Update QC/SSCD check

WSDL location updated
author: Klaus Stranacher <kstranacher@iaik.tugraz.at> 2013-08-21 13:12:26 +0200
committer: Klaus Stranacher <kstranacher@iaik.tugraz.at> 2013-08-21 13:12:26 +0200
commit: 5b697c424d24a7523dccd210454d029368e34898 (patch)
tree: 9dc5efda7d874930db0245ae34d3cd676b6c7c11 /spss/server/serverlib
parent: a52d3300d20837b12b45a0d4fb2b0ee520f6e641 (diff)
download: moa-id-spss-5b697c424d24a7523dccd210454d029368e34898.tar.gz
moa-id-spss-5b697c424d24a7523dccd210454d029368e34898.tar.bz2
moa-id-spss-5b697c424d24a7523dccd210454d029368e34898.zip
19 files changed, 808 insertions, 371 deletions
diff --git a/spss/server/serverlib/resources/data/deploy/tomcat/unix/moa-env.sh b/spss/server/serverlib/resources/data/deploy/tomcat/unix/moa-env.sh
index 6d5be35c0..f114a40f8 100644
--- a/spss/server/serverlib/resources/data/deploy/tomcat/unix/moa-env.sh
+++ b/spss/server/serverlib/resources/data/deploy/tomcat/unix/moa-env.sh
@@ -3,14 +3,11 @@ MOA_START=`pwd`
 CONFIG_OPT=-Dmoa.spss.server.configuration=$MOA_START/conf/moa-spss/spss.config.xml
 LOGGING_OPT=-Dlog4j.configuration=file:$MOA_START/conf/moa-spss/log4j.properties
 
-# Hashcache Parameter f�r TSL Unterstuetzung bei MOA-SP
-#PARAM_HASHCACHE=-Diaik.xml.crypto.tsl.BinaryHashCache.DIR=$MOA_START/conf/moa-spss/hashcache/
-
 # NODE_ID_OPT=-Dmoa.node-id=node1
 # TRUST_STORE_OPT=-Djavax.net.ssl.trustStore=truststore.jks
 # TRUST_STORE_PASS_OPT=-Djavax.net.ssl.trustStorePassword=changeit
 # TRUST_STORE_TYPE_OPT=-Djavax.net.ssl.trustStoreType=jks
 
-export CATALINA_OPTS="$CONFIG_OPT $LOGGING_OPT $NODE_ID_OPT $PARAM_HASHCACHE $TRUST_STORE_OPT $TRUST_STORE_PASS_OPT $TRUST_STORE_TYPE_OPT"
+export CATALINA_OPTS="$CONFIG_OPT $LOGGING_OPT $NODE_ID_OPT $TRUST_STORE_OPT $TRUST_STORE_PASS_OPT $TRUST_STORE_TYPE_OPT"
 
 echo CATALINA_OPTS=$CATALINA_OPTS
diff --git a/spss/server/serverlib/resources/data/deploy/tomcat/win32/startTomcat.bat b/spss/server/serverlib/resources/data/deploy/tomcat/win32/startTomcat.bat
index 729bddbf3..de36fd5c4 100644
--- a/spss/server/serverlib/resources/data/deploy/tomcat/win32/startTomcat.bat
+++ b/spss/server/serverlib/resources/data/deploy/tomcat/win32/startTomcat.bat
@@ -15,10 +15,7 @@ set PARAM_SPSSCONFIG=-Dmoa.spss.server.configuration=%MOA_SPSS_CFG_HOME%\spss.co
 set PARAM_LOGGING=-Dlog4j.configuration=file:%MOA_SPSS_CFG_HOME%\log4j.properties
 set PARAM_NODEID=-Dmoa.node-id=Node1
 
-rem Hashcache Parameter f�r TSL Unterstuetzung bei MOA-SP
-rem set PARAM_HASHCACHE=-Diaik.xml.crypto.tsl.BinaryHashCache.DIR=%MOA_SPSS_CFG_HOME%\hashcache\
-
-set PARAMS_MOA=%PARAM_SPSSCONFIG% %PARAM_LOGGING% %PARAM_NODEID% %PARAM_HASHCACHE%
+set PARAMS_MOA=%PARAM_SPSSCONFIG% %PARAM_LOGGING% %PARAM_NODEID%
 
 rem set PARAM_TRUST_STORE=-Djavax.net.ssl.trustStore=truststore.jks
 rem set PARAM_TRUST_STORE_PASS=-Djavax.net.ssl.trustStorePassword=changeit
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
index 80f996b36..b5cc96a04 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
@@ -1101,6 +1101,7 @@ public abstract class SPSSFactory {
    * 		signature based on a SSDC, otherwise <code>false</code>.
    * @param sscdSourceTSL <code>true</code>, if the SSCD information comes from the TSL, 
    * 		otherwise <code>false</code>.
+   * @param issuerCountryCode contains the signer certificate issuer country code.
    * @return The <code>SignerInfo</code> containing the above data.
    * 
    * @pre signerCertSubjectName != null
@@ -1114,7 +1115,8 @@ public abstract class SPSSFactory {
     boolean publicAuthority,
     String publicAuthorityID,
     boolean sscd,
-    boolean sscdSourceTSL);
+    boolean sscdSourceTSL,
+    String issuerCountryCode);
   
   /**
    * Create a new <code>X509IssuerSerial</code> object.
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/SignerInfo.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/SignerInfo.java
index 337f775bf..777365ad3 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/SignerInfo.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/SignerInfo.java
@@ -68,7 +68,11 @@ public interface SignerInfo {
    */
   public String getQCSource();
 
-  
+  /**
+   * Returns the signer certificate issuer country code
+   * @return
+   */
+  public String getIssuerCountryCode();
   /**
    * Checks, whether the certificate contained in this object is a 
    * public authority certificate.
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
index 74f65cb70..8e3bb7636 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
@@ -626,7 +626,8 @@ public class SPSSFactoryImpl extends SPSSFactory {
     boolean publicAuthority,
     String publicAuthorityID, 
     boolean sscd,
-    boolean sscdSourceTSL) {
+    boolean sscdSourceTSL,
+    String issuerCountryCode) {
     SignerInfoImpl signerInfo = new SignerInfoImpl();
     signerInfo.setSignerCertificate(signerCertificate);
     signerInfo.setQualifiedCertificate(qualifiedCertificate);
@@ -635,6 +636,7 @@ public class SPSSFactoryImpl extends SPSSFactory {
     signerInfo.setPublicAuhtorityID(publicAuthorityID);
     signerInfo.setSSCD(sscd);
     signerInfo.setSSCDSourceTSL(sscdSourceTSL);
+    signerInfo.setIssuerCountryCode(issuerCountryCode);
     return signerInfo;
   }
 
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java
index 5d26397c5..7a108e8a4 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java
@@ -56,6 +56,9 @@ public class SignerInfoImpl implements SignerInfo {
   /** Determines, if the QC check bases upon on TSL */
   private boolean qcSourceTSL;
   
+  /** The certificate issuer country code */
+  private String issuerCountryCode;
+  
   /**
   * Sets the signer certificate.
   * 
@@ -118,6 +121,13 @@ public class SignerInfoImpl implements SignerInfo {
 		  return "Certificate";
   }
   
+  public void setIssuerCountryCode(String issuerCountryCode) {
+	    this.issuerCountryCode = issuerCountryCode;
+  }
+	  public String getIssuerCountryCode() {
+		    return issuerCountryCode;
+	  }
+	  
   /**
    * Sets, whether the certificate contained in this object is an 
    * e-government certificate or not.
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
index 505303bc1..2e2afaf7c 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
@@ -121,7 +121,8 @@ class ResponseBuilderUtils {
     boolean isPublicAuthority,
     String publicAuthorityID,
     boolean isSSCD,
-    String sscdSource)
+    String sscdSource,
+    String issuerCountryCode)
     throws MOAApplicationException {
 
     Element signerInfoElem = response.createElementNS(MOA_NS_URI, "SignerInfo");
@@ -147,6 +148,12 @@ class ResponseBuilderUtils {
             isSSCD
               ? response.createElementNS(MOA_NS_URI, "SecureSignatureCreationDevice")
               : null;
+    Element issuerCountryCodeElem = null;
+    if (issuerCountryCode != null) {
+    	issuerCountryCodeElem = response.createElementNS(MOA_NS_URI, "IssuerCountryCode");
+    	issuerCountryCodeElem.setTextContent(issuerCountryCode);    	
+    }
+              
     Element publicAuthorityElem =
       isPublicAuthority
         ? response.createElementNS(MOA_NS_URI, "PublicAuthority")
@@ -184,8 +191,10 @@ class ResponseBuilderUtils {
     x509DataElem.appendChild(x509IssuerSerialElem);
     x509DataElem.appendChild(x509CertificateElem);
     if (isQualified) {
-    	qualifiedCertificateElem.setAttributeNS(MOA_NS_URI, "Source", qcSource);
-      x509DataElem.appendChild(qualifiedCertificateElem);
+    	if (qcSource.compareToIgnoreCase("TSL") == 0)
+    		qualifiedCertificateElem.setAttributeNS(MOA_NS_URI, "Source", qcSource);
+    	
+    	x509DataElem.appendChild(qualifiedCertificateElem);
     }
     if (isPublicAuthority) {
       x509DataElem.appendChild(publicAuthorityElem);
@@ -195,9 +204,12 @@ class ResponseBuilderUtils {
       }
     }
     if (isSSCD) {
-    	sscdElem.setAttributeNS(MOA_NS_URI, "Source", sscdSource);
+   		sscdElem.setAttributeNS(MOA_NS_URI, "Source", sscdSource);
         x509DataElem.appendChild(sscdElem);
       }
+    if (issuerCountryCodeElem != null)
+    	x509DataElem.appendChild(issuerCountryCodeElem);
+    
     signerInfoElem.appendChild(x509DataElem);
     root.appendChild(signerInfoElem);
   }
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
index 238875351..b11560b28 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
@@ -99,7 +99,6 @@ public class VerifyCMSSignatureResponseBuilder {
     CheckResult signatureCheck = responseElement.getSignatureCheck();
     CheckResult certCheck = responseElement.getCertificateCheck();
     
-    //TODO
     ResponseBuilderUtils.addSignerInfo(
       responseDoc,
       responseElem,
@@ -109,7 +108,8 @@ public class VerifyCMSSignatureResponseBuilder {
       signerInfo.isPublicAuthority(),
       signerInfo.getPublicAuhtorityID(),
       signerInfo.isSSCD(),
-      signerInfo.getSSCDSource());
+      signerInfo.getSSCDSource(),
+      signerInfo.getIssuerCountryCode());
 
     ResponseBuilderUtils.addCodeInfoElement(
       responseDoc,
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
index 8673fba1c..dd4e13ad9 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
@@ -100,7 +100,8 @@ public class VerifyXMLSignatureResponseBuilder {
       response.getSignerInfo().isPublicAuthority(),
       response.getSignerInfo().getPublicAuhtorityID(),
       response.getSignerInfo().isSSCD(),
-      response.getSignerInfo().getSSCDSource());
+      response.getSignerInfo().getSSCDSource(),
+      response.getSignerInfo().getIssuerCountryCode());
 
     // add HashInputData elements
     responseData = response.getHashInputDatas();
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index d2ee75116..0908d88c9 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -1225,7 +1225,6 @@ public class ConfigurationPartsBuilder {
     		  tp.mkdir();
     	  if (!tp.isDirectory()) {
         	  error("config.50", new Object[] { tp.getPath() });
-        	  // TODO?
           }
     	  
     	  File tpid = new File(tp, id);        	 
@@ -1233,11 +1232,8 @@ public class ConfigurationPartsBuilder {
               tpid.mkdir();
     	  if (!tpid.isDirectory()) {
         	  error("config.50", new Object[] { tpid.getPath() });
-        	  // TODO?
           }
 
-    	  
-    	  //System.out.println("tps: " + tpid.getAbsolutePath());
         	  
     	  // create profile
     	  profile = new TrustProfile(id, tpid.getAbsolutePath(), signerCertsLocStr, tslEnabled, countries);
@@ -1257,10 +1253,6 @@ public class ConfigurationPartsBuilder {
               FileUtils.copyFile(file, new File(tpid, file.getName()));  
           } 
           
-//    	  System.out.println("ID: " + id);
-//          System.out.println("Str: " + trustAnchorsLocStr);
-//          System.out.println("URI: " + trustAnchorsLocURI.toString());
-//          System.out.println("tslWorkingDir: " + tslWorkingDir);
           
       } else {
       
@@ -1698,7 +1690,6 @@ public class ConfigurationPartsBuilder {
            map.put(x509IssuerName, interval);
         }
 
-        //System.out.println("Name: " + x509IssuerName + " - Interval: " + interval);
      }
 
      return map;
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
index 3640dc23f..12d8b0126 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
@@ -119,7 +119,7 @@ public class SystemInitializer {
     try {
       ConfigurationProvider config = ConfigurationProvider.getInstance();
       ConfigurationData configData = new IaikConfigurator().configure(config);
-
+      
       //initialize TSL module
       TSLConfiguration tslconfig = config.getTSLConfiguration();
       
@@ -131,13 +131,11 @@ public class SystemInitializer {
   		  
       }
       
-//      System.out.println("Hashcache 1: " + BinaryHashCache.DIR);
       
       //start TSL Update
       TSLUpdaterTimerTask.tslconnector_ = tslconnector;
       TSLUpdaterTimerTask.update();
     	
-//      System.out.println("Hashcache 2: " + BinaryHashCache.DIR);
       
       //initialize TSL Update Task
       initTSLUpdateTask(tslconfig);
@@ -156,13 +154,13 @@ public class SystemInitializer {
     	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
     } catch (TrustStoreException e) {
     	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
-    } catch (CertificateException e) {
-    	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
     } catch (FileNotFoundException e) {
     	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
     } catch (IOException e) {
     	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
-    }
+    } catch (CertificateException e) {
+    	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
+	}
 
     // set IXSIL debug output
     IXSILInit.setPrintDebugLog(
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index 6aa34573e..7a4103957 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -60,6 +60,7 @@ import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
 import at.gv.egovernment.moa.spss.tsl.timer.TSLUpdaterTimerTask;
 import at.gv.egovernment.moa.spss.util.CertificateUtils;
 import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.spss.util.QCSSCDResult;
 
 /**
  * A class providing an interface to the
@@ -185,6 +186,8 @@ public class CMSSignatureVerificationInvoker {
       }
     }
 
+    QCSSCDResult qcsscdresult = new QCSSCDResult();
+    
     // build the response: for each signatory add the result to the response
     signatories = request.getSignatories();
     if (signatories == VerifyCMSSignatureRequest.ALL_SIGNATORIES) {
@@ -192,61 +195,28 @@ public class CMSSignatureVerificationInvoker {
 
       for (resultIter = results.iterator(); resultIter.hasNext();) {
         result = (CMSSignatureVerificationResult) resultIter.next();
-        boolean sscdSourceTSL = false;
-        boolean qcSourceTSL = false;
-        
-        boolean checkQC = false;
-        boolean checkSSCD = false;
-        
-        List chain = result.getCertificateValidationResult().getCertificateChain();
-        // check QC and SSCD via TSL (if enabled)
-        boolean checkQCFromTSL = checkQC(trustProfile.isTSLEnabled(), chain);
-	    boolean checkSSCDFromTSL = checkSSCD(trustProfile.isTSLEnabled(), chain);
-        
-	    if (!checkSSCDFromTSL) {
-	        
-        	boolean checkQCPPlus = CertificateUtils.checkQCPPlus((X509Certificate)chain.get(0));
-	        boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD((X509Certificate)chain.get(0));
-	        
-	        if (checkQCPPlus)
-	        	checkSSCD = true;
-	        if (checkQcEuSSCD)
-	        	checkSSCD = true;
-	        
-        	sscdSourceTSL = false;
-        	
-        	System.out.println("checkSSCDFromTSL: " + checkSSCDFromTSL);
-          	System.out.println("checkQCPPlus: " + checkQCPPlus);
-          	System.out.println("checkQcEuSSCD: " + checkQcEuSSCD);
-        }
-        else {
-        	checkSSCD = true;
-        	sscdSourceTSL = true;
-        }
-        
-        if (!checkQCFromTSL) {
-	        
-        	boolean checkQCP = CertificateUtils.checkQCP((X509Certificate)chain.get(0));
-	        boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance((X509Certificate)chain.get(0));
-	        
-	        if (checkQCP)
-	        	checkQC = true;
-	        if (checkQcEuCompliance)
-	        	checkQC = true;
-	        
-        	qcSourceTSL = false;
-        	
-        	System.out.println("checkQCFromTSL: " + checkQCFromTSL);
-	        System.out.println("checkQCP: " + checkQCP);
-	        System.out.println("checkQcEuCompliance: " + checkQcEuCompliance);
-        }
-        else {
-        	checkQC = true;
-        	qcSourceTSL = true;
+        String issuerCountryCode = null;
+        // QC/SSCD check
+        List list = result.getCertificateValidationResult().getCertificateChain();
+        if (list != null) {
+            X509Certificate[] chain = new X509Certificate[list.size()];
+            
+            Iterator it = list.iterator();
+            int i = 0;
+            while(it.hasNext()) {
+            	chain[i] = (X509Certificate)it.next();
+            	i++;
+            }
+            
+            
+            qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled());
+
+            // get signer certificate issuer country code
+            issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0));
+
         }
         
-        
-        responseBuilder.addResult(result, trustProfile, checkQC, qcSourceTSL, checkSSCD, sscdSourceTSL);
+        responseBuilder.addResult(result, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode);
       }
     } else {
       int i;
@@ -257,64 +227,27 @@ public class CMSSignatureVerificationInvoker {
         try {
           result =
             (CMSSignatureVerificationResult) results.get(signatories[i] - 1);
-          boolean sscdSourceTSL = false;
-          boolean qcSourceTSL = false;
           
-          boolean checkQC = false;
-          boolean checkSSCD = false;
-          
-          List chain = result.getCertificateValidationResult().getCertificateChain();
-          // check QC and SSCD via TSL (if enabled)
-          boolean checkQCFromTSL = checkQC(trustProfile.isTSLEnabled(), chain);
-          boolean checkSSCDFromTSL = checkSSCD(trustProfile.isTSLEnabled(), chain);
-          
-  	    if (!checkSSCDFromTSL) {
-  	        
-          	boolean checkQCPPlus = CertificateUtils.checkQCPPlus((X509Certificate)chain.get(0));
-  	        boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD((X509Certificate)chain.get(0));
-  	        
-  	        if (checkQCPPlus)
-  	        	checkSSCD = true;
-  	        if (checkQcEuSSCD)
-  	        	checkSSCD = true;
-  	        
-          	sscdSourceTSL = false;
-          	
-          	System.out.println("checkSSCDFromTSL: " + checkSSCDFromTSL);
-          	System.out.println("checkQCPPlus: " + checkQCPPlus);
-          	System.out.println("checkQcEuSSCD: " + checkQcEuSSCD);
-          }
-          else {
-          	checkSSCD = true;
-          	sscdSourceTSL = true;
-          }
-          
-          if (!checkQCFromTSL) {
-  	        
-          	boolean checkQCP = CertificateUtils.checkQCP((X509Certificate)chain.get(0));
-  	        boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance((X509Certificate)chain.get(0));
-  	        
-  	        if (checkQCP)
-  	        	checkQC = true;
-  	        if (checkQcEuCompliance)
-  	        	checkQC = true;
-  	        
-          	qcSourceTSL = false;
-          	
-	        System.out.println("checkQCFromTSL: " + checkQCFromTSL);
-	        System.out.println("checkQCP: " + checkQCP);
-	        System.out.println("checkQcEuCompliance: " + checkQcEuCompliance);
-
-          }
-          else {
-          	checkQC = true;
-          	qcSourceTSL = true;
+          String issuerCountryCode = null;
+          // QC/SSCD check
+          List list = result.getCertificateValidationResult().getCertificateChain();
+          if (list != null) {
+              X509Certificate[] chain = new X509Certificate[list.size()];
+              
+              Iterator it = list.iterator();
+              int j = 0;
+              while(it.hasNext()) {
+              	chain[j] = (X509Certificate)it.next();
+              	j++;
+              }
+              
+              
+              qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled());
+              
+              issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0)); 
           }
             
-  	        
-	        
-          
-          responseBuilder.addResult(result, trustProfile, checkQC, qcSourceTSL, checkSSCD, sscdSourceTSL);
+          responseBuilder.addResult(result, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode);
         } catch (IndexOutOfBoundsException e) {
           throw new MOAApplicationException(
             "2249",
@@ -326,65 +259,7 @@ public class CMSSignatureVerificationInvoker {
     return responseBuilder.getResponse();
   }
 
-  private boolean checkQC(boolean tslEnabledTrustProfile, List chainlist) {
-	  boolean checkQCFromTSL = false;
-	  try {
-          if (tslEnabledTrustProfile) {
-            if (chainlist != null) {
-    	        X509Certificate[] chain = new X509Certificate[chainlist.size()];
-    	              	        
-    	        Iterator it = chainlist.iterator();
-    	        int i = 0;
-    	        while(it.hasNext()) {
-    	        	chain[i] = (X509Certificate)it.next();
-    	        	i++;
-    	        }
-    	        
-    	        checkQCFromTSL =  TSLUpdaterTimerTask.tslconnector_.checkQC(chain);
-    	        //checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain);
-            }
-          } 
-        }
-       catch (TSLEngineDiedException e) {
-        	MessageProvider msg = MessageProvider.getInstance();
-            Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
-    	} catch (TSLSearchException e) {
-        	MessageProvider msg = MessageProvider.getInstance();
-            Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
-    	}
-    	
-    	return checkQCFromTSL;
-  }
-  
-  private boolean checkSSCD(boolean tslEnabledTrustProfile, List chainlist) {
-	  boolean checkSSCDFromTSL = false;
-	  try {
-          if (tslEnabledTrustProfile) {
-            if (chainlist != null) {
-    	        X509Certificate[] chain = new X509Certificate[chainlist.size()];
-    	              	        
-    	        Iterator it = chainlist.iterator();
-    	        int i = 0;
-    	        while(it.hasNext()) {
-    	        	chain[i] = (X509Certificate)it.next();
-    	        	i++;
-    	        }
-    	        
-    	        checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain);
-            }
-          } 
-        }
-       catch (TSLEngineDiedException e) {
-        	MessageProvider msg = MessageProvider.getInstance();
-            Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
-    	} catch (TSLSearchException e) {
-        	MessageProvider msg = MessageProvider.getInstance();
-            Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
-    	}
-    	
-    	return checkSSCDFromTSL;    	
-  }
-  
+ 
   /**
    * Get the signed content contained either in the request itself or given as a
    * reference to external data.
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
index f44cce62a..1ea10cb4e 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
@@ -79,7 +79,7 @@ public class VerifyCMSSignatureResponseBuilder {
    * 		otherwise <code>false</code>.
  * @throws MOAException 
    */
-  public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL)
+  public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode)
     throws MOAException {
 	  
     CertificateValidationResult certResult =
@@ -104,7 +104,8 @@ public class VerifyCMSSignatureResponseBuilder {
         certResult.isPublicAuthorityCertificate(),
         certResult.getPublicAuthorityID(),
         checkSSCD,
-        sscdSourceTSL);
+        sscdSourceTSL,
+        issuerCountryCode);
 
     // add SignatureCheck element
     signatureCheck = factory.createCheckResult(signatureCheckCode, null);
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
index 4fdb1eeb7..193495171 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
@@ -142,7 +142,8 @@ public class VerifyXMLSignatureResponseBuilder {
     boolean qcSourceTSL,
     boolean checkSSCD,
     boolean sscdSourceTSL,
-    boolean isTSLEnabledTrustprofile)
+    boolean isTSLEnabledTrustprofile,
+    String issuerCountryCode)
     throws MOAApplicationException {
 
     CertificateValidationResult certResult =
@@ -167,7 +168,8 @@ public class VerifyXMLSignatureResponseBuilder {
         certResult.isPublicAuthorityCertificate(),
         certResult.getPublicAuthorityID(),
         checkSSCD,
-        sscdSourceTSL);
+        sscdSourceTSL,
+        issuerCountryCode);
 
     // Create HashInputData Content objects
     referenceDataList = result.getReferenceDataList();
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
index c3cc8bfe8..c90bc534a 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
@@ -24,10 +24,7 @@
 
 package at.gv.egovernment.moa.spss.server.invoke;
 
-import at.gv.egovernment.moa.spss.util.CertificateUtils;
-
 import iaik.ixsil.exceptions.URIException;
-
 import iaik.ixsil.util.URI;
 import iaik.server.modules.IAIKException;
 import iaik.server.modules.IAIKRuntimeException;
@@ -43,8 +40,6 @@ import iaik.server.modules.xmlverify.XMLSignatureVerificationModuleFactory;
 import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile;
 import iaik.server.modules.xmlverify.XMLSignatureVerificationResult;
 import iaik.x509.X509Certificate;
-import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;
-import iaik.xml.crypto.tsl.ex.TSLSearchException;
 
 import java.io.File;
 import java.io.FileInputStream;
@@ -90,8 +85,9 @@ import at.gv.egovernment.moa.spss.server.logging.IaikLog;
 import at.gv.egovernment.moa.spss.server.logging.TransactionId;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
-import at.gv.egovernment.moa.spss.tsl.timer.TSLUpdaterTimerTask;
+import at.gv.egovernment.moa.spss.util.CertificateUtils;
 import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.spss.util.QCSSCDResult;
 import at.gv.egovernment.moa.util.CollectionUtils;
 import at.gv.egovernment.moa.util.Constants;
 
@@ -211,12 +207,7 @@ public class XMLSignatureVerificationInvoker {
         requestElement);
     }
 
-    boolean sscdSourceTSL = false;
-    boolean qcSourceTSL = false;
-    
-    boolean checkQC = false;
-    boolean checkSSCD = false;
-    
+    QCSSCDResult qcsscdresult = new QCSSCDResult();
     String tpID =  profile.getCertificateValidationProfile().getTrustStoreProfile().getId();
     ConfigurationProvider config = ConfigurationProvider.getInstance();
     TrustProfile tp = config.getTrustProfile(tpID);
@@ -242,73 +233,27 @@ public class XMLSignatureVerificationInvoker {
         MOAException moaException = IaikExceptionMapper.getInstance().map(e);
         throw moaException;
     } 
-    try {
-      if (tp.isTSLEnabled()) {
-        List list = result.getCertificateValidationResult().getCertificateChain();
-        if (list != null) {
-	        X509Certificate[] chain = new X509Certificate[list.size()];
-	        
-	        Iterator it = list.iterator();
-	        int i = 0;
-	        while(it.hasNext()) {
-	        	chain[i] = (X509Certificate)it.next();
-	        	i++;
-	        }
-	        
-	        boolean checkQCFromTSL = TSLUpdaterTimerTask.tslconnector_.checkQC(chain);
-	        boolean checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain);
-	        
-	        if (!checkSSCDFromTSL) {
-	        
-	        	boolean checkQCPPlus = CertificateUtils.checkQCPPlus(chain[0]);
-		        boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD(chain[0]);
-		        
-		        if (checkQCPPlus)
-		        	checkSSCD = true;
-		        if (checkQcEuSSCD)
-		        	checkSSCD = true;
-		        
-	        	sscdSourceTSL = false;
-	        }
-	        else {
-	        	checkSSCD = true;
-	        	sscdSourceTSL = true;
-	        }
-	        
-	        if (!checkQCFromTSL) {
-		        
-	        	boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
-		        boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
-		        
-		        if (checkQCP)
-		        	checkQC = true;
-		        if (checkQcEuCompliance)
-		        	checkQC = true;
-		        
-	        	qcSourceTSL = false;
-	        }
-	        else {
-	        	checkQC = true;
-	        	qcSourceTSL = true;
-	        }
-	        
-//	        System.out.println("chain[0]: " + chain[0]);
-//	        
-//	        System.out.println("checkQCFromTSL: " + checkQCFromTSL);
-//	        System.out.println("checkSSCDFromTSL: " + checkSSCDFromTSL);
-//	        System.out.println("checkQCPPlus: " + checkQCPPlus);
-//	        System.out.println("checkQcEuSSCD: " + checkQcEuSSCD);
+    
+
+    // QC/SSCD check
+    List list = result.getCertificateValidationResult().getCertificateChain();
+    if (list != null) {
+        X509Certificate[] chain = new X509Certificate[list.size()];
+        
+        Iterator it = list.iterator();
+        int i = 0;
+        while(it.hasNext()) {
+        	chain[i] = (X509Certificate)it.next();
+        	i++;
         }
-      } 
+        
+        qcsscdresult = CertificateUtils.checkQCSSCD(chain, tp.isTSLEnabled());
     }
-   catch (TSLEngineDiedException e) {
-    	MessageProvider msg = MessageProvider.getInstance();
-        Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
-	} catch (TSLSearchException e) {
-    	MessageProvider msg = MessageProvider.getInstance();
-        Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
-	}
+    	
 
+    // get signer certificate issuer country code
+    String issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0));
+    
     // swap back in the request as root document
     if (requestElement != signatureEnvironment.getElement()) {
       requestElement.getOwnerDocument().replaceChild(
@@ -325,14 +270,9 @@ public class XMLSignatureVerificationInvoker {
     TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId());
     CheckResult certificateCheck = validateSignerCertificate(result, trustProfile);
 
-//    System.out.println("checkQC: " + checkQC);
-//    System.out.println("qcSourceTSL: " + qcSourceTSL);
-//    System.out.println("checkSSCD: " + checkSSCD);
-//    System.out.println("sscdSourceTSL: " + sscdSourceTSL);
 
     // build the response
-    responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck, checkQC, qcSourceTSL, checkSSCD, sscdSourceTSL, tp.isTSLEnabled());
-
+    responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), tp.isTSLEnabled(), issuerCountryCode);
     return responseBuilder.getResponse();
   }
 
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java
index 49f715cb8..07da0a998 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java
@@ -83,6 +83,15 @@ public class TSLConnector implements TSLConnectorInterface {
 		return updateAndGetQualifiedCACertificates(dateTime, null, serviceLevelStatus);
 	}
 	
+	public void updateTSLs(Date dateTime,
+			String[] serviceLevelStatus) throws TSLEngineDiedException, TSLSearchException {
+		
+		if (Configurator.is_isInitialised() == false)
+			new TSLEngineFatalException("The TSL Engine is not initialized!");
+		
+		updateTSLs(dateTime, null, serviceLevelStatus);
+	}
+	
 	public ArrayList<File> updateAndGetQualifiedCACertificates(Date dateTime,
 			String[] countries, String[] serviceLevelStatus) throws TSLEngineDiedException, TSLSearchException {
 		
@@ -326,6 +335,249 @@ public class TSLConnector implements TSLConnectorInterface {
 		return getQualifiedCACertificates(dateTime, countries, serviceLevelStatus);
 	}
 
+	public void updateTSLs(Date dateTime,
+			String[] countries, String[] serviceLevelStatus) throws TSLEngineDiedException, TSLSearchException {
+		
+		if (Configurator.is_isInitialised() == false)
+			new TSLEngineFatalException("The TSL Engine is not initialized!");
+
+		String tsldownloaddir = Configurator.get_TSLWorkingDirectoryPath() + "TslDownload";
+		
+//		String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");
+//		System.out.println("hashcachedir: " + hashcachedir);
+//		if (hashcachedir==null)
+//			hashcachedir = DEFAULT_HASHCACHE_DIR;
+
+//		File hashcachefile = new File(hashcachedir);
+//		File[] filelist = hashcachefile.listFiles();
+//		if (filelist != null) {
+//			for (File f : filelist)
+//				f.delete();
+//		}
+	
+		File tsldownloadfile = new File(tsldownloaddir);
+		if (!tsldownloadfile.exists()) {
+			tsldownloadfile.mkdir();
+		}
+		File[] tslfilelist = tsldownloadfile.listFiles();
+		if (tslfilelist != null) {
+			for (File f : tslfilelist)
+				f.delete();
+		}
+		
+		//create sqlLite database
+		File dbFile = new File(Configurator.get_TempdbFile());
+		try {
+			dbFile.delete();
+			dbFile.createNewFile();
+		} catch (IOException e) {
+			throw new TSLEngineDiedException("Could not create temporary data base file", e);
+		}
+		
+		//the TSL library uses the iaik.util.logging environment.
+		//iaik.util.logging.Log.setLogLevel(iaik.util.logging.LogLevels.WARN);
+		iaik.util.logging.Log.setLogLevel(iaik.util.logging.LogLevels.OFF);
+		
+		log.info("Starting EU TSL import.");
+
+		// Certificates in Germany, Estonia, Greece, Cyprus,
+		// Lithuainia, Hungary, Poland, Finland, Norway use SURNAME
+		log.debug("### SURNAME registered as " + ObjectID.surName + " ###");
+		RFC2253NameParser.register("SURNAME", ObjectID.surName);
+
+		XSecProvider.addAsProvider(false);
+
+		TSLEngine tslEngine;
+		TslSqlConnectionWrapper connection = null;
+
+		try {
+			// register the Https JSSE Wrapper
+			TLS.register();
+			log.trace("### Https JSSE Wrapper registered ###");
+			
+
+			log.debug("### Connect to Database.###");
+			connection = DbTables.connectToDatabaBase(dbFile, MODE.AUTO_COMMIT_ON);
+
+			log.trace("### Connected ###");
+
+			// empty the database and recreate the tables
+			tslEngine = new TSLEngine(dbFile, Configurator.get_TSLWorkingDirectoryPath(), 
+					connection, true, true);
+			
+		} catch (TSLEngineFatalException e1) {
+			throw new TSLEngineDiedException(e1);
+			
+		}
+
+		// H.2.2.1 Same-scheme searching
+		// H.2.2.2 Known scheme searching
+		// H.2.2.3 "Blind" (unknown) scheme searching
+		Number tId = null;
+		Countries euTerritory = Countries.EU;
+		TSLImportContext topLevelTslContext = new TSLEUImportFromFileContext(
+			euTerritory, Configurator.get_euTSLURL(), Configurator.get_TSLWorkingDirectoryPath(), 
+			Configurator.is_sqlMultithreaded(), 
+			Configurator.is_throwExceptions(), Configurator.is_logExceptions(), 
+			Configurator.is_throwWarnings(), Configurator.is_logWarnings(), 
+			Configurator.is_nullRedundancies());
+
+		TSLEngineEU tslengineEU;
+		try {
+			tslengineEU = tslEngine.new TSLEngineEU();
+			
+		} catch (TSLEngineFatalException e1) {
+			throw new TSLEngineDiedException(e1);
+		}
+
+		// establish EU TSL trust anchor
+		ListIterator<java.security.cert.X509Certificate> expectedEuTslSignerCerts =
+			tslEngine.loadCertificatesFromResource(
+			Configurator.get_euTrustAnchorsPath(), topLevelTslContext);
+
+		log.debug("Process EU TSL");
+		// process the EU TSL to receive the pointers to the other TSLs
+		// and the trust anchors for the TSL signers
+		Set<Entry<Number, LocationAndCertHash>> pointersToMsTSLs = null;
+		
+		try {
+			
+			tId = tslengineEU.processEUTSL(topLevelTslContext, expectedEuTslSignerCerts);
+			log.info("Process EU TSL finished");
+			
+			log.debug(Thread.currentThread() + " waiting for other threads ...");
+			
+			topLevelTslContext.waitForAllOtherThreads();
+			log.debug(Thread.currentThread()
+				+ " reactivated after other threads finished ...");
+
+
+			// get the TSLs pointed from the EU TSL
+			LinkedHashMap<Number, LocationAndCertHash> tslMap = tslengineEU
+				.getOtherTslMap(tId, topLevelTslContext);
+
+			pointersToMsTSLs = tslMap.entrySet();
+			
+			//set Errors and Warrnings
+			
+		} catch (TSLEngineFatalRuntimeException e) {
+			throw new TSLEngineDiedException(topLevelTslContext.dumpFatals());
+			
+		} catch (TSLTransactionFailedRuntimeException e) {
+			throw new TSLEngineDiedException(topLevelTslContext.dumpTransactionFaliures());
+		}
+
+		//Backup implementation if the EU TSL includes a false signer certificate 
+		// establish additional trust anchors for member states
+//			Countries[] countriesWithPotentiallyWrongCertsOnEuTsl = {
+//				Countries.CZ,
+//				Countries.LU,
+//				Countries.ES,
+//				Countries.AT,
+//			};
+		Countries[] countriesWithPotentiallyWrongCertsOnEuTsl = {};
+
+		Map<Countries, java.util.ListIterator<java.security.cert.X509Certificate>>
+			trustAnchorsWrongOnEuTsl = loadCertificatesFromResource(
+					Configurator.get_msTrustAnchorsPath(), tslEngine, topLevelTslContext,
+					countriesWithPotentiallyWrongCertsOnEuTsl);
+
+		log.info("Starting EU member TSL import.");
+		
+		for (Entry<Number, LocationAndCertHash> entry : pointersToMsTSLs) {
+
+			TSLImportContext msTslContext;
+			
+			Countries expectedTerritory = entry.getValue().getSchemeTerritory();
+			try {
+				
+//				if (expectedTerritory.equals("RO"))
+//					System.out.println("Stop");
+				
+				Number otpId = entry.getKey();
+				LocationAndCertHash lac = entry.getValue();
+
+				URL uriReference = null;
+				try {
+					uriReference = new URL(lac.getUrl());
+					
+				} catch (MalformedURLException e) {
+					log.warn("Could not process: " + uriReference, e);
+					continue;
+				}
+
+				String baseURI = uriReference == null ? "" : "" + uriReference;
+
+				msTslContext = new TSLImportFromFileContext(
+					expectedTerritory, uriReference, otpId, Configurator.get_TSLWorkingDirectoryPath(),
+					Configurator.is_sqlMultithreaded(),
+					Configurator.is_throwExceptions(), Configurator.is_logExceptions(), 
+					Configurator.is_throwWarnings(), Configurator.is_logWarnings(), 
+					Configurator.is_nullRedundancies(), baseURI, trustAnchorsWrongOnEuTsl, 
+					topLevelTslContext);
+
+				ListIterator<X509Certificate> expectedTslSignerCerts = null;
+				expectedTslSignerCerts = tslEngine.getCertificates(lac, msTslContext);
+
+				if (expectedTslSignerCerts == null) {
+					
+					// no signer certificate on the EU TSL
+					// ignore this msTSL and log a warning
+					log.warn("NO signer certificate found on EU TSL! " 
+							+ lac.getSchemeTerritory() + "TSL ignored.");
+					
+				}
+				else {
+					tslEngine.processMSTSL(topLevelTslContext, msTslContext, expectedTslSignerCerts);
+				}
+				
+			} catch (TSLExceptionB e) {
+				log.warn("Failed to process TSL. " + entry.getValue().getSchemeTerritory() 
+						+ " TSL ignored.");
+				log.debug("Failed to process TSL. " + entry, e);
+				continue;
+			} catch (TSLRuntimeException e) {
+				log.warn("Failed to process TSL. " + entry.getValue().getSchemeTerritory()
+						+ " TSL ignored.");
+				log.debug("Failed to process TSL. " + entry, e);
+				continue;
+			}				
+		}
+				
+		log.debug(Thread.currentThread() + " waiting for other threads ...");
+		topLevelTslContext.waitForAllOtherThreads();
+
+		log.debug(_.dumpAllThreads());
+		log.debug(Thread.currentThread() + " reactivated after other threads finished ...");
+		
+		connection = null;
+		try {
+			connection = DbTables.connectToDatabaBase(dbFile, MODE.AUTO_COMMIT_ON);				
+			tslEngine.recreateTablesInvalidatedByImport(connection);
+			
+			
+			//TODO: implement database copy operation!
+			File working_database = new File(Configurator.get_dbFile());
+			working_database.delete();
+			copy(dbFile, working_database);
+
+			
+		} catch (TSLEngineFatalException e) {
+			throw new TSLEngineDiedException(e);
+			
+		} finally {
+			try {
+				connection.closeConnection();
+				
+			} catch (TSLEngineFatalException e) {
+				throw new TSLEngineDiedException(e);
+				
+			}
+		}
+		
+		//return getQualifiedCACertificates(dateTime, countries, serviceLevelStatus);
+	}
+
 	public ArrayList<File> getQualifiedCACertificates(Date dateTime,
 			String[] serviceLevelStatus) throws TSLEngineDiedException,
 			TSLSearchException {
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
index 76be8217a..0cb18a08e 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
@@ -33,13 +33,14 @@ import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStorePro
 import at.gv.egovernment.moa.spss.server.logging.TransactionId;
 import at.gv.egovernment.moa.spss.tsl.connector.TSLConnector;
 import at.gv.egovernment.moa.spss.util.MessageProvider;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.StringUtils;
 
 
 public class TSLUpdaterTimerTask extends TimerTask {
 	
 	public static TSLConnector tslconnector_;
+	
+	public static ConfigurationData configData_ = null;
 
 	@Override
 	public void run() {
@@ -49,10 +50,6 @@ public class TSLUpdaterTimerTask extends TimerTask {
 		} catch (TSLEngineDiedException e) {
 			MessageProvider msg = MessageProvider.getInstance();
 			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
-
-			// 		TODO wenn update nicht erfolgreich, dann soll TSL-Trustprofil nicht zur 
-			// Verf�gung stehen?
-			
 		} catch (TSLSearchException e) {
 			MessageProvider msg = MessageProvider.getInstance();
 			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
@@ -68,105 +65,138 @@ public class TSLUpdaterTimerTask extends TimerTask {
 		} catch (TrustStoreException e) {
 			MessageProvider msg = MessageProvider.getInstance();
 			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
-		} catch (CertificateException e) {
+		}  catch (FileNotFoundException e) {
 			MessageProvider msg = MessageProvider.getInstance();
 			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
-		} catch (FileNotFoundException e) {
+		} catch (IOException e) {
 			MessageProvider msg = MessageProvider.getInstance();
 			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
-		} catch (IOException e) {
+		} catch (CertificateException e) {
 			MessageProvider msg = MessageProvider.getInstance();
 			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
 		}
 
 	}
 	
-	public static void update() throws TSLEngineDiedException, TSLSearchException, ConfigurationException, MOAApplicationException, CertStoreException, TrustStoreException, CertificateException, FileNotFoundException, IOException {
+	public static void update() throws TSLEngineDiedException, TSLSearchException, ConfigurationException, MOAApplicationException, CertStoreException, TrustStoreException, CertificateException, IOException {
 		MessageProvider msg = MessageProvider.getInstance();
 		
-		//get TSl configuration
-		ConfigurationProvider config = ConfigurationProvider.getInstance();
-		ConfigurationData configData = new IaikConfigurator().configure(config);
-		TSLConfiguration tslconfig = config.getTSLConfiguration();
-		if (tslconfig != null) {
-			
-			Logger.info(new LogMsg(msg.getMessage("config.42", null)));
+		//TrustProfile tp = null;
+		TrustStoreProfile tsp = null;
+		StoreUpdater storeUpdater = null;
+		TransactionId tid = null;
+		
+			//get TSl configuration
+			ConfigurationProvider config = ConfigurationProvider.getInstance();
+			if (configData_ == null)
+				configData_ = new IaikConfigurator().configure(config);
 			
-			// get certstore parameters
-			CertStoreParameters[] certStoreParameters = configData.getPKIConfiguration().getCertStoreConfiguration().getParameters();
+			TSLConfiguration tslconfig = config.getTSLConfiguration();
+			if (tslconfig != null) {
 				
-			// iterate over all truststores
-			Map mapTrustProfiles = config.getTrustProfiles();
-			Iterator it = mapTrustProfiles.entrySet().iterator();
-			while (it.hasNext()) {
-				Map.Entry pairs = (Map.Entry)it.next();
-				TrustProfile tp = (TrustProfile) pairs.getValue();
-				if (tp.isTSLEnabled()) {
-					TrustStoreProfile tsp = new TrustStoreProfileImpl(config, tp.getId());
-					TrustStoreProfile[] trustStoreProfiles = new TrustStoreProfile[1];
-					trustStoreProfiles[0] = tsp;
-					
-					Logger.debug(new LogMsg(msg.getMessage("config.43", new String[]{tp.getId()})));
-		         
-					TransactionId tid = new TransactionId("TSLConfigurator-" + tp.getId());
-					ArrayList tsl_certs = null;
-					if (StringUtils.isEmpty(tp.getCountries())) {
-						Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
-
-						// get certificates from TSL from all countries
-						tsl_certs = tslconnector_.updateAndGetQualifiedCACertificates(new Date(), new String[]{"accredited","undersupervision"});
-					}
-					else {
-						Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
-						// get selected countries as array
-						String countries = tp.getCountries();
-						String[] array = countries.split(",");
-						for (int i = 0; i < array.length; i++)
-							array[i] = array[i].trim();
-		                	  
-						// get certificates from TSL from given countries
-						tsl_certs = tslconnector_.updateAndGetQualifiedCACertificates(new Date(), array, new String[]{"accredited","undersupervision"});
-					}
-					
-					// create store updater for each TSL enabled truststore 
-					Logger.debug(new LogMsg(msg.getMessage("config.45", null)));
-					StoreUpdater storeUpdater = new StoreUpdater(certStoreParameters, trustStoreProfiles, tid);
-					
-		            
-					// delete files in trustprofile
-					File ftp = new File(tp.getUri());
-					File[] files = ftp.listFiles();
-					for (File file : files) 
-			              file.delete();   
+				tslconnector_.updateTSLs(new Date(), new String[]{"accredited","undersupervision"});
+				
+				Logger.info(new LogMsg(msg.getMessage("config.42", null)));
+				
+				// get certstore parameters
+				CertStoreParameters[] certStoreParameters = configData_.getPKIConfiguration().getCertStoreConfiguration().getParameters();
 					
-					// convert ArrayList<File> to X509Certificate[]										
-					X509Certificate[] addCertificates = new X509Certificate[tsl_certs.size()];
-					Iterator itcert = tsl_certs.iterator();
-					int i = 0;
-					while(itcert.hasNext()) {
-						File f = (File)itcert.next();
-						X509Certificate cert = new X509Certificate(new FileInputStream(f));
-						addCertificates[i] = cert;
+				// iterate over all truststores
+				Map mapTrustProfiles = config.getTrustProfiles();
+				Iterator it = mapTrustProfiles.entrySet().iterator();
+				while (it.hasNext()) {
+					Map.Entry pairs = (Map.Entry)it.next();
+					TrustProfile tp = (TrustProfile) pairs.getValue();
+					if (tp.isTSLEnabled()) {
+						tsp = new TrustStoreProfileImpl(config, tp.getId());
+						TrustStoreProfile[] trustStoreProfiles = new TrustStoreProfile[1];
+						trustStoreProfiles[0] = tsp;
+						
+						Logger.debug(new LogMsg(msg.getMessage("config.43", new String[]{tp.getId()})));
+			         
+						tid = new TransactionId("TSLConfigurator-" + tp.getId());
+						ArrayList tsl_certs = null;
+						if (StringUtils.isEmpty(tp.getCountries())) {
+							Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
+	
+							// get certificates from TSL from all countries
+							tsl_certs = tslconnector_.getQualifiedCACertificates(new Date(), new String[]{"accredited","undersupervision"});
+						}
+						else {
+							Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
+							// get selected countries as array
+							String countries = tp.getCountries();
+							String[] array = countries.split(",");
+							for (int i = 0; i < array.length; i++)
+								array[i] = array[i].trim();
+			                	  
+							// get certificates from TSL from given countries
+							tsl_certs = tslconnector_.getQualifiedCACertificates(new Date(), array, new String[]{"accredited","undersupervision"});
+						}
+						
+						// create store updater for each TSL enabled truststore 
+						Logger.debug(new LogMsg(msg.getMessage("config.45", null)));
+						storeUpdater = new StoreUpdater(certStoreParameters, trustStoreProfiles, tid);
+						
+						// delete files in trustprofile
+						
+						File ftp = new File(tp.getUri());
+						File[] files = ftp.listFiles();
+						X509Certificate[] removeCertificates = new X509Certificate[files.length];
+						int i = 0;
+						for (File file : files) {
+							FileInputStream fis = new FileInputStream(file);
+							removeCertificates[i] = new X509Certificate(fis);
+							i++;
+							fis.close();
+								//file.delete();
+						}
+						
+						// remove all certificates
+						storeUpdater.removeCertificatesFromTrustStores(removeCertificates, tid);
+						storeUpdater.removeCertificatesFromCertStores(removeCertificates, tid);
+						
 						
-						i++;
+						// copy files from original trustAnchorsLocURI into tslworking trust profile
+				    	File src = new File(tp.getUriOrig());
+				    	files = src.listFiles();
+				    	X509Certificate[] addCertificates = new X509Certificate[files.length];
+				    	i = 0;
+				        for (File file : files) {
+				        	FileInputStream fis = new FileInputStream(file);
+				        	addCertificates[i] = new X509Certificate(fis);
+				        	//FileUtils.copyFile(file, new File(tp.getUri(), file.getName()));
+				        	i++;
+				        	fis.close();
+				        }
+						
+				        // convert ArrayList<File> to X509Certificate[]										
+						X509Certificate[] addCertificatesTSL = new X509Certificate[tsl_certs.size()];
+						Iterator itcert = tsl_certs.iterator();
+						i = 0;
+						File f = null;
+						while(itcert.hasNext()) {
+							f = (File)itcert.next();
+							FileInputStream fis = new FileInputStream(f);
+							X509Certificate cert = new X509Certificate(fis);
+							addCertificatesTSL[i] = cert;
+								
+							i++;
+							fis.close();
+						}
+						  
+						Logger.debug(new LogMsg("Add " + addCertificatesTSL.length + " certificates."));
+						storeUpdater.addCertificatesToTrustStores(addCertificatesTSL, tid);
+						storeUpdater.addCertificatesToCertStores(addCertificatesTSL, tid);
+						
+						Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));
+						storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
+						storeUpdater.addCertificatesToCertStores(addCertificates, tid);
+			
+			            
 					}
-					
-					
-					// copy files from original trustAnchorsLocURI into tslworking trust profile
-			    	File src = new File(tp.getUriOrig());
-			    	files = src.listFiles();                    
-			        for (File file : files) { 
-			            FileUtils.copyFile(file, new File(tp.getUri(), file.getName()));  
-			        } 
-			          
-					Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));
-					storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
-					storeUpdater.addCertificatesToCertStores(addCertificates, tid);
-		
-		            
 				}
 			}
-		}
 		
 
 		
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
new file mode 100644
index 000000000..544ea916c
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
@@ -0,0 +1,286 @@
+package at.gv.egovernment.moa.spss.util;
+
+import iaik.asn1.ObjectID;
+import iaik.asn1.structures.Name;
+import iaik.asn1.structures.PolicyInformation;
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
+import iaik.x509.X509Certificate;
+import iaik.x509.X509ExtensionInitException;
+import iaik.x509.extensions.CertificatePolicies;
+import iaik.x509.extensions.qualified.QCStatements;
+import iaik.x509.extensions.qualified.structures.QCStatement;
+import iaik.x509.extensions.qualified.structures.etsi.QcEuCompliance;
+import iaik.x509.extensions.qualified.structures.etsi.QcEuSSCD;
+import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;
+import iaik.xml.crypto.tsl.ex.TSLSearchException;
+
+import java.security.Principal;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.tsl.timer.TSLUpdaterTimerTask;
+
+public class CertificateUtils {
+	
+	
+	/**
+	 * Verifies if the given certificate contains QCP+ statement
+	 * @param cert X509Certificate
+	 * @return true if the given certificate contains QCP+ statement, else false
+	 */
+	private static boolean checkQCPPlus(X509Certificate cert) {
+		Logger.debug("Checking QCP+ extension");
+		String OID_QCPPlus = "0.4.0.1456.1.1";
+		try {
+			CertificatePolicies certPol = (CertificatePolicies) cert.getExtension(CertificatePolicies.oid);
+			if (certPol == null) {
+				Logger.debug("No CertificatePolicies extension found");
+				return false;
+			}
+			
+			PolicyInformation[] polInfo = certPol.getPolicyInformation();
+			if (polInfo == null) {
+				Logger.debug("No policy information found");
+				return false;
+			}
+			
+			for (int i = 0; i < polInfo.length; i++) {
+				ObjectID oid = polInfo[i].getPolicyIdentifier();
+				String oidStr = oid.getID();
+				if (oidStr.compareToIgnoreCase(OID_QCPPlus) == 0) {
+					Logger.debug("QCP+ extension found");
+					return true;
+				}
+			}
+			
+			Logger.debug("No QCP+ extension found");
+			
+			return false;
+		} catch (X509ExtensionInitException e) {
+			Logger.debug("No QCP+ extension found");
+			
+			return false;
+		}
+		
+	}
+	
+	/**
+	 * Verifies if the given certificate contains QCP statement
+	 * @param cert X509Certificate
+	 * @return true if the given certificate contains QCP statement, else false
+	 */
+	private static boolean checkQCP(X509Certificate cert) {
+		Logger.debug("Checking QCP extension");
+		String OID_QCP = "0.4.0.1456.1.2";
+		try {
+			CertificatePolicies certPol = (CertificatePolicies) cert.getExtension(CertificatePolicies.oid);
+			if (certPol == null) {
+				Logger.debug("No CertificatePolicies extension found");
+				return false;
+			}
+			
+			PolicyInformation[] polInfo = certPol.getPolicyInformation();
+			if (polInfo == null) {
+				Logger.debug("No policy information found");
+				return false;
+			}
+			
+			for (int i = 0; i < polInfo.length; i++) {
+				ObjectID oid = polInfo[i].getPolicyIdentifier();
+				String oidStr = oid.getID();
+				if (oidStr.compareToIgnoreCase(OID_QCP) == 0) {
+					Logger.debug("QCP extension found");
+					return true;
+				}
+				
+			}
+			
+			Logger.debug("No QCP extension found");
+			return false;
+
+		} catch (X509ExtensionInitException e) {
+			Logger.debug("No QCP extension found");
+			return false;
+		}
+		
+	}
+	
+	/**
+	 * Verifies if the given certificate contains QcEuCompliance statement
+	 * @param cert X509Certificate
+	 * @return true if the given certificate contains QcEuCompliance statement, else false
+	 */
+	private static boolean checkQcEuCompliance(X509Certificate cert) {
+		Logger.debug("Checking QcEUCompliance extension");
+		try {
+			QCStatements qcStatements = (QCStatements) cert.getExtension(QCStatements.oid);
+			
+			if (qcStatements == null) {
+				Logger.debug("No QcStatements extension found");
+				return false;
+			}
+			
+			QCStatement qcEuCompliance = qcStatements.getQCStatements(QcEuCompliance.statementID);
+			
+			if (qcEuCompliance != null) {
+				Logger.debug("QcEuCompliance extension found");
+				return true;
+			}
+			
+			Logger.debug("No QcEuCompliance extension found");
+			return false;
+
+		} catch (X509ExtensionInitException e) {
+			Logger.debug("No QcEuCompliance extension found");
+			return false;
+		}
+		
+	}
+	
+	/**
+	 * Verifies if the given certificate contains QcEuSSCD statement
+	 * @param cert X509Certificate
+	 * @return true if the given certificate contains QcEuSSCD statement, else false
+	 */
+	private static boolean checkQcEuSSCD(X509Certificate cert) {
+		Logger.debug("Checking QcEuSSCD extension");
+		try {
+			QCStatements qcStatements = (QCStatements) cert.getExtension(QCStatements.oid);
+			if (qcStatements == null) {
+				Logger.debug("No QcStatements extension found");
+				return false;
+			}
+			
+			QCStatement qcEuSSCD = qcStatements.getQCStatements(QcEuSSCD.statementID);
+			
+			if (qcEuSSCD != null) {
+				Logger.debug("QcEuSSCD extension found");
+				return true;
+			}
+						
+			Logger.debug("No QcEuSSCD extension found");
+			return false;
+
+		} catch (X509ExtensionInitException e) {
+			Logger.debug("No QcEuSSCD extension found");
+			return false;
+		}
+		
+	}
+
+	public static QCSSCDResult checkQCSSCD(X509Certificate[] chain, boolean isTSLenabledTrustprofile) {
+		
+		boolean qc = false;
+		boolean qcSourceTSL = false;
+		boolean sscd = false;
+		boolean sscdSourceTSL = false;
+		
+		try { 
+		
+			if (isTSLenabledTrustprofile) {
+				// perform QC check via TSL
+				boolean checkQCFromTSL = TSLUpdaterTimerTask.tslconnector_.checkQC(chain);
+				if (!checkQCFromTSL) { 
+					// if QC check via TSL returns false
+					// try certificate extensions QCP and QcEuCompliance
+					Logger.debug("QC check via TSL returned false - checking certificate extensions");
+			     	boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
+			        boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
+			        
+			        if (checkQCP || checkQcEuCompliance) {
+			        	Logger.debug("Certificate is QC (Source: Certificate)");
+			        	qc = true;			        	
+			        }
+			        
+		        	qcSourceTSL = false;
+		        }
+		        else {
+		        	// use TSL result
+		        	Logger.debug("Certificate is QC (Source: TSL)");
+		        	qc = true;
+		        	qcSourceTSL = true;
+		        }
+				
+				// perform SSCD check via TSL
+	        	boolean checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain);
+	        	if (!checkSSCDFromTSL) {
+	        		// if SSCD check via TSL returns false
+					// try certificate extensions QCP+ and QcEuSSCD			       
+	        		Logger.debug("SSCD check via TSL returned false - checking certificate extensions");
+		        	boolean checkQCPPlus = CertificateUtils.checkQCPPlus(chain[0]);
+			        boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD(chain[0]);
+			        
+			        if (checkQCPPlus || checkQcEuSSCD) {
+			        	Logger.debug("Certificate is SSCD (Source: Certificate)");
+			        	sscd = true;
+			        }
+			        
+		        	sscdSourceTSL = false;
+		        }
+		        else {
+		        	// use TSL result
+		        	Logger.debug("Certificate is SSCD (Source: TSL)");
+		        	sscd = true;
+		        	sscdSourceTSL = true;
+		        }
+	        	
+			}
+			else {
+				// Trustprofile is not TSL enabled - use certificate extensions only
+
+				// perform QC check
+				// try certificate extensions QCP and QcEuCompliance
+		     	boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
+		        boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
+		        
+		        if (checkQCP || checkQcEuCompliance)
+		        	qc = true;
+		        
+	        	qcSourceTSL = false;
+	        	
+	        	// perform SSCD check
+	        	// try certificate extensions QCP+ and QcEuSSCD			       
+	        	boolean checkQCPPlus = CertificateUtils.checkQCPPlus(chain[0]);
+		        boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD(chain[0]);
+		        
+		        if (checkQCPPlus || checkQcEuSSCD)
+		        	sscd = true;
+		        
+	        	sscdSourceTSL = false;
+			}
+		}
+		catch (TSLEngineDiedException e) {
+	    	MessageProvider msg = MessageProvider.getInstance();
+	        Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
+		} catch (TSLSearchException e) {
+	    	MessageProvider msg = MessageProvider.getInstance();
+	        Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
+		}
+		
+		QCSSCDResult result = new QCSSCDResult(qc, qcSourceTSL, sscd, sscdSourceTSL);
+		
+		return result;
+	}
+	
+	/**
+	    * Gets the country from the certificate issuer
+	    * @param cert X509 certificate
+	    * @return Country code from the certificate issuer
+	    */
+	   public static String getIssuerCountry(X509Certificate cert) {
+		   String country = null;
+		   Principal issuerdn = cert.getIssuerX500Principal();
+		   RFC2253NameParser nameParser = new RFC2253NameParser(issuerdn.getName());
+		   
+		   try {
+			   Name name = nameParser.parse();
+			   country = name.getRDN(ObjectID.country);
+		   } catch (RFC2253NameParserException e) {
+			   Logger.warn("Could not get country code from issuer.");
+		   }
+		   
+		    
+		   return country;
+	   }
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/QCSSCDResult.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/QCSSCDResult.java
new file mode 100644
index 000000000..99af84308
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/QCSSCDResult.java
@@ -0,0 +1,37 @@
+package at.gv.egovernment.moa.spss.util;
+
+public class QCSSCDResult {
+
+	private boolean qc;
+	private boolean qcSourceTSL;
+	
+	private boolean sscd;
+	private boolean sscdSourceTSL;
+	
+	public QCSSCDResult() {
+		this.qc = false;
+		this.qcSourceTSL = false;
+		this.sscd = false;
+		this.sscdSourceTSL = false;
+	}
+	
+	public QCSSCDResult(boolean qc, boolean qcSourceTSL, boolean sscd, boolean sscdSourceTSL) {
+		this.qc = qc;
+		this.qcSourceTSL = qcSourceTSL;
+		this.sscd = sscd;
+		this.sscdSourceTSL = sscdSourceTSL;
+	}
+	
+	public boolean isQC() {
+		return this.qc;
+	}
+	public boolean isQCSourceTSL() {
+		return this.qcSourceTSL;
+	}
+	public boolean isSSCD() {
+		return this.sscd;
+	}
+	public boolean isSSCDSourceTSL() {
+		return this.sscdSourceTSL;
+	}
+}
author	Klaus Stranacher <kstranacher@iaik.tugraz.at>	2013-08-21 13:12:26 +0200
committer	Klaus Stranacher <kstranacher@iaik.tugraz.at>	2013-08-21 13:12:26 +0200
commit	5b697c424d24a7523dccd210454d029368e34898 (patch)
tree	9dc5efda7d874930db0245ae34d3cd676b6c7c11 /spss/server/serverlib
parent	a52d3300d20837b12b45a0d4fb2b0ee520f6e641 (diff)
download	moa-id-spss-5b697c424d24a7523dccd210454d029368e34898.tar.gz moa-id-spss-5b697c424d24a7523dccd210454d029368e34898.tar.bz2 moa-id-spss-5b697c424d24a7523dccd210454d029368e34898.zip