPATH = MOA + "MetaInfo";
+  private static final String CONTENT_XPATH = MOA + "Content";
+  private static final String BASE64_CONTENT_XPATH = MOA + "Base64Content";
+
+  
+  /** The factory to create API objects. */
+  private SPSSFactory factory;
+
+  /**
+   * Create a new <code>CreateCMSSignatureRequestParser</code>.
+   */
+  public CreateCMSSignatureRequestParser() {
+    this.factory = SPSSFactory.getInstance();
+  }
+
+  /**
+   * Parse a <code>CreateCMSSignatureRequest</code> DOM element, as defined
+   * by the MOA schema.
+   * 
+   * @param requestElem The <code>CreateCMSSignatureRequest</code> to parse. The
+   * request must have been successfully parsed against the schema for this
+   * method to succeed.
+   * @return A <code>CreateCMSSignatureRequest</code> API object containing
+   * the data from the DOM element.
+   * @throws MOAApplicationException An error occurred parsing the request.
+   */
+  public CreateCMSSignatureRequest parse(Element requestElem)
+    throws MOAApplicationException {
+
+    List singleSignatureInfos = parseSingleSignatureInfos(requestElem);
+    String keyIdentifier =
+      XPathUtils.getElementValue(requestElem, KEY_IDENTIFIER_XPATH, null);
+
+    return factory.createCreateCMSSignatureRequest(
+      keyIdentifier,
+      singleSignatureInfos);
+  }
+
+  /**
+   * Parse all <code>SingleSignatureInfo</code> elements of the 
+   * <code>CreateCMSSignatureRequest</code>.
+   * 
+   * @param requestElem The <code>CreateCMSSignatureRequest</code> to parse.
+   * @return A <code>List</code> of <code>SingleSignatureInfo</code> API 
+   * objects.
+   * @throws MOAApplicationException An error occurred parsing on of the 
+   * <code>SingleSignatureInfo</code> elements.
+   */
+  private List parseSingleSignatureInfos(Element requestElem)
+    throws MOAApplicationException {
+
+    List singleSignatureInfos = new ArrayList();
+    NodeIterator sigInfoElems =
+      XPathUtils.selectNodeIterator(requestElem, SINGLE_SIGNATURE_INFO_XPATH);
+    Element sigInfoElem;
+
+    while ((sigInfoElem = (Element) sigInfoElems.nextNode()) != null) {
+      singleSignatureInfos.add(parseSingleSignatureInfo(sigInfoElem));
+    }
+
+    return singleSignatureInfos;
+  }
+
+  /**
+   * Parse a <code>SingleSignatureInfo</code> DOM element.
+   * 
+   * @param sigInfoElem The <code>SingleSignatureInfo</code> DOM element to 
+   * parse.
+   * @return A <code>SingleSignatureInfo</code> API object containing the 
+   * information of <code>sigInfoElem</code>.
+   * @throws MOAApplicationException An error occurred parsing the 
+   * <code>SingleSignatureInfo</code>.
+   */
+  private SingleSignatureInfo parseSingleSignatureInfo(Element sigInfoElem)
+    throws MOAApplicationException {
+
+    DataObjectInfo dataObjectInfo = parseDataObjectInfo(sigInfoElem);
+    boolean securityLayerConform;
+
+    if (sigInfoElem.hasAttribute(SL_CONFORM_ATTR_NAME)) {
+      securityLayerConform =
+        BoolUtils.valueOf(sigInfoElem.getAttribute(SL_CONFORM_ATTR_NAME));
+    } else {
+      securityLayerConform = true;
+    }
+
+    return factory.createSingleSignatureInfoCMS(
+      dataObjectInfo,
+      securityLayerConform);
+  }
+
+  /**
+   * Parse the <code>DataObjectInfo</code> DOM elements contained in the given
+   * <code>SingleSignatureInfo</code> DOM element.
+   * 
+   * @param sigInfoElem The  <code>SingleSignatureInfo</code> DOM element
+   * whose <code>DataObjectInfo</code>s to parse.
+   * @return A <code>List</code> of <code>DataObjectInfo</code> API objects
+   * containing the data from the <code>DataObjectInfo</code> DOM elements.
+   * @throws MOAApplicationException An error occurred parsing one of the
+   * <code>DataObjectInfo</code>s.
+   */
+  private DataObjectInfo parseDataObjectInfo(Element sigInfoElem)
+    throws MOAApplicationException {
+
+	  Element dataObjInfoElem = (Element)XPathUtils.selectSingleNode(sigInfoElem, DATA_OBJECT_INFO_XPATH);
+	  
+	  String structure = dataObjInfoElem.getAttribute("Structure");
+	    Element dataObjectElem =
+	      (Element) XPathUtils.selectSingleNode(dataObjInfoElem, DATA_OBJECT_XPATH);
+	  
+	    CMSDataObject dataObject = parseDataObject(dataObjectElem);
+
+	    return factory.createDataObjectInfo(
+	      structure,
+	      dataObject);
+	    
+  }
+  
+ 
+
+ 
+
+  /**
+   * Parse a the <code>DataObject</code> DOM element contained in a given 
+   * <code>CreateCMSSignatureRequest</code> DOM element.
+   * 
+   * @param requestElem The DataObject DOM element of the <code>VerifyCMSSignatureRequest</code> 
+   * to parse.
