aboutsummaryrefslogtreecommitdiff
path: root/id.server
diff options
context:
space:
mode:
Diffstat (limited to 'id.server')
-rw-r--r--id.server/.classpath36
-rw-r--r--id.server/.cvsignore2
-rw-r--r--id.server/.project18
-rw-r--r--id.server/.tomcatplugin8
-rw-r--r--id.server/MOA-ID_release_notes.txt89
-rw-r--r--id.server/build.xml359
-rw-r--r--id.server/data/abnahme-test/conf/CopyConfigAbnahme.bat40
-rw-r--r--id.server/data/abnahme-test/conf/OAConfBasicAuth.xml10
-rw-r--r--id.server/data/abnahme-test/conf/OAConfHeaderAuth.xml13
-rw-r--r--id.server/data/abnahme-test/conf/OAConfParamAuth.xml10
-rw-r--r--id.server/data/abnahme-test/conf/deploy_AUTH.bat12
-rw-r--r--id.server/data/abnahme-test/conf/log4j.properties41
-rw-r--r--id.server/data/abnahme-test/conf/moa-id/ConfigurationTest.xml64
-rw-r--r--id.server/data/abnahme-test/conf/moa/ConfigurationTest.xml136
-rw-r--r--id.server/data/abnahme-test/conf/moa/TrustProfile1/Buergerkarte01Root.cerbin0 -> 876 bytes
-rw-r--r--id.server/data/abnahme-test/conf/moa/TrustProfile1/IAIK_TestRoot.cerbin0 -> 987 bytes
-rw-r--r--id.server/data/abnahme-test/conf/moa/TrustProfile1/Max_Mustermann.cerbin0 -> 965 bytes
-rw-r--r--id.server/data/abnahme-test/conf/moa/TrustProfile1/TestPersonMOA1.cerbin0 -> 1321 bytes
-rw-r--r--id.server/data/abnahme-test/conf/moa/TrustProfile1/TestPersonMOA4.cerbin0 -> 1321 bytes
-rw-r--r--id.server/data/abnahme-test/conf/moa/TrustProfile1/test-ee2003_normal_inkl_verwaltungs_oid.derbin0 -> 1886 bytes
-rw-r--r--id.server/data/abnahme-test/conf/moa/TrustProfile2/Max_Mustermann.cerbin0 -> 965 bytes
-rw-r--r--id.server/data/abnahme-test/conf/moa/common/endorsed/xercesImpl.jarbin0 -> 933730 bytes
-rw-r--r--id.server/data/abnahme-test/conf/moa/common/endorsed/xmlParserAPIs.jarbin0 -> 78440 bytes
-rw-r--r--id.server/data/abnahme-test/conf/moa/keys/DSA.512.p12bin0 -> 2467 bytes
-rw-r--r--id.server/data/abnahme-test/conf/moa/keys/ecc(ego).p12bin0 -> 1234 bytes
-rw-r--r--id.server/data/abnahme-test/conf/moa/keys/normal-eeExpired.p12bin0 -> 2797 bytes
-rw-r--r--id.server/data/abnahme-test/conf/moa/keys/sicher-demo(buergerkarte).p12bin0 -> 3077 bytes
-rw-r--r--id.server/data/abnahme-test/conf/moa/keys/test-ee2003_normal(buergerkarte).p12bin0 -> 3077 bytes
-rw-r--r--id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile1MOAID.xml19
-rw-r--r--id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile2MOAID.xml3
-rw-r--r--id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile3MOAID.xml19
-rw-r--r--id.server/data/abnahme-test/conf/moa/runAbnahme.bat12
-rw-r--r--id.server/data/abnahme-test/conf/moa/server.xml423
-rw-r--r--id.server/data/abnahme-test/conf/transforms/TransformsInfosHTML.xml63
-rw-r--r--id.server/data/abnahme-test/ixsil/init/properties/algorithms.properties94
-rw-r--r--id.server/data/abnahme-test/ixsil/init/properties/init.properties214
-rw-r--r--id.server/data/abnahme-test/ixsil/init/properties/keyManager.properties74
-rw-r--r--id.server/data/abnahme-test/ixsil/init/schemas/Signature.xsd328
-rw-r--r--id.server/data/abnahme-test/ixsil/init/schemas/XMLSchema.dtd402
-rw-r--r--id.server/data/abnahme-test/ixsil/init/schemas/datatypes.dtd203
-rw-r--r--id.server/data/abnahme-test/xmldata/A100/A101/htmlForm.html177
-rw-r--r--id.server/data/abnahme-test/xmldata/A100/A102/htmlForm.html177
-rw-r--r--id.server/data/abnahme-test/xmldata/A100/A103/htmlForm.html177
-rw-r--r--id.server/data/abnahme-test/xmldata/A100/AuthTemplate.html30
-rw-r--r--id.server/data/abnahme-test/xmldata/A200/A201/CreateXMLSignatureRequest.xml88
-rw-r--r--id.server/data/abnahme-test/xmldata/A200/A254/InfoboxReadResponse.xml97
-rw-r--r--id.server/data/abnahme-test/xmldata/A200/A255/InfoboxReadResponse.xml97
-rw-r--r--id.server/data/abnahme-test/xmldata/A200/A256/InfoboxReadResponse.xml108
-rw-r--r--id.server/data/abnahme-test/xmldata/A200/A257/InfoboxReadResponse.xml97
-rw-r--r--id.server/data/abnahme-test/xmldata/A200/A258/InfoboxReadResponse.xml97
-rw-r--r--id.server/data/abnahme-test/xmldata/A200/A259/InfoboxReadResponse.xml87
-rw-r--r--id.server/data/abnahme-test/xmldata/A200/A260/InfoboxReadResponse.xml41
-rw-r--r--id.server/data/abnahme-test/xmldata/A200/A261/InfoboxReadResponse.xml97
-rw-r--r--id.server/data/abnahme-test/xmldata/A200/A262/Configuration.xml103
-rw-r--r--id.server/data/abnahme-test/xmldata/A200/A262/InfoboxReadResponse.xml98
-rw-r--r--id.server/data/abnahme-test/xmldata/A200/A263/InfoboxReadResponse.xml98
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A301/AuthenticationData.xml25
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A301/Configuration.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A302/AuthenticationData.xml121
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A302/Configuration.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A303/AuthenticationData.xml37
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A303/Configuration.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A304/AuthenticationData.xml133
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A304/Configuration.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A305/AuthenticationData.xml28
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A305/Configuration.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A306/AuthenticationData.xml124
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A306/Configuration.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A307/AuthenticationData.xml40
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A307/Configuration.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A308/AuthenticationData.xml136
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A308/Configuration.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A309/AuthenticationData.xml25
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A309/Configuration.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A309/CreateXMLSignatureResponse.xml52
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A310/AuthenticationData.xml25
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A310/Configuration.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A310/CreateXMLSignatureResponse.xml52
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A311/AuthenticationData.xml28
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A311/Configuration.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A311/CreateXMLSignatureResponse.xml52
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A355/CreateXMLSignatureResponse.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A356/CreateXMLSignatureResponse.xml62
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A357/CreateXMLSignatureResponse.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A358/CreateXMLSignatureResponse.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A359/CreateXMLSignatureResponse.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A360/CreateXMLSignatureResponse.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A361/CreateXMLSignatureResponse.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A362/CreateXMLSignatureResponse.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A363/CreateXMLSignatureResponse.xml13
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A364/CreateXMLSignatureResponse.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A366/Configuration.xml65
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A367/Configuration.xml65
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A367/CreateXMLSignatureResponse.xml94
-rw-r--r--id.server/data/abnahme-test/xmldata/A400/A401/AuthenticationData.xml136
-rw-r--r--id.server/data/abnahme-test/xmldata/A600/A601/GetAuthenticationDataWebServiceResponse.xml136
-rw-r--r--id.server/data/abnahme-test/xmldata/A700/A701/AuthTemplate.html30
-rw-r--r--id.server/data/abnahme-test/xmldata/A700/A701/BKUSelectionTemplate.html14
-rw-r--r--id.server/data/abnahme-test/xmldata/A700/A701/SelectBKUForm.html20
-rw-r--r--id.server/data/abnahme-test/xmldata/A700/A702/SelectBKUForm.html20
-rw-r--r--id.server/data/abnahme-test/xmldata/A700/A703/Configuration.xml35
-rw-r--r--id.server/data/abnahme-test/xmldata/A700/A703/SelectBKUForm.html1
-rw-r--r--id.server/data/abnahme-test/xmldata/A700/Configuration.xml35
-rw-r--r--id.server/data/abnahme-test/xmldata/A700/getBKUSelectTag.jsp6
-rw-r--r--id.server/data/abnahme-test/xmldata/C000/C001/Configuration.xml61
-rw-r--r--id.server/data/abnahme-test/xmldata/C000/C002/Configuration.xml24
-rw-r--r--id.server/data/abnahme-test/xmldata/C000/C003/Configuration.xml17
-rw-r--r--id.server/data/abnahme-test/xmldata/C000/C051/ConfigurationC051.xml12
-rw-r--r--id.server/data/abnahme-test/xmldata/Configuration.xml105
-rw-r--r--id.server/data/abnahme-test/xmldata/CreateXMLSignatureResponse.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/InfoboxReadResponse.xml97
-rw-r--r--id.server/data/abnahme-test/xmldata/L000/Configuration.xml105
-rw-r--r--id.server/data/abnahme-test/xmldata/L000/CreateXMLSignatureResponse.xml94
-rw-r--r--id.server/data/abnahme-test/xmldata/L000/InfoboxReadResponse.xml97
-rw-r--r--id.server/data/certs/TrustProfile1/A-Trust-Qual-01.cerbin0 -> 1110 bytes
-rw-r--r--id.server/data/certs/TrustProfile1/A-Trust-nQual-01.cerbin0 -> 864 bytes
-rw-r--r--id.server/data/certs/TrustProfile1/Buergerkarte01Root.cerbin0 -> 876 bytes
-rw-r--r--id.server/data/certs/TrustProfile1/C.CA.DS.cerbin0 -> 1136 bytes
-rw-r--r--id.server/data/certs/TrustProfile1/IAIKRoot.cerbin0 -> 883 bytes
-rw-r--r--id.server/data/certs/TrustProfile1/IAIKRootMusterbehoerde.cerbin0 -> 863 bytes
-rw-r--r--id.server/data/certs/TrustProfile1/TestPersonMOA4.cerbin0 -> 1321 bytes
-rw-r--r--id.server/data/certs/TrustProfile1/a-sign-TEST-Premium-Enc-01.cerbin0 -> 1136 bytes
-rw-r--r--id.server/data/certs/TrustProfile1/a-sign-TEST-nQual-01.cerbin0 -> 994 bytes
-rw-r--r--id.server/data/certs/TrustProfile1/ecdsaroot_der.cerbin0 -> 540 bytes
-rw-r--r--id.server/data/certs/TrustProfile1/hsm.cer13
-rw-r--r--id.server/data/certs/TrustProfile1/moahsmcert.cer13
-rw-r--r--id.server/data/certs/ca-certs/GTE CyberTrust Root.cerbin0 -> 510 bytes
-rw-r--r--id.server/data/certs/ca-certs/TrustMark-WebServer-01.cerbin0 -> 1030 bytes
-rw-r--r--id.server/data/certs/ca-certs/VeriSignRSA Secure Server CA.cerbin0 -> 568 bytes
-rw-r--r--id.server/data/certs/ca-certs/a-sign-corporate-light-01.cerbin0 -> 1065 bytes
-rw-r--r--id.server/data/certs/ca-certs/intermediate.cerbin0 -> 890 bytes
-rw-r--r--id.server/data/certs/ca-certs/root.cerbin0 -> 881 bytes
-rw-r--r--id.server/data/certs/client-certs/key.pem18
-rw-r--r--id.server/data/certs/client-certs/key2.pem18
-rw-r--r--id.server/data/certs/client-certs/req.cerbin0 -> 746 bytes
-rw-r--r--id.server/data/certs/client-certs/req.pem18
-rw-r--r--id.server/data/certs/client-certs/req2.pem18
-rw-r--r--id.server/data/certs/keystores/client.keystorebin0 -> 814 bytes
-rw-r--r--id.server/data/certs/keystores/client.p12bin0 -> 1860 bytes
-rw-r--r--id.server/data/certs/keystores/client2.p12bin0 -> 1856 bytes
-rw-r--r--id.server/data/certs/keystores/server.keystorebin0 -> 1360 bytes
-rw-r--r--id.server/data/certs/keystores/testlinux.keystorebin0 -> 5417 bytes
-rw-r--r--id.server/data/certs/keystores/testlinux_plus_client.keystorebin0 -> 6199 bytes
-rw-r--r--id.server/data/certs/keystores/testlinux_rev.keystorebin0 -> 5417 bytes
-rw-r--r--id.server/data/certs/server-certs/a-trust.cerbin0 -> 1100 bytes
-rw-r--r--id.server/data/certs/server-certs/baltimore.cerbin0 -> 693 bytes
-rw-r--r--id.server/data/certs/server-certs/cio.cerbin0 -> 1185 bytes
-rw-r--r--id.server/data/certs/server-certs/testlinux.crtbin0 -> 1018 bytes
-rw-r--r--id.server/data/certs/server-certs/testlinux_rev.crtbin0 -> 1018 bytes
-rw-r--r--id.server/data/certs/server-certs/testwin.cerbin0 -> 1000 bytes
-rw-r--r--id.server/data/certs/server-certs/testwin_rev.cerbin0 -> 1000 bytes
-rw-r--r--id.server/data/certs/server-certs/tomcat-server.crtbin0 -> 580 bytes
-rw-r--r--id.server/data/certs/server-certs/verisign.cerbin0 -> 977 bytes
-rw-r--r--id.server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml81
-rw-r--r--id.server/data/deploy/conf/moa-id/log4j.properties22
-rw-r--r--id.server/data/deploy/conf/moa-id/oa/SampleOAConfiguration.xml10
-rw-r--r--id.server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml63
-rw-r--r--id.server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml14
-rw-r--r--id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8Fbin0 -> 861 bytes
-rw-r--r--id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/9E0512DD61DA5949D1D8631C3F19D75F496C3733bin0 -> 864 bytes
-rw-r--r--id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/E6E6FC88719177C9B7421825757C5E47BCAC85F6bin0 -> 860 bytes
-rw-r--r--id.server/data/deploy/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92bin0 -> 1110 bytes
-rw-r--r--id.server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml19
-rw-r--r--id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-Qual-01-SN0291.cerbin0 -> 1110 bytes
-rw-r--r--id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN0213.cerbin0 -> 864 bytes
-rw-r--r--id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN0218.cerbin0 -> 861 bytes
-rw-r--r--id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN6f.cerbin0 -> 860 bytes
-rw-r--r--id.server/data/deploy/tomcat/moa-id-env.bat1
-rw-r--r--id.server/data/deploy/tomcat/moa-id-env.sh1
-rw-r--r--id.server/data/deploy/tomcat/server.mod_jk.xml201
-rw-r--r--id.server/data/deploy/tomcat/server.xml157
-rw-r--r--id.server/data/deploy/tomcat/uriworkermap.properties7
-rw-r--r--id.server/data/deploy/tomcat/workers.properties6
-rw-r--r--id.server/data/test/conf/ConfigurationTest.xml103
-rw-r--r--id.server/data/test/conf/OAConfBasicAuth.xml10
-rw-r--r--id.server/data/test/conf/OAConfHeaderAuth.xml13
-rw-r--r--id.server/data/test/conf/OAConfParamAuth.xml10
-rw-r--r--id.server/data/test/conf/log4j.properties10
-rw-r--r--id.server/data/test/conf/transforms/TransformsInfosHTML.xml63
-rw-r--r--id.server/data/test/ixsil/init/properties/algorithms.properties94
-rw-r--r--id.server/data/test/ixsil/init/properties/init.properties214
-rw-r--r--id.server/data/test/ixsil/init/properties/keyManager.properties74
-rw-r--r--id.server/data/test/ixsil/init/schemas/Signature.xsd328
-rw-r--r--id.server/data/test/ixsil/init/schemas/XMLSchema.dtd402
-rw-r--r--id.server/data/test/ixsil/init/schemas/datatypes.dtd203
-rw-r--r--id.server/data/test/xmldata/ErrorResponse.xml4
-rw-r--r--id.server/data/test/xmldata/GetIdentityLinkForm.html20
-rw-r--r--id.server/data/test/xmldata/standard/AuthenticationDataAssertion.xml127
-rw-r--r--id.server/data/test/xmldata/standard/CreateXMLSignatureRequest.xml52
-rw-r--r--id.server/data/test/xmldata/standard/CreateXMLSignatureResponse.xml59
-rw-r--r--id.server/data/test/xmldata/standard/VerifyXMLSignaterResponse.xml2
-rw-r--r--id.server/data/test/xmldata/testperson1/InfoboxReadResponse.xml97
-rw-r--r--id.server/doc/Architektur ID.vsdbin0 -> 318464 bytes
-rw-r--r--id.server/doc/CIO X509ext-20030218.pdfbin0 -> 137429 bytes
-rw-r--r--id.server/doc/MOA ID 1.x.wsdl41
-rw-r--r--id.server/doc/MOA-ID Feinspezifikation.docbin0 -> 260608 bytes
-rw-r--r--id.server/doc/MOA-ID Testfalldokumentation.docbin0 -> 532992 bytes
-rw-r--r--id.server/doc/MOA-ID-1.1-20030630.pdfbin0 -> 234509 bytes
-rw-r--r--id.server/doc/MOA-ID-Configuration-1.1.xsd305
-rw-r--r--id.server/doc/api-doc/allclasses-frame.html35
-rw-r--r--id.server/doc/api-doc/at/gv/egovernment/moa/id/AuthenticationException.html171
-rw-r--r--id.server/doc/api-doc/at/gv/egovernment/moa/id/auth/AuthenticationServer.html259
-rw-r--r--id.server/doc/api-doc/at/gv/egovernment/moa/id/auth/class-use/AuthenticationServer.html114
-rw-r--r--id.server/doc/api-doc/at/gv/egovernment/moa/id/class-use/AuthenticationException.html194
-rw-r--r--id.server/doc/api-doc/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html526
-rw-r--r--id.server/doc/api-doc/at/gv/egovernment/moa/id/config/proxy/class-use/OAConfiguration.html126
-rw-r--r--id.server/doc/api-doc/at/gv/egovernment/moa/id/data/AuthenticationData.html751
-rw-r--r--id.server/doc/api-doc/at/gv/egovernment/moa/id/data/class-use/AuthenticationData.html152
-rw-r--r--id.server/doc/api-doc/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html204
-rw-r--r--id.server/doc/api-doc/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html364
-rw-r--r--id.server/doc/api-doc/at/gv/egovernment/moa/id/proxy/class-use/ConnectionBuilder.html91
-rw-r--r--id.server/doc/api-doc/at/gv/egovernment/moa/id/proxy/class-use/LoginParameterResolver.html91
-rw-r--r--id.server/doc/api-doc/deprecated-list.html89
-rw-r--r--id.server/doc/api-doc/help-doc.html142
-rw-r--r--id.server/doc/api-doc/index-all.html422
-rw-r--r--id.server/doc/api-doc/index.html22
-rw-r--r--id.server/doc/api-doc/overview-tree.html101
-rw-r--r--id.server/doc/api-doc/package-list0
-rw-r--r--id.server/doc/api-doc/packages.html26
-rw-r--r--id.server/doc/api-doc/serialized-form.html89
-rw-r--r--id.server/doc/api-doc/stylesheet.css29
-rw-r--r--id.server/doc/bku-auswahl.20030408.pdfbin0 -> 131587 bytes
-rw-r--r--id.server/doc/cs-sstc-schema-assertion-01.xsd194
-rw-r--r--id.server/doc/cs-sstc-schema-protocol-01.xsd127
-rw-r--r--id.server/doc/moa-id.htm7
-rw-r--r--id.server/doc/moa_id/examples/BKUSelectionTemplate.html4
-rw-r--r--id.server/doc/moa_id/examples/ChainingModes.txt6
-rw-r--r--id.server/doc/moa_id/examples/IdentityLinkSigners.txt3
-rw-r--r--id.server/doc/moa_id/examples/LoginServletExample.txt171
-rw-r--r--id.server/doc/moa_id/examples/Template.html23
-rw-r--r--id.server/doc/moa_id/examples/TransformsInfoAuthBlock.txt63
-rw-r--r--id.server/doc/moa_id/examples/conf/MOA-ID-Configuration.xml54
-rw-r--r--id.server/doc/moa_id/examples/conf/OAConfBasicAuth.xml12
-rw-r--r--id.server/doc/moa_id/examples/conf/OAConfHeaderAuth.xml17
-rw-r--r--id.server/doc/moa_id/examples/conf/OAConfParamAuth.xml14
-rw-r--r--id.server/doc/moa_id/examples/moa-id-env-linux.txt1
-rw-r--r--id.server/doc/moa_id/examples/moa-id-env-windows.txt1
-rw-r--r--id.server/doc/moa_id/faqs.htm109
-rw-r--r--id.server/doc/moa_id/id-admin.htm283
-rw-r--r--id.server/doc/moa_id/id-admin_1.htm400
-rw-r--r--id.server/doc/moa_id/id-admin_2.htm623
-rw-r--r--id.server/doc/moa_id/id-admin_3.htm187
-rw-r--r--id.server/doc/moa_id/id-anwendung.htm104
-rw-r--r--id.server/doc/moa_id/id-anwendung_1.htm182
-rw-r--r--id.server/doc/moa_id/id-anwendung_2.htm249
-rw-r--r--id.server/doc/moa_id/links.htm141
-rw-r--r--id.server/doc/moa_id/moa-id-ablauf.jpgbin0 -> 15550 bytes
-rw-r--r--id.server/doc/moa_id/moa.htm247
-rw-r--r--id.server/doc/moa_images/east.gifbin0 -> 966 bytes
-rw-r--r--id.server/doc/moa_images/idle.gifbin0 -> 869 bytes
-rw-r--r--id.server/doc/moa_images/moa_diagramm1.jpgbin0 -> 60602 bytes
-rw-r--r--id.server/doc/moa_images/moa_thema.gifbin0 -> 25120 bytes
-rw-r--r--id.server/doc/moa_images/north.gifbin0 -> 967 bytes
-rw-r--r--id.server/doc/moa_images/pfeil.gifbin0 -> 843 bytes
-rw-r--r--id.server/doc/moa_images/print.gifbin0 -> 211 bytes
-rw-r--r--id.server/doc/moa_images/select.gifbin0 -> 880 bytes
-rw-r--r--id.server/doc/moa_images/south.gifbin0 -> 965 bytes
-rw-r--r--id.server/doc/moa_images/transdot.gifbin0 -> 43 bytes
-rw-r--r--id.server/doc/moa_images/west.gifbin0 -> 966 bytes
-rw-r--r--id.server/html/auth/WEB-INF/server-config.wsdd29
-rw-r--r--id.server/html/auth/WEB-INF/web.xml88
-rw-r--r--id.server/html/auth/errorpage.jsp33
-rw-r--r--id.server/html/auth/index.jsp40
-rw-r--r--id.server/html/proxy/WEB-INF/web.xml43
-rw-r--r--id.server/javadoc.xml18
-rw-r--r--id.server/lib/axis-1.1rc2/axis.jarbin0 -> 1224774 bytes
-rw-r--r--id.server/lib/axis-1.1rc2/commons-discovery.jarbin0 -> 67334 bytes
-rw-r--r--id.server/lib/axis-1.1rc2/jaxrpc.jarbin0 -> 35658 bytes
-rw-r--r--id.server/lib/axis-1.1rc2/saaj.jarbin0 -> 18402 bytes
-rw-r--r--id.server/lib/axis-1.1rc2/wsdl4j.jarbin0 -> 113178 bytes
-rw-r--r--id.server/lib/commons-logging-1.0.2/commons-logging-api.jarbin0 -> 18404 bytes
-rw-r--r--id.server/lib/commons-logging-1.0.2/commons-logging.jarbin0 -> 26388 bytes
-rw-r--r--id.server/lib/iaik-moa-1.06/iaik-moa-full.jarbin0 -> 578556 bytes
-rw-r--r--id.server/lib/iaik-moa-1.06/iaik_X509TrustManager.jarbin0 -> 3835 bytes
-rw-r--r--id.server/lib/iaik-moa-1.06/iaik_ecc.jarbin0 -> 101004 bytes
-rw-r--r--id.server/lib/iaik-moa-1.06/iaik_jce_full.jarbin0 -> 637549 bytes
-rw-r--r--id.server/lib/iaik-moa-1.06/iaik_ldap.jarbin0 -> 4970 bytes
-rw-r--r--id.server/lib/iaik-moa-1.06/ixsil.jarbin0 -> 166976 bytes
-rw-r--r--id.server/lib/jaxen-1.0/jaxen-core.jarbin0 -> 160967 bytes
-rw-r--r--id.server/lib/jaxen-1.0/jaxen-dom.jarbin0 -> 13707 bytes
-rw-r--r--id.server/lib/jaxen-1.0/saxpath.jarbin0 -> 23563 bytes
-rw-r--r--id.server/lib/jaxp-1.2_01/dom.jarbin0 -> 26710 bytes
-rw-r--r--id.server/lib/jaxp-1.2_01/jaxp-api.jarbin0 -> 27052 bytes
-rw-r--r--id.server/lib/jaxp-1.2_01/sax.jarbin0 -> 26206 bytes
-rw-r--r--id.server/lib/jsse-1.0.3_01/jcert.jarbin0 -> 11321 bytes
-rw-r--r--id.server/lib/jsse-1.0.3_01/jnet.jarbin0 -> 5830 bytes
-rw-r--r--id.server/lib/jsse-1.0.3_01/jsse.jarbin0 -> 512635 bytes
-rw-r--r--id.server/lib/junit-3.8.1/junit.jarbin0 -> 121070 bytes
-rw-r--r--id.server/lib/log4j-1.2.7/log4j-1.2.7.jarbin0 -> 350677 bytes
-rw-r--r--id.server/lib/moa-spss-1.0.8a/moa-common.jarbin0 -> 76929 bytes
-rw-r--r--id.server/lib/moa-spss-1.0.8a/moa-spss.jarbin0 -> 258568 bytes
-rw-r--r--id.server/lib/postgres-jdbc2-7.3/pg73jdbc2.jarbin0 -> 163980 bytes
-rw-r--r--id.server/lib/servlet-2.3/servlet-2_3-fcs-classfiles.zipbin0 -> 31362 bytes
-rw-r--r--id.server/lib/xalan-j-2.2/bsf.jarbin0 -> 105573 bytes
-rw-r--r--id.server/lib/xalan-j-2.2/xalan.jarbin0 -> 923866 bytes
-rw-r--r--id.server/lib/xerces-j-2.0.2/xercesImpl.jarbin0 -> 933730 bytes
-rw-r--r--id.server/lib/xerces-j-2.0.2/xmlParserAPIs.jarbin0 -> 78440 bytes
-rw-r--r--id.server/res/META-INF/services/org.apache.axis.components.net.SecureSocketFactory1
-rw-r--r--id.server/res/resources/properties/id_messages_de.properties101
-rw-r--r--id.server/res/resources/wsdl/MOA-ID-1.0.wsdl40
-rw-r--r--id.server/res/resources/xmldata/CertInfoDsigSignature.xml139
-rw-r--r--id.server/res/resources/xmldata/CertInfoVerifyXMLSignatureRequest.xml9
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/AuthenticationException.java31
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/BuildException.java34
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/MOAIDException.java159
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/ParseException.java34
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/ServiceException.java34
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java648
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java52
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java53
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java118
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/WrongParametersException.java21
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java56
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java114
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/Builder.java30
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java51
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java58
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java55
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java137
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java39
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java58
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java60
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java100
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java63
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/VPKBuilder.java52
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java203
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java220
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java71
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java189
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java78
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java177
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java91
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java140
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/parser/ECDSAKeyValueConverter.java350
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java89
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java266
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java110
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java58
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java159
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java117
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java74
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java135
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java95
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java102
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java110
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java97
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java106
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java156
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/validator/ValidateException.java35
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java124
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java678
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/ConfigurationException.java31
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/ConfigurationProvider.java105
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/ConnectionParameter.java106
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java341
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java93
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java145
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java160
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java170
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java314
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/data/Cookie.java119
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/data/CookieManager.java114
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/data/IssuerAndSerial.java111
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/data/SAMLStatus.java59
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java91
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java51
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java65
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java35
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java51
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java159
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java119
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java46
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java54
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java68
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java119
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java118
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java72
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java68
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java91
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/WebmailLoginParameterResolver.classbin0 -> 3613 bytes
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java55
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java143
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java145
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java100
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java73
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java35
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java531
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java213
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java58
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/util/Random.java22
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java156
-rw-r--r--id.server/src/test/MOAIDTestCase.java203
-rw-r--r--id.server/src/test/abnahme/A/Test100StartAuthentication.java171
-rw-r--r--id.server/src/test/abnahme/A/Test200VerifyIdentityLink.java336
-rw-r--r--id.server/src/test/abnahme/A/Test300VerifyAuthBlock.java597
-rw-r--r--id.server/src/test/abnahme/A/Test400GetAuthenticationData.java129
-rw-r--r--id.server/src/test/abnahme/A/Test500StartAuthenticationServlet.java305
-rw-r--r--id.server/src/test/abnahme/A/Test600GetAuthenticationDataService.java281
-rw-r--r--id.server/src/test/abnahme/A/Test700SelectBKU.java63
-rw-r--r--id.server/src/test/abnahme/AbnahmeTestCase.java163
-rw-r--r--id.server/src/test/abnahme/AllTests.java49
-rw-r--r--id.server/src/test/abnahme/C/Test100Konfiguration.java60
-rw-r--r--id.server/src/test/abnahme/P/Test100LoginParameterResolver.java146
-rw-r--r--id.server/src/test/at/gv/egovernment/moa/id/AllTests.java41
-rw-r--r--id.server/src/test/at/gv/egovernment/moa/id/UnitTestCase.java35
-rw-r--r--id.server/src/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java50
-rw-r--r--id.server/src/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java55
-rw-r--r--id.server/src/test/at/gv/egovernment/moa/id/auth/builder/AllTests.java33
-rw-r--r--id.server/src/test/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilderTest.java46
-rw-r--r--id.server/src/test/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureBuilderTest.java58
-rw-r--r--id.server/src/test/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilderTest.java73
-rw-r--r--id.server/src/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java29
-rw-r--r--id.server/src/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java51
-rw-r--r--id.server/src/test/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilderTest.java52
-rw-r--r--id.server/src/test/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilderTest.java93
-rw-r--r--id.server/src/test/at/gv/egovernment/moa/id/auth/invoke/MOASPSSTestCase.java38
-rw-r--r--id.server/src/test/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationTest.java166
-rw-r--r--id.server/src/test/at/gv/egovernment/moa/id/auth/parser/AllTests.java29
-rw-r--r--id.server/src/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java137
-rw-r--r--id.server/src/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java67
-rw-r--r--id.server/src/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java55
-rw-r--r--id.server/src/test/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataServiceTest.java91
-rw-r--r--id.server/src/test/at/gv/egovernment/moa/id/config/auth/MOAIDAuthConfigurationProviderTest.java112
-rw-r--r--id.server/src/test/at/gv/egovernment/moa/id/config/proxy/MOAIDProxyConfigurationProviderTest.java127
-rw-r--r--id.server/src/test/at/gv/egovernment/moa/id/proxy/AllTests.java31
-rw-r--r--id.server/src/test/at/gv/egovernment/moa/id/proxy/builder/DOMTreeCompare.java462
-rw-r--r--id.server/src/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilderTest.java32
-rw-r--r--id.server/src/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestCompare.java19
-rw-r--r--id.server/src/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java180
-rw-r--r--id.server/src/test/at/gv/egovernment/moa/id/util/SSLUtilsTest.java92
-rw-r--r--id.server/src/test/lasttest/Dispatcher.java64
-rw-r--r--id.server/src/test/lasttest/HostnameVerifierHack.java13
-rw-r--r--id.server/src/test/lasttest/LasttestClient.java218
-rw-r--r--id.server/src/test/lasttest/TestThread.java251
434 files changed, 34431 insertions, 0 deletions
diff --git a/id.server/.classpath b/id.server/.classpath
new file mode 100644
index 000000000..296c5f2ea
--- /dev/null
+++ b/id.server/.classpath
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry kind="var" path="JRE_LIB" sourcepath="JRE_SRC"/>
+ <classpathentry kind="src" path="src"/>
+ <classpathentry kind="src" path="res"/>
+ <classpathentry kind="lib" path="lib/commons-logging-1.0.2/commons-logging-api.jar"/>
+ <classpathentry kind="lib" path="lib/jaxen-1.0/jaxen-core.jar"/>
+ <classpathentry kind="lib" path="lib/jaxp-1.2_01/dom.jar"/>
+ <classpathentry kind="lib" path="lib/jsse-1.0.3_01/jcert.jar"/>
+ <classpathentry kind="lib" path="lib/log4j-1.2.7/log4j-1.2.7.jar"/>
+ <classpathentry kind="lib" path="lib/servlet-2.3/servlet-2_3-fcs-classfiles.zip"/>
+ <classpathentry kind="lib" path="lib/xalan-j-2.2/xalan.jar"/>
+ <classpathentry kind="lib" path="lib/xerces-j-2.0.2/xercesImpl.jar"/>
+ <classpathentry kind="lib" path="lib/commons-logging-1.0.2/commons-logging.jar"/>
+ <classpathentry kind="lib" path="lib/jaxen-1.0/jaxen-dom.jar"/>
+ <classpathentry kind="lib" path="lib/jaxen-1.0/saxpath.jar"/>
+ <classpathentry kind="lib" path="lib/jaxp-1.2_01/jaxp-api.jar"/>
+ <classpathentry kind="lib" path="lib/jaxp-1.2_01/sax.jar"/>
+ <classpathentry kind="lib" path="lib/jsse-1.0.3_01/jnet.jar"/>
+ <classpathentry kind="lib" path="lib/jsse-1.0.3_01/jsse.jar"/>
+ <classpathentry kind="lib" path="lib/xerces-j-2.0.2/xmlParserAPIs.jar"/>
+ <classpathentry kind="lib" path="/common/lib/junit-3.8.1/junit.jar"/>
+ <classpathentry kind="lib" path="lib/axis-1.1rc2/axis.jar"/>
+ <classpathentry kind="lib" path="lib/axis-1.1rc2/commons-discovery.jar"/>
+ <classpathentry kind="lib" path="lib/axis-1.1rc2/jaxrpc.jar"/>
+ <classpathentry kind="lib" path="lib/axis-1.1rc2/saaj.jar"/>
+ <classpathentry kind="lib" path="lib/moa-spss-1.0.8a/moa-spss.jar"/>
+ <classpathentry kind="src" path="/common"/>
+ <classpathentry kind="lib" path="lib/iaik-moa-1.06/iaik_ecc.jar"/>
+ <classpathentry kind="lib" path="lib/iaik-moa-1.06/iaik_jce_full.jar"/>
+ <classpathentry kind="lib" path="lib/iaik-moa-1.06/iaik_ldap.jar"/>
+ <classpathentry kind="lib" path="lib/iaik-moa-1.06/iaik_X509TrustManager.jar"/>
+ <classpathentry kind="lib" path="lib/iaik-moa-1.06/iaik-moa-full.jar"/>
+ <classpathentry kind="lib" path="lib/iaik-moa-1.06/ixsil.jar"/>
+ <classpathentry kind="output" path="bin"/>
+</classpath>
diff --git a/id.server/.cvsignore b/id.server/.cvsignore
new file mode 100644
index 000000000..7c18d5ded
--- /dev/null
+++ b/id.server/.cvsignore
@@ -0,0 +1,2 @@
+bin
+tmp
diff --git a/id.server/.project b/id.server/.project
new file mode 100644
index 000000000..4ad8f922f
--- /dev/null
+++ b/id.server/.project
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+ <name>id.server</name>
+ <comment></comment>
+ <projects>
+ <project>common</project>
+ </projects>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.jdt.core.javabuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.jdt.core.javanature</nature>
+ </natures>
+</projectDescription>
diff --git a/id.server/.tomcatplugin b/id.server/.tomcatplugin
new file mode 100644
index 000000000..1916163e0
--- /dev/null
+++ b/id.server/.tomcatplugin
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<tomcatProjectProperties>
+ <rootDir>/</rootDir>
+ <exportSource>false</exportSource>
+ <updateXml>true</updateXml>
+ <warLocation></warLocation>
+ <webPath>/id.server</webPath>
+</tomcatProjectProperties>
diff --git a/id.server/MOA-ID_release_notes.txt b/id.server/MOA-ID_release_notes.txt
new file mode 100644
index 000000000..3ad23801f
--- /dev/null
+++ b/id.server/MOA-ID_release_notes.txt
@@ -0,0 +1,89 @@
+moa-id release notes
+====================
+
+1.0.1 20030509
+--------------
+doc ergänzt (administrationshandbuch)
+javadoc ergänzt
+abnahmetests 651, 652 ergänzt
+beispielkonfiguration erweitert, dateien tw. umbenannt
+neueste versionen von moa-spss(1.0.3) u. iaik-moa(1.04)
+
+1.0.2 20030516
+--------------
+doc ergänzt (anwendungshandbuch, api-doc)
+manche libraries von endorsed ins moa-id-xxx.war verlagert (analog zu moa-spss)
+beispielkonfiguration berichtigt
+neueste versionen von moa-spss(1.0.4) u. iaik-moa(1.05)
+unterstützung für hotsign version 1.2SR3b
+
+1.0.3 20030606
+--------------
+moa-spss-1.0.6 u. iaik-moa-1.06
+mängel behoben:
+5.3.1
+5.3.2
+5.3.3
+5.3.4
+5.3.5
+5.3.7 Beispiel für Stateful OA: id.oa/html/stateful_login.jsp
+5.3.8 Logging Hierarchien moa.id.auth,moa.id.proxy
+5.3.9
+5.3.13
+5.4.1
+5.5.3
+mängel in id-admin_1.htm und id-admin_2.htm behoben, mit ausnahme von "jdk1.4"
+
+1.0.4 20030612
+--------------
+mängel behoben:
+5.3.6
+5.3.10
+5.3.11
+5.3.12
+5.3.14
+5.3.15
+5.5.1
+mängel in dokumentation behoben
+
+1.0.4a 20030618
+---------------
+bugfix moa-id-proxy: persistente connections
+
+1.0.5 20030714
+---------------
+moa-spss-1.0.8
+mängel behoben:
+5.5.2
+6.4.2
+6.4.3
+6.4.4
+6.4.5
+6.5.1
+6.5.2 (siehe Doku id-admin_1.htm, Deployment von MOA-ID-Proxy)
+6.5.3
+6.5.4
+6.5.7
+mängel in dokumentation behoben
+
+1.0.6 20030723
+--------------
+mängel behoben:
+6.4.7
+6.4.8
+6.5.5
+6.7.1
+6.7.2
+6.7.3
+6.7.4
+6.7.5
+6.8.1
+6.8.2
+6.8.3
+
+1.1 20030811
+--------------
+Cookie-Handling
+Server-Response-Code 401 (HTTP_UNAUTHORIZED) in Verbindung mit Basic Authentication
+Server-Response-Code 304 (HTTP_NOT_MODIFIED)
+Basic-Authentication-Bug fixed \ No newline at end of file
diff --git a/id.server/build.xml b/id.server/build.xml
new file mode 100644
index 000000000..708eab22f
--- /dev/null
+++ b/id.server/build.xml
@@ -0,0 +1,359 @@
+<?xml version="1.0"?>
+<!--
+
+ Ant Buildfile for MOA ID Auth and Proxy components
+
+ $Id$
+
+-->
+<project name="moa.id.server" default="dist-all" basedir=".">
+ <property environment="env"/>
+ <property name="version" value="1.1"/>
+ <property name="src" value="src"/>
+ <property name="res" value="res"/>
+ <property name="data" value="data"/>
+ <property name="doc" value="doc"/>
+ <property name="html" value="html"/>
+ <property name="html.auth" value="${html}/auth"/>
+ <property name="webinf.auth" value="${html.auth}/WEB-INF"/>
+ <property name="html.proxy" value="${html}/proxy"/>
+ <property name="webinf.proxy" value="${html.proxy}/WEB-INF"/>
+ <property name="tmp" value="tmp"/>
+ <property name="compile" value="${tmp}/compile"/>
+ <property name="api-doc" value="${tmp}/api-doc"/>
+ <property name="api-doc.internal" value="${tmp}/api-doc-internal"/>
+ <property name="dist" value="${tmp}/dist"/>
+ <property name="dist.auth" value="${dist}/auth"/>
+ <property name="dist.auth-zip" value="${dist}/auth-zip"/>
+ <property name="dist.proxy" value="${dist}/proxy"/>
+ <property name="dist.proxy-zip" value="${dist}/proxy-zip"/>
+ <property name="dist.src" value="${dist}/src"/>
+ <property name="dist.src-zip" value="${dist}/src-zip"/>
+ <property name="prj.build" value="../build"/>
+ <property name="prj.common" value="../common"/>
+ <property name="prj.oa" value="../id.oa"/>
+ <property name="lib" value="lib"/>
+ <property name="lib.axis" value="${lib}/axis-1.1rc2"/>
+ <property name="lib.commons-logging" value="${lib}/commons-logging-1.0.2"/>
+ <property name="lib.iaik-moa" value="${lib}/iaik-moa-1.06"/>
+ <property name="lib.jaxen" value="${lib}/jaxen-1.0"/>
+ <property name="lib.jaxp" value="${lib}/jaxp-1.2_01"/>
+ <property name="lib.jsse" value="${lib}/jsse-1.0.3_01"/>
+ <property name="lib.junit" value="${lib}/junit-3.8.1"/>
+ <property name="lib.log4j" value="${lib}/log4j-1.2.7"/>
+ <property name="lib.moa-spss" value="${lib}/moa-spss-1.0.8a"/>
+ <property name="lib.postgres-jdbc" value="${lib}/postgres-jdbc2-7.3"/>
+ <property name="lib.servlet" value="${lib}/servlet-2.3"/>
+ <property name="lib.xalan" value="${lib}/xalan-j-2.2"/>
+ <property name="lib.xerces" value="${lib}/xerces-j-2.0.2"/>
+
+ <path id="compile.classpath">
+ <pathelement location="${lib.axis}/axis.jar"/>
+ <pathelement location="${lib.axis}/jaxrpc.jar"/>
+ <pathelement location="${lib.axis}/saaj.jar"/>
+ <pathelement location="${lib.jaxp}/jaxp-api.jar"/>
+ <pathelement location="${lib.jaxp}/dom.jar"/>
+ <pathelement location="${lib.jaxp}/sax.jar"/>
+ <pathelement location="${lib.xerces}/xerces.jar"/>
+ <pathelement location="${lib.jaxen}/jaxen-core.jar"/>
+ <pathelement location="${lib.jaxen}/jaxen-dom.jar"/>
+ <pathelement location="${lib.jaxen}/saxpath.jar"/>
+ <pathelement location="${lib.xalan}/xalan.jar"/>
+ <pathelement location="${lib.junit}/junit.jar"/>
+ <fileset dir="${lib.jsse}" />
+ <pathelement location="${lib.commons-logging}/commons-logging-api.jar"/>
+ <pathelement location="${lib.commons-discovery}/commons-discovery.jar"/>
+ <pathelement location="${lib.servlet}/servlet-2_3-fcs-classfiles.zip"/>
+ <pathelement location="${lib.iaik-moa}/iaik-moa-full.jar"/>
+ <pathelement location="${lib.iaik-moa}/ixsil.jar"/>
+ <pathelement location="${lib.iaik-moa}/iaik_ecc.jar"/>
+ <pathelement location="${lib.iaik-moa}/iaik_ldap.jar"/>
+ <pathelement location="${lib.iaik-moa}/iaik_X509TrustManager.jar"/>
+ <pathelement location="${lib.iaik-moa}/iaik_jce_full.jar"/>
+ <pathelement location="${lib.moa-spss}/moa-common.jar"/>
+ <pathelement location="${lib.moa-spss}/moa-spss.jar"/>
+ <pathelement location="${env.MOA_COMMON_TEST_JAR}"/>
+ </path>
+
+ <!-- set up directories etc. -->
+ <target name="init">
+ <tstamp/>
+ <echo>Time (hhmm): ${TSTAMP}</echo>
+ <mkdir dir="${tmp}"/>
+ <mkdir dir="${compile}"/>
+ <mkdir dir="${api-doc.internal}"/>
+ <mkdir dir="${dist.auth}"/>
+ <mkdir dir="${dist.auth-zip}"/>
+ <mkdir dir="${dist.proxy}"/>
+ <mkdir dir="${dist.proxy-zip}"/>
+ <mkdir dir="${dist.src}"/>
+ <mkdir dir="${dist.src-zip}"/>
+ </target>
+
+ <!-- compile everything -->
+ <target name="compile" depends="init">
+ <fail message="env.MOA_COMMON_TEST_JAR not set" unless="env.MOA_COMMON_TEST_JAR"/>
+ <javac srcdir= "${src}" destdir="${compile}" classpathref="compile.classpath" debug="on"/>
+ </target>
+
+ <!-- package moa-id-auth.war -->
+ <target name="package-auth" depends="compile">
+ <war warfile="${dist.auth}/moa-id-auth.war" webxml="${webinf.auth}/web.xml">
+ <fileset dir="${html.auth}" includes="errorpage.jsp,WEB-INF/server-config.wsdd"/>
+ <lib dir="${lib.axis}"/>
+ <lib dir="${lib.jaxen}"/>
+ <lib dir="${lib.iaik-moa}" excludes="iaik_jce_full.jar,iaik_ldap.jar"/>
+ <lib dir="${lib.moa-spss}"/>
+ <lib dir="${lib.postgres-jdbc}"/>
+ <lib dir="${lib.commons-logging}" includes="commons-logging.jar"/>
+ <lib dir="${lib.xalan}"/>
+ <lib dir="${lib.jaxp}"/>
+ <lib dir="${lib.log4j}"/>
+ <classes dir="${compile}">
+ <exclude name="**/proxy/**"/>
+ <exclude name="test/**"/>
+ </classes>
+ <classes dir="${res}"/>
+ </war>
+ </target>
+
+ <!-- package moa-id-proxy.war -->
+ <target name="package-proxy" depends="compile">
+ <war warfile="${dist.proxy}/moa-id-proxy.war" webxml="${webinf.proxy}/web.xml">
+ <lib dir="${lib.axis}"/>
+ <lib dir="${lib.jaxen}"/>
+ <lib dir="${lib.iaik-moa}" excludes="iaik_jce_full.jar,iaik_ldap.jar"/>
+ <lib dir="${lib.moa-spss}" includes="moa-common.jar"/>
+ <lib dir="${lib.commons-logging}" includes="commons-logging.jar"/>
+ <lib dir="${lib.xalan}"/>
+ <lib dir="${lib.jaxp}"/>
+ <lib dir="${lib.log4j}"/>
+ <lib dir="${lib.postgres-jdbc}"/>
+ <classes dir="${compile}">
+ <exclude name="**/auth/**"/>
+ <exclude name="test/**"/>
+ </classes>
+ <classes dir="${res}"/>
+ </war>
+ </target>
+
+ <!-- create JavaDoc for the MOA-ID API -->
+ <target name="api-doc" depends="init">
+ <javadoc defaultexcludes="yes"
+ destdir="${api-doc}"
+ author="false"
+ version="false"
+ use="true"
+ windowtitle="MOA ID API"
+ sourcefiles=
+ "src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java,src/at/gv/egovernment/moa/id/AuthenticationException.java,src/at/gv/egovernment/moa/id/data/AuthenticationData.java,src/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java,src/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java,src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java"
+ >
+ <link offline="false" href="http://java.sun.com/j2se/1.3/docs/api/"/>
+ <doctitle><![CDATA[<h1>MOA ID API</h1>]]></doctitle>
+ <classpath refid="compile.classpath"/>
+ </javadoc>
+ </target>
+
+ <!-- create JavaDoc for the server internal classes -->
+ <target name="api-doc-internal" depends="init">
+ <javadoc defaultexcludes="yes"
+ destdir="${api-doc.internal}"
+ author="true"
+ version="true"
+ use="true"
+ windowtitle="MOA ID Server Internal API">
+ <packageset dir="${prj.common}/src">
+ <exclude name="test/**"/>
+ </packageset>
+ <packageset dir="src">
+ <exclude name="test/**"/>
+ </packageset>
+ <group title="MOA ID Exception Classes"
+ packages="at.gv.egovernment.moa.id">
+ </group>
+ <group title="MOA ID Configuration">
+ <package name="at.gv.egovernment.moa.id.config"/>
+ <package name="at.gv.egovernment.moa.id.config.auth"/>
+ <package name="at.gv.egovernment.moa.id.config.proxy"/>
+ </group>
+ <group title="MOA ID Authentication Server">
+ <package name="at.gv.egovernment.moa.id.auth"/>
+ <package name="at.gv.egovernment.moa.id.auth.builder"/>
+ <package name="at.gv.egovernment.moa.id.auth.data"/>
+ <package name="at.gv.egovernment.moa.id.auth.invoke"/>
+ <package name="at.gv.egovernment.moa.id.auth.parser"/>
+ <package name="at.gv.egovernment.moa.id.auth.validator"/>
+ </group>
+ <group title="MOA ID Authentication Servlets and Web Services">
+ <package name="at.gv.egovernment.moa.id.auth.servlet"/>
+ </group>
+ <group title="MOA ID Data Classes">
+ <package name="at.gv.egovernment.moa.id.data"/>
+ </group>
+ <group title="MOA ID TrustManager">
+ <package name="at.gv.egovernment.moa.id.iaik.pki.jsse"/>
+ <package name="at.gv.egovernment.moa.id.iaik.pki"/>
+ <package name="at.gv.egovernment.moa.id.iaik.config"/>
+ <package name="at.gv.egovernment.moa.id.iaik.servertools.observer"/>
+ </group>
+ <group title="MOA ID Proxy Server">
+ <package name="at.gv.egovernment.moa.id.proxy"/>
+ <package name="at.gv.egovernment.moa.id.proxy.builder"/>
+ <package name="at.gv.egovernment.moa.id.proxy.invoke"/>
+ <package name="at.gv.egovernment.moa.id.proxy.parser"/>
+ </group>
+ <group title="MOA ID Proxy Servlet">
+ <package name="at.gv.egovernment.moa.id.proxy.servlet"/>
+ </group>
+ <group title="Utilities">
+ <package name="at.gv.egovernment.moa.util"/>
+ <package name="at.gv.egovernment.moa.id.util"/>
+ </group>
+ <group title="Logging">
+ <package name="at.gv.egovernment.moa.logging"/>
+ </group>
+ <link offline="false" href="http://java.sun.com/j2se/1.3/docs/api/"/>
+ <link offline="false" href="http://java.sun.com/j2ee/sdk_1.3/techdocs/api/"/>
+ <doctitle><![CDATA[<h1>MOA ID Server Internal API</h1>]]></doctitle>
+ <classpath refid="compile.classpath"/>
+ </javadoc>
+ </target>
+
+ <!-- create the moa-id-auth distributable -->
+ <target name="dist-auth" depends="package-auth">
+ <copy toDir="${dist.auth}/conf">
+ <fileset dir="${data}/deploy/conf" excludes="moa-id/oa/**"/>
+ </copy>
+ <mkdir dir="${dist.auth}/conf/moa-id/certs/certstore"/>
+ <mkdir dir="${dist.auth}/conf/moa-id/certs/ca-certs"/>
+ <mkdir dir="${dist.auth}/conf/moa-id/certs/server-certs"/>
+ <copy todir="${dist.auth}/doc">
+ <fileset dir="${doc}"/>
+ </copy>
+ <copy toDir="${dist.auth}/ext13">
+ <fileset dir="${lib.iaik-moa}" includes="iaik_jce_full.jar,iaik_ldap.jar"/>
+ <fileset dir="${lib.jsse}"/>
+ </copy>
+ <copy toDir="${dist.auth}/ext14">
+ <fileset dir="${lib.iaik-moa}" includes="iaik_jce_full.jar,iaik_ldap.jar"/>
+ </copy>
+ <copy toDir="${dist.auth}/endorsed">
+ <fileset dir="${lib.xerces}"/>
+ </copy>
+ <copy todir="${dist.auth}/tomcat">
+ <fileset dir="${data}/deploy/tomcat"/>
+ </copy>
+ </target>
+
+ <!-- create the zipped moa-id-auth distributable -->
+ <target name="dist-auth-zip" depends="dist-auth">
+ <zip zipfile="${dist.auth-zip}/moa-id-auth-${version}.zip">
+ <zipfileset dir="${dist.auth}" prefix="moa-id-auth-${version}"/>
+ </zip>
+ </target>
+
+ <!-- create the moa-id-proxy distributable -->
+ <target name="dist-proxy" depends="package-proxy">
+ <copy toDir="${dist.proxy}/conf">
+ <fileset dir="${data}/deploy/conf" excludes="moa-spss/**,moa-id/transforms/**"/>
+ </copy>
+ <mkdir dir="${dist.proxy}/conf/moa-id/certs/certstore"/>
+ <mkdir dir="${dist.proxy}/conf/moa-id/certs/ca-certs"/>
+ <mkdir dir="${dist.proxy}/conf/moa-id/certs/server-certs"/>
+ <copy todir="${dist.proxy}/doc">
+ <fileset dir="${doc}"/>
+ </copy>
+ <copy toDir="${dist.proxy}/ext13">
+ <fileset dir="${lib.iaik-moa}" includes="iaik_jce_full.jar,iaik_ldap.jar"/>
+ <fileset dir="${lib.jsse}"/>
+ </copy>
+ <copy toDir="${dist.proxy}/ext14">
+ <fileset dir="${lib.iaik-moa}" includes="iaik_jce_full.jar,iaik_ldap.jar"/>
+ </copy>
+ <copy toDir="${dist.proxy}/endorsed">
+ <fileset dir="${lib.xerces}"/>
+ </copy>
+ <copy todir="${dist.proxy}/tomcat">
+ <fileset dir="${data}/deploy/tomcat"/>
+ </copy>
+ </target>
+
+ <!-- create the zipped moa-id-proxy distributable -->
+ <target name="dist-proxy-zip" depends="dist-proxy">
+ <zip zipfile="${dist.proxy-zip}/moa-id-proxy-${version}.zip">
+ <zipfileset dir="${dist.proxy}" prefix="moa-id-proxy-${version}"/>
+ </zip>
+ </target>
+
+ <!-- create the source distributable -->
+ <target name="dist-src" depends="init">
+ <copy toDir="${dist.src}/build">
+ <fileset dir="${prj.build}"/>
+ </copy>
+ <copy toDir="${dist.src}/common">
+ <fileset dir="${prj.common}" excludes="tmp/**, bin/**"/>
+ </copy>
+ <copy toDir="${dist.src}/id.server">
+ <fileset dir="." excludes="tmp/**, bin/**"/>
+ </copy>
+ <copy toDir="${dist.src}/id.oa">
+ <fileset dir="${prj.oa}" excludes="tmp/**"/>
+ </copy>
+ </target>
+
+ <!-- create the source distributable, including javadoc -->
+ <target name="dist-src-doc" depends="dist-src,api-doc-internal">
+ <copy toDir="${dist.src}/doc/api-doc-internal">
+ <fileset dir="${api-doc.internal}"/>
+ </copy>
+ </target>
+
+ <!-- create the zipped source distributable -->
+ <target name="dist-src-zip" depends="init,dist-src-doc">
+ <zip zipfile="${dist.src-zip}/moa-id-${version}-src.zip">
+ <zipfileset dir="${dist.src}" prefix="moa-id-${version}-src"/>
+ </zip>
+ </target>
+
+ <!-- create all the distributables -->
+ <target name="dist-all" depends="dist-auth-zip,dist-proxy-zip,dist-src-zip"/>
+
+ <!-- deploy moa-id-auth to catalina (needs MOA_AUTH_DEPLOY defined) -->
+ <target name="deploy-auth" depends="dist-auth">
+ <fail message="env.MOA_AUTH_DEPLOY not set" unless="env.MOA_AUTH_DEPLOY"/>
+ <property name="deploy" value="${env.MOA_AUTH_DEPLOY}"/>
+ <property name="deploy.webapps" value="${deploy}/webapps"/>
+ <delete dir="${deploy.webapps}/moa-id-auth"/>
+ <copy file="${dist.auth}/moa-id-auth.war" todir="${deploy.webapps}"/>
+ <!-- copy sample configuration -->
+ <copy toDir="${deploy}/conf">
+ <fileset dir="${dist.auth}/conf"/>
+ </copy>
+ <!-- copy libraries to MOA_AUTH_DEPLOY/common/endorsed -->
+ <copy toDir="${deploy}/common/endorsed">
+ <fileset dir="${dist.auth}/endorsed"/>
+ </copy>
+ </target>
+
+ <!-- deploy moa-id-proxy to catalina (needs MOA_PROXY_DEPLOY defined) -->
+ <target name="deploy-proxy" depends="dist-proxy">
+ <fail message="env.MOA_PROXY_DEPLOY not set" unless="env.MOA_PROXY_DEPLOY"/>
+ <property name="deploy.proxy" value="${env.MOA_PROXY_DEPLOY}"/>
+ <property name="deploy.proxy.webapps" value="${deploy.proxy}/webapps"/>
+ <delete dir="${deploy.proxy.webapps}/moa-id-proxy"/>
+ <copy file="${dist.proxy}/moa-id-proxy.war" todir="${deploy.proxy.webapps}"/>
+ <!-- copy sample configuration -->
+ <copy toDir="${deploy.proxy}/conf">
+ <fileset dir="${dist.proxy}/conf"/>
+ </copy>
+ <!-- copy libraries to MOA_PROXY_DEPLOY/common/endorsed -->
+ <copy toDir="${deploy.proxy}/common/endorsed">
+ <fileset dir="${dist.proxy}/endorsed"/>
+ </copy>
+ </target>
+
+ <!-- clean temporary files -->
+ <target name="clean">
+ <delete dir="${tmp}"/>
+ </target>
+</project>
diff --git a/id.server/data/abnahme-test/conf/CopyConfigAbnahme.bat b/id.server/data/abnahme-test/conf/CopyConfigAbnahme.bat
new file mode 100644
index 000000000..3e90dc52e
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/CopyConfigAbnahme.bat
@@ -0,0 +1,40 @@
+
+echo --------------------
+Echo Richte moa-sp ein
+echo --------------------
+md C:\programme\apacheGroup\abnahme\conf\moa
+md C:\programme\apacheGroup\abnahme\conf\moa\keys
+md C:\programme\apacheGroup\abnahme\conf\moa\profiles
+md C:\programme\apacheGroup\abnahme\conf\moa\trustprofiles
+md C:\programme\apacheGroup\abnahme\conf\moa-id
+md C:\programme\apacheGroup\abnahme\conf\moa-id\Transforms
+
+
+copy moa\server.xml C:\programme\apacheGroup\abnahme\conf\server.xml
+copy server.keystore C:\programme\apacheGroup\abnahme\server.keystore
+
+copy log4j.properties C:\programme\apacheGroup\abnahme\conf\moa\log4j.properties
+copy moa\ConfigurationTest.xml C:\programme\apacheGroup\abnahme\conf\moa\ConfigurationTest.xml
+xcopy moa\common\*.* C:\programme\apacheGroup\abnahme\common\*.* /s/e
+del C:\programme\apacheGroup\abnahme\conf\moa\trustprofiles\TrustProfile1 /S/Q
+del C:\programme\apacheGroup\abnahme\conf\moa\trustprofiles\TrustProfile2 /S/Q
+del C:\programme\apacheGroup\abnahme\conf\moa\profiles\*.* /S/Q
+del C:\programme\apacheGroup\abnahme\conf\moa\keys\*.* /S/Q
+copy moa\keys\*.* C:\programme\apacheGroup\abnahme\conf\moa\keys\*.*
+copy moa\profiles\*.* C:\programme\apacheGroup\abnahme\conf\moa\profiles\*.*
+xcopy moa\TrustProfile1\*.* C:\programme\apacheGroup\abnahme\conf\moa\trustprofiles\TrustProfile1\*.* /s/e
+xcopy moa\TrustProfile2\*.* C:\programme\apacheGroup\abnahme\conf\moa\trustprofiles\TrustProfile2\*.* /s/e
+rd C:\programme\apacheGroup\abnahme\conf\moa\trustprofiles\TrustProfile1\Cvs /S/Q
+rd C:\programme\apacheGroup\abnahme\conf\moa\trustprofiles\TrustProfile2\Cvs /S/Q
+rd C:\programme\apacheGroup\abnahme\conf\moa\trustprofiles\Cvs /S/Q
+rd C:\programme\apacheGroup\abnahme\common\moa\endorsed\Cvs /S/Q
+echo --------------------
+Echo Rrichte moa-auth ein
+echo --------------------
+copy moa-id\ConfigurationTest.xml C:\programme\apacheGroup\abnahme\conf\moa-id\ConfigurationTest.xml
+
+copy transforms\TransformsInfosHTML.xml C:\programme\apacheGroup\abnahme\conf\moa-id\Transforms\TransformsInfosHTML.xml
+echo --------------------
+Echo Kopiere Start-Skript
+echo --------------------
+copy moa\runAbnahme.bat C:\programme\apacheGroup\abnahme\runAbnahme.bat
diff --git a/id.server/data/abnahme-test/conf/OAConfBasicAuth.xml b/id.server/data/abnahme-test/conf/OAConfBasicAuth.xml
new file mode 100644
index 000000000..61455f903
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/OAConfBasicAuth.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<!--Sample XML file generated by XMLSPY v5 U (http://www.xmlspy.com)-->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateful</LoginType>
+ <BasicAuth>
+ <UserID>MOAGivenName</UserID>
+ <Password>MOAFamilyName</Password>
+ </BasicAuth>
+</Configuration>
diff --git a/id.server/data/abnahme-test/conf/OAConfHeaderAuth.xml b/id.server/data/abnahme-test/conf/OAConfHeaderAuth.xml
new file mode 100644
index 000000000..c92e055e9
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/OAConfHeaderAuth.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<!--Sample XML file generated by XMLSPY v5 U (http://www.xmlspy.com)-->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateful</LoginType>
+ <HeaderAuth>
+ <Header Name="Param1" Value="MOAPublicAuthority"/>
+ <Header Name="Param2" Value="MOABKZ"/>
+ <Header Name="Param3" Value="MOAQualifiedCertificate"/>
+ <Header Name="Param4" Value="MOAZMRZahl"/>
+ <Header Name="Param5" Value="MOAIPAddress"/>
+ </HeaderAuth>
+</Configuration>
diff --git a/id.server/data/abnahme-test/conf/OAConfParamAuth.xml b/id.server/data/abnahme-test/conf/OAConfParamAuth.xml
new file mode 100644
index 000000000..a70f6a6c0
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/OAConfParamAuth.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<!--Sample XML file generated by XMLSPY v5 U (http://www.xmlspy.com)-->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateful</LoginType>
+ <ParamAuth>
+ <Parameter Name="Param1" Value="MOADateOfBirth"/>
+ <Parameter Name="Param2" Value="MOAVPK"/>
+ </ParamAuth>
+</Configuration>
diff --git a/id.server/data/abnahme-test/conf/deploy_AUTH.bat b/id.server/data/abnahme-test/conf/deploy_AUTH.bat
new file mode 100644
index 000000000..adb168f09
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/deploy_AUTH.bat
@@ -0,0 +1,12 @@
+
+cd ..\..\..\..\build\scripts\
+Echo Entferne temporäre Projekt-Dateien und erstelle moa-id-auth.war
+call build id.server clean >null
+call build id.server dist-auth >null
+Echo Lösche altes .war-File vom Server und kopiere neu erzeugte Web-App
+del C:\programme\ApacheGroup\abnahme\webapps\moa-id-auth.war /Q/F/S
+rd C:\programme\ApacheGroup\abnahme\webapps\moa-id-auth /S/Q
+copy ..\..\id.server\tmp\dist\auth\moa-id-auth.war C:\programme\ApacheGroup\abnahme\webapps\moa-id-auth.war
+cd ..\..\id.server\data\abnahme-test\conf
+C:
+cd C:\programme\ApacheGroup\abnahme
diff --git a/id.server/data/abnahme-test/conf/log4j.properties b/id.server/data/abnahme-test/conf/log4j.properties
new file mode 100644
index 000000000..86aa9c994
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/log4j.properties
@@ -0,0 +1,41 @@
+#
+# Sample log4j configuration for the MOA-SPSS web service
+#
+
+# commons-logging setup
+org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFactory
+
+# Define log4j root loggers for the 'moa.spss.server' and 'iaik.server'
+# logging hierarchies.
+# All logging output is written to the 'stdout' and 'R' appenders.
+# Add JDBC if you also want to write it to the database
+log4j.rootLogger=info, stdout, R
+log4j.logger.moa.spss.server=info
+log4j.logger.iaik.server=info
+log4j.moa=debug
+
+# Configure the 'stdout appender' to write logging output to the console
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n
+
+# Configure the rolling file appender 'R' to write logging output
+# to the file 'moa-spss.log'. The file is rolled over every 1000KB,
+# and a maximum history of 4 log files is being kept.
+log4j.appender.R=org.apache.log4j.RollingFileAppender
+log4j.appender.R.File=moa-spss.log
+log4j.appender.R.MaxFileSize=1000KB
+log4j.appender.R.MaxBackupIndex=4
+log4j.appender.R.layout=org.apache.log4j.PatternLayout
+log4j.appender.R.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n
+
+# Configure the jdbc appender 'JDBC' to write logging output
+# to the given PostgreSQL database
+# a suitable table called 'spss_log' must have been created in the
+# database using the command:
+# create table spss_log (log_time timestamp, log_level varchar(5), log_msg varchar(256))
+log4j.appender.JDBC=org.apache.log4j.jdbc.JDBCAppender
+log4j.appender.JDBC.driver=org.postgresql.Driver
+log4j.appender.JDBC.URL=jdbc:postgresql://10.16.46.108/moa?user=moa&password=moatest
+log4j.appender.JDBC.layout=org.apache.log4j.PatternLayout
+log4j.appender.JDBC.sql=INSERT INTO spss_log (log_time, log_level, log_msg) VALUES ('%d{ yyyy-MM-dd HH:mm:ss.SSS}', '%5p', '%m') \ No newline at end of file
diff --git a/id.server/data/abnahme-test/conf/moa-id/ConfigurationTest.xml b/id.server/data/abnahme-test/conf/moa-id/ConfigurationTest.xml
new file mode 100644
index 000000000..f2e23f2e2
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa-id/ConfigurationTest.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <SecurityLayer>
+ <TransformsInfo filename="file:/C:/Programme/ApacheGroup/abnahme/conf/moa-id/Transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>file:/C:/Programme/ApacheGroup/abnahme/conf/moa-id/certs/server-certs</AcceptedServerCertificates>
+ <!--<ClientKeyStore password="Keystore Pass">file:/c:/</ClientKeyStore> -->
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="http://moatestlinux:18080/moa-id-auth/services/GetAuthenticationData">
+ <!-- <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> -->
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:/c:/Programme/ApacheGroup/abnahme/conf/moa-id/oa/OAConf.xml" sessionTimeOut="600">
+ <ConnectionParameter URL="https://moatestlinux:18443/oa/">
+ <AcceptedServerCertificates>file:/C:/Programme/ApacheGroup/abnahme/conf/moa-id/oa/server-certs/tomcat</AcceptedServerCertificates>
+<!-- <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore> -->
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="https://10.16.126.28:9443/moa-id-proxy/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:/c:/Programme/ApacheGroup/abnahme/conf/moa-id/oa/OAConf.xml" sessionTimeOut="20">
+ <ConnectionParameter URL="https://moatestlinux:18443/oa/">
+ <AcceptedServerCertificates>file:/home/moa/id/abnahme/conf/moa-id/oa/server-certs/tomcat</AcceptedServerCertificates>
+ <!-- <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore> -->
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="/home/moa/id/abnahme/conf/moa-id/certs/cert-store-root"/>
+ <GenericConfiguration name="TLSTrustedCACertificates" value="file:/home/moa/id/abnahme/conf/moa-id/certs/ca-certs"/>
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/conf/moa/ConfigurationTest.xml b/id.server/data/abnahme-test/conf/moa/ConfigurationTest.xml
new file mode 100644
index 000000000..82c45565d
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/ConfigurationTest.xml
@@ -0,0 +1,136 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<MOAConfiguration xmlns="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:moa-spss="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <CanonicalizationAlgorithm name="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <DigestMethodAlgorithm name="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <GenericConfiguration name="IAIKIXSILinit.properties" value="aValidFileName"/>
+ <GenericConfiguration name="autoAddCertificates" value="true"/>
+ <GenericConfiguration name="useAuthorityInfoAccess" value="true"/>
+ <GenericConfiguration name="maxRevocationAge" value="0"/>
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="aValidPathName"/>
+ <GenericConfiguration name="archiveRevocationInfo" value="false"/>
+ <GenericConfiguration name="DataBaseArchiveParameter.JDBCUrl" value="jdbc:postgresql://10.16.46.108/moa?user=moa&amp;password=moatest"/>
+ <GenericConfiguration name="test.ReferenceBase" value="test"/>
+ <!--
+ <HardwareCryptoModule name="validPathToPKCS11Lib" slotID="validSlotID" userPIN="validPIN"/>
+ <HardwareKeyModule name="validPathToPKCS11Lib" slotID="validSlotID" userPIN="validPIN"/>
+
+ <HardwareKeyModule id="HSM" name="cryptoki.dll" slotID="0" userPIN="0000"/>-->
+ <SoftwareKeyModule id="SWKeyModule1" filename="keys/test-ee2003_normal(buergerkarte).p12" password="buergerkarte"/>
+ <SoftwareKeyModule id="SWKeyModule2" filename="keys/normal-eeExpired.p12" password=""/>
+ <SoftwareKeyModule id="SWKeyModule3" filename="keys/ecc(ego).p12" password="ego"/>
+ <SoftwareKeyModule id="SWKeyModule4" filename="keys/DSA.512.p12" password="topSecret"/>
+ <KeyGroup id="HSMRSAKEY">
+ <Key>
+ <KeyModuleID>HSM</KeyModuleID>
+ <KeyCertIssuerSerial>
+ <dsig:X509IssuerName>C=AT,OU=MOA,O=BRZ,CN=HSMRSAKEY</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>1</dsig:X509SerialNumber>
+ </KeyCertIssuerSerial>
+ </Key>
+ </KeyGroup>
+ <KeyGroup id="PKCS12RSAKey1">
+ <!--PKCS12RSAKey1 maps to test-ee2003_normal(buergerkarte).p12-->
+ <Key>
+ <KeyModuleID>SWKeyModule1</KeyModuleID>
+ <KeyCertIssuerSerial>
+ <dsig:X509IssuerName>CN=IAIK Test CA,OU=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>1044289238331</dsig:X509SerialNumber>
+ </KeyCertIssuerSerial>
+ </Key>
+ </KeyGroup>
+ <KeyGroup id="PKCS12RSAKeyExpired">
+ <!--PKCS12RSAKey1 maps to sicher-demo(buergerkarte).p12-->
+ <Key>
+ <KeyModuleID>SWKeyModule2</KeyModuleID>
+ <KeyCertIssuerSerial>
+ <dsig:X509IssuerName>CN=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>10</dsig:X509SerialNumber>
+ </KeyCertIssuerSerial>
+ </Key>
+ </KeyGroup>
+ <KeyGroup id="PKCS12ECDSAKey1">
+ <!--PKCS12ECDSAKey1 maps to ecc(ego).p12-->
+ <Key>
+ <KeyModuleID>SWKeyModule3</KeyModuleID>
+ <KeyCertIssuerSerial>
+ <dsig:X509IssuerName>CN=IAIK ECDSA Test,OU=JavaSecurity,O=IAIK,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>68172</dsig:X509SerialNumber>
+ </KeyCertIssuerSerial>
+ </Key>
+ </KeyGroup>
+ <KeyGroup id="DSAinPKCS12">
+ <!--DSAinPKCS12 maps to DSA.512.p12-->
+ <Key>
+ <KeyModuleID>SWKeyModule4</KeyModuleID>
+ <KeyCertIssuerSerial>
+ <dsig:X509IssuerName>CN=IAIK DSA Test CA,OU=JavaSecurity,O=IAIK,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>761791</dsig:X509SerialNumber>
+ </KeyCertIssuerSerial>
+ </Key>
+ </KeyGroup>
+ <KeyGroup id="allKeys">
+ <Key>
+ <KeyModuleID>SWKeyModule1</KeyModuleID>
+ <KeyCertIssuerSerial>
+ <dsig:X509IssuerName>CN=IAIK Test CA,OU=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>1044289238331</dsig:X509SerialNumber>
+ </KeyCertIssuerSerial>
+ </Key>
+ <Key>
+ <KeyModuleID>SWKeyModule2</KeyModuleID>
+ <KeyCertIssuerSerial>
+ <dsig:X509IssuerName>CN=IAIK Test CA,OU=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>1044289238331</dsig:X509SerialNumber>
+ </KeyCertIssuerSerial>
+ </Key>
+ <Key>
+ <KeyModuleID>SWKeyModule3</KeyModuleID>
+ <KeyCertIssuerSerial>
+ <dsig:X509IssuerName>CN=IAIK ECDSA Test,OU=JavaSecurity,O=IAIK,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>68172</dsig:X509SerialNumber>
+ </KeyCertIssuerSerial>
+ </Key>
+ <Key>
+ <KeyModuleID>SWKeyModule4</KeyModuleID>
+ <KeyCertIssuerSerial>
+ <dsig:X509IssuerName>CN=IAIK DSA Test CA,OU=JavaSecurity,O=IAIK,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>761791</dsig:X509SerialNumber>
+ </KeyCertIssuerSerial>
+ </Key>
+ </KeyGroup>
+ <KeyGroupMapping>
+ <KeyGroup id="PKCS12RSAKey1"/>
+ <KeyGroup id="PKCS12RSAKeyExpired"/>
+ <KeyGroup id="PKCS12ECDSAKey1"/>
+ <KeyGroup id="DSAinPKCS12"/>
+ <KeyGroup id="HSMRSAKEY"/>
+ </KeyGroupMapping>
+ <KeyGroupMapping>
+ <X509IssuerSerial>
+ <dsig:X509IssuerName>CN=TestUser,OU=MOA,O=BRZ,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>12345678</dsig:X509SerialNumber>
+ </X509IssuerSerial>
+ <KeyGroup id="allKeys"/>
+ </KeyGroupMapping>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <CRLArchive duration="365"/>
+ <CRLDistributionPoint>
+ <CAIssuerDN>CN=IAIK Test CA,OU=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</CAIssuerDN>
+ <DistributionPoint uri="http://www.iaik.at/testCA/iaik_test_sig.crl"/>
+ </CRLDistributionPoint>
+ <CRLDistributionPoint>
+ <CAIssuerDN>CN=IAIK Test CA,OU=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</CAIssuerDN>
+ <DistributionPoint reasonCodes="keyCompromise affiliationChanged" uri="http://www.iaik.at/testCA/iaik_test_sig.crl"/>
+ <DistributionPoint reasonCodes="certificateHold" uri="http://www.iaik.at/testCA/iaik_test_sig.crl"/>
+ </CRLDistributionPoint>
+ <VerifyTransformsInfoProfile id="TransformsInfoProfile1MOAID" filename="profiles/TransformsInfoProfile1MOAID.xml"/>
+ <VerifyTransformsInfoProfile id="TransformsInfoProfile2MOAID" filename="profiles/TransformsInfoProfile2MOAID.xml"/>
+ <VerifyTransformsInfoProfile id="TransformsInfoProfile3MOAID" filename="profiles/TransformsInfoProfile3MOAID.xml"/>
+ <TrustProfile id="TrustProfile1" uri="C:/Programme/ApacheGroup/abnahme/conf/moa/trustprofiles/TrustProfile1"/>
+ <TrustProfile id="TrustProfile2" uri="C:/Programme/ApacheGroup/abnahme/conf/moa/trustprofiles/TrustProfile2"/>
+</MOAConfiguration>
diff --git a/id.server/data/abnahme-test/conf/moa/TrustProfile1/Buergerkarte01Root.cer b/id.server/data/abnahme-test/conf/moa/TrustProfile1/Buergerkarte01Root.cer
new file mode 100644
index 000000000..18e6bc109
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/TrustProfile1/Buergerkarte01Root.cer
Binary files differ
diff --git a/id.server/data/abnahme-test/conf/moa/TrustProfile1/IAIK_TestRoot.cer b/id.server/data/abnahme-test/conf/moa/TrustProfile1/IAIK_TestRoot.cer
new file mode 100644
index 000000000..1cdc15c6e
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/TrustProfile1/IAIK_TestRoot.cer
Binary files differ
diff --git a/id.server/data/abnahme-test/conf/moa/TrustProfile1/Max_Mustermann.cer b/id.server/data/abnahme-test/conf/moa/TrustProfile1/Max_Mustermann.cer
new file mode 100644
index 000000000..b5b39633d
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/TrustProfile1/Max_Mustermann.cer
Binary files differ
diff --git a/id.server/data/abnahme-test/conf/moa/TrustProfile1/TestPersonMOA1.cer b/id.server/data/abnahme-test/conf/moa/TrustProfile1/TestPersonMOA1.cer
new file mode 100644
index 000000000..81f6fa658
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/TrustProfile1/TestPersonMOA1.cer
Binary files differ
diff --git a/id.server/data/abnahme-test/conf/moa/TrustProfile1/TestPersonMOA4.cer b/id.server/data/abnahme-test/conf/moa/TrustProfile1/TestPersonMOA4.cer
new file mode 100644
index 000000000..99936caa8
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/TrustProfile1/TestPersonMOA4.cer
Binary files differ
diff --git a/id.server/data/abnahme-test/conf/moa/TrustProfile1/test-ee2003_normal_inkl_verwaltungs_oid.der b/id.server/data/abnahme-test/conf/moa/TrustProfile1/test-ee2003_normal_inkl_verwaltungs_oid.der
new file mode 100644
index 000000000..3a3aa543d
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/TrustProfile1/test-ee2003_normal_inkl_verwaltungs_oid.der
Binary files differ
diff --git a/id.server/data/abnahme-test/conf/moa/TrustProfile2/Max_Mustermann.cer b/id.server/data/abnahme-test/conf/moa/TrustProfile2/Max_Mustermann.cer
new file mode 100644
index 000000000..b5b39633d
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/TrustProfile2/Max_Mustermann.cer
Binary files differ
diff --git a/id.server/data/abnahme-test/conf/moa/common/endorsed/xercesImpl.jar b/id.server/data/abnahme-test/conf/moa/common/endorsed/xercesImpl.jar
new file mode 100644
index 000000000..f25d73cd7
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/common/endorsed/xercesImpl.jar
Binary files differ
diff --git a/id.server/data/abnahme-test/conf/moa/common/endorsed/xmlParserAPIs.jar b/id.server/data/abnahme-test/conf/moa/common/endorsed/xmlParserAPIs.jar
new file mode 100644
index 000000000..c1fa1d645
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/common/endorsed/xmlParserAPIs.jar
Binary files differ
diff --git a/id.server/data/abnahme-test/conf/moa/keys/DSA.512.p12 b/id.server/data/abnahme-test/conf/moa/keys/DSA.512.p12
new file mode 100644
index 000000000..8f7a201ac
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/keys/DSA.512.p12
Binary files differ
diff --git a/id.server/data/abnahme-test/conf/moa/keys/ecc(ego).p12 b/id.server/data/abnahme-test/conf/moa/keys/ecc(ego).p12
new file mode 100644
index 000000000..f84e793c5
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/keys/ecc(ego).p12
Binary files differ
diff --git a/id.server/data/abnahme-test/conf/moa/keys/normal-eeExpired.p12 b/id.server/data/abnahme-test/conf/moa/keys/normal-eeExpired.p12
new file mode 100644
index 000000000..ff65f9fde
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/keys/normal-eeExpired.p12
Binary files differ
diff --git a/id.server/data/abnahme-test/conf/moa/keys/sicher-demo(buergerkarte).p12 b/id.server/data/abnahme-test/conf/moa/keys/sicher-demo(buergerkarte).p12
new file mode 100644
index 000000000..efaeb9b98
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/keys/sicher-demo(buergerkarte).p12
Binary files differ
diff --git a/id.server/data/abnahme-test/conf/moa/keys/test-ee2003_normal(buergerkarte).p12 b/id.server/data/abnahme-test/conf/moa/keys/test-ee2003_normal(buergerkarte).p12
new file mode 100644
index 000000000..efaeb9b98
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/keys/test-ee2003_normal(buergerkarte).p12
Binary files differ
diff --git a/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile1MOAID.xml b/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile1MOAID.xml
new file mode 100644
index 000000000..c4f5a52af
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile1MOAID.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+<dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms></VerifyTransformsInfoProfile>
diff --git a/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile2MOAID.xml b/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile2MOAID.xml
new file mode 100644
index 000000000..dc4a97716
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile2MOAID.xml
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms></VerifyTransformsInfoProfile>
diff --git a/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile3MOAID.xml b/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile3MOAID.xml
new file mode 100644
index 000000000..17c4d8d54
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile3MOAID.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+<dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OA&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;Geschäftsbereich&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform></dsig:Transforms></VerifyTransformsInfoProfile>
diff --git a/id.server/data/abnahme-test/conf/moa/runAbnahme.bat b/id.server/data/abnahme-test/conf/moa/runAbnahme.bat
new file mode 100644
index 000000000..8f635081c
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/runAbnahme.bat
@@ -0,0 +1,12 @@
+C:
+cd\programme
+cd apacheGroup
+cd abnahme
+rem set moa.id.configuration=C:\Programme\ApacheGroup\abnahme\conf\moa-id\ConfigurationTest.xml
+set moa.spss.server.configuration=C:\Programme\ApacheGroup\abnahme\conf\moa\ConfigurationTest.xml
+rem set CATALINA_OPTS=-Dmoa.id.configuration=C:\Programme\ApacheGroup\abnahme\conf\moa-id\ConfigurationTest.xml -Dlog4j.configuration=file:/C:\Programme\ApacheGroup\abnahme\conf\log4j.properties -Dmoa.spss.server.configuration=C:\Programme\ApacheGroup\abnahme\conf\moa\ConfigurationTest.xml
+set MOA_ROOT=C:\Programme\ApacheGroup\abnahme\
+set CATALINA_OPTS=-Dmoa.spss.server.configuration=%MOA_ROOT%conf\moa\ConfigurationTest.xml -Dlog4j.configuration=file:/%MOA_ROOT%conf\moa\log4j.properties -Dmoa.id.configuration=%MOA_ROOT%conf\moa-id\ConfigurationTest.xml
+set CATALINA_HOME=C:\Programme\ApacheGroup\abnahme
+
+call bin\catalina run \ No newline at end of file
diff --git a/id.server/data/abnahme-test/conf/moa/server.xml b/id.server/data/abnahme-test/conf/moa/server.xml
new file mode 100644
index 000000000..75afa9955
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/server.xml
@@ -0,0 +1,423 @@
+<!-- Example Server Configuration File -->
+<!-- Note that component elements are nested corresponding to their
+ parent-child relationships with each other -->
+
+<!-- A "Server" is a singleton element that represents the entire JVM,
+ which may contain one or more "Service" instances. The Server
+ listens for a shutdown command on the indicated port.
+
+ Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+
+<Server port="8005" shutdown="SHUTDOWN" debug="0">
+
+
+ <!-- Comment these entries out to disable JMX MBeans support -->
+ <!-- You may also configure custom components (e.g. Valves/Realms) by
+ including your own mbean-descriptor file(s), and setting the
+ "descriptors" attribute to point to a ';' seperated list of paths
+ (in the ClassLoader sense) of files to add to the default list.
+ e.g. descriptors="/com/myfirm/mypackage/mbean-descriptor.xml"
+ -->
+ <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
+ debug="0"/>
+ <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
+ debug="0"/>
+
+ <!-- Global JNDI resources -->
+ <GlobalNamingResources>
+
+ <!-- Test entry for demonstration purposes -->
+ <Environment name="simpleValue" type="java.lang.Integer" value="30"/>
+
+ <!-- Editable user database that can also be used by
+ UserDatabaseRealm to authenticate users -->
+ <Resource name="UserDatabase" auth="Container"
+ type="org.apache.catalina.UserDatabase"
+ description="User database that can be updated and saved">
+ </Resource>
+ <ResourceParams name="UserDatabase">
+ <parameter>
+ <name>factory</name>
+ <value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
+ </parameter>
+ <parameter>
+ <name>pathname</name>
+ <value>conf/tomcat-users.xml</value>
+ </parameter>
+ </ResourceParams>
+
+ </GlobalNamingResources>
+
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" (and therefore the web applications visible
+ within that Container). Normally, that Container is an "Engine",
+ but this is not required.
+
+ Note: A "Service" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+
+ <!-- Define the Tomcat Stand-Alone Service -->
+ <Service name="Tomcat-Standalone">
+
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Each Connector passes requests on to the
+ associated "Container" (normally an Engine) for processing.
+
+ By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
+ You can also enable an SSL HTTP/1.1 Connector on port 8443 by
+ following the instructions below and uncommenting the second Connector
+ entry. SSL support requires the following steps (see the SSL Config
+ HOWTO in the Tomcat 4.0 documentation bundle for more detailed
+ instructions):
+ * Download and install JSSE 1.0.2 or later, and put the JAR files
+ into "$JAVA_HOME/jre/lib/ext".
+ * Execute:
+ %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
+ $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
+ with a password value of "changeit" for both the certificate and
+ the keystore itself.
+
+ By default, DNS lookups are enabled when a web application calls
+ request.getRemoteHost(). This can have an adverse impact on
+ performance, so you can disable it by setting the
+ "enableLookups" attribute to "false". When DNS lookups are disabled,
+ request.getRemoteHost() will return the String version of the
+ IP address of the remote client.
+ -->
+
+ <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
+ <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
+ port="8080" minProcessors="5" maxProcessors="75"
+ enableLookups="true" redirectPort="8443"
+ acceptCount="100" debug="0" connectionTimeout="20000"
+ useURIValidationHack="false" disableUploadTimeout="true" />
+ <!-- Note : To disable connection timeouts, set connectionTimeout value
+ to -1 -->
+
+ <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
+
+ <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8443" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="100" debug="0" scheme="https" secure="true" useURIValidationHack="false" disableUploadTimeout="false">
+ <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth="false" protocol="TLS" keystoreFile="server.keystore" keystorePass="changeit"/>
+ </Connector>
+
+
+ <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
+ <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
+ port="8009" minProcessors="5" maxProcessors="75"
+ enableLookups="true" redirectPort="8443"
+ acceptCount="10" debug="0" connectionTimeout="0"
+ useURIValidationHack="false"
+ protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>
+
+ <!-- Define an AJP 1.3 Connector on port 8009 -->
+ <!--
+ <Connector className="org.apache.ajp.tomcat4.Ajp13Connector"
+ port="8009" minProcessors="5" maxProcessors="75"
+ acceptCount="10" debug="0"/>
+ -->
+
+ <!-- Define a Proxied HTTP/1.1 Connector on port 8082 -->
+ <!-- See proxy documentation for more information about using this. -->
+ <!--
+ <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
+ port="8082" minProcessors="5" maxProcessors="75"
+ enableLookups="true"
+ acceptCount="100" debug="0" connectionTimeout="20000"
+ proxyPort="80" useURIValidationHack="false"
+ disableUploadTimeout="true" />
+ -->
+
+ <!-- Define a non-SSL legacy HTTP/1.1 Test Connector on port 8083 -->
+ <!--
+ <Connector className="org.apache.catalina.connector.http.HttpConnector"
+ port="8083" minProcessors="5" maxProcessors="75"
+ enableLookups="true" redirectPort="8443"
+ acceptCount="10" debug="0" />
+ -->
+
+ <!-- Define a non-SSL HTTP/1.0 Test Connector on port 8084 -->
+ <!--
+ <Connector className="org.apache.catalina.connector.http10.HttpConnector"
+ port="8084" minProcessors="5" maxProcessors="75"
+ enableLookups="true" redirectPort="8443"
+ acceptCount="10" debug="0" />
+ -->
+
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host). -->
+
+ <!-- You should set jvmRoute to support load-balancing via JK/JK2 ie :
+ <Engine name="Standalone" defaultHost="localhost" debug="0" jmvRoute="jvm1">
+ -->
+
+ <!-- Define the top level container in our container hierarchy -->
+ <Engine name="Standalone" defaultHost="localhost" debug="0">
+
+ <!-- The request dumper valve dumps useful debugging information about
+ the request headers and cookies that were received, and the response
+ headers and cookies that were sent, for all requests received by
+ this instance of Tomcat. If you care only about requests to a
+ particular virtual host, or a particular application, nest this
+ element inside the corresponding <Host> or <Context> entry instead.
+
+ For a similar mechanism that is portable to all Servlet 2.3
+ containers, check out the "RequestDumperFilter" Filter in the
+ example application (the source for this filter may be found in
+ "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
+
+ Request dumping is disabled by default. Uncomment the following
+ element to enable it. -->
+ <!--
+ <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
+ -->
+
+ <!-- Global logger unless overridden at lower levels -->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ prefix="catalina_log." suffix=".txt"
+ timestamp="true"/>
+
+ <!-- Because this Realm is here, an instance will be shared globally -->
+
+ <!-- This Realm uses the UserDatabase configured in the global JNDI
+ resources under the key "UserDatabase". Any edits
+ that are performed against this UserDatabase are immediately
+ available for use by the Realm. -->
+ <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+ debug="0" resourceName="UserDatabase"/>
+
+ <!-- Comment out the old realm but leave here for now in case we
+ need to go back quickly -->
+ <!--
+ <Realm className="org.apache.catalina.realm.MemoryRealm" />
+ -->
+
+ <!-- Replace the above Realm with one of the following to get a Realm
+ stored in a database and accessed via JDBC -->
+
+ <!--
+ <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
+ driverName="org.gjt.mm.mysql.Driver"
+ connectionURL="jdbc:mysql://localhost/authority"
+ connectionName="test" connectionPassword="test"
+ userTable="users" userNameCol="user_name" userCredCol="user_pass"
+ userRoleTable="user_roles" roleNameCol="role_name" />
+ -->
+
+ <!--
+ <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
+ driverName="oracle.jdbc.driver.OracleDriver"
+ connectionURL="jdbc:oracle:thin:@ntserver:1521:ORCL"
+ connectionName="scott" connectionPassword="tiger"
+ userTable="users" userNameCol="user_name" userCredCol="user_pass"
+ userRoleTable="user_roles" roleNameCol="role_name" />
+ -->
+
+ <!--
+ <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
+ driverName="sun.jdbc.odbc.JdbcOdbcDriver"
+ connectionURL="jdbc:odbc:CATALINA"
+ userTable="users" userNameCol="user_name" userCredCol="user_pass"
+ userRoleTable="user_roles" roleNameCol="role_name" />
+ -->
+
+ <!-- Define the default virtual host -->
+ <Host name="localhost" debug="0" appBase="webapps"
+ unpackWARs="true" autoDeploy="true">
+
+ <!-- Normally, users must authenticate themselves to each web app
+ individually. Uncomment the following entry if you would like
+ a user to be authenticated the first time they encounter a
+ resource protected by a security constraint, and then have that
+ user identity maintained across *all* web applications contained
+ in this virtual host. -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn"
+ debug="0"/>
+ -->
+
+ <!-- Access log processes all requests for this virtual host. By
+ default, log files are created in the "logs" directory relative to
+ $CATALINA_HOME. If you wish, you can specify a different
+ directory with the "directory" attribute. Specify either a relative
+ (to $CATALINA_HOME) or absolute path to the desired directory.
+ -->
+ <!--
+ <Valve className="org.apache.catalina.valves.AccessLogValve"
+ directory="logs" prefix="localhost_access_log." suffix=".txt"
+ pattern="common" resolveHosts="false"/>
+ -->
+
+ <!-- Logger shared by all Contexts related to this virtual host. By
+ default (when using FileLogger), log files are created in the "logs"
+ directory relative to $CATALINA_HOME. If you wish, you can specify
+ a different directory with the "directory" attribute. Specify either a
+ relative (to $CATALINA_HOME) or absolute path to the desired
+ directory.-->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ directory="logs" prefix="localhost_log." suffix=".txt"
+ timestamp="true"/>
+
+ <!-- Define properties for each web application. This is only needed
+ if you want to set non-default properties, or have web application
+ document roots in places other than the virtual host's appBase
+ directory. -->
+
+ <!-- Tomcat Root Context -->
+ <!--
+ <Context path="" docBase="ROOT" debug="0"/>
+ -->
+
+ <!-- Tomcat Examples Context -->
+ <Context path="/examples" docBase="examples" debug="0"
+ reloadable="true" crossContext="true">
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ prefix="localhost_examples_log." suffix=".txt"
+ timestamp="true"/>
+ <Ejb name="ejb/EmplRecord" type="Entity"
+ home="com.wombat.empl.EmployeeRecordHome"
+ remote="com.wombat.empl.EmployeeRecord"/>
+
+ <!-- If you wanted the examples app to be able to edit the
+ user database, you would uncomment the following entry.
+ Of course, you would want to enable security on the
+ application as well, so this is not done by default!
+ The database object could be accessed like this:
+
+ Context initCtx = new InitialContext();
+ Context envCtx = (Context) initCtx.lookup("java:comp/env");
+ UserDatabase database =
+ (UserDatabase) envCtx.lookup("userDatabase");
+ -->
+<!--
+ <ResourceLink name="userDatabase" global="UserDatabase"
+ type="org.apache.catalina.UserDatabase"/>
+-->
+
+
+ <!-- PersistentManager: Uncomment the section below to test Persistent
+ Sessions.
+
+ saveOnRestart: If true, all active sessions will be saved
+ to the Store when Catalina is shutdown, regardless of
+ other settings. All Sessions found in the Store will be
+ loaded on startup. Sessions past their expiration are
+ ignored in both cases.
+ maxActiveSessions: If 0 or greater, having too many active
+ sessions will result in some being swapped out. minIdleSwap
+ limits this. -1 or 0 means unlimited sessions are allowed.
+ If it is not possible to swap sessions new sessions will
+ be rejected.
+ This avoids thrashing when the site is highly active.
+ minIdleSwap: Sessions must be idle for at least this long
+ (in seconds) before they will be swapped out due to
+ activity.
+ 0 means sessions will almost always be swapped out after
+ use - this will be noticeably slow for your users.
+ maxIdleSwap: Sessions will be swapped out if idle for this
+ long (in seconds). If minIdleSwap is higher, then it will
+ override this. This isn't exact: it is checked periodically.
+ -1 means sessions won't be swapped out for this reason,
+ although they may be swapped out for maxActiveSessions.
+ If set to >= 0, guarantees that all sessions found in the
+ Store will be loaded on startup.
+ maxIdleBackup: Sessions will be backed up (saved to the Store,
+ but left in active memory) if idle for this long (in seconds),
+ and all sessions found in the Store will be loaded on startup.
+ If set to -1 sessions will not be backed up, 0 means they
+ should be backed up shortly after being used.
+
+ To clear sessions from the Store, set maxActiveSessions, maxIdleSwap,
+ and minIdleBackup all to -1, saveOnRestart to false, then restart
+ Catalina.
+ -->
+ <!--
+ <Manager className="org.apache.catalina.session.PersistentManager"
+ debug="0"
+ saveOnRestart="true"
+ maxActiveSessions="-1"
+ minIdleSwap="-1"
+ maxIdleSwap="-1"
+ maxIdleBackup="-1">
+ <Store className="org.apache.catalina.session.FileStore"/>
+ </Manager>
+ -->
+ <Environment name="maxExemptions" type="java.lang.Integer"
+ value="15"/>
+ <Parameter name="context.param.name" value="context.param.value"
+ override="false"/>
+ <Resource name="jdbc/EmployeeAppDb" auth="SERVLET"
+ type="javax.sql.DataSource"/>
+ <ResourceParams name="jdbc/EmployeeAppDb">
+ <parameter><name>username</name><value>sa</value></parameter>
+ <parameter><name>password</name><value></value></parameter>
+ <parameter><name>driverClassName</name>
+ <value>org.hsql.jdbcDriver</value></parameter>
+ <parameter><name>url</name>
+ <value>jdbc:HypersonicSQL:database</value></parameter>
+ </ResourceParams>
+ <Resource name="mail/Session" auth="Container"
+ type="javax.mail.Session"/>
+ <ResourceParams name="mail/Session">
+ <parameter>
+ <name>mail.smtp.host</name>
+ <value>localhost</value>
+ </parameter>
+ </ResourceParams>
+ <ResourceLink name="linkToGlobalResource"
+ global="simpleValue"
+ type="java.lang.Integer"/>
+ </Context>
+
+ </Host>
+
+ </Engine>
+
+ </Service>
+
+ <!-- The MOD_WEBAPP connector is used to connect Apache 1.3 with Tomcat 4.0
+ as its servlet container. Please read the README.txt file coming with
+ the WebApp Module distribution on how to build it.
+ (Or check out the "jakarta-tomcat-connectors/webapp" CVS repository)
+
+ To configure the Apache side, you must ensure that you have the
+ "ServerName" and "Port" directives defined in "httpd.conf". Then,
+ lines like these to the bottom of your "httpd.conf" file:
+
+ LoadModule webapp_module libexec/mod_webapp.so
+ WebAppConnection warpConnection warp localhost:8008
+ WebAppDeploy examples warpConnection /examples/
+
+ The next time you restart Apache (after restarting Tomcat, if needed)
+ the connection will be established, and all applications you make
+ visible via "WebAppDeploy" directives can be accessed through Apache.
+ -->
+
+ <!-- Define an Apache-Connector Service -->
+<!--
+ <Service name="Tomcat-Apache">
+
+ <Connector className="org.apache.catalina.connector.warp.WarpConnector"
+ port="8008" minProcessors="5" maxProcessors="75"
+ enableLookups="true" appBase="webapps"
+ acceptCount="10" debug="0"/>
+
+ <Engine className="org.apache.catalina.connector.warp.WarpEngine"
+ name="Apache" debug="0">
+
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ prefix="apache_log." suffix=".txt"
+ timestamp="true"/>
+
+ <Realm className="org.apache.catalina.realm.MemoryRealm" />
+
+ </Engine>
+
+ </Service>
+-->
+
+</Server>
diff --git a/id.server/data/abnahme-test/conf/transforms/TransformsInfosHTML.xml b/id.server/data/abnahme-test/conf/transforms/TransformsInfosHTML.xml
new file mode 100644
index 000000000..e003297f4
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/transforms/TransformsInfosHTML.xml
@@ -0,0 +1,63 @@
+<sl10:TransformsInfo>
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+ <table border="1">
+ <tr>
+ <td>
+ <b>Name:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//@Issuer"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Zeit:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//@IssueInstant"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Applikation:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Geschäftsbereich:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Anmeldeserver:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:NameIdentifier"/>
+ </td>
+ </tr>
+ </table>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ </dsig:Transforms>
+ <sl10:FinalDataMetaInfo>
+ <sl10:MimeType>text/html</sl10:MimeType>
+ </sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
diff --git a/id.server/data/abnahme-test/ixsil/init/properties/algorithms.properties b/id.server/data/abnahme-test/ixsil/init/properties/algorithms.properties
new file mode 100644
index 000000000..35a41cfdd
--- /dev/null
+++ b/id.server/data/abnahme-test/ixsil/init/properties/algorithms.properties
@@ -0,0 +1,94 @@
+# IXSIL algorithm properties
+#
+# This file contains the properties which IXSIL uses to maintain the available algorithms.
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# Canonicalization algorithms
+#
+# The following properties (starting with "Canonicalization.") are associations between canonicalization
+# algorithm URIs and their corresponding implementation classes.
+#
+# For instance, if you would like to specify the implementation class for the canonicalization algorithm
+# with the identifying URI "http://www.w3.org/TR/2001/REC-xml-c14n-20010315", the name of the algorithm
+# property is "Canonicalization.http://www.w3.org/TR/2001/REC-xml-c14n-20010315", i.e. the identifying URI,
+# prepended by the canonicalization algorithm property identifier ("Canonicalization."). The value of the
+# property is the fully qualified class name of the implementation for this algorithm, for instance the
+# standard impl. shipped with IXSIL, "iaik.ixsil.algorithms.CanonicalizationAlgorithmImplCanonicalXML".
+#
+# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the
+# property name.
+
+Canonicalization.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315 = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplCanonicalXML
+Canonicalization.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplCanonicalXMLWithComments
+Canonicalization.http\://www.w3.org/2001/10/xml-exc-c14n# = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplExclusiveCanonicalXML
+Canonicalization.http\://www.w3.org/2001/10/xml-exc-c14n#WithComments = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplExclusiveCanonicalXMLWithComments
+
+#----------------------------------------------------------------------------------------------------------
+# Signature algorithms
+#
+# The following properties (starting with "Signature.") are associations between signature algorithm URIs and
+# their corresponding implementation classes.
+#
+# For instance, if you would like to specify the implementation class for the signature algorithm
+# with the identifying URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1", the name of the algorithm
+# property is "Signature.http://www.w3.org/2000/09/xmldsig#rsa-sha1", i.e. the identifying URI,
+# prepended by the signature algorithm property identifier ("Signature."). The value of the
+# property is the fully qualified class name of the implementation for this algorithm, for instance the
+# standard implementation shipped with IXSIL, "iaik.ixsil.algorithms.SignatureAlgorithmImplRSA".
+#
+# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the
+# property name.
+
+Signature.http\://www.w3.org/2000/09/xmldsig#rsa-sha1 = iaik.ixsil.algorithms.SignatureAlgorithmImplRSA
+Signature.http\://www.w3.org/2000/09/xmldsig#dsa-sha1 = iaik.ixsil.algorithms.SignatureAlgorithmImplDSA
+Signature.http\://www.w3.org/2000/09/xmldsig#hmac-sha1 = iaik.ixsil.algorithms.SignatureAlgorithmImplHMAC
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# Digest algorithms
+#
+# The following properties (starting with "Digest.") are associations between digest algorithm URIs and
+# their corresponding implementation classes.
+#
+# For instance, if you would like to specify the implementation class for the digest algorithm
+# with the identifying URI "http://www.w3.org/2000/09/xmldsig#sha1", the name of the algorithm
+# property is "Digest.http://www.w3.org/2000/09/xmldsig#sha1", i.e. the identifying URI,
+# prepended by the digest algorithm property identifier ("Digest."). The value of the
+# property is the fully qualified class name of the implementation for this algorithm, for instance the
+# standard implementation shipped with IXSIL, "iaik.ixsil.algorithms.DigestAlgorithmImplSHA1".
+#
+# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the
+# property name.
+
+Digest.http\://www.w3.org/2000/09/xmldsig#sha1 = iaik.ixsil.algorithms.DigestAlgorithmImplSHA1
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# Transform algorithms
+#
+# The following properties (starting with "Transform.") are associations between digest algorithm URIs and
+# their corresponding implementation classes.
+#
+# For instance, if you would like to specify the implementation class for the transform algorithm
+# with the identifying URI "http://www.w3.org/2000/09/xmldsig#base64", the name of the algorithm
+# property is "Transform.http://www.w3.org/2000/09/xmldsig#base64", i.e. the identifying URI,
+# prepended by the transform algorithm property identifier ("Transform."). The value of the
+# property is the fully qualified class name of the implementation for this algorithm, for instance the
+# standard implementation shipped with IXSIL, "iaik.ixsil.algorithms.TransformImplBase64Decode".
+#
+# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the
+# property name.
+
+Transform.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315 = iaik.ixsil.algorithms.TransformImplCanonicalXML
+Transform.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments = iaik.ixsil.algorithms.TransformImplCanonicalXMLWithComments
+Transform.http\://www.w3.org/2001/10/xml-exc-c14n# = iaik.ixsil.algorithms.TransformImplExclusiveCanonicalXML
+Transform.http\://www.w3.org/2001/10/xml-exc-c14n#WithComments = iaik.ixsil.algorithms.TransformImplExclusiveCanonicalXMLWithComments
+Transform.http\://www.w3.org/2000/09/xmldsig#base64 = iaik.ixsil.algorithms.TransformImplBase64Decode
+Transform.http\://www.w3.org/TR/1999/REC-xpath-19991116 = iaik.ixsil.algorithms.TransformImplXPath
+Transform.http\://www.w3.org/2000/09/xmldsig#enveloped-signature = iaik.ixsil.algorithms.TransformImplEnvelopedSignature
+Transform.http\://www.w3.org/TR/1999/REC-xslt-19991116 = iaik.ixsil.algorithms.TransformImplXSLT
+Transform.http\://www.w3.org/2002/06/xmldsig-filter2 = iaik.ixsil.algorithms.TransformImplXPath2
diff --git a/id.server/data/abnahme-test/ixsil/init/properties/init.properties b/id.server/data/abnahme-test/ixsil/init/properties/init.properties
new file mode 100644
index 000000000..a309959cc
--- /dev/null
+++ b/id.server/data/abnahme-test/ixsil/init/properties/init.properties
@@ -0,0 +1,214 @@
+# IXSIL init properties
+#
+# This file contains the basic initialization properties for IXSIL.
+
+#----------------------------------------------------------------------------------------------------------
+# Properties for localizing exeption messages
+
+# This property specifies the ISO language code, which is used to select the appropriate exception message
+# file. Please see the documentation for Java class "java.util.RessourceBundle" for further information.
+
+IXSILException.ISOLanguageCode = "en"
+
+
+
+# This property specifies the ISO country code, which is used to select the appropriate exception message
+# file. Please see the documentation for Java class "java.util.RessourceBundle" for further information.
+
+IXSILException.ISOCountryCode = "US"
+
+
+#----------------------------------------------------------------------------------------------------------
+# Other property files
+
+# This property contains a URI specifying the (virtual) location of the IXSIL init properties file (i. e.
+# this file). The URI MUST be absolute.
+#
+# The use of this property is optional. It is only needed by IXSIL, if the library will be initialized using
+# the method IXSILInit.init(Properties, Properties, Properties). In this case it is used by IXSIL as the
+# base URI for absolutizing other property URIs, such as "DOMUtils.SignatureSchema" (see below).
+#
+# PLEASE NOTE: Contrary to URIs under e.g. http or ftp scheme, URIs under file and jar scheme do not have an
+# authority component. This means that the part following the scheme identifier starts with "/"
+# (single slash character), and not with "//" (two slash characters).
+#
+# Example 1 (absolute URI under file scheme): "file:/c:/path1/path2/init.properties"
+# Example 2 (absolute URI under jar scheme): "jar:/file:/c:/path1/path2/archive.jar!/init.properties"
+# Example 3 (absolute URI under http scheme): "http://somewhere.org/path1/path2/init.properties"
+
+location.initProperties = file:data/abnahme/test/ixsil/init/properties/init.properties
+
+
+
+# This property contains a URI specifying the location of the IXSIL algorithm properties file. The URI can
+# be absolute or relative. If a relative URI is used, it will be absolutized using this init property file's
+# URI as the base.
+#
+# PLEASE NOTE: Contrary to URIs under e.g. http or ftp scheme, URIs under file and jar scheme do not have an
+# authority component. This means that the part following the scheme identifier starts with "/"
+# (single slash character), and not with "//" (two slash characters).
+#
+# Example 1 (absolute URI under file scheme): "file:/c:/path1/path2/algorithms.properties"
+# Example 2 (absolute URI under jar scheme): "jar:/file:/c:/path1/path2/archive.jar!/algorithms.properties"
+# Example 3 (absolute URI under http scheme): "http://somewhere.org/path1/path2/algorithms.properties"
+# Example 4 (relative URI): "../otherpath/algorithms.properties"
+# Example 5 (relative URI): "algorithms.properties"
+
+location.algorithmsProperties = file:data/abnahme/test/ixsil/init/properties/algorithms.properties
+
+
+
+# This property contains a URI specifying the location of the IXSIL keyManager properties file. The URI can
+# be absolute or relative. If a relative URI is used, it will be absolutized using this init property file's
+# URI as the base.
+#
+# PLEASE NOTE: Contrary to URIs under e.g. http or ftp scheme, URIs under file and jar scheme do not have an
+# authority component. This means that the part following the scheme identifier starts with "/"
+# (single slash character), and not with "//" (two slash characters).
+#
+# Example 1 (absolute URI under file scheme): "file:/c:/path1/path2/keyManager.properties"
+# Example 2 (absolute URI under jar scheme): "jar:/file:/c:/path1/path2/archive.jar!/keyManager.properties"
+# Example 3 (absolute URI under http scheme): "http://somewhere.org/path1/path2/keyManager.properties"
+# Example 4 (relative URI): "../otherpath/keyManager.properties"
+# Example 5 (relative URI): "keyManager.properties"
+
+location.keyManagerProperties = file:data/abnahme/test/ixsil/init/properties/keyManager.properties
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# AlgorithmFactory properties
+
+
+
+This property specifies the extension class for the abstract class
+iaik.ixsil.algorithms.AlgorithmFactory, which is instantiated at invokation of method
+iaik.ixsil.algorithms.AlgorithmFactory.createFactory().
+Please specifiy the fully qualified java class name for the class to be instantiated.
+
+AlgorithmFactory.ImplementingClass = iaik.ixsil.algorithms.AlgorithmFactoryDefaultImpl
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# VerifierKeyManager properties
+
+# This property specifies the implementation class for the interface
+# iaik.ixsil.keyinfo.VerifierKeyManager, which is instantiated by IXSIL in the verification use case, if the
+# signature algorithm does not know about the verification key, and if the XML signature bears a KeyInfo
+# element which contains hints that can be used to deduce the verification key.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+VerifierKeyManager.ImplementingClass = iaik.ixsil.keyinfo.KeyManagerImpl
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# XML namespace prefix properties
+
+# This property specifies the namespace prefix used for XML elements from the XML-Signature namespace.
+#
+# PLEASE NOTE: The prefix must not be empty.
+
+namespacePrefix.XMLSignature = dsig:
+
+
+
+# This property specifies the namespace prefix used for XML elements from the XML Schema instance namespace.
+#
+# PLEASE NOTE: The prefix must not be empty.
+
+namespacePrefix.XMLSchemaInstance = xsi:
+
+
+#----------------------------------------------------------------------------------------------------------
+# DOMUtils properties
+
+
+
+# This property specifies the implementation class IXSIL should use for the interface
+# iaik.ixsil.util.DOMUtilsInterface, which contains a couple of DOM utility methods, which IXSIL relies
+# on. If you would like to employ a parser different from Apache Xerces, you must implement the
+# DOMUtilsInterface and specify your implementation class using this property.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+DOMUtils.ImplementingClass = iaik.ixsil.util.DOMUtilsImpl
+
+
+
+# This property is used by the standard implementation class for the interface
+# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL.
+# It specifies, wheter WARNINGS generated by the Apache Xerces parser should lead to a parser exception
+# or not.
+
+DOMUtils.ErrorHandler.reportWarnings = true
+
+
+
+# This property is used by the standard implementation class for the interface
+# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL.
+# It specifies, wheter ERRORS generated by the Apache Xerces parser should lead to a parser exception
+# or not.
+
+DOMUtils.ErrorHandler.reportErrors = true
+
+
+
+# This property is used by the standard implementation class for the interface
+# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL.
+# It specifies, wheter FATAL ERRORS generated by the Apache Xerces parser should lead to a parser
+# exception or not.
+
+DOMUtils.ErrorHandler.reportFatalErrors = true
+
+
+
+# This property is used by the standard implementation class for the interface
+# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL.
+# It specifies an URI for the location of the XML schema for an XML signature, which is used as the
+# reference grammar in method iaik.ixsil.util.DOMUtilsImpl.schemaValidateSignatureElement.
+# The URI can be absolute or relative. If the URI is relative, it will be absolutized using the URI for
+# this init property file as the base.
+
+DOMUtils.SignatureSchema = ../schemas/Signature.xsd
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# XPathUtils properties
+
+# This property specifies the implementation class IXSIL should use for the interface
+# iaik.ixsil.util.XPathUtilsInterface, which contains a couple of XPath utility methods, which IXSIL relies
+# on. If you would like to employ a XPath engine different from Apache Xalan, you must implement the
+# XPathUtilsInterface and specify your implementation class using this property.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+XPathUtils.ImplementingClass = iaik.ixsil.util.XPathUtilsImpl
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# CanonicalXMLSerializer properties
+
+
+
+# This property specifies the implementation class IXSIL should use for the interface
+# iaik.ixsil.util.CanonicalXMLSerialierInterface. IXSIL relies on this interface to serialize XML according
+# to "Canonical XML" (see http://www.w3.org/TR/2001/REC-xml-c14n-20010315). If you would like to employ an
+# implemenation different from the standard implementation shipped with IXSIL, you must implement the
+# CanonicalXMLSerialierInterface and specify your implementation class using this property.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+CanonicalXMLSerializer.CanonicalXMLImplementingClass = iaik.ixsil.util.CanonicalXMLSerializerImpl
+
+
+
+# This property specifies the implementation class IXSIL should use for the interface
+# iaik.ixsil.util.ExclusiveCanonicalXMLSerialierInterface. IXSIL relies on this interface to serialize XML
+# according to "Exclusive XML Canonicalization" (see http://www.w3.org/TR/2001/WD-xml-exc-c14n-20011120).
+# If you would like to employ an implemenation different from the standard implementation shipped with
+# IXSIL, you must implement the ExclusiveCanonicalXMLSerialierInterface and specify your implementation
+# class using this property.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+CanonicalXMLSerializer.ExclusiveCanonicalXMLImplementingClass = iaik.ixsil.util.CanonicalXMLSerializerImpl
diff --git a/id.server/data/abnahme-test/ixsil/init/properties/keyManager.properties b/id.server/data/abnahme-test/ixsil/init/properties/keyManager.properties
new file mode 100644
index 000000000..24ece437a
--- /dev/null
+++ b/id.server/data/abnahme-test/ixsil/init/properties/keyManager.properties
@@ -0,0 +1,74 @@
+# IXSIL algorithm properties
+#
+# This file contains the properties which IXSIL uses in context of key management.
+
+
+
+#----------------------------------------------------------------------------------------------------------
+#
+# The following properties are associations between the fully qualified XMLname of a "KeyInfo" subelement,
+# as used in an XML signature to specify hints how the verifier can obtain the verification key, and that
+# implementation class of the interface iaik.ixsil.keyinfo.KeyProviderInterface, which will manage
+# subelements of that type.
+#
+# These properties are only of interest, if you are using the standard key manager shipped with IXISL
+# (which is class iaik.ixsil.keyInfo.KeyManagerImpl).
+#
+# For instance, if you would like to specify the key provider implementation for "KeyValue" subelements,
+# the property name is the fully qualified XML name for the "KeyValue" element, namely
+# "http://www.w3.org/2000/09/xmldsig#:KeyValue". The value of the property is the fully qualified class
+# name of the key provider implementation class, for instance the standard implementation which ships with
+# IXSIL: "iaik.ixsil.keyinfo.KeyProviderImplKeyValue".
+#
+# PLEASE NOTE (I): A fully qualified name for an XML element consists of an URI indicating the namespace the
+# element belongs to (e.g. "http://www.w3.org/2000/09/xmldsig#") and the local name of the
+# element (e.g. "KeyValue"). Both components are seperated by a colon.
+#
+# PLEASE NOTE (II): The colon character (":") must be escaped by a leading backslash, if it appears in the
+# property name.
+
+http\://www.w3.org/2000/09/xmldsig#\:KeyValue = iaik.ixsil.keyinfo.KeyProviderImplKeyValue
+http\://www.w3.org/2000/09/xmldsig#\:X509Data = iaik.ixsil.keyinfo.x509.KeyProviderImplX509Data
+http\://www.w3.org/2000/09/xmldsig#\:RetrievalMethod = iaik.ixsil.keyinfo.retrieval.KeyProviderImplRetrievalMethod
+
+
+
+#----------------------------------------------------------------------------------------------------------
+#
+# The following properties specify the order in which the different types of "KeyInfo" subelements are used
+# by the key manager to deduce the verification key.
+#
+# These properties are only of interest, if you are using the standard key manager shipped with IXISL
+# (which is class iaik.ixsil.keyInfo.KeyManagerImpl).
+#
+# The properties are associations between a two digit number and the fully qualified XML name of a "KeyInfo"
+# subelement. The lower the number, the more important is the associated "KeyInfo" sublement. Consider an
+# example configuration:
+#
+# Subelement.01 = http://www.w3.org/2000/09/xmldsig#:KeyValue
+# Subelement.02 = http://www.w3.org/2000/09/xmldsig#:X509Data
+#
+# In this configuration, the key manager first tries to use "KeyValue" subelements to deduce the
+# verification key. Only if this does not succeed, the key manager uses "X509Data" subelements as a second
+# chance. Of course you can specify more than only two different subelement types.
+#
+# PLEASE NOTE: A fully qualified name for an XML element consists of an URI indicating the namespace the
+# element belongs to (e.g. "http://www.w3.org/2000/09/xmldsig#") and the local name of the
+# element (e.g. "KeyValue"). Both components are seperated by a colon.
+
+Subelement.01 = http://www.w3.org/2000/09/xmldsig#:KeyValue
+Subelement.02 = http://www.w3.org/2000/09/xmldsig#:X509Data
+Subelement.03 = http://www.w3.org/2000/09/xmldsig#:RetrievalMethod
+
+
+
+#----------------------------------------------------------------------------------------------------------
+#
+# The following property is used by standard implementation of the "X509Data" key provider, which ships
+# with IXSIL, namely "KeyProviderImplX509Data". It specifies the implementation class for the interface
+# iaik.ixsil.keyinfo.x509.X509TrustManagerInterface, which is to be instantiated as the backbone trust
+# manager for this key provider.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+KeyProviderImplX509Data.X509TrustManagerDefaultImplementingClass = iaik.ixsil.keyinfo.x509.X509TrustManagerDummyImpl
+
diff --git a/id.server/data/abnahme-test/ixsil/init/schemas/Signature.xsd b/id.server/data/abnahme-test/ixsil/init/schemas/Signature.xsd
new file mode 100644
index 000000000..ed7719dfb
--- /dev/null
+++ b/id.server/data/abnahme-test/ixsil/init/schemas/Signature.xsd
@@ -0,0 +1,328 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE schema
+ SYSTEM "XMLSchema.dtd"
+ [
+ <!ATTLIST schema
+ xmlns:ds CDATA #FIXED "http://www.w3.org/2000/09/xmldsig#">
+ <!ENTITY dsig 'http://www.w3.org/2000/09/xmldsig#'>
+ <!ENTITY % p ''>
+ <!ENTITY % s ''>
+ ]>
+
+<!-- Schema for XML Signatures
+ http://www.w3.org/2000/09/xmldsig#
+ $Revision: 1.1 $ on $Date: 2003/04/08 07:20:16 $ by $Author: knirsch $
+
+ Copyright 2001 The Internet Society and W3C (Massachusetts Institute
+ of Technology, Institut National de Recherche en Informatique et en
+ Automatique, Keio University). All Rights Reserved.
+ http://www.w3.org/Consortium/Legal/
+
+ This document is governed by the W3C Software License [1] as described
+ in the FAQ [2].
+
+ [1] http://www.w3.org/Consortium/Legal/copyright-software-19980720
+ [2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
+-->
+
+
+<schema xmlns="http://www.w3.org/2001/XMLSchema"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ targetNamespace="http://www.w3.org/2000/09/xmldsig#"
+ version="0.1" elementFormDefault="qualified">
+
+<!-- Basic Types Defined for Signatures -->
+
+<!-- modified to ensure that whiteSpace is preserved
+<simpleType name="CryptoBinary">
+ <restriction base="base64Binary">
+ </restriction>
+</simpleType>
+ -->
+
+<simpleType name="CryptoBinary">
+ <restriction base="string">
+ <whiteSpace value="preserve"/>
+ <pattern value="[A-Za-z0-9\+/=\n\r\t ]*"/>
+ </restriction>
+</simpleType>
+
+<!-- Start Signature -->
+
+<element name="Signature" type="ds:SignatureType"/>
+<complexType name="SignatureType">
+ <sequence>
+ <element ref="ds:SignedInfo"/>
+ <element ref="ds:SignatureValue"/>
+ <element ref="ds:KeyInfo" minOccurs="0"/>
+ <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="SignatureValue" type="ds:SignatureValueType"/>
+ <complexType name="SignatureValueType">
+ <simpleContent>
+ <extension base="ds:CryptoBinary">
+ <attribute name="Id" type="ID" use="optional"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+
+<!-- Start SignedInfo -->
+
+<element name="SignedInfo" type="ds:SignedInfoType"/>
+<complexType name="SignedInfoType">
+ <sequence>
+ <element ref="ds:CanonicalizationMethod"/>
+ <element ref="ds:SignatureMethod"/>
+ <element ref="ds:Reference" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="CanonicalizationMethod" type="ds:CanonicalizationMethodType"/>
+ <complexType name="CanonicalizationMethodType" mixed="true">
+ <sequence>
+ <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- (0,unbounded) elements from (1,1) namespace -->
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+ <element name="SignatureMethod" type="ds:SignatureMethodType"/>
+ <complexType name="SignatureMethodType" mixed="true">
+ <sequence>
+ <element name="HMACOutputLength" minOccurs="0" type="ds:HMACOutputLengthType"/>
+ <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- (0,unbounded) elements from (1,1) external namespace -->
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+<!-- Start Reference -->
+
+<element name="Reference" type="ds:ReferenceType"/>
+<complexType name="ReferenceType">
+ <sequence>
+ <element ref="ds:Transforms" minOccurs="0"/>
+ <element ref="ds:DigestMethod"/>
+ <element ref="ds:DigestValue"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ <attribute name="URI" type="anyURI" use="optional"/>
+ <attribute name="Type" type="anyURI" use="optional"/>
+</complexType>
+
+ <element name="Transforms" type="ds:TransformsType"/>
+ <complexType name="TransformsType">
+ <sequence>
+ <element ref="ds:Transform" maxOccurs="unbounded"/>
+ </sequence>
+ </complexType>
+
+ <element name="Transform" type="ds:TransformType"/>
+ <complexType name="TransformType" mixed="true">
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <any namespace="##other" processContents="lax"/>
+ <!-- (1,1) elements from (0,unbounded) namespaces -->
+ <element name="XPath" type="string"/>
+ </choice>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+<!-- End Reference -->
+
+<element name="DigestMethod" type="ds:DigestMethodType"/>
+<complexType name="DigestMethodType" mixed="true">
+ <sequence>
+ <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+</complexType>
+
+<element name="DigestValue" type="ds:DigestValueType"/>
+<simpleType name="DigestValueType">
+ <restriction base="ds:CryptoBinary"/>
+</simpleType>
+
+<!-- End SignedInfo -->
+
+<!-- Start KeyInfo -->
+
+<element name="KeyInfo" type="ds:KeyInfoType"/>
+<complexType name="KeyInfoType" mixed="true">
+ <choice maxOccurs="unbounded">
+ <element ref="ds:KeyName"/>
+ <element ref="ds:KeyValue"/>
+ <element ref="ds:RetrievalMethod"/>
+ <element ref="ds:X509Data"/>
+ <element ref="ds:PGPData"/>
+ <element ref="ds:SPKIData"/>
+ <element ref="ds:MgmtData"/>
+ <any processContents="lax" namespace="##other"/>
+ <!-- (1,1) elements from (0,unbounded) namespaces -->
+ </choice>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="KeyName" type="string"/>
+ <element name="MgmtData" type="string"/>
+
+ <element name="KeyValue" type="ds:KeyValueType"/>
+ <complexType name="KeyValueType" mixed="true">
+ <choice>
+ <element ref="ds:DSAKeyValue"/>
+ <element ref="ds:RSAKeyValue"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </complexType>
+
+ <element name="RetrievalMethod" type="ds:RetrievalMethodType"/>
+ <complexType name="RetrievalMethodType">
+ <sequence>
+ <element name="Transforms" type="ds:TransformsType" minOccurs="0"/>
+ </sequence>
+ <attribute name="URI" type="anyURI"/>
+ <attribute name="Type" type="anyURI" use="optional"/>
+ </complexType>
+
+<!-- Start X509Data -->
+
+<element name="X509Data" type="ds:X509DataType"/>
+<complexType name="X509DataType">
+ <sequence maxOccurs="unbounded">
+ <choice>
+ <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
+ <element name="X509SKI" type="ds:CryptoBinary"/>
+ <element name="X509SubjectName" type="string"/>
+ <element name="X509Certificate" type="ds:CryptoBinary"/>
+ <element name="X509CRL" type="ds:CryptoBinary"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </sequence>
+</complexType>
+
+<complexType name="X509IssuerSerialType">
+ <sequence>
+ <element name="X509IssuerName" type="string"/>
+ <element name="X509SerialNumber" type="integer"/>
+ </sequence>
+</complexType>
+
+<!-- End X509Data -->
+
+<!-- Begin PGPData -->
+
+<element name="PGPData" type="ds:PGPDataType"/>
+<complexType name="PGPDataType">
+ <choice>
+ <sequence>
+ <element name="PGPKeyID" type="ds:CryptoBinary"/>
+ <element name="PGPKeyPacket" type="ds:CryptoBinary" minOccurs="0"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"
+ maxOccurs="unbounded"/>
+ </sequence>
+ <sequence>
+ <element name="PGPKeyPacket" type="ds:CryptoBinary"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"
+ maxOccurs="unbounded"/>
+ </sequence>
+ </choice>
+</complexType>
+
+<!-- End PGPData -->
+
+<!-- Begin SPKIData -->
+
+<element name="SPKIData" type="ds:SPKIDataType"/>
+<complexType name="SPKIDataType">
+ <sequence maxOccurs="unbounded">
+ <element name="SPKISexp" type="ds:CryptoBinary"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"/>
+ </sequence>
+</complexType>
+
+<!-- End SPKIData -->
+
+<!-- End KeyInfo -->
+
+<!-- Start Object (Manifest, SignatureProperty) -->
+
+<element name="Object" type="ds:ObjectType"/>
+<complexType name="ObjectType" mixed="true">
+ <sequence minOccurs="0" maxOccurs="unbounded">
+ <any namespace="##any" processContents="lax"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ <attribute name="MimeType" type="string" use="optional"/> <!-- add a grep facet -->
+ <attribute name="Encoding" type="anyURI" use="optional"/>
+</complexType>
+
+<element name="Manifest" type="ds:ManifestType"/>
+<complexType name="ManifestType">
+ <sequence>
+ <element ref="ds:Reference" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+<element name="SignatureProperties" type="ds:SignaturePropertiesType"/>
+<complexType name="SignaturePropertiesType">
+ <sequence>
+ <element ref="ds:SignatureProperty" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="SignatureProperty" type="ds:SignaturePropertyType"/>
+ <complexType name="SignaturePropertyType" mixed="true">
+ <choice maxOccurs="unbounded">
+ <any namespace="##any" processContents="lax"/>
+ <!-- (1,1) elements from (1,unbounded) namespaces -->
+ </choice>
+ <attribute name="Target" type="anyURI" use="required"/>
+ <attribute name="Id" type="ID" use="optional"/>
+ </complexType>
+
+<!-- End Object (Manifest, SignatureProperty) -->
+
+<!-- Start Algorithm Parameters -->
+
+<simpleType name="HMACOutputLengthType">
+ <restriction base="integer"/>
+</simpleType>
+
+<!-- Start KeyValue Element-types -->
+
+<element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
+<complexType name="DSAKeyValueType">
+ <sequence>
+ <sequence minOccurs="0">
+ <element name="P" type="ds:CryptoBinary"/>
+ <element name="Q" type="ds:CryptoBinary"/>
+ </sequence>
+ <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
+ <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
+ <element name="Y" type="ds:CryptoBinary"/>
+ <sequence minOccurs="0">
+ <element name="Seed" type="ds:CryptoBinary"/>
+ <element name="PgenCounter" type="ds:CryptoBinary"/>
+ </sequence>
+ </sequence>
+</complexType>
+
+
+<element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
+<complexType name="RSAKeyValueType">
+ <sequence>
+ <element name="Modulus" type="ds:CryptoBinary"/>
+ <element name="Exponent" type="ds:CryptoBinary"/>
+ </sequence>
+</complexType>
+
+<!-- End KeyValue Element-types -->
+
+<!-- End Signature -->
+
+</schema>
diff --git a/id.server/data/abnahme-test/ixsil/init/schemas/XMLSchema.dtd b/id.server/data/abnahme-test/ixsil/init/schemas/XMLSchema.dtd
new file mode 100644
index 000000000..c55a9a819
--- /dev/null
+++ b/id.server/data/abnahme-test/ixsil/init/schemas/XMLSchema.dtd
@@ -0,0 +1,402 @@
+<!-- DTD for XML Schemas: Part 1: Structures
+ Public Identifier: "-//W3C//DTD XMLSCHEMA 200102//EN"
+ Official Location: http://www.w3.org/2001/XMLSchema.dtd -->
+<!-- $Id: XMLSchema.dtd,v 1.1 2003/04/08 07:20:16 knirsch Exp $ -->
+<!-- Note this DTD is NOT normative, or even definitive. --> <!--d-->
+<!-- prose copy in the structures REC is the definitive version --> <!--d-->
+<!-- (which shouldn't differ from this one except for this --> <!--d-->
+<!-- comment and entity expansions, but just in case) --> <!--d-->
+<!-- With the exception of cases with multiple namespace
+ prefixes for the XML Schema namespace, any XML document which is
+ not valid per this DTD given redefinitions in its internal subset of the
+ 'p' and 's' parameter entities below appropriate to its namespace
+ declaration of the XML Schema namespace is almost certainly not
+ a valid schema. -->
+
+<!-- The simpleType element and its constituent parts
+ are defined in XML Schema: Part 2: Datatypes -->
+<!ENTITY % xs-datatypes PUBLIC 'datatypes' 'datatypes.dtd' >
+
+<!ENTITY % p 'xs:'> <!-- can be overriden in the internal subset of a
+ schema document to establish a different
+ namespace prefix -->
+<!ENTITY % s ':xs'> <!-- if %p is defined (e.g. as foo:) then you must
+ also define %s as the suffix for the appropriate
+ namespace declaration (e.g. :foo) -->
+<!ENTITY % nds 'xmlns%s;'>
+
+<!-- Define all the element names, with optional prefix -->
+<!ENTITY % schema "%p;schema">
+<!ENTITY % complexType "%p;complexType">
+<!ENTITY % complexContent "%p;complexContent">
+<!ENTITY % simpleContent "%p;simpleContent">
+<!ENTITY % extension "%p;extension">
+<!ENTITY % element "%p;element">
+<!ENTITY % unique "%p;unique">
+<!ENTITY % key "%p;key">
+<!ENTITY % keyref "%p;keyref">
+<!ENTITY % selector "%p;selector">
+<!ENTITY % field "%p;field">
+<!ENTITY % group "%p;group">
+<!ENTITY % all "%p;all">
+<!ENTITY % choice "%p;choice">
+<!ENTITY % sequence "%p;sequence">
+<!ENTITY % any "%p;any">
+<!ENTITY % anyAttribute "%p;anyAttribute">
+<!ENTITY % attribute "%p;attribute">
+<!ENTITY % attributeGroup "%p;attributeGroup">
+<!ENTITY % include "%p;include">
+<!ENTITY % import "%p;import">
+<!ENTITY % redefine "%p;redefine">
+<!ENTITY % notation "%p;notation">
+
+<!-- annotation elements -->
+<!ENTITY % annotation "%p;annotation">
+<!ENTITY % appinfo "%p;appinfo">
+<!ENTITY % documentation "%p;documentation">
+
+<!-- Customisation entities for the ATTLIST of each element type.
+ Define one of these if your schema takes advantage of the
+ anyAttribute='##other' in the schema for schemas -->
+
+<!ENTITY % schemaAttrs ''>
+<!ENTITY % complexTypeAttrs ''>
+<!ENTITY % complexContentAttrs ''>
+<!ENTITY % simpleContentAttrs ''>
+<!ENTITY % extensionAttrs ''>
+<!ENTITY % elementAttrs ''>
+<!ENTITY % groupAttrs ''>
+<!ENTITY % allAttrs ''>
+<!ENTITY % choiceAttrs ''>
+<!ENTITY % sequenceAttrs ''>
+<!ENTITY % anyAttrs ''>
+<!ENTITY % anyAttributeAttrs ''>
+<!ENTITY % attributeAttrs ''>
+<!ENTITY % attributeGroupAttrs ''>
+<!ENTITY % uniqueAttrs ''>
+<!ENTITY % keyAttrs ''>
+<!ENTITY % keyrefAttrs ''>
+<!ENTITY % selectorAttrs ''>
+<!ENTITY % fieldAttrs ''>
+<!ENTITY % includeAttrs ''>
+<!ENTITY % importAttrs ''>
+<!ENTITY % redefineAttrs ''>
+<!ENTITY % notationAttrs ''>
+<!ENTITY % annotationAttrs ''>
+<!ENTITY % appinfoAttrs ''>
+<!ENTITY % documentationAttrs ''>
+
+<!ENTITY % complexDerivationSet "CDATA">
+ <!-- #all or space-separated list drawn from derivationChoice -->
+<!ENTITY % blockSet "CDATA">
+ <!-- #all or space-separated list drawn from
+ derivationChoice + 'substitution' -->
+
+<!ENTITY % mgs '%all; | %choice; | %sequence;'>
+<!ENTITY % cs '%choice; | %sequence;'>
+<!ENTITY % formValues '(qualified|unqualified)'>
+
+
+<!ENTITY % attrDecls '((%attribute;| %attributeGroup;)*,(%anyAttribute;)?)'>
+
+<!ENTITY % particleAndAttrs '((%mgs; | %group;)?, %attrDecls;)'>
+
+<!-- This is used in part2 -->
+<!ENTITY % restriction1 '((%mgs; | %group;)?)'>
+
+%xs-datatypes;
+
+<!-- the duplication below is to produce an unambiguous content model
+ which allows annotation everywhere -->
+<!ELEMENT %schema; ((%include; | %import; | %redefine; | %annotation;)*,
+ ((%simpleType; | %complexType;
+ | %element; | %attribute;
+ | %attributeGroup; | %group;
+ | %notation; ),
+ (%annotation;)*)* )>
+<!ATTLIST %schema;
+ targetNamespace %URIref; #IMPLIED
+ version CDATA #IMPLIED
+ %nds; %URIref; #FIXED 'http://www.w3.org/2001/XMLSchema'
+ xmlns CDATA #IMPLIED
+ finalDefault %complexDerivationSet; ''
+ blockDefault %blockSet; ''
+ id ID #IMPLIED
+ elementFormDefault %formValues; 'unqualified'
+ attributeFormