aboutsummaryrefslogtreecommitdiff
path: root/id.server/data/test
diff options
context:
space:
mode:
Diffstat (limited to 'id.server/data/test')
-rw-r--r--id.server/data/test/conf/ConfigurationTest.xml103
-rw-r--r--id.server/data/test/conf/OAConfBasicAuth.xml10
-rw-r--r--id.server/data/test/conf/OAConfHeaderAuth.xml13
-rw-r--r--id.server/data/test/conf/OAConfParamAuth.xml10
-rw-r--r--id.server/data/test/conf/log4j.properties10
-rw-r--r--id.server/data/test/conf/transforms/TransformsInfosHTML.xml63
-rw-r--r--id.server/data/test/ixsil/init/properties/algorithms.properties94
-rw-r--r--id.server/data/test/ixsil/init/properties/init.properties214
-rw-r--r--id.server/data/test/ixsil/init/properties/keyManager.properties74
-rw-r--r--id.server/data/test/ixsil/init/schemas/Signature.xsd328
-rw-r--r--id.server/data/test/ixsil/init/schemas/XMLSchema.dtd402
-rw-r--r--id.server/data/test/ixsil/init/schemas/datatypes.dtd203
-rw-r--r--id.server/data/test/xmldata/ErrorResponse.xml4
-rw-r--r--id.server/data/test/xmldata/GetIdentityLinkForm.html20
-rw-r--r--id.server/data/test/xmldata/standard/AuthenticationDataAssertion.xml127
-rw-r--r--id.server/data/test/xmldata/standard/CreateXMLSignatureRequest.xml52
-rw-r--r--id.server/data/test/xmldata/standard/CreateXMLSignatureResponse.xml59
-rw-r--r--id.server/data/test/xmldata/standard/VerifyXMLSignaterResponse.xml2
-rw-r--r--id.server/data/test/xmldata/testperson1/InfoboxReadResponse.xml97
19 files changed, 1885 insertions, 0 deletions
diff --git a/id.server/data/test/conf/ConfigurationTest.xml b/id.server/data/test/conf/ConfigurationTest.xml
new file mode 100644
index 000000000..5c18e35cc
--- /dev/null
+++ b/id.server/data/test/conf/ConfigurationTest.xml
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="https://10.16.46.108:8443/moa-spss/services">
+ <AcceptedServerCertificates>file:data/test/certs/server-certs</AcceptedServerCertificates>
+ <!-- <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore> -->
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="AuthComponentURL">
+ <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore>
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="http://localhost:9080/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfParamAuth.xml" sessionTimeOut="10" loginParameterResolverImpl="StringloginParameterResolverImpl1" connectionBuilderImpl="StringconnectionBuilderImpl1">
+ <ConnectionParameter URL="ProxyComponentURL">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://verisign.moa.gv.at/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfBasicAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl3" connectionBuilderImpl="StringconnectionBuilderImpl3">
+ <ConnectionParameter URL="https://www.verisign.com/">
+ <AcceptedServerCertificates>file:data/test/certs/server-certs</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://a-trust.moa.gv.at/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfBasicAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl3" connectionBuilderImpl="StringconnectionBuilderImpl3">
+ <ConnectionParameter URL="https://www.a-trust.at/">
+ <AcceptedServerCertificates>file:data/test/certs/server-certs</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://baltimore.moa.gv.at/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfBasicAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl3" connectionBuilderImpl="StringconnectionBuilderImpl3">
+ <ConnectionParameter URL="https://www.baltimore.com/">
+ <AcceptedServerCertificates>file:data/test/certs/server-certs</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://cio.moa.gv.at/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfBasicAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl3" connectionBuilderImpl="StringconnectionBuilderImpl3">
+ <ConnectionParameter URL="https://www.cio.gv.at/">
+ <AcceptedServerCertificates>file:data/test/certs/server-certs</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="StringOALoginURL2">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="StringOALoginURL3">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfBasicAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl3" connectionBuilderImpl="StringconnectionBuilderImpl3">
+ <ConnectionParameter URL="ProxyComponentURL3">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates3</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss3">URL:toClientKeystoreOA3</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="chaining">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <TrustedCACertificates>file:c:/java/id.server/data/test/certs/ca-certs</TrustedCACertificates>
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="c:/java/id.server/data/test/certs/cert-store-root"/>
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+ <GenericConfiguration name="ProxyComponent.DisableHostnameVerification" value="true"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/test/conf/OAConfBasicAuth.xml b/id.server/data/test/conf/OAConfBasicAuth.xml
new file mode 100644
index 000000000..61455f903
--- /dev/null
+++ b/id.server/data/test/conf/OAConfBasicAuth.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<!--Sample XML file generated by XMLSPY v5 U (http://www.xmlspy.com)-->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateful</LoginType>
+ <BasicAuth>
+ <UserID>MOAGivenName</UserID>
+ <Password>MOAFamilyName</Password>
+ </BasicAuth>
+</Configuration>
diff --git a/id.server/data/test/conf/OAConfHeaderAuth.xml b/id.server/data/test/conf/OAConfHeaderAuth.xml
new file mode 100644
index 000000000..c92e055e9
--- /dev/null
+++ b/id.server/data/test/conf/OAConfHeaderAuth.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<!--Sample XML file generated by XMLSPY v5 U (http://www.xmlspy.com)-->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateful</LoginType>
+ <HeaderAuth>
+ <Header Name="Param1" Value="MOAPublicAuthority"/>
+ <Header Name="Param2" Value="MOABKZ"/>
+ <Header Name="Param3" Value="MOAQualifiedCertificate"/>
+ <Header Name="Param4" Value="MOAZMRZahl"/>
+ <Header Name="Param5" Value="MOAIPAddress"/>
+ </HeaderAuth>
+</Configuration>
diff --git a/id.server/data/test/conf/OAConfParamAuth.xml b/id.server/data/test/conf/OAConfParamAuth.xml
new file mode 100644
index 000000000..a70f6a6c0
--- /dev/null
+++ b/id.server/data/test/conf/OAConfParamAuth.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<!--Sample XML file generated by XMLSPY v5 U (http://www.xmlspy.com)-->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateful</LoginType>
+ <ParamAuth>
+ <Parameter Name="Param1" Value="MOADateOfBirth"/>
+ <Parameter Name="Param2" Value="MOAVPK"/>
+ </ParamAuth>
+</Configuration>
diff --git a/id.server/data/test/conf/log4j.properties b/id.server/data/test/conf/log4j.properties
new file mode 100644
index 000000000..9a808f925
--- /dev/null
+++ b/id.server/data/test/conf/log4j.properties
@@ -0,0 +1,10 @@
+# commons-logging setup
+org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFactory
+
+# define log4j root loggers
+log4j.rootLogger=debug, stdout
+
+# configure the stdout appender
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n
diff --git a/id.server/data/test/conf/transforms/TransformsInfosHTML.xml b/id.server/data/test/conf/transforms/TransformsInfosHTML.xml
new file mode 100644
index 000000000..e003297f4
--- /dev/null
+++ b/id.server/data/test/conf/transforms/TransformsInfosHTML.xml
@@ -0,0 +1,63 @@
+<sl10:TransformsInfo>
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+ <table border="1">
+ <tr>
+ <td>
+ <b>Name:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//@Issuer"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Zeit:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//@IssueInstant"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Applikation:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Geschäftsbereich:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Anmeldeserver:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:NameIdentifier"/>
+ </td>
+ </tr>
+ </table>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ </dsig:Transforms>
+ <sl10:FinalDataMetaInfo>
+ <sl10:MimeType>text/html</sl10:MimeType>
+ </sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
diff --git a/id.server/data/test/ixsil/init/properties/algorithms.properties b/id.server/data/test/ixsil/init/properties/algorithms.properties
new file mode 100644
index 000000000..35a41cfdd
--- /dev/null
+++ b/id.server/data/test/ixsil/init/properties/algorithms.properties
@@ -0,0 +1,94 @@
+# IXSIL algorithm properties
+#
+# This file contains the properties which IXSIL uses to maintain the available algorithms.
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# Canonicalization algorithms
+#
+# The following properties (starting with "Canonicalization.") are associations between canonicalization
+# algorithm URIs and their corresponding implementation classes.
+#
+# For instance, if you would like to specify the implementation class for the canonicalization algorithm
+# with the identifying URI "http://www.w3.org/TR/2001/REC-xml-c14n-20010315", the name of the algorithm
+# property is "Canonicalization.http://www.w3.org/TR/2001/REC-xml-c14n-20010315", i.e. the identifying URI,
+# prepended by the canonicalization algorithm property identifier ("Canonicalization."). The value of the
+# property is the fully qualified class name of the implementation for this algorithm, for instance the
+# standard impl. shipped with IXSIL, "iaik.ixsil.algorithms.CanonicalizationAlgorithmImplCanonicalXML".
+#
+# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the
+# property name.
+
+Canonicalization.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315 = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplCanonicalXML
+Canonicalization.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplCanonicalXMLWithComments
+Canonicalization.http\://www.w3.org/2001/10/xml-exc-c14n# = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplExclusiveCanonicalXML
+Canonicalization.http\://www.w3.org/2001/10/xml-exc-c14n#WithComments = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplExclusiveCanonicalXMLWithComments
+
+#----------------------------------------------------------------------------------------------------------
+# Signature algorithms
+#
+# The following properties (starting with "Signature.") are associations between signature algorithm URIs and
+# their corresponding implementation classes.
+#
+# For instance, if you would like to specify the implementation class for the signature algorithm
+# with the identifying URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1", the name of the algorithm
+# property is "Signature.http://www.w3.org/2000/09/xmldsig#rsa-sha1", i.e. the identifying URI,
+# prepended by the signature algorithm property identifier ("Signature."). The value of the
+# property is the fully qualified class name of the implementation for this algorithm, for instance the
+# standard implementation shipped with IXSIL, "iaik.ixsil.algorithms.SignatureAlgorithmImplRSA".
+#
+# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the
+# property name.
+
+Signature.http\://www.w3.org/2000/09/xmldsig#rsa-sha1 = iaik.ixsil.algorithms.SignatureAlgorithmImplRSA
+Signature.http\://www.w3.org/2000/09/xmldsig#dsa-sha1 = iaik.ixsil.algorithms.SignatureAlgorithmImplDSA
+Signature.http\://www.w3.org/2000/09/xmldsig#hmac-sha1 = iaik.ixsil.algorithms.SignatureAlgorithmImplHMAC
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# Digest algorithms
+#
+# The following properties (starting with "Digest.") are associations between digest algorithm URIs and
+# their corresponding implementation classes.
+#
+# For instance, if you would like to specify the implementation class for the digest algorithm
+# with the identifying URI "http://www.w3.org/2000/09/xmldsig#sha1", the name of the algorithm
+# property is "Digest.http://www.w3.org/2000/09/xmldsig#sha1", i.e. the identifying URI,
+# prepended by the digest algorithm property identifier ("Digest."). The value of the
+# property is the fully qualified class name of the implementation for this algorithm, for instance the
+# standard implementation shipped with IXSIL, "iaik.ixsil.algorithms.DigestAlgorithmImplSHA1".
+#
+# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the
+# property name.
+
+Digest.http\://www.w3.org/2000/09/xmldsig#sha1 = iaik.ixsil.algorithms.DigestAlgorithmImplSHA1
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# Transform algorithms
+#
+# The following properties (starting with "Transform.") are associations between digest algorithm URIs and
+# their corresponding implementation classes.
+#
+# For instance, if you would like to specify the implementation class for the transform algorithm
+# with the identifying URI "http://www.w3.org/2000/09/xmldsig#base64", the name of the algorithm
+# property is "Transform.http://www.w3.org/2000/09/xmldsig#base64", i.e. the identifying URI,
+# prepended by the transform algorithm property identifier ("Transform."). The value of the
+# property is the fully qualified class name of the implementation for this algorithm, for instance the
+# standard implementation shipped with IXSIL, "iaik.ixsil.algorithms.TransformImplBase64Decode".
+#
+# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the
+# property name.
+
+Transform.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315 = iaik.ixsil.algorithms.TransformImplCanonicalXML
+Transform.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments = iaik.ixsil.algorithms.TransformImplCanonicalXMLWithComments
+Transform.http\://www.w3.org/2001/10/xml-exc-c14n# = iaik.ixsil.algorithms.TransformImplExclusiveCanonicalXML
+Transform.http\://www.w3.org/2001/10/xml-exc-c14n#WithComments = iaik.ixsil.algorithms.TransformImplExclusiveCanonicalXMLWithComments
+Transform.http\://www.w3.org/2000/09/xmldsig#base64 = iaik.ixsil.algorithms.TransformImplBase64Decode
+Transform.http\://www.w3.org/TR/1999/REC-xpath-19991116 = iaik.ixsil.algorithms.TransformImplXPath
+Transform.http\://www.w3.org/2000/09/xmldsig#enveloped-signature = iaik.ixsil.algorithms.TransformImplEnvelopedSignature
+Transform.http\://www.w3.org/TR/1999/REC-xslt-19991116 = iaik.ixsil.algorithms.TransformImplXSLT
+Transform.http\://www.w3.org/2002/06/xmldsig-filter2 = iaik.ixsil.algorithms.TransformImplXPath2
diff --git a/id.server/data/test/ixsil/init/properties/init.properties b/id.server/data/test/ixsil/init/properties/init.properties
new file mode 100644
index 000000000..a679a2635
--- /dev/null
+++ b/id.server/data/test/ixsil/init/properties/init.properties
@@ -0,0 +1,214 @@
+# IXSIL init properties
+#
+# This file contains the basic initialization properties for IXSIL.
+
+#----------------------------------------------------------------------------------------------------------
+# Properties for localizing exeption messages
+
+# This property specifies the ISO language code, which is used to select the appropriate exception message
+# file. Please see the documentation for Java class "java.util.RessourceBundle" for further information.
+
+IXSILException.ISOLanguageCode = "en"
+
+
+
+# This property specifies the ISO country code, which is used to select the appropriate exception message
+# file. Please see the documentation for Java class "java.util.RessourceBundle" for further information.
+
+IXSILException.ISOCountryCode = "US"
+
+
+#----------------------------------------------------------------------------------------------------------
+# Other property files
+
+# This property contains a URI specifying the (virtual) location of the IXSIL init properties file (i. e.
+# this file). The URI MUST be absolute.
+#
+# The use of this property is optional. It is only needed by IXSIL, if the library will be initialized using
+# the method IXSILInit.init(Properties, Properties, Properties). In this case it is used by IXSIL as the
+# base URI for absolutizing other property URIs, such as "DOMUtils.SignatureSchema" (see below).
+#
+# PLEASE NOTE: Contrary to URIs under e.g. http or ftp scheme, URIs under file and jar scheme do not have an
+# authority component. This means that the part following the scheme identifier starts with "/"
+# (single slash character), and not with "//" (two slash characters).
+#
+# Example 1 (absolute URI under file scheme): "file:/c:/path1/path2/init.properties"
+# Example 2 (absolute URI under jar scheme): "jar:/file:/c:/path1/path2/archive.jar!/init.properties"
+# Example 3 (absolute URI under http scheme): "http://somewhere.org/path1/path2/init.properties"
+
+location.initProperties = file:data/test/ixsil/init/properties/init.properties
+
+
+
+# This property contains a URI specifying the location of the IXSIL algorithm properties file. The URI can
+# be absolute or relative. If a relative URI is used, it will be absolutized using this init property file's
+# URI as the base.
+#
+# PLEASE NOTE: Contrary to URIs under e.g. http or ftp scheme, URIs under file and jar scheme do not have an
+# authority component. This means that the part following the scheme identifier starts with "/"
+# (single slash character), and not with "//" (two slash characters).
+#
+# Example 1 (absolute URI under file scheme): "file:/c:/path1/path2/algorithms.properties"
+# Example 2 (absolute URI under jar scheme): "jar:/file:/c:/path1/path2/archive.jar!/algorithms.properties"
+# Example 3 (absolute URI under http scheme): "http://somewhere.org/path1/path2/algorithms.properties"
+# Example 4 (relative URI): "../otherpath/algorithms.properties"
+# Example 5 (relative URI): "algorithms.properties"
+
+location.algorithmsProperties = file:data/test/ixsil/init/properties/algorithms.properties
+
+
+
+# This property contains a URI specifying the location of the IXSIL keyManager properties file. The URI can
+# be absolute or relative. If a relative URI is used, it will be absolutized using this init property file's
+# URI as the base.
+#
+# PLEASE NOTE: Contrary to URIs under e.g. http or ftp scheme, URIs under file and jar scheme do not have an
+# authority component. This means that the part following the scheme identifier starts with "/"
+# (single slash character), and not with "//" (two slash characters).
+#
+# Example 1 (absolute URI under file scheme): "file:/c:/path1/path2/keyManager.properties"
+# Example 2 (absolute URI under jar scheme): "jar:/file:/c:/path1/path2/archive.jar!/keyManager.properties"
+# Example 3 (absolute URI under http scheme): "http://somewhere.org/path1/path2/keyManager.properties"
+# Example 4 (relative URI): "../otherpath/keyManager.properties"
+# Example 5 (relative URI): "keyManager.properties"
+
+location.keyManagerProperties = file:data/test/ixsil/init/properties/keyManager.properties
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# AlgorithmFactory properties
+
+
+
+This property specifies the extension class for the abstract class
+iaik.ixsil.algorithms.AlgorithmFactory, which is instantiated at invokation of method
+iaik.ixsil.algorithms.AlgorithmFactory.createFactory().
+Please specifiy the fully qualified java class name for the class to be instantiated.
+
+AlgorithmFactory.ImplementingClass = iaik.ixsil.algorithms.AlgorithmFactoryDefaultImpl
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# VerifierKeyManager properties
+
+# This property specifies the implementation class for the interface
+# iaik.ixsil.keyinfo.VerifierKeyManager, which is instantiated by IXSIL in the verification use case, if the
+# signature algorithm does not know about the verification key, and if the XML signature bears a KeyInfo
+# element which contains hints that can be used to deduce the verification key.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+VerifierKeyManager.ImplementingClass = iaik.ixsil.keyinfo.KeyManagerImpl
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# XML namespace prefix properties
+
+# This property specifies the namespace prefix used for XML elements from the XML-Signature namespace.
+#
+# PLEASE NOTE: The prefix must not be empty.
+
+namespacePrefix.XMLSignature = dsig:
+
+
+
+# This property specifies the namespace prefix used for XML elements from the XML Schema instance namespace.
+#
+# PLEASE NOTE: The prefix must not be empty.
+
+namespacePrefix.XMLSchemaInstance = xsi:
+
+
+#----------------------------------------------------------------------------------------------------------
+# DOMUtils properties
+
+
+
+# This property specifies the implementation class IXSIL should use for the interface
+# iaik.ixsil.util.DOMUtilsInterface, which contains a couple of DOM utility methods, which IXSIL relies
+# on. If you would like to employ a parser different from Apache Xerces, you must implement the
+# DOMUtilsInterface and specify your implementation class using this property.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+DOMUtils.ImplementingClass = iaik.ixsil.util.DOMUtilsImpl
+
+
+
+# This property is used by the standard implementation class for the interface
+# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL.
+# It specifies, wheter WARNINGS generated by the Apache Xerces parser should lead to a parser exception
+# or not.
+
+DOMUtils.ErrorHandler.reportWarnings = true
+
+
+
+# This property is used by the standard implementation class for the interface
+# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL.
+# It specifies, wheter ERRORS generated by the Apache Xerces parser should lead to a parser exception
+# or not.
+
+DOMUtils.ErrorHandler.reportErrors = true
+
+
+
+# This property is used by the standard implementation class for the interface
+# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL.
+# It specifies, wheter FATAL ERRORS generated by the Apache Xerces parser should lead to a parser
+# exception or not.
+
+DOMUtils.ErrorHandler.reportFatalErrors = true
+
+
+
+# This property is used by the standard implementation class for the interface
+# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL.
+# It specifies an URI for the location of the XML schema for an XML signature, which is used as the
+# reference grammar in method iaik.ixsil.util.DOMUtilsImpl.schemaValidateSignatureElement.
+# The URI can be absolute or relative. If the URI is relative, it will be absolutized using the URI for
+# this init property file as the base.
+
+DOMUtils.SignatureSchema = ../schemas/Signature.xsd
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# XPathUtils properties
+
+# This property specifies the implementation class IXSIL should use for the interface
+# iaik.ixsil.util.XPathUtilsInterface, which contains a couple of XPath utility methods, which IXSIL relies
+# on. If you would like to employ a XPath engine different from Apache Xalan, you must implement the
+# XPathUtilsInterface and specify your implementation class using this property.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+XPathUtils.ImplementingClass = iaik.ixsil.util.XPathUtilsImpl
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# CanonicalXMLSerializer properties
+
+
+
+# This property specifies the implementation class IXSIL should use for the interface
+# iaik.ixsil.util.CanonicalXMLSerialierInterface. IXSIL relies on this interface to serialize XML according
+# to "Canonical XML" (see http://www.w3.org/TR/2001/REC-xml-c14n-20010315). If you would like to employ an
+# implemenation different from the standard implementation shipped with IXSIL, you must implement the
+# CanonicalXMLSerialierInterface and specify your implementation class using this property.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+CanonicalXMLSerializer.CanonicalXMLImplementingClass = iaik.ixsil.util.CanonicalXMLSerializerImpl
+
+
+
+# This property specifies the implementation class IXSIL should use for the interface
+# iaik.ixsil.util.ExclusiveCanonicalXMLSerialierInterface. IXSIL relies on this interface to serialize XML
+# according to "Exclusive XML Canonicalization" (see http://www.w3.org/TR/2001/WD-xml-exc-c14n-20011120).
+# If you would like to employ an implemenation different from the standard implementation shipped with
+# IXSIL, you must implement the ExclusiveCanonicalXMLSerialierInterface and specify your implementation
+# class using this property.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+CanonicalXMLSerializer.ExclusiveCanonicalXMLImplementingClass = iaik.ixsil.util.CanonicalXMLSerializerImpl
diff --git a/id.server/data/test/ixsil/init/properties/keyManager.properties b/id.server/data/test/ixsil/init/properties/keyManager.properties
new file mode 100644
index 000000000..24ece437a
--- /dev/null
+++ b/id.server/data/test/ixsil/init/properties/keyManager.properties
@@ -0,0 +1,74 @@
+# IXSIL algorithm properties
+#
+# This file contains the properties which IXSIL uses in context of key management.
+
+
+
+#----------------------------------------------------------------------------------------------------------
+#
+# The following properties are associations between the fully qualified XMLname of a "KeyInfo" subelement,
+# as used in an XML signature to specify hints how the verifier can obtain the verification key, and that
+# implementation class of the interface iaik.ixsil.keyinfo.KeyProviderInterface, which will manage
+# subelements of that type.
+#
+# These properties are only of interest, if you are using the standard key manager shipped with IXISL
+# (which is class iaik.ixsil.keyInfo.KeyManagerImpl).
+#
+# For instance, if you would like to specify the key provider implementation for "KeyValue" subelements,
+# the property name is the fully qualified XML name for the "KeyValue" element, namely
+# "http://www.w3.org/2000/09/xmldsig#:KeyValue". The value of the property is the fully qualified class
+# name of the key provider implementation class, for instance the standard implementation which ships with
+# IXSIL: "iaik.ixsil.keyinfo.KeyProviderImplKeyValue".
+#
+# PLEASE NOTE (I): A fully qualified name for an XML element consists of an URI indicating the namespace the
+# element belongs to (e.g. "http://www.w3.org/2000/09/xmldsig#") and the local name of the
+# element (e.g. "KeyValue"). Both components are seperated by a colon.
+#
+# PLEASE NOTE (II): The colon character (":") must be escaped by a leading backslash, if it appears in the
+# property name.
+
+http\://www.w3.org/2000/09/xmldsig#\:KeyValue = iaik.ixsil.keyinfo.KeyProviderImplKeyValue
+http\://www.w3.org/2000/09/xmldsig#\:X509Data = iaik.ixsil.keyinfo.x509.KeyProviderImplX509Data
+http\://www.w3.org/2000/09/xmldsig#\:RetrievalMethod = iaik.ixsil.keyinfo.retrieval.KeyProviderImplRetrievalMethod
+
+
+
+#----------------------------------------------------------------------------------------------------------
+#
+# The following properties specify the order in which the different types of "KeyInfo" subelements are used
+# by the key manager to deduce the verification key.
+#
+# These properties are only of interest, if you are using the standard key manager shipped with IXISL
+# (which is class iaik.ixsil.keyInfo.KeyManagerImpl).
+#
+# The properties are associations between a two digit number and the fully qualified XML name of a "KeyInfo"
+# subelement. The lower the number, the more important is the associated "KeyInfo" sublement. Consider an
+# example configuration:
+#
+# Subelement.01 = http://www.w3.org/2000/09/xmldsig#:KeyValue
+# Subelement.02 = http://www.w3.org/2000/09/xmldsig#:X509Data
+#
+# In this configuration, the key manager first tries to use "KeyValue" subelements to deduce the
+# verification key. Only if this does not succeed, the key manager uses "X509Data" subelements as a second
+# chance. Of course you can specify more than only two different subelement types.
+#
+# PLEASE NOTE: A fully qualified name for an XML element consists of an URI indicating the namespace the
+# element belongs to (e.g. "http://www.w3.org/2000/09/xmldsig#") and the local name of the
+# element (e.g. "KeyValue"). Both components are seperated by a colon.
+
+Subelement.01 = http://www.w3.org/2000/09/xmldsig#:KeyValue
+Subelement.02 = http://www.w3.org/2000/09/xmldsig#:X509Data
+Subelement.03 = http://www.w3.org/2000/09/xmldsig#:RetrievalMethod
+
+
+
+#----------------------------------------------------------------------------------------------------------
+#
+# The following property is used by standard implementation of the "X509Data" key provider, which ships
+# with IXSIL, namely "KeyProviderImplX509Data". It specifies the implementation class for the interface
+# iaik.ixsil.keyinfo.x509.X509TrustManagerInterface, which is to be instantiated as the backbone trust
+# manager for this key provider.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+KeyProviderImplX509Data.X509TrustManagerDefaultImplementingClass = iaik.ixsil.keyinfo.x509.X509TrustManagerDummyImpl
+
diff --git a/id.server/data/test/ixsil/init/schemas/Signature.xsd b/id.server/data/test/ixsil/init/schemas/Signature.xsd
new file mode 100644
index 000000000..7867883f9
--- /dev/null
+++ b/id.server/data/test/ixsil/init/schemas/Signature.xsd
@@ -0,0 +1,328 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE schema
+ SYSTEM "XMLSchema.dtd"
+ [
+ <!ATTLIST schema
+ xmlns:ds CDATA #FIXED "http://www.w3.org/2000/09/xmldsig#">
+ <!ENTITY dsig 'http://www.w3.org/2000/09/xmldsig#'>
+ <!ENTITY % p ''>
+ <!ENTITY % s ''>
+ ]>
+
+<!-- Schema for XML Signatures
+ http://www.w3.org/2000/09/xmldsig#
+ $Revision: 1.3 $ on $Date: 2001/08/28 16:14:01 $ by $Author: reagle $
+
+ Copyright 2001 The Internet Society and W3C (Massachusetts Institute
+ of Technology, Institut National de Recherche en Informatique et en
+ Automatique, Keio University). All Rights Reserved.
+ http://www.w3.org/Consortium/Legal/
+
+ This document is governed by the W3C Software License [1] as described
+ in the FAQ [2].
+
+ [1] http://www.w3.org/Consortium/Legal/copyright-software-19980720
+ [2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
+-->
+
+
+<schema xmlns="http://www.w3.org/2001/XMLSchema"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ targetNamespace="http://www.w3.org/2000/09/xmldsig#"
+ version="0.1" elementFormDefault="qualified">
+
+<!-- Basic Types Defined for Signatures -->
+
+<!-- modified to ensure that whiteSpace is preserved
+<simpleType name="CryptoBinary">
+ <restriction base="base64Binary">
+ </restriction>
+</simpleType>
+ -->
+
+<simpleType name="CryptoBinary">
+ <restriction base="string">
+ <whiteSpace value="preserve"/>
+ <pattern value="[A-Za-z0-9\+/=\n\r\t ]*"/>
+ </restriction>
+</simpleType>
+
+<!-- Start Signature -->
+
+<element name="Signature" type="ds:SignatureType"/>
+<complexType name="SignatureType">
+ <sequence>
+ <element ref="ds:SignedInfo"/>
+ <element ref="ds:SignatureValue"/>
+ <element ref="ds:KeyInfo" minOccurs="0"/>
+ <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="SignatureValue" type="ds:SignatureValueType"/>
+ <complexType name="SignatureValueType">
+ <simpleContent>
+ <extension base="ds:CryptoBinary">
+ <attribute name="Id" type="ID" use="optional"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+
+<!-- Start SignedInfo -->
+
+<element name="SignedInfo" type="ds:SignedInfoType"/>
+<complexType name="SignedInfoType">
+ <sequence>
+ <element ref="ds:CanonicalizationMethod"/>
+ <element ref="ds:SignatureMethod"/>
+ <element ref="ds:Reference" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="CanonicalizationMethod" type="ds:CanonicalizationMethodType"/>
+ <complexType name="CanonicalizationMethodType" mixed="true">
+ <sequence>
+ <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- (0,unbounded) elements from (1,1) namespace -->
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+ <element name="SignatureMethod" type="ds:SignatureMethodType"/>
+ <complexType name="SignatureMethodType" mixed="true">
+ <sequence>
+ <element name="HMACOutputLength" minOccurs="0" type="ds:HMACOutputLengthType"/>
+ <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- (0,unbounded) elements from (1,1) external namespace -->
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+<!-- Start Reference -->
+
+<element name="Reference" type="ds:ReferenceType"/>
+<complexType name="ReferenceType">
+ <sequence>
+ <element ref="ds:Transforms" minOccurs="0"/>
+ <element ref="ds:DigestMethod"/>
+ <element ref="ds:DigestValue"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ <attribute name="URI" type="anyURI" use="optional"/>
+ <attribute name="Type" type="anyURI" use="optional"/>
+</complexType>
+
+ <element name="Transforms" type="ds:TransformsType"/>
+ <complexType name="TransformsType">
+ <sequence>
+ <element ref="ds:Transform" maxOccurs="unbounded"/>
+ </sequence>
+ </complexType>
+
+ <element name="Transform" type="ds:TransformType"/>
+ <complexType name="TransformType" mixed="true">
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <any namespace="##other" processContents="lax"/>
+ <!-- (1,1) elements from (0,unbounded) namespaces -->
+ <element name="XPath" type="string"/>
+ </choice>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+<!-- End Reference -->
+
+<element name="DigestMethod" type="ds:DigestMethodType"/>
+<complexType name="DigestMethodType" mixed="true">
+ <sequence>
+ <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+</complexType>
+
+<element name="DigestValue" type="ds:DigestValueType"/>
+<simpleType name="DigestValueType">
+ <restriction base="ds:CryptoBinary"/>
+</simpleType>
+
+<!-- End SignedInfo -->
+
+<!-- Start KeyInfo -->
+
+<element name="KeyInfo" type="ds:KeyInfoType"/>
+<complexType name="KeyInfoType" mixed="true">
+ <choice maxOccurs="unbounded">
+ <element ref="ds:KeyName"/>
+ <element ref="ds:KeyValue"/>
+ <element ref="ds:RetrievalMethod"/>
+ <element ref="ds:X509Data"/>
+ <element ref="ds:PGPData"/>
+ <element ref="ds:SPKIData"/>
+ <element ref="ds:MgmtData"/>
+ <any processContents="lax" namespace="##other"/>
+ <!-- (1,1) elements from (0,unbounded) namespaces -->
+ </choice>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="KeyName" type="string"/>
+ <element name="MgmtData" type="string"/>
+
+ <element name="KeyValue" type="ds:KeyValueType"/>
+ <complexType name="KeyValueType" mixed="true">
+ <choice>
+ <element ref="ds:DSAKeyValue"/>
+ <element ref="ds:RSAKeyValue"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </complexType>
+
+ <element name="RetrievalMethod" type="ds:RetrievalMethodType"/>
+ <complexType name="RetrievalMethodType">
+ <sequence>
+ <element name="Transforms" type="ds:TransformsType" minOccurs="0"/>
+ </sequence>
+ <attribute name="URI" type="anyURI"/>
+ <attribute name="Type" type="anyURI" use="optional"/>
+ </complexType>
+
+<!-- Start X509Data -->
+
+<element name="X509Data" type="ds:X509DataType"/>
+<complexType name="X509DataType">
+ <sequence maxOccurs="unbounded">
+ <choice>
+ <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
+ <element name="X509SKI" type="ds:CryptoBinary"/>
+ <element name="X509SubjectName" type="string"/>
+ <element name="X509Certificate" type="ds:CryptoBinary"/>
+ <element name="X509CRL" type="ds:CryptoBinary"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </sequence>
+</complexType>
+
+<complexType name="X509IssuerSerialType">
+ <sequence>
+ <element name="X509IssuerName" type="string"/>
+ <element name="X509SerialNumber" type="integer"/>
+ </sequence>
+</complexType>
+
+<!-- End X509Data -->
+
+<!-- Begin PGPData -->
+
+<element name="PGPData" type="ds:PGPDataType"/>
+<complexType name="PGPDataType">
+ <choice>
+ <sequence>
+ <element name="PGPKeyID" type="ds:CryptoBinary"/>
+ <element name="PGPKeyPacket" type="ds:CryptoBinary" minOccurs="0"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"
+ maxOccurs="unbounded"/>
+ </sequence>
+ <sequence>
+ <element name="PGPKeyPacket" type="ds:CryptoBinary"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"
+ maxOccurs="unbounded"/>
+ </sequence>
+ </choice>
+</complexType>
+
+<!-- End PGPData -->
+
+<!-- Begin SPKIData -->
+
+<element name="SPKIData" type="ds:SPKIDataType"/>
+<complexType name="SPKIDataType">
+ <sequence maxOccurs="unbounded">
+ <element name="SPKISexp" type="ds:CryptoBinary"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"/>
+ </sequence>
+</complexType>
+
+<!-- End SPKIData -->
+
+<!-- End KeyInfo -->
+
+<!-- Start Object (Manifest, SignatureProperty) -->
+
+<element name="Object" type="ds:ObjectType"/>
+<complexType name="ObjectType" mixed="true">
+ <sequence minOccurs="0" maxOccurs="unbounded">
+ <any namespace="##any" processContents="lax"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ <attribute name="MimeType" type="string" use="optional"/> <!-- add a grep facet -->
+ <attribute name="Encoding" type="anyURI" use="optional"/>
+</complexType>
+
+<element name="Manifest" type="ds:ManifestType"/>
+<complexType name="ManifestType">
+ <sequence>
+ <element ref="ds:Reference" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+<element name="SignatureProperties" type="ds:SignaturePropertiesType"/>
+<complexType name="SignaturePropertiesType">
+ <sequence>
+ <element ref="ds:SignatureProperty" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="SignatureProperty" type="ds:SignaturePropertyType"/>
+ <complexType name="SignaturePropertyType" mixed="true">
+ <choice maxOccurs="unbounded">
+ <any namespace="##any" processContents="lax"/>
+ <!-- (1,1) elements from (1,unbounded) namespaces -->
+ </choice>
+ <attribute name="Target" type="anyURI" use="required"/>
+ <attribute name="Id" type="ID" use="optional"/>
+ </complexType>
+
+<!-- End Object (Manifest, SignatureProperty) -->
+
+<!-- Start Algorithm Parameters -->
+
+<simpleType name="HMACOutputLengthType">
+ <restriction base="integer"/>
+</simpleType>
+
+<!-- Start KeyValue Element-types -->
+
+<element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
+<complexType name="DSAKeyValueType">
+ <sequence>
+ <sequence minOccurs="0">
+ <element name="P" type="ds:CryptoBinary"/>
+ <element name="Q" type="ds:CryptoBinary"/>
+ </sequence>
+ <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
+ <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
+ <element name="Y" type="ds:CryptoBinary"/>
+ <sequence minOccurs="0">
+ <element name="Seed" type="ds:CryptoBinary"/>
+ <element name="PgenCounter" type="ds:CryptoBinary"/>
+ </sequence>
+ </sequence>
+</complexType>
+
+
+<element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
+<complexType name="RSAKeyValueType">
+ <sequence>
+ <element name="Modulus" type="ds:CryptoBinary"/>
+ <element name="Exponent" type="ds:CryptoBinary"/>
+ </sequence>
+</complexType>
+
+<!-- End KeyValue Element-types -->
+
+<!-- End Signature -->
+
+</schema>
diff --git a/id.server/data/test/ixsil/init/schemas/XMLSchema.dtd b/id.server/data/test/ixsil/init/schemas/XMLSchema.dtd
new file mode 100644
index 000000000..678cfc8dd
--- /dev/null
+++ b/id.server/data/test/ixsil/init/schemas/XMLSchema.dtd
@@ -0,0 +1,402 @@
+<!-- DTD for XML Schemas: Part 1: Structures
+ Public Identifier: "-//W3C//DTD XMLSCHEMA 200102//EN"
+ Official Location: http://www.w3.org/2001/XMLSchema.dtd -->
+<!-- $Id: XMLSchema.dtd,v 1.31 2001/10/24 15:50:16 ht Exp $ -->
+<!-- Note this DTD is NOT normative, or even definitive. --> <!--d-->
+<!-- prose copy in the structures REC is the definitive version --> <!--d-->
+<!-- (which shouldn't differ from this one except for this --> <!--d-->
+<!-- comment and entity expansions, but just in case) --> <!--d-->
+<!-- With the exception of cases with multiple namespace
+ prefixes for the XML Schema namespace, any XML document which is
+ not valid per this DTD given redefinitions in its internal subset of the
+ 'p' and 's' parameter entities below appropriate to its namespace
+ declaration of the XML Schema namespace is almost certainly not
+ a valid schema. -->
+
+<!-- The simpleType element and its constituent parts
+ are defined in XML Schema: Part 2: Datatypes -->
+<!ENTITY % xs-datatypes PUBLIC 'datatypes' 'datatypes.dtd' >
+
+<!ENTITY % p 'xs:'> <!-- can be overriden in the internal subset of a
+ schema document to establish a different
+ namespace prefix -->
+<!ENTITY % s ':xs'> <!-- if %p is defined (e.g. as foo:) then you must
+ also define %s as the suffix for the appropriate
+ namespace declaration (e.g. :foo) -->
+<!ENTITY % nds 'xmlns%s;'>
+
+<!-- Define all the element names, with optional prefix -->
+<!ENTITY % schema "%p;schema">
+<!ENTITY % complexType "%p;complexType">
+<!ENTITY % complexContent "%p;complexContent">
+<!ENTITY % simpleContent "%p;simpleContent">
+<!ENTITY % extension "%p;extension">
+<!ENTITY % element "%p;element">
+<!ENTITY % unique "%p;unique">
+<!ENTITY % key "%p;key">
+<!ENTITY % keyref "%p;keyref">
+<!ENTITY % selector "%p;selector">
+<!ENTITY % field "%p;field">
+<!ENTITY % group "%p;group">
+<!ENTITY % all "%p;all">
+<!ENTITY % choice "%p;choice">
+<!ENTITY % sequence "%p;sequence">
+<!ENTITY % any "%p;any">
+<!ENTITY % anyAttribute "%p;anyAttribute">
+<!ENTITY % attribute "%p;attribute">
+<!ENTITY % attributeGroup "%p;attributeGroup">
+<!ENTITY % include "%p;include">
+<!ENTITY % import "%p;import">
+<!ENTITY % redefine "%p;redefine">
+<!ENTITY % notation "%p;notation">
+
+<!-- annotation elements -->
+<!ENTITY % annotation "%p;annotation">
+<!ENTITY % appinfo "%p;appinfo">
+<!ENTITY % documentation "%p;documentation">
+
+<!-- Customisation entities for the ATTLIST of each element type.
+ Define one of these if your schema takes advantage of the
+ anyAttribute='##other' in the schema for schemas -->
+
+<!ENTITY % schemaAttrs ''>
+<!ENTITY % complexTypeAttrs ''>
+<!ENTITY % complexContentAttrs ''>
+<!ENTITY % simpleContentAttrs ''>
+<!ENTITY % extensionAttrs ''>
+<!ENTITY % elementAttrs ''>
+<!ENTITY % groupAttrs ''>
+<!ENTITY % allAttrs ''>
+<!ENTITY % choiceAttrs ''>
+<!ENTITY % sequenceAttrs ''>
+<!ENTITY % anyAttrs ''>
+<!ENTITY % anyAttributeAttrs ''>
+<!ENTITY % attributeAttrs ''>
+<!ENTITY % attributeGroupAttrs ''>
+<!ENTITY % uniqueAttrs ''>
+<!ENTITY % keyAttrs ''>
+<!ENTITY % keyrefAttrs ''>
+<!ENTITY % selectorAttrs ''>
+<!ENTITY % fieldAttrs ''>
+<!ENTITY % includeAttrs ''>
+<!ENTITY % importAttrs ''>
+<!ENTITY % redefineAttrs ''>
+<!ENTITY % notationAttrs ''>
+<!ENTITY % annotationAttrs ''>
+<!ENTITY % appinfoAttrs ''>
+<!ENTITY % documentationAttrs ''>
+
+<!ENTITY % complexDerivationSet "CDATA">
+ <!-- #all or space-separated list drawn from derivationChoice -->
+<!ENTITY % blockSet "CDATA">
+ <!-- #all or space-separated list drawn from
+ derivationChoice + 'substitution' -->
+
+<!ENTITY % mgs '%all; | %choice; | %sequence;'>
+<!ENTITY % cs '%choice; | %sequence;'>
+<!ENTITY % formValues '(qualified|unqualified)'>
+
+
+<!ENTITY % attrDecls '((%attribute;| %attributeGroup;)*,(%anyAttribute;)?)'>
+
+<!ENTITY % particleAndAttrs '((%mgs; | %group;)?, %attrDecls;)'>
+
+<!-- This is used in part2 -->
+<!ENTITY % restriction1 '((%mgs; | %group;)?)'>
+
+%xs-datatypes;
+
+<!-- the duplication below is to produce an unambiguous content model
+ which allows annotation everywhere -->
+<!ELEMENT %schema; ((%include; | %import; | %redefine; | %annotation;)*,
+ ((%simpleType; | %complexType;
+ | %element; | %attribute;
+ | %attributeGroup; | %group;
+ | %notation; ),
+ (%annotation;)*)* )>
+<!ATTLIST %schema;
+ targetNamespace %URIref; #IMPLIED
+ version CDATA #IMPLIED
+ %nds; %URIref; #FIXED 'http://www.w3.org/2001/XMLSchema'
+ xmlns CDATA #IMPLIED
+ finalDefault %complexDerivationSet; ''
+ blockDefault %blockSet; ''
+ id ID #IMPLIED
+ elementFormDefault %formValues; 'unqualified'
+ attributeFormDefault %formValues; 'unqualified'
+ xml:lang CDATA #IMPLIED
+ %schemaAttrs;>
+<!-- Note the xmlns declaration is NOT in the Schema for Schemas,
+ because at the Infoset level where schemas operate,
+ xmlns(:prefix) is NOT an attribute! -->
+<!-- The declaration of xmlns is a convenience for schema authors -->
+
+<!-- The id attribute here and below is for use in external references
+ from non-schemas using simple fragment identifiers.
+ It is NOT used for schema-to-schema reference, internal or
+ external. -->
+
+<!-- a type is a named content type specification which allows attribute
+ declarations-->
+<!-- -->
+
+<!ELEMENT %complexType; ((%annotation;)?,
+ (%simpleContent;|%complexContent;|
+ %particleAndAttrs;))>
+
+<!ATTLIST %complexType;
+ name %NCName; #IMPLIED
+ id ID #IMPLIED
+ abstract %boolean; #IMPLIED
+ final %complexDerivationSet; #IMPLIED
+ block %complexDerivationSet; #IMPLIED
+ mixed (true|false) 'false'
+ %complexTypeAttrs;>
+
+<!-- particleAndAttrs is shorthand for a root type -->
+<!-- mixed is disallowed if simpleContent, overriden if complexContent
+ has one too. -->
+
+<!-- If anyAttribute appears in one or more referenced attributeGroups
+ and/or explicitly, the intersection of the permissions is used -->
+
+<!ELEMENT %complexContent; ((%annotation;)?, (%restriction;|%extension;))>
+<!ATTLIST %complexContent;
+ mixed (true|false) #IMPLIED
+ id ID #IMPLIED
+ %complexContentAttrs;>
+
+<!-- restriction should use the branch defined above, not the simple
+ one from part2; extension should use the full model -->
+
+<!ELEMENT %simpleContent; ((%annotation;)?, (%restriction;|%extension;))>
+<!ATTLIST %simpleContent;
+ id ID #IMPLIED
+ %simpleContentAttrs;>
+
+<!-- restriction should use the simple branch from part2, not the
+ one defined above; extension should have no particle -->
+
+<!ELEMENT %extension; ((%annotation;)?, (%particleAndAttrs;))>
+<!ATTLIST %extension;
+ base %QName; #REQUIRED
+ id ID #IMPLIED
+ %extensionAttrs;>
+
+<!-- an element is declared by either:
+ a name and a type (either nested or referenced via the type attribute)
+ or a ref to an existing element declaration -->
+
+<!ELEMENT %element; ((%annotation;)?, (%complexType;| %simpleType;)?,
+ (%unique; | %key; | %keyref;)*)>
+<!-- simpleType or complexType only if no type|ref attribute -->
+<!-- ref not allowed at top level -->
+<!ATTLIST %element;
+ name %NCName; #IMPLIED
+ id ID #IMPLIED
+ ref %QName; #IMPLIED
+ type %QName; #IMPLIED
+ minOccurs %nonNegativeInteger; #IMPLIED
+ maxOccurs CDATA #IMPLIED
+ nillable %boolean; #IMPLIED
+ substitutionGroup %QName; #IMPLIED
+ abstract %boolean; #IMPLIED
+ final %complexDerivationSet; #IMPLIED
+ block %blockSet; #IMPLIED
+ default CDATA #IMPLIED
+ fixed CDATA #IMPLIED
+ form %formValues; #IMPLIED
+ %elementAttrs;>
+<!-- type and ref are mutually exclusive.
+ name and ref are mutually exclusive, one is required -->
+<!-- In the absence of type AND ref, type defaults to type of
+ substitutionGroup, if any, else the ur-type, i.e. unconstrained -->
+<!-- default and fixed are mutually exclusive -->
+
+<!ELEMENT %group; ((%annotation;)?,(%mgs;)?)>
+<!ATTLIST %group;
+ name %NCName; #IMPLIED
+ ref %QName; #IMPLIED
+ minOccurs %nonNegativeInteger; #IMPLIED
+ maxOccurs CDATA #IMPLIED
+ id ID #IMPLIED
+ %groupAttrs;>
+
+<!ELEMENT %all; ((%annotation;)?, (%element;)*)>
+<!ATTLIST %all;
+ minOccurs (1) #IMPLIED
+ maxOccurs (1) #IMPLIED
+ id ID #IMPLIED
+ %allAttrs;>
+
+<!ELEMENT %choice; ((%annotation;)?, (%element;| %group;| %cs; | %any;)*)>
+<!ATTLIST %choice;
+ minOccurs %nonNegativeInteger; #IMPLIED
+ maxOccurs CDATA #IMPLIED
+ id ID #IMPLIED
+ %choiceAttrs;>
+
+<!ELEMENT %sequence; ((%annotation;)?, (%element;| %group;| %cs; | %any;)*)>
+<!ATTLIST %sequence;
+ minOccurs %nonNegativeInteger; #IMPLIED
+ maxOccurs CDATA #IMPLIED
+ id ID #IMPLIED
+ %sequenceAttrs;>
+
+<!-- an anonymous grouping in a model, or
+ a top-level named group definition, or a reference to same -->
+
+<!-- Note that if order is 'all', group is not allowed inside.
+ If order is 'all' THIS group must be alone (or referenced alone) at
+ the top level of a content model -->
+<!-- If order is 'all', minOccurs==maxOccurs==1 on element/any inside -->
+<!-- Should allow minOccurs=0 inside order='all' . . . -->
+
+<!ELEMENT %any; (%annotation;)?>
+<!ATTLIST %any;
+ namespace CDATA '##any'
+ processContents (skip|lax|strict) 'strict'
+ minOccurs %nonNegativeInteger; '1'
+ maxOccurs CDATA '1'
+ id ID #IMPLIED
+ %anyAttrs;>
+
+<!-- namespace is interpreted as follows:
+ ##any - - any non-conflicting WFXML at all
+
+ ##other - - any non-conflicting WFXML from namespace other
+ than targetNamespace
+
+ ##local - - any unqualified non-conflicting WFXML/attribute
+ one or - - any non-conflicting WFXML from
+ more URI the listed namespaces
+ references
+
+ ##targetNamespace ##local may appear in the above list,
+ with the obvious meaning -->
+
+<!ELEMENT %anyAttribute; (%annotation;)?>
+<!ATTLIST %anyAttribute;
+ namespace CDATA '##any'
+ processContents (skip|lax|strict) 'strict'
+ id ID #IMPLIED
+ %anyAttributeAttrs;>
+<!-- namespace is interpreted as for 'any' above -->
+
+<!-- simpleType only if no type|ref attribute -->
+<!-- ref not allowed at top level, name iff at top level -->
+<!ELEMENT %attribute; ((%annotation;)?, (%simpleType;)?)>
+<!ATTLIST %attribute;
+ name %NCName; #IMPLIED
+ id ID #IMPLIED
+ ref %QName; #IMPLIED
+ type %QName; #IMPLIED
+ use (prohibited|optional|required) #IMPLIED
+ default CDATA #IMPLIED
+ fixed CDATA #IMPLIED
+ form %formValues; #IMPLIED
+ %attributeAttrs;>
+<!-- type and ref are mutually exclusive.
+ name and ref are mutually exclusive, one is required -->
+<!-- default for use is optional when nested, none otherwise -->
+<!-- default and fixed are mutually exclusive -->
+<!-- type attr and simpleType content are mutually exclusive -->
+
+<!-- an attributeGroup is a named collection of attribute decls, or a
+ reference thereto -->
+<!ELEMENT %attributeGroup; ((%annotation;)?,
+ (%attribute; | %attributeGroup;)*,
+ (%anyAttribute;)?) >
+<!ATTLIST %attributeGroup;
+ name %NCName; #IMPLIED
+ id ID #IMPLIED
+ ref %QName; #IMPLIED
+ %attributeGroupAttrs;>
+
+<!-- ref iff no content, no name. ref iff not top level -->
+
+<!-- better reference mechanisms -->
+<!ELEMENT %unique; ((%annotation;)?, %selector;, (%field;)+)>
+<!ATTLIST %unique;
+ name %NCName; #REQUIRED
+ id ID #IMPLIED
+ %uniqueAttrs;>
+
+<!ELEMENT %key; ((%annotation;)?, %selector;, (%field;)+)>
+<!ATTLIST %key;
+ name %NCName; #REQUIRED
+ id ID #IMPLIED
+ %keyAttrs;>
+
+<!ELEMENT %keyref; ((%annotation;)?, %selector;, (%field;)+)>
+<!ATTLIST %keyref;
+ name %NCName; #REQUIRED
+ refer %QName; #REQUIRED
+ id ID #IMPLIED
+ %keyrefAttrs;>
+
+<!ELEMENT %selector; ((%annotation;)?)>
+<!ATTLIST %selector;
+ xpath %XPathExpr; #REQUIRED
+ id ID #IMPLIED
+ %selectorAttrs;>
+<!ELEMENT %field; ((%annotation;)?)>
+<!ATTLIST %field;
+ xpath %XPathExpr; #REQUIRED
+ id ID #IMPLIED
+ %fieldAttrs;>
+
+<!-- Schema combination mechanisms -->
+<!ELEMENT %include; (%annotation;)?>
+<!ATTLIST %include;
+ schemaLocation %URIref; #REQUIRED
+ id ID #IMPLIED
+ %includeAttrs;>
+
+<!ELEMENT %import; (%annotation;)?>
+<!ATTLIST %import;
+ namespace %URIref; #IMPLIED
+ schemaLocation %URIref; #IMPLIED
+ id ID #IMPLIED
+ %importAttrs;>
+
+<!ELEMENT %redefine; (%annotation; | %simpleType; | %complexType; |
+ %attributeGroup; | %group;)*>
+<!ATTLIST %redefine;
+ schemaLocation %URIref; #REQUIRED
+ id ID #IMPLIED
+ %redefineAttrs;>
+
+<!ELEMENT %notation; (%annotation;)?>
+<!ATTLIST %notation;
+ name %NCName; #REQUIRED
+ id ID #IMPLIED
+ public CDATA #REQUIRED
+ system %URIref; #IMPLIED
+ %notationAttrs;>
+
+<!-- Annotation is either application information or documentation -->
+<!-- By having these here they are available for datatypes as well
+ as all the structures elements -->
+
+<!ELEMENT %annotation; (%appinfo; | %documentation;)*>
+<!ATTLIST %annotation; %annotationAttrs;>
+
+<!-- User must define annotation elements in internal subset for this
+ to work -->
+<!ELEMENT %appinfo; ANY> <!-- too restrictive -->
+<!ATTLIST %appinfo;
+ source %URIref; #IMPLIED
+ id ID #IMPLIED
+ %appinfoAttrs;>
+<!ELEMENT %documentation; ANY> <!-- too restrictive -->
+<!ATTLIST %documentation;
+ source %URIref; #IMPLIED
+ id ID #IMPLIED
+ xml:lang CDATA #IMPLIED
+ %documentationAttrs;>
+
+<!NOTATION XMLSchemaStructures PUBLIC
+ 'structures' 'http://www.w3.org/2001/XMLSchema.xsd' >
+<!NOTATION XML PUBLIC
+ 'REC-xml-1998-0210' 'http://www.w3.org/TR/1998/REC-xml-19980210' >
diff --git a/id.server/data/test/ixsil/init/schemas/datatypes.dtd b/id.server/data/test/ixsil/init/schemas/datatypes.dtd
new file mode 100644
index 000000000..8e48553be
--- /dev/null
+++ b/id.server/data/test/ixsil/init/schemas/datatypes.dtd
@@ -0,0 +1,203 @@
+<!--
+ DTD for XML Schemas: Part 2: Datatypes
+ $Id: datatypes.dtd,v 1.23 2001/03/16 17:36:30 ht Exp $
+ Note this DTD is NOT normative, or even definitive. - - the
+ prose copy in the datatypes REC is the definitive version
+ (which shouldn't differ from this one except for this comment
+ and entity expansions, but just in case)
+ -->
+
+<!--
+ This DTD cannot be used on its own, it is intended
+ only for incorporation in XMLSchema.dtd, q.v.
+ -->
+
+<!-- Define all the element names, with optional prefix -->
+<!ENTITY % simpleType "%p;simpleType">
+<!ENTITY % restriction "%p;restriction">
+<!ENTITY % list "%p;list">
+<!ENTITY % union "%p;union">
+<!ENTITY % maxExclusive "%p;maxExclusive">
+<!ENTITY % minExclusive "%p;minExclusive">
+<!ENTITY % maxInclusive "%p;maxInclusive">
+<!ENTITY % minInclusive "%p;minInclusive">
+<!ENTITY % totalDigits "%p;totalDigits">
+<!ENTITY % fractionDigits "%p;fractionDigits">
+<!ENTITY % length "%p;length">
+<!ENTITY % minLength "%p;minLength">
+<!ENTITY % maxLength "%p;maxLength">
+<!ENTITY % enumeration "%p;enumeration">
+<!ENTITY % whiteSpace "%p;whiteSpace">
+<!ENTITY % pattern "%p;pattern">
+
+<!--
+ Customisation entities for the ATTLIST of each element
+ type. Define one of these if your schema takes advantage
+ of the anyAttribute='##other' in the schema for schemas
+ -->
+
+<!ENTITY % simpleTypeAttrs "">
+<!ENTITY % restrictionAttrs "">
+<!ENTITY % listAttrs "">
+<!ENTITY % unionAttrs "">
+<!ENTITY % maxExclusiveAttrs "">
+<!ENTITY % minExclusiveAttrs "">
+<!ENTITY % maxInclusiveAttrs "">
+<!ENTITY % minInclusiveAttrs "">
+<!ENTITY % totalDigitsAttrs "">
+<!ENTITY % fractionDigitsAttrs "">
+<!ENTITY % lengthAttrs "">
+<!ENTITY % minLengthAttrs "">
+<!ENTITY % maxLengthAttrs "">
+<!ENTITY % enumerationAttrs "">
+<!ENTITY % whiteSpaceAttrs "">
+<!ENTITY % patternAttrs "">
+
+<!-- Define some entities for informative use as attribute
+ types -->
+<!ENTITY % URIref "CDATA">
+<!ENTITY % XPathExpr "CDATA">
+<!ENTITY % QName "NMTOKEN">
+<!ENTITY % QNames "NMTOKENS">
+<!ENTITY % NCName "NMTOKEN">
+<!ENTITY % nonNegativeInteger "NMTOKEN">
+<!ENTITY % boolean "(true|false)">
+<!ENTITY % simpleDerivationSet "CDATA">
+<!--
+ #all or space-separated list drawn from derivationChoice
+ -->
+
+<!--
+ Note that the use of 'facet' below is less restrictive
+ than is really intended: There should in fact be no
+ more than one of each of minInclusive, minExclusive,
+ maxInclusive, maxExclusive, totalDigits, fractionDigits,
+ length, maxLength, minLength within datatype,
+ and the min- and max- variants of Inclusive and Exclusive
+ are mutually exclusive. On the other hand, pattern and
+ enumeration may repeat.
+ -->
+<!ENTITY % minBound "(%minInclusive; | %minExclusive;)">
+<!ENTITY % maxBound "(%maxInclusive; | %maxExclusive;)">
+<!ENTITY % bounds "%minBound; | %maxBound;">
+<!ENTITY % numeric "%totalDigits; | %fractionDigits;">
+<!ENTITY % ordered "%bounds; | %numeric;">
+<!ENTITY % unordered
+ "%pattern; | %enumeration; | %whiteSpace; | %length; |
+ %maxLength; | %minLength;">
+<!ENTITY % facet "%ordered; | %unordered;">
+<!ENTITY % facetAttr
+ "value CDATA #REQUIRED
+ id ID #IMPLIED">
+<!ENTITY % fixedAttr "fixed %boolean; #IMPLIED">
+<!ENTITY % facetModel "(%annotation;)?">
+<!ELEMENT %simpleType;
+ ((%annotation;)?, (%restriction; | %list; | %union;))>
+<!ATTLIST %simpleType;
+ name %NCName; #IMPLIED
+ final %simpleDerivationSet; #IMPLIED
+ id ID #IMPLIED
+ %simpleTypeAttrs;>
+<!-- name is required at top level -->
+<!ELEMENT %restriction; ((%annotation;)?,
+ (%restriction1; |
+ ((%simpleType;)?,(%facet;)*)),
+ (%attrDecls;))>
+<!ATTLIST %restriction;
+ base %QName; #IMPLIED
+ id ID #IMPLIED
+ %restrictionAttrs;>
+<!--
+ base and simpleType child are mutually exclusive,
+ one is required.
+
+ restriction is shared between simpleType and
+ simpleContent and complexContent (in XMLSchema.xsd).
+ restriction1 is for the latter cases, when this
+ is restricting a complex type, as is attrDecls.
+ -->
+<!ELEMENT %list; ((%annotation;)?,(%simpleType;)?)>
+<!ATTLIST %list;
+ itemType %QName; #IMPLIED
+ id ID #IMPLIED
+ %listAttrs;>
+<!--
+ itemType and simpleType child are mutually exclusive,
+ one is required
+ -->
+<!ELEMENT %union; ((%annotation;)?,(%simpleType;)*)>
+<!ATTLIST %union;
+ id ID #IMPLIED
+ memberTypes %QNames; #IMPLIED
+ %unionAttrs;>
+<!--
+ At least one item in memberTypes or one simpleType
+ child is required
+ -->
+
+<!ELEMENT %maxExclusive; %facetModel;>
+<!ATTLIST %maxExclusive;
+ %facetAttr;
+ %fixedAttr;
+ %maxExclusiveAttrs;>
+<!ELEMENT %minExclusive; %facetModel;>
+<!ATTLIST %minExclusive;
+ %facetAttr;
+ %fixedAttr;
+ %minExclusiveAttrs;>
+
+<!ELEMENT %maxInclusive; %facetModel;>
+<!ATTLIST %maxInclusive;
+ %facetAttr;
+ %fixedAttr;
+ %maxInclusiveAttrs;>
+<!ELEMENT %minInclusive; %facetModel;>
+<!ATTLIST %minInclusive;
+ %facetAttr;
+ %fixedAttr;
+ %minInclusiveAttrs;>
+
+<!ELEMENT %totalDigits; %facetModel;>
+<!ATTLIST %totalDigits;
+ %facetAttr;
+ %fixedAttr;
+ %totalDigitsAttrs;>
+<!ELEMENT %fractionDigits; %facetModel;>
+<!ATTLIST %fractionDigits;
+ %facetAttr;
+ %fixedAttr;
+ %fractionDigitsAttrs;>
+
+<!ELEMENT %length; %facetModel;>
+<!ATTLIST %length;
+ %facetAttr;
+ %fixedAttr;
+ %lengthAttrs;>
+<!ELEMENT %minLength; %facetModel;>
+<!ATTLIST %minLength;
+ %facetAttr;
+ %fixedAttr;
+ %minLengthAttrs;>
+<!ELEMENT %maxLength; %facetModel;>
+<!ATTLIST %maxLength;
+ %facetAttr;
+ %fixedAttr;
+ %maxLengthAttrs;>
+
+<!-- This one can be repeated -->
+<!ELEMENT %enumeration; %facetModel;>
+<!ATTLIST %enumeration;
+ %facetAttr;
+ %enumerationAttrs;>
+
+<!ELEMENT %whiteSpace; %facetModel;>
+<!ATTLIST %whiteSpace;
+ %facetAttr;
+ %fixedAttr;
+ %whiteSpaceAttrs;>
+
+<!-- This one can be repeated -->
+<!ELEMENT %pattern; %facetModel;>
+<!ATTLIST %pattern;
+ %facetAttr;
+ %patternAttrs;>
diff --git a/id.server/data/test/xmldata/ErrorResponse.xml b/id.server/data/test/xmldata/ErrorResponse.xml
new file mode 100644
index 000000000..db70c2560
--- /dev/null
+++ b/id.server/data/test/xmldata/ErrorResponse.xml
@@ -0,0 +1,4 @@
+<?xml version='1.0' encoding='UTF-8'?><sl10:ErrorResponse xmlns:sl10='http://www.buergerkarte.at/namespaces/securitylayer/20020225#'>
+ <sl10:ErrorCode>29002</sl10:ErrorCode>
+ <sl10:Info>Ein unerwarteter Fehler ist aufgetreten. Die Verarbeitung wurde abgebrochen. Fehler:null</sl10:Info>
+</sl10:ErrorResponse> \ No newline at end of file
diff --git a/id.server/data/test/xmldata/GetIdentityLinkForm.html b/id.server/data/test/xmldata/GetIdentityLinkForm.html
new file mode 100644
index 000000000..b7828e598
--- /dev/null
+++ b/id.server/data/test/xmldata/GetIdentityLinkForm.html
@@ -0,0 +1,20 @@
+<html>
+<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
+<head>
+<title>Auslesen der Personenbindung</title>
+
+</head>
+<body>
+<form name="GetIdentityLinkForm"
+ action="http://localhost:3495/http-security-layer-request"
+ method="post">
+ <input type="hidden"
+ name="XMLRequest"
+ value="<?xml version='1.0' encoding='ISO-8859-1' ?><sl10:InfoboxReadRequest xmlns:sl10='http://www.buergerkarte.at/namespaces/securitylayer/20020225#'><sl10:InfoboxIdentifier>IdentityLink</sl10:InfoboxIdentifier><sl10:BinaryFileParameters ContentIsXMLEntity='true'/></sl10:InfoboxReadRequest>"/>
+ <input type="hidden"
+ name="DataURL"
+ value="https://localhost:8443/moa-id-auth/VerifyIdentityLink?MOASessionID=3579795857269397498"/>
+ <input type="submit" value="Auslesen der Personenbindung"/>
+</form>
+</body>
+</html> \ No newline at end of file
diff --git a/id.server/data/test/xmldata/standard/AuthenticationDataAssertion.xml b/id.server/data/test/xmldata/standard/AuthenticationDataAssertion.xml
new file mode 100644
index 000000000..2cfa65c96
--- /dev/null
+++ b/id.server/data/test/xmldata/standard/AuthenticationDataAssertion.xml
@@ -0,0 +1,127 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!-- edited with XMLSPY v5 rel. 3 U (http://www.xmlspy.com) by Paul Ivancsics (My Own) -->
+<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" MajorVersion="1" MinorVersion="0" AssertionID="-4633313027464114584" Issuer="http://localhost:8080/moa-id-auth/" IssueInstant="2003-04-02T14:55:42+02:00">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier NameQualifier="http://reference.e-government.gv.at/names/vpk/20020221#">MTk2OC0xMC0yMmdi</saml:NameIdentifier>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" MajorVersion="1" MinorVersion="0" AssertionID="any" Issuer="Hermann Muster" IssueInstant="2003-04-02T14:55:27+02:00">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+ </saml:Assertion>
+ <saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+ <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:SignedInfo>
+ <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+ <dsig:Reference URI="">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue>
+ </dsig:Reference>
+ <dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath>
+ </dsig:Transform>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue>
+ </dsig:Reference>
+ </dsig:SignedInfo>
+ <dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz 5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP 3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue>
+ <dsig:KeyInfo>
+ <dsig:X509Data>
+ <dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3 +UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0 lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2 fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0 Btxup/kgjGMnnS7C</dsig:X509Certificate>
+ <dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia 2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv 7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate>
+ <dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB /wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 kFfp23o/juVtJNw=</dsig:X509Certificate>
+ </dsig:X509Data>
+ </dsig:KeyInfo>
+ <dsig:Object>
+ <dsig:Manifest>
+ <dsig:Reference URI="">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue>
+ </dsig:Reference>
+ </dsig:Manifest>
+ </dsig:Object>
+ </dsig:Signature>
+ </saml:Assertion>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="PersonData" AttributeNamespace="http://reference.e-government.gv.at/namespace/persondata/20020228#">
+ <saml:AttributeValue>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="isQualifiedCertificate" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>false</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion>
diff --git a/id.server/data/test/xmldata/standard/CreateXMLSignatureRequest.xml b/id.server/data/test/xmldata/standard/CreateXMLSignatureRequest.xml
new file mode 100644
index 000000000..4a5f02dcd
--- /dev/null
+++ b/id.server/data/test/xmldata/standard/CreateXMLSignatureRequest.xml
@@ -0,0 +1,52 @@
+<?xml version='1.0' encoding='ISO-8859-1' ?>
+<sl11:CreateXMLSignatureRequest xmlns:dsig='http://www.w3.org/2000/09/xmldsig#' xmlns:sl10='http://www.buergerkarte.at/namespaces/securitylayer/20020225#' xmlns:sl11='http://www.buergerkarte.at/namespaces/securitylayer/20020831#'>
+ <sl11:KeyboxIdentifier>SecureSignatureKeypair</sl11:KeyboxIdentifier>
+ <sl11:DataObjectInfo Structure='detached'>
+ <sl10:DataObject Reference=''/>
+<sl10:TransformsInfo>
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" >
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br /><br />
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer" /></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant" /></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue" /></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue" /></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier" /></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet>
+ </dsig:Transform>
+ </dsig:Transforms>
+ <sl10:FinalDataMetaInfo>
+ <sl10:MimeType>text/html</sl10:MimeType>
+ </sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo> </sl11:DataObjectInfo>
+ <sl11:SignatureInfo>
+ <sl11:SignatureEnvironment>
+ <sl10:XMLContent><saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' MajorVersion='1' MinorVersion='0' AssertionID='any' Issuer='Hermann Muster' IssueInstant='2003-02-26T09:25:50+01:00'>
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName='Geschäftsbereich' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='OA' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>http://localhost:9080/login.html</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion></sl10:XMLContent>
+ </sl11:SignatureEnvironment>
+ <sl11:SignatureLocation Index='2'>/saml:Assertion</sl11:SignatureLocation>
+ </sl11:SignatureInfo>
+</sl11:CreateXMLSignatureRequest> \ No newline at end of file
diff --git a/id.server/data/test/xmldata/standard/CreateXMLSignatureResponse.xml b/id.server/data/test/xmldata/standard/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..5a4759b7a
--- /dev/null
+++ b/id.server/data/test/xmldata/standard/CreateXMLSignatureResponse.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OA&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;Geschäftsbereich&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n
+FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0
+YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+</saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/test/xmldata/standard/VerifyXMLSignaterResponse.xml b/id.server/data/test/xmldata/standard/VerifyXMLSignaterResponse.xml
new file mode 100644
index 000000000..9b8fa743f
--- /dev/null
+++ b/id.server/data/test/xmldata/standard/VerifyXMLSignaterResponse.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyXMLSignatureResponse xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xml="http://www.w3.org/XML/1998/namespace"><SignerInfo><dsig:X509Data><dsig:X509IssuerSerial><dsig:X509IssuerName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>0</dsig:X509SerialNumber></dsig:X509IssuerSerial><dsig:X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</dsig:X509SubjectName><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB /wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 kFfp23o/juVtJNw=</dsig:X509Certificate><PublicAuthority><Code>BMOLS-IKT</Code></PublicAuthority></dsig:X509Data></SignerInfo><HashInputData><Base64Content>PFZlcmlmeVhNTFNpZ25hdHVyZVJlcXVlc3QgeG1sbnM9Imh0dHA6Ly9yZWZlcmVu Y2UuZS1nb3Zlcm5tZW50Lmd2LmF0L25hbWVzcGFjZS9tb2EvMjAwMjA4MjIjIiB4 bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4g IDxWZXJpZnlTaWduYXR1cmVJbmZvPiAgICA8VmVyaWZ5U2lnbmF0dXJlRW52aXJv bm1lbnQ+ICAgICAgPFhNTENvbnRlbnQgeG1sOnNwYWNlPSJwcmVzZXJ2ZSI+PHNh bWw6QXNzZXJ0aW9uIHhtbG5zOnByPSJodHRwOi8vcmVmZXJlbmNlLmUtZ292ZXJu bWVudC5ndi5hdC9uYW1lc3BhY2UvcGVyc29uZGF0YS8yMDAyMDIyOCMiIHhtbG5z OnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMDphc3NlcnRpb24iIHht bG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFu Y2UiIEFzc2VydGlvbklEPSJ6bXIuYm1pLmd2LmF0LUFzc2VydGlvbklELTIwMDMt MDItMTJUMjA6Mjg6MzQuNDc0IiBJc3N1ZUluc3RhbnQ9IjIwMDMtMDItMTJUMjA6 Mjg6MzQuNDc0IiBJc3N1ZXI9Imh0dHA6Ly96bXIuYm1pLmd2LmF0L3ptcmEvbmFt ZXMjSXNzdWVyIiBNYWpvclZlcnNpb249IjEiIE1pbm9yVmVyc2lvbj0iMCI+CiAg PHNhbWw6QXR0cmlidXRlU3RhdGVtZW50PgogICAgPHNhbWw6U3ViamVjdD4KICAg ICAgPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4KICAgICAgICA8c2FtbDpDb25m aXJtYXRpb25NZXRob2Q+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOmNtOnNl bmRlci12b3VjaGVzPC9zYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD4KICAgICAgICA8 c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT4KICAgICAgICAgIDxwcjpQZXJz b24geHNpOnR5cGU9InByOlBoeXNpY2FsUGVyc29uVHlwZSI+CiAgICAgICAgICAg IAogICAgICAgICAgICA8cHI6TmFtZT4KICAgICAgICAgICAgICA8cHI6R2l2ZW5O YW1lPkhlcm1hbm48L3ByOkdpdmVuTmFtZT4KICAgICAgICAgICAgICA8cHI6RmFt aWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPk11c3RlcjwvcHI6RmFtaWx5TmFt ZT4KICAgICAgICAgICAgPC9wcjpOYW1lPgogICAgICAgICAgICA8cHI6RGF0ZU9m QmlydGg+MTk2OC0xMC0yMjwvcHI6RGF0ZU9mQmlydGg+CiAgICAgICAgICA8L3By OlBlcnNvbj4KICAgICAgICA8L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGE+ CiAgICAgIDwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPgogICAgPC9zYW1sOlN1 YmplY3Q+CiAgICA8c2FtbDpBdHRyaWJ1dGUgQXR0cmlidXRlTmFtZT0iQ2l0aXpl blB1YmxpY0tleSIgQXR0cmlidXRlTmFtZXNwYWNlPSJodHRwOi8vd3d3LmJ1ZXJn ZXJrYXJ0ZS5hdC9uYW1lc3BhY2VzL3BlcnNvbmVuYmluZHVuZy8yMDAyMDUwNiMi PgogICAgICA8c2FtbDpBdHRyaWJ1dGVWYWx1ZT4KICAgICAgICA8ZHNpZzpSU0FL ZXlWYWx1ZT4KICAgICAgICAgIDxkc2lnOk1vZHVsdXM+MHYxRnRmN1dYZ29leHgw Sm8vR3JsRXhIT0huUUlFUTVGRlNqcHRMUmQ1Qk4xbVpZUmcyUzlLZk9NYkhTQ3Np UG04QXdqQUV3RTVFTSBBNlAxOFovWXlUSXVQN2ZOR3pja2JCNVBZSWdOTUhMOC9U WUpoSEE4Q2phbXNCckVmWURYaXZFOGlBdkFMZzVJOVJNTFpBRG16TDdhIGYyZGFZ WXVPOGR5Y1F3M3hnNlU9PC9kc2lnOk1vZHVsdXM+CiAgICAgICAgICA8ZHNpZzpF eHBvbmVudD5BUUFCPC9kc2lnOkV4cG9uZW50PgogICAgICAgIDwvZHNpZzpSU0FL ZXlWYWx1ZT4KICAgICAgPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPgogICAgPC9zYW1s OkF0dHJpYnV0ZT4KICAgIDxzYW1sOkF0dHJpYnV0ZSBBdHRyaWJ1dGVOYW1lPSJD aXRpemVuUHVibGljS2V5IiBBdHRyaWJ1dGVOYW1lc3BhY2U9Imh0dHA6Ly93d3cu YnVlcmdlcmthcnRlLmF0L25hbWVzcGFjZXMvcGVyc29uZW5iaW5kdW5nLzIwMDIw NTA2IyI+CiAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlPgogICAgICAgIDxkc2ln OlJTQUtleVZhbHVlPgogICAgICAgICAgPGRzaWc6TW9kdWx1cz5pMnFhNTZYNGZw WWVYcUZMWEFjUWxqR1UzK0RXblZnTnJBeEk5Z24yYk1lRld0TFhFMlNGYTZxdmw5 RXltVWwwbm9CbEZuMHE5RFdwIEFzeWVMblJoekNBWEplU3hpd3NVRWxvT3ZjUUNW MERmVzJVVnEwWTliVmxKOEtpZkoyQVMrNUJ4WjIxbWtjL1ZZeDVRejZFWWpQcm4g cElwZEF3UjlzdzV4bkl2VHlTYz08L2RzaWc6TW9kdWx1cz4KICAgICAgICAgIDxk c2lnOkV4cG9uZW50PkFRQUI8L2RzaWc6RXhwb25lbnQ+CiAgICAgICAgPC9kc2ln OlJTQUtleVZhbHVlPgogICAgICA8L3NhbWw6QXR0cmlidXRlVmFsdWU+CiAgICA8 L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+Cjwvc2Ft bDpBc3NlcnRpb24+PC9YTUxDb250ZW50PiAgICA8L1ZlcmlmeVNpZ25hdHVyZUVu dmlyb25tZW50PiAgICA8VmVyaWZ5U2lnbmF0dXJlTG9jYXRpb24+Ly9kc2lnOlNp Z25hdHVyZTwvVmVyaWZ5U2lnbmF0dXJlTG9jYXRpb24+ICA8L1ZlcmlmeVNpZ25h dHVyZUluZm8+ICA8UmV0dXJuSGFzaElucHV0RGF0YT48L1JldHVybkhhc2hJbnB1 dERhdGE+ICA8VHJ1c3RQcm9maWxlSUQ+VHJ1c3RQcm9maWxlMTwvVHJ1c3RQcm9m aWxlSUQ+PC9WZXJpZnlYTUxTaWduYXR1cmVSZXF1ZXN0Pg==</Base64Content></HashInputData><HashInputData><Base64Content>PGRzaWc6TWFuaWZlc3QgeG1sbnM9Imh0dHA6Ly9yZWZlcmVuY2UuZS1nb3Zlcm5t ZW50Lmd2LmF0L25hbWVzcGFjZS9tb2EvMjAwMjA4MjIjIiB4bWxuczpkc2lnPSJo dHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIiB4bWxuczpwcj0iaHR0 cDovL3JlZmVyZW5jZS5lLWdvdmVybm1lbnQuZ3YuYXQvbmFtZXNwYWNlL3BlcnNv bmRhdGEvMjAwMjAyMjgjIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6 U0FNTDoxLjA6YXNzZXJ0aW9uIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3Jn LzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4bWw6c3BhY2U9InByZXNlcnZlIj48 ZHNpZzpSZWZlcmVuY2UgVVJJPSIiPjxkc2lnOlRyYW5zZm9ybXM+PGRzaWc6VHJh bnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxk c2lnI2VudmVsb3BlZC1zaWduYXR1cmUiPjwvZHNpZzpUcmFuc2Zvcm0+PC9kc2ln OlRyYW5zZm9ybXM+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDov L3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiPjwvZHNpZzpEaWdlc3RN ZXRob2Q+PGRzaWc6RGlnZXN0VmFsdWU+QnF6ZkNCN2ROZzRHM3U0WWF4cEQxdEFM ZEtJPTwvZHNpZzpEaWdlc3RWYWx1ZT48L2RzaWc6UmVmZXJlbmNlPjwvZHNpZzpN YW5pZmVzdD4=</Base64Content></HashInputData><SignatureCheck><Code>1</Code></SignatureCheck><XMLDSIGManifestCheck><Code>1</Code><Info><ReferringSigReference>1</ReferringSigReference></Info></XMLDSIGManifestCheck><CertificateCheck><Code>1</Code></CertificateCheck></VerifyXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/test/xmldata/testperson1/InfoboxReadResponse.xml b/id.server/data/test/xmldata/testperson1/InfoboxReadResponse.xml
new file mode 100644
index 000000000..a35b7f209
--- /dev/null
+++ b/id.server/data/test/xmldata/testperson1/InfoboxReadResponse.xml
@@ -0,0 +1,97 @@
+<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse> \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-03 18:14:45 +0000