+   * @return The <code>CMSDataObject</code> API object containing the data
+   * from the <code>DataObject</code> DOM element.
+   */
+  private CMSDataObject parseDataObject(Element dataObjectElem) {
+
+    if (dataObjectElem != null) {
+      Element metaInfoElem = (Element) XPathUtils.selectSingleNode(dataObjectElem, META_INFO_XPATH);
+      MetaInfo metaInfo = null;
+      Element contentElem = (Element) XPathUtils.selectSingleNode(dataObjectElem, CONTENT_XPATH);
+      CMSContent content = parseContent(contentElem);
+
+      if (metaInfoElem != null) {
+        metaInfo = RequestParserUtils.parseMetaInfo(metaInfoElem);
+      }
+
+      return factory.createCMSDataObject(metaInfo, content);
+    } 
+    else {
+      return null;
+    }
+  }
+
+    
+
+    /**
+     * Parse the content contained in a <code>CMSContentBaseType</code> kind of
+     * DOM element.
+     * 
+     * @param contentElem The <code>CMSContentBaseType</code> kind of element to
+     * parse.
+     * @return A <code>CMSDataObject</code> API object containing the data
+     * from the given DOM element.
+     */
+    private CMSContent parseContent(Element contentElem) {
+      Element base64ContentElem =
+        (Element) XPathUtils.selectSingleNode(contentElem, BASE64_CONTENT_XPATH);
+
+      if (base64ContentElem != null) {
+        String base64Str = DOMUtils.getText(base64ContentElem);
+        InputStream binaryContent = Base64Utils.decodeToStream(base64Str, true);
+        return factory.createCMSContent(binaryContent);
+      } else {
+        return factory.createCMSContent(
+          contentElem.getAttribute("Reference"));
+      }
+    } 
+
+}
\ No newline at end of file
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java
new file mode 100644
index 000000000..907f90d32
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java
@@ -0,0 +1,145 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlbind;
+
+import java.io.IOException;
+import java.util.Iterator;
+
+import javax.xml.transform.TransformerException;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponseElement;
+import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.SignatureEnvironmentResponse;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+/**
+ * Convert a <code>CreateCMSSignatureResponse</code> API object into its
+ * XML representation, according to the MOA XML schema.
+ * 
+ * @version $Id$
+ */
+public class CreateCMSSignatureResponseBuilder {
+  private static final String MOA_NS_URI = Constants.MOA_NS_URI;
+
+  /** The XML document containing the response element. */
+  private Document responseDoc;
+  /** The response <code>CreateCMSSignatureResponse</code> DOM element. */
+  private Element responseElem;
+
+  /**
+   * Create a new <code>CreateCMSSignatureResponseBuilder</code>:
+   * 
+   * @throws MOASystemException An error occurred setting up the resulting
+   * XML document.
+   */
+  public CreateCMSSignatureResponseBuilder() throws MOASystemException {
+    responseDoc =
+      ResponseBuilderUtils.createResponse("CreateCMSSignatureResponse");
+    responseElem = responseDoc.getDocumentElement();
+  }
+
+  /**
+   * Build a document containing a <code>CreateCMSSignatureResponse</code>
+   * DOM element being the XML representation of the given 
+   * <code>CreateCMSSignatureResponse</code> API object.
+   * 
+   * @param response The <code>CreateCMSSignatureResponse</code> to convert
+   * to XML.
+   * @return A document containing the <code>CreateCMSSignatureResponse</code>
+   * DOM element.
+   */
+  public Document build(CreateCMSSignatureResponse response) {
+    Iterator iter;
+
+        
+    for (iter = response.getResponseElements().iterator(); iter.hasNext();) {
+      CreateCMSSignatureResponseElement responseElement =
+        (CreateCMSSignatureResponseElement) iter.next();
+      
+      switch (responseElement.getResponseType()) {
+        case CreateCMSSignatureResponseElement.CMS_SIGNATURE :
+        	CMSSignatureResponse cmsSignatureResponse = (CMSSignatureResponse) responseElement;
+        	addCMSSignature(cmsSignatureResponse);
+          break;
+
+        case CreateCMSSignatureResponseElement.ERROR_RESPONSE :
+          ErrorResponse errorResponse = (ErrorResponse) responseElement;
+          addErrorResponse(errorResponse);
+          break;
+      }
+
+    }
+
+    return responseDoc;
+  }
+
+
+
+  /**
+   * Add a <code>CMSSignature</code> element to the response.
+   * 
+   * @param cmsSignatureResponse The content to put under the
+   * <code>CMSSignature</code> element.
+   */
+  private void addCMSSignature(CMSSignatureResponse cmsSignatureResponse) {
+	  String base64Value = cmsSignatureResponse.getCMSSignature();
+	  
+	  Element cmsSignature = responseDoc.createElementNS(MOA_NS_URI, "CMSSignature");	  
+	  cmsSignature.setTextContent(base64Value);
+	  
+	  responseElem.appendChild(cmsSignature);
+	  
+}
+  
+  /**
+   * Add a <code>ErrorResponse</code> element to the response.
+   *  
+   * @param errorResponse The API object containing the information to put into
+   * the <code>ErrorResponse</code> DOM element.
+   */
+  private void addErrorResponse(ErrorResponse errorResponse) {
+    Element errorElem =
+      responseDoc.createElementNS(MOA_NS_URI, "ErrorResponse");
+    Element errorCodeElem =
+      responseDoc.createElementNS(MOA_NS_URI, "ErrorCode");
+    Element infoElem = responseDoc.createElementNS(MOA_NS_URI, "Info");
+    String errorCodeStr = Integer.toString(errorResponse.getErrorCode());
+
+    errorCodeElem.appendChild(responseDoc.createTextNode(errorCodeStr));
+    errorElem.appendChild(errorCodeElem);
+    infoElem.appendChild(responseDoc.createTextNode(errorResponse.getInfo()));
+    errorElem.appendChild(errorCodeElem);
+    errorElem.appendChild(infoElem);
+    responseElem.appendChild(errorElem);
+  }
+
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index bc53ca4f9..4fcc5daa9 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -548,8 +548,7 @@ public class ConfigurationPartsBuilder {
 	  }
 	  
 	  
-	  // set whitelist for iaik-moa
-	  // TODO 
+	  // TODO set whitelist for iaik-moa
 //	  ExternalReferenceChecker.setWhitelist(whiteListIaikMoa);
 
 	  
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
new file mode 100644
index 000000000..49e5ecc10
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
@@ -0,0 +1,249 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.cmssign;
+
+import iaik.server.modules.algorithms.SignatureAlgorithms;
+import iaik.server.modules.cmssign.CMSSignatureCreationProfile;
+import iaik.server.modules.keys.AlgorithmUnavailableException;
+import iaik.server.modules.keys.KeyEntryID;
+import iaik.server.modules.keys.KeyModule;
+import iaik.server.modules.keys.KeyModuleFactory;
+import iaik.server.modules.keys.UnknownKeyException;
+
+import java.util.List;
+import java.util.Set;
+
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+
+/**
+ * An object providing auxiliary information for creating a CMS signature.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CMSSignatureCreationProfileImpl
+  implements CMSSignatureCreationProfile {
+
+  /** The set of keys available to the signing process. */
+  private Set keySet;
+  /** The MIME type of the data to be signed*/
+  private String mimeType;
+  /** Whether the created signature is to be Security Layer conform. */ 
+  private boolean securityLayerConform;
+  /** Properties to be signed during signature creation. */ 
+  private List signedProperties;
+  /** Specifies whether the content data shall be included in the CMS SignedData or shall be not included. */
+  private boolean includeData;
+  /** Digest Method algorithm  */
+  private String digestMethod;
+  
+  
+  /**
+   * Create a new <code>XMLSignatureCreationProfileImpl</code>.
+   * 
+   * @param createProfileCount Provides external information about the 
+   * number of calls to the signature creation module, using the same request.
+   * @param reservedIDs The set of IDs that must not be used while generating
+   * new IDs.
+   */
+  public CMSSignatureCreationProfileImpl(
+    Set keySet,
+    String digestMethod,
+    List signedProperties,
+    boolean securityLayerConform,
+    boolean includeData,
+    String mimeType) {
+	  this.keySet = keySet;
+	  this.signedProperties = signedProperties;
+	  this.securityLayerConform = securityLayerConform;
+	  this.includeData = includeData;
+	  this.mimeType = mimeType;
+	  this.digestMethod = digestMethod;
+
+  }
+
+  
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getKeySet()
+   */
+  public Set getKeySet() {
+    return keySet;
+  }
+
+  /**
+   * Set the set of <code>KeyEntryID</code>s which may be used for signature
+   * creation.
+   * 
+   * @param keySet The set of <code>KeyEntryID</code>s to set.
+   */
+  public void setKeySet(Set keySet) {
+    this.keySet = keySet;
+  }
+
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureAlgorithmName(KeyEntryID)
+   */
+  public String getSignatureAlgorithmName(KeyEntryID selectedKeyID)
+    throws AlgorithmUnavailableException {
+
+	  
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    TransactionId tid = new TransactionId(context.getTransactionID());
+    KeyModule module = KeyModuleFactory.getInstance(tid);
+    Set algorithms;
+
+    try {
+      algorithms = module.getSupportedSignatureAlgorithms(selectedKeyID);
+    } catch (UnknownKeyException e) {
+      throw new AlgorithmUnavailableException(
+        "Unknown key entry: " + selectedKeyID,
+        e,
+        null);
+    }
+    
+      	if (digestMethod.compareTo("SHA-1") == 0) {
+    		Logger.warn("SHA-1 is configured as digest algorithm. Please revise a use of a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)");
+    		
+    		if  (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) {
+                  return SignatureAlgorithms.SHA1_WITH_RSA;
+                  
+    		} else if (algorithms.contains(SignatureAlgorithms.ECDSA)) {
+                  return SignatureAlgorithms.ECDSA;
+                  
+    		} else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+    			return SignatureAlgorithms.DSA;
+    			
+    		} else {
+    			throw new AlgorithmUnavailableException(
+    					"No algorithm for key entry: " + selectedKeyID,
+                         null,
+                         null);
+             }
+    		
+    	} else if (digestMethod.compareTo("SHA-256") == 0) {
+    		if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) { 
+             	return SignatureAlgorithms.SHA256_WITH_RSA;
+             	
+    		} else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)) {
+             	return SignatureAlgorithms.SHA256_WITH_ECDSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA;
+             	
+             } else {
+             	throw new AlgorithmUnavailableException(
+             			"No algorithm for key entry: " + selectedKeyID,
+             			null,
+             	        null);
+             }
+    	} else if (digestMethod.compareTo("SHA-384") == 0) {
+    		if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) {
+             	return SignatureAlgorithms.SHA384_WITH_RSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)) {
+             	return SignatureAlgorithms.SHA384_WITH_ECDSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA;
+             	
+             } else {
+             	throw new AlgorithmUnavailableException(
+             			"No algorithm for key entry: " + selectedKeyID,
+             			null,
+             	        null);
+             }
+    	} else if (digestMethod.compareTo("SHA-512") == 0) {
+    		if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
+             	return SignatureAlgorithms.SHA512_WITH_RSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)) {
+             	return SignatureAlgorithms.SHA512_WITH_ECDSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA; 
+             	
+             } else {
+             	throw new AlgorithmUnavailableException(
+             			"No algorithm for key entry: " + selectedKeyID,
+             			null,
+             	        null);
+             }
+    	}	
+    	else {
+         	throw new AlgorithmUnavailableException(
+         			"No signature algorithm found for digest algorithm '" + digestMethod,
+         			null,
+         	        null);
+         }
+  
+
+  }
+
+
+ 
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedProperties()
+   */
+  public List getSignedProperties() {
+    return signedProperties;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#isSecurityLayerConform()
+   */
+  public boolean isSecurityLayerConform() {
+    return securityLayerConform;
+  }
+
+  /**
+   * Sets the security layer conformity.
+   * 
+   * @param securityLayerConform <code>true</code>, if the created signature
+   * is to be conform to the Security Layer specification.
+   */
+  public void setSecurityLayerConform(boolean securityLayerConform) {
+    this.securityLayerConform = securityLayerConform;
+  }
+
+ 
+  public void setDigestMethod(String digestMethod) {
+	  this.digestMethod = digestMethod;
+  }
+ 
+
+  public String getMimeType() {
+	  return mimeType;
+  }
+
+  public boolean includeData() {
+	return this.includeData;
+  }
+
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
index edc3922e2..7d0c5a062 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
@@ -201,7 +201,7 @@ public class XMLSignatureCreationProfileImpl
     else {
     	// XAdES 1.4.2 is enabled: select signature algorithm according to selected digest method
     	if (digestMethodXAdES142.compareTo("SHA-1") == 0) {
-    		Logger.warn("XAdES version 1.4.2 is enabled, but SHA-1 is configured as digest algorithm. Please revise a use a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)");
+    		Logger.warn("XAdES version 1.4.2 is enabled, but SHA-1 is configured as digest algorithm. Please revise a use of a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)");
     		
     		if  (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) {
                   return SignatureAlgorithms.SHA1_WITH_RSA;
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
new file mode 100644
index 000000000..e058c8a4b
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
@@ -0,0 +1,396 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import iaik.server.modules.algorithms.HashAlgorithms;
+import iaik.server.modules.cmssign.CMSSignature;
+import iaik.server.modules.cmssign.CMSSignatureCreationException;
+import iaik.server.modules.cmssign.CMSSignatureCreationModule;
+import iaik.server.modules.cmssign.CMSSignatureCreationModuleFactory;
+import iaik.server.modules.cmssign.CMSSignatureCreationProfile;
+import iaik.server.modules.keys.KeyEntryID;
+import iaik.server.modules.keys.KeyModule;
+import iaik.server.modules.keys.KeyModuleFactory;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.math.BigInteger;
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.logging.LoggingContext;
+import at.gv.egovernment.moa.logging.LoggingContextManager;
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo;
+import at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentExcplicit;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentReference;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+import at.gv.egovernment.moa.spss.api.impl.CreateCMSSignatureResponseImpl;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.config.KeyGroupEntry;
+import at.gv.egovernment.moa.spss.server.iaik.cmssign.CMSSignatureCreationProfileImpl;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * A class providing an API based interface to the
+ * <code>CMSSignatureCreationModule</code>.
+ * 
+ * This class performs the invocation of the 
+ * <code>iaik.server.modules.cmssign.CMSSignatureCreationModule</code> from a
+ * <code>CreateCMSSignatureRequest</code> given as an API object. The result of
+ * the invocation is integrated into a <code>CreateCMSSignatureResponse</code>
+ * and returned.
+ * 
+ * @version $Id$
+ */
+public class CMSSignatureCreationInvoker {
+	
+	 private static Map HASH_ALGORITHM_MAPPING;
+
+	  static {
+	    HASH_ALGORITHM_MAPPING = new HashMap();
+	    HASH_ALGORITHM_MAPPING.put(Constants.SHA1_URI, HashAlgorithms.SHA1);
+	    HASH_ALGORITHM_MAPPING.put(Constants.SHA256_URI, HashAlgorithms.SHA256);
+	    HASH_ALGORITHM_MAPPING.put(Constants.SHA384_URI, HashAlgorithms.SHA384);
+	    HASH_ALGORITHM_MAPPING.put(Constants.SHA512_URI, HashAlgorithms.SHA512);
+	  }
+	  
+
+  /** The single instance of this class. */
+  private static CMSSignatureCreationInvoker instance = null;
+
+  /**
+   * Get the only instance of this class.
+   * 
+   * @return The only instance of this class.
+   */
+  public static synchronized CMSSignatureCreationInvoker getInstance() {
+    if (instance == null) {
+      instance = new CMSSignatureCreationInvoker();
+    }
+    return instance;
+  }
+
+  /**
+   * Create a new <code>CMSSignatureCreationInvoker</code>.
+   * 
+   * Protected to disallow multiple instances.
+   */
+  protected CMSSignatureCreationInvoker() {
+  }
+  
+ 
+
+  /**
+   * Process the <code>CreateCMSSignatureRequest<code> message and invoke the
+   * <code>XMLSignatureCreationModule</code> for every
+   * <code>SingleSignatureInfo</code> contained in the request.
+   * 
+   * @param request A <code>CreateCMSSignatureRequest<code> API object
+   * containing the information for creating the signature(s).
+   * @param reserved A <code>Set</code> of reserved object IDs.
+   * 
+   * @return A <code>CreateCMSSignatureResponse</code> API object containing
+   * the created signature(s). The response contains either a
+   * <code>SignatureEnvironment</code> or a <code>ErrorResponse</code>
+   * for each <code>SingleSignatureInfo</code> in the request.
+   * @throws MOAException An error occurred during signature creation. 
+   */
+  public CreateCMSSignatureResponse createCMSSignature(
+    CreateCMSSignatureRequest request,
+    Set reserved)
+    throws MOAException {
+
+	  TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();	  
+	  //LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext();
+
+	  CreateCMSSignatureResponseBuilder responseBuilder = new CreateCMSSignatureResponseBuilder();
+	  CreateCMSSignatureResponse response = new CreateCMSSignatureResponseImpl();
+
+	  boolean isSecurityLayerConform = false;
+	  String structure = null;
+	  String mimetype = null;
+	  
+	  // select the SingleSignatureInfo elements
+	  Iterator singleSignatureInfoIter = request.getSingleSignatureInfos().iterator();
+
+    // iterate over all the SingleSignatureInfo elements in the request
+	  while (singleSignatureInfoIter.hasNext()) {
+		  SingleSignatureInfo singleSignatureInfo = (SingleSignatureInfo) singleSignatureInfoIter.next();
+		  isSecurityLayerConform = singleSignatureInfo.isSecurityLayerConform();
+		  
+		  
+		  DataObjectInfo dataObjectInfo = singleSignatureInfo.getDataObjectInfo();
+		  structure = dataObjectInfo.getStructure();
+		  
+		  CMSDataObject dataobject = dataObjectInfo.getDataObject();
+		  MetaInfo metainfo = dataobject.getMetaInfo();
+		  mimetype = metainfo.getMimeType();
+			  
+		  CMSContent content = dataobject.getContent();
+		  InputStream contentIs = null;
+		  // build the content data
+		  switch (content.getContentType()) {
+		  	case CMSContent.EXPLICIT_CONTENT :			    	  
+		  		contentIs = ((CMSContentExcplicit) content).getBinaryContent();
+		  		break;
+		  	case CMSContent.REFERENCE_CONTENT :
+		  		String reference = ((CMSContentReference) content).getReference();
+		  		if (!"".equals(reference)) {
+		  			ExternalURIResolver resolver = new ExternalURIResolver();
+		  			contentIs = resolver.resolve(reference);
+		  		} else {
+		  			throw new MOAApplicationException("2301", null);
+		  		}
+			    break;
+		  	default : {
+		  		throw new MOAApplicationException("2301", null);
+		  	}
+		  }
+			
+		  // create CMSSignatureCreationModuleFactory
+		  CMSSignatureCreationModule module = CMSSignatureCreationModuleFactory.getInstance();			    
+			    
+		  List signedProperties = null;
+		  boolean includeData = true;
+		  if (structure.compareTo("enveloping") == 0)
+			  includeData = true;
+		  if (structure.compareTo("detached") == 0)
+			  includeData = false;
+			    
+		  ConfigurationProvider config = context.getConfiguration();
+			    
+		  // get the key group id
+		  String keyGroupID = request.getKeyIdentifier();
+		  // set the key set
+		  Set keySet = buildKeySet(keyGroupID);
+		  if (keySet == null) {
+			  throw new MOAApplicationException("2231", null);
+		  } else if (keySet.size() == 0) {
+			  throw new MOAApplicationException("2232", null);
+		  }
+			    
+		  // get digest algorithm
+		  String digestAlgorithm = getDigestAlgorithm(config, keyGroupID);
+			    
+		  // create CMSSignatureCreation profile:			    
+		  CMSSignatureCreationProfile profile = new CMSSignatureCreationProfileImpl(
+				  keySet,
+				  digestAlgorithm, 
+				  signedProperties,
+				  isSecurityLayerConform, 
+				  includeData, 
+				  mimetype);
+		  
+		  // create CMSSignature from the CMSSignatureCreationModule
+		  // build the additionalSignedProperties
+		  List additionalSignedProperties = buildAdditionalSignedProperties();
+		  TransactionId tid = new TransactionId(context.getTransactionID());
+		  try {
+			  CMSSignature signature = module.createSignature(profile, additionalSignedProperties, tid);
+			  ByteArrayOutputStream out = new ByteArrayOutputStream();
+			  // get CMS SignedData output stream from the CMSSignature and wrap it around out
+			  boolean base64 = true;
+			  OutputStream  signedDataStream = signature.getSignature(out, base64);
+					 
+			  // now write the data to be signed to the signedDataStream
+			  byte[] buf = new byte[4096];
+			  int bytesRead;
+			  while ((bytesRead = contentIs.read(buf)) >= 0) {
+				  signedDataStream.write(buf, 0, bytesRead);
+			  } 
+					 
+			  // finish SignedData processing by closing signedDataStream
+			  signedDataStream.close();
+			  String base64value = out.toString();
+					 
+			  responseBuilder.addCMSSignature(base64value);
+					
+					
+		  } catch (CMSSignatureCreationException e) {
+			  MOAException moaException = IaikExceptionMapper.getInstance().map(e);
+
+	          responseBuilder.addError(
+	            moaException.getMessageId(),
+	            moaException.getMessage());
+	          Logger.warn(moaException.getMessage(), e);
+	          
+		  } 
+		  catch (IOException e) {
+			  throw new MOAApplicationException("2301", null, e);			  
+		  }
+			
+	  }
+	  
+
+    return responseBuilder.getResponse();
+  }
+
+  
+  private String getDigestAlgorithm(ConfigurationProvider config, String keyGroupID) throws MOASystemException {
+	// get digest method on key group level (if configured)
+	    String configDigestMethodKG = config.getKeyGroup(keyGroupID).getDigestMethodAlgorithm();
+	    // get default digest method (if configured)
+	    String configDigestMethod = config.getDigestMethodAlgorithmName();
+	    
+	    
+	    String digestMethod = null;
+	    if (configDigestMethodKG != null) {
+	    	// if KG specific digest method is configured
+	    	digestMethod = (String) HASH_ALGORITHM_MAPPING.get(configDigestMethodKG);
+	    	if (digestMethod == null) {
+	    		error(
+	    				"config.17",
+	    				new Object[] { configDigestMethodKG});
+	    		throw new MOASystemException("2900", null);    			
+	    	}
+	    	Logger.debug("Digest algorithm: " + digestMethod + "(configured in KeyGroup)");
+	    }	    	
+	    else {
+	    	// else get default configured digest method
+	    	digestMethod = (String) HASH_ALGORITHM_MAPPING.get(configDigestMethod);
+	    	if (digestMethod == null) {
+	    		error(
+	    				"config.17",
+	    				new Object[] { configDigestMethod});
+	    		throw new MOASystemException("2900", null);	
+	    	}
+	    	Logger.debug("Digest algorithm: " + digestMethod + "(default)");
+	    	
+	    }
+		return digestMethod;
+  }
+  
+  /**
+   * Utility function to issue an error message to the log.
+   * 
+   * @param messageId The ID of the message to log.
+   * @param parameters Additional message parameters.
+   */
+  private static void error(String messageId, Object[] parameters) {
+    MessageProvider msg = MessageProvider.getInstance();
+
+    Logger.error(new LogMsg(msg.getMessage(messageId, parameters)));
+  }
+  
+  /**
+   * Build the set of <code>KeyEntryID</code>s available to the given
+   * <code>keyGroupID</code>.
+   * 
+   * @param keyGroupID The keygroup ID for which the available keys should be
+   * returned.
+   * @return The <code>Set</code> of <code>KeyEntryID</code>s
+   * identifying the available keys.
+   */
+  private Set buildKeySet(String keyGroupID) {
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    Set keyGroupEntries;
+
+    // get the KeyGroup entries from the configuration
+    if (context.getClientCertificate() != null) {
+      X509Certificate cert = context.getClientCertificate()[0];
+      Principal issuer = cert.getIssuerDN();
+      BigInteger serialNumber = cert.getSerialNumber();
+
+      keyGroupEntries =
+        config.getKeyGroupEntries(issuer, serialNumber, keyGroupID);
+    } else {
+      keyGroupEntries = config.getKeyGroupEntries(null, null, keyGroupID);
+    }
+
+    // map the KeyGroup entries to a set of KeyEntryIDs
+    if (keyGroupEntries == null) {
+      return null;
+    } else if (keyGroupEntries.size() == 0) {
+      return Collections.EMPTY_SET;
+    } else {
+      KeyModule module =
+        KeyModuleFactory.getInstance(
+          new TransactionId(context.getTransactionID()));
+      Set keyEntryIDs = module.getPrivateKeyEntryIDs();
+      Set keySet = new HashSet();
+      Iterator iter;
+
+      // filter out the keys that do not exist in the IAIK configuration
+      // by walking through the key entries and checking if the exist in the
+      // keyGroupEntries
+      for (iter = keyEntryIDs.iterator(); iter.hasNext();) {
+        KeyEntryID entryID = (KeyEntryID) iter.next();
+        KeyGroupEntry entry =
+          new KeyGroupEntry(
+            entryID.getModuleID(),
+            entryID.getCertificateIssuer(),
+            entryID.getCertificateSerialNumber());
+        if (keyGroupEntries.contains(entry)) {
+          keySet.add(entryID);
+        }
+      }
+      return keySet;
+    }
+  }
+
+  /**
+   * Build the list of additional signed properties.
+   * 
+   * Based on the generic configuration setting
+   * <code>ConfigurationProvider.TEST_SIGNING_TIME_PROPERTY</code>, a
+   * constant <code>SigningTime</code> will be added to the properties.
+   * 
+   * @return The <code>List</code> of additional signed properties.
+   */
+  private List buildAdditionalSignedProperties() {
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    List additionalSignedProperties = Collections.EMPTY_LIST;
+
+    return additionalSignedProperties;
+  }
+
+}
\ No newline at end of file
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index 2c4bbd4eb..c979d8407 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -136,7 +136,7 @@ public class CMSSignatureVerificationInvoker {
     try {
       // get the signed content
       signedContent = getSignedContent(request);
-
+      
       // build the profile
       profile = profileFactory.createProfile();
 
@@ -159,6 +159,7 @@ public class CMSSignatureVerificationInvoker {
       while (input.read(buf) > 0);
       results = module.verifySignature(signingTime);
       
+      
     } catch (IAIKException e) {
       MOAException moaException = IaikExceptionMapper.getInstance().map(e);
       throw moaException;
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java
new file mode 100644
index 000000000..aa52fe09a
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse;
+
+/**
+ * A class to build a <code>CreateCMSSignatureResponse</code>.
+ * 
+ * <p>The methods <code>addSignature()</code> and <code>addError()</code> may be
+ * called in any combination to add <code>CMSignature</code> and
+ * <code>ErrorResponse</code> elements to the response. One of these functions
+ * must be called at least once to produce a 
+ * <code>CreateCMSSignatureResponse</code>.</p>
+ * 
+ * <p>The <code>getResponseElement()</code> method then returns the
+ * <code>CreateXMLSignatureResponse</code> built so far.</p>
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CreateCMSSignatureResponseBuilder {
+
+  /** The <code>SPSSFactory</code> for creating API objects. */
+  private SPSSFactory factory = SPSSFactory.getInstance();
+  /** The elements to add to the response. */
+  private List responseElements = new ArrayList();
+
+  /**
+   * Get the <code>CreateCMSSignatureResponse</code> built so far.
+   * 
+   * @return The <code>CreateCMSSignatureResponse</code> built so far.
+   */
+  public CreateCMSSignatureResponse getResponse() {
+    return factory.createCreateCMSSignatureResponse(responseElements);
+  }
+
+  /**
+   * Add a <code>SignatureEnvironment</code> element to the response.
+   * 
+   * @param signatureEnvironment The content to put under the
+   * <code>SignatureEnvironment</code> element. This should either be a
+   * <code>dsig:Signature</code> element (in case of a detached signature) or
+   * the signature environment containing the signature (in case of
+   * an enveloping signature).
+   */
+  public void addCMSSignature(String base64value) {
+    CMSSignatureResponse responseElement = 
+      factory.createCMSSignatureResponse(base64value);
+    responseElements.add(responseElement);
+  }
+
+  /**
+   * Add a <code>ErrorResponse</code> element to the response.
+   *  
+   * @param errorCode The error code.
+   * @param info Additional information about the error.
+   */
+  public void addError(String errorCode, String info) {
+    ErrorResponse errorResponse = 
+      factory.createErrorResponse(Integer.parseInt(errorCode), info);
+    responseElements.add(errorResponse);
+  }
+
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java
index 869cfefa1..348cb84aa 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java
@@ -85,7 +85,8 @@ public class IaikExceptionMapper {
       { iaik.server.modules.xmlverify.TransformationException.class, "2265", MOAApplicationException.class },
       { iaik.server.modules.xmlverify.TransformationParsingException.class, "2269", MOAApplicationException.class },
       { iaik.xml.crypto.tsl.ex.TSLEngineDiedException.class, "2290", MOAApplicationException.class },
-      { iaik.xml.crypto.tsl.ex.TSLSearchException.class, "2290", MOAApplicationException.class }
+      { iaik.xml.crypto.tsl.ex.TSLSearchException.class, "2290", MOAApplicationException.class } ,
+      { iaik.server.modules.cmssign.CMSSignatureCreationException.class, "2300", MOAApplicationException.class } ,
       
       
   };
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
index 3b82c6caf..605716d5b 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
@@ -80,6 +80,7 @@ public class VerifyCMSSignatureResponseBuilder {
   public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQCFromTSL, boolean checkSSCDFromTSL)
     throws MOAException {
 
+	  
     CertificateValidationResult certResult =
       result.getCertificateValidationResult();
     int signatureCheckCode =
@@ -90,8 +91,7 @@ public class VerifyCMSSignatureResponseBuilder {
     SignerInfo signerInfo;
     CheckResult signatureCheck;
     CheckResult certificateCheck;
-    
-    
+
     boolean qualifiedCertificate = false;
     
     // verify qualified certificate checks (certificate or TSL)
@@ -112,6 +112,7 @@ public class VerifyCMSSignatureResponseBuilder {
         certResult.isPublicAuthorityCertificate(),
         certResult.getPublicAuthorityID(),
         checkSSCDFromTSL);
+    
 
     // add SignatureCheck element
     signatureCheck = factory.createCheckResult(signatureCheckCode, null);
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
index 6bf2317b4..591e26ac2 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
@@ -393,6 +393,7 @@ public class AxisHandler extends BasicHandler {
 
     try {
       String filename = MOA_SPSS_WSDL_RESOURCE_;
+      
       File file = new File(filename);
       if (file.exists()) {
         //if this resolves to a file, load it
@@ -400,7 +401,7 @@ public class AxisHandler extends BasicHandler {
       } else {
         //else load a named resource in our classloader. 
         instream = this.getClass().getResourceAsStream(filename);
-        if (instream == null) {
+        if (instream == null) {        	
           String errorText = Messages.getMessage("wsdlFileMissing", filename);
           throw new AxisFault(errorText);
         }
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java
index 7a7bb88bb..e5b12bd8c 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java
@@ -35,10 +35,15 @@ import org.w3c.dom.Element;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.spss.MOAException;
 import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.xmlbind.CreateCMSSignatureRequestParser;
+import at.gv.egovernment.moa.spss.api.xmlbind.CreateCMSSignatureResponseBuilder;
 import at.gv.egovernment.moa.spss.api.xmlbind.CreateXMLSignatureRequestParser;
 import at.gv.egovernment.moa.spss.api.xmlbind.CreateXMLSignatureResponseBuilder;
 import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest;
 import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureCreationInvoker;
 import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureCreationInvoker;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
@@ -52,6 +57,89 @@ import at.gv.egovernment.moa.util.StreamUtils;
  * @version $Id$
  */
 public class SignatureCreationService {
+	
+	 /**
+	   * Handle a <code>CreateXMLSignatureRequest</code>.
+	   * 
+	   * @param request The <code>CreateXMLSignatureRequest</code> to work on
+	   * (contained in the 0th element of the array).
+	   * @return A <code>CreateXMLSignatureResponse</code> as the only element of
+	   * the <code>Element</code> array.
+	   * @throws AxisFault An error occurred during handling of the message.
+	   */
+	  public Element[] CreateCMSSignatureRequest(Element[] request)
+	    throws AxisFault {
+		  Logger.trace("---- Entering SignatureCreationService");
+	    CMSSignatureCreationInvoker invoker =
+	      CMSSignatureCreationInvoker.getInstance();
+	    Element[] response = new Element[1];
+
+	    // check that we have a CreateXMLSignatureRequest; if not, create an
+	    // AxisFault, just like the org.apache.axis.providers.java.MsgProvider
+	    if (!Constants.MOA_SPSS_CREATE_CMS_REQUEST.equals(request[0].getLocalName()) ||
+	      !Constants.MOA_NS_URI.equals(request[0].getNamespaceURI()))
+	    {
+	      QName qname =
+	        new QName(request[0].getNamespaceURI(), request[0].getLocalName());
+	      throw new AxisFault(
+	        Messages.getMessage("noOperationForQName", qname.toString())); // TODO GK Operation name does not make it into the error repsonse
+	    }
+
+	    // handle the request
+	    try {
+	        
+	      // create a parser and builder for binding API objects to/from XML
+	      CreateCMSSignatureRequestParser requestParser =
+	        new CreateCMSSignatureRequestParser();
+	      CreateCMSSignatureResponseBuilder responseBuilder =
+	        new CreateCMSSignatureResponseBuilder();
+	      Element reparsedReq;
+	      CreateCMSSignatureRequest requestObj;
+	      CreateCMSSignatureResponse responseObj;
+
+	      //since Axis (1.1 ff) has problem with namespaces we take the raw request stored by the Axishandler.
+	      TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+	  
+	      // validate the request
+	      reparsedReq = ServiceUtils.reparseRequest(request[0]);//context.getRequest());
+
+	      // convert to API objects
+		  Logger.trace(">>> preparsing Request");
+	      requestObj = requestParser.parse(reparsedReq);
+		  Logger.trace("<<< preparsed Request");
+	      
+		  Logger.trace(">>> creating Signature");
+	      // invoke the core logic
+	      responseObj = invoker.createCMSSignature(requestObj, Collections.EMPTY_SET);
+		  Logger.trace("<<< created Signature");
+
+		  Logger.trace(">>> building Response");
+	      // map back to XML
+	      response[0] = responseBuilder.build(responseObj).getDocumentElement();
+		  Logger.trace("<<< built Response");
+	      
+	      // save response in transaction
+	      context.setResponse(response[0]);
+		  Logger.trace("---- Leaving SignatureCreationService");
+		  
+
+	    } catch (MOAException e) {
+	      AxisFault fault = AxisFault.makeFault(e);
+	      fault.setFaultDetail(new Element[] { e.toErrorResponse()});
+	      Logger.debug("Anfrage zur Signaturerstellung wurde nicht erfolgreich beendet:" 
+	        + System.getProperty("line.separator") + StreamUtils.getStackTraceAsString(e));
+	      throw fault;
+	    } catch (Throwable t) {
+	      MOASystemException e = new MOASystemException("2900", null, t);
+	      AxisFault fault = AxisFault.makeFault(e);
+	      fault.setFaultDetail(new Element[] { e.toErrorResponse()});
+	      Logger.debug("Anfrage zur Signaturerstellung wurde nicht erfolgreich beendet:" 
+	        + System.getProperty("line.separator") + StreamUtils.getStackTraceAsString(e));
+	      throw fault;
+	    }
+
+	    return response;
+	  }
 
   /**
    * Handle a <code>CreateXMLSignatureRequest</code>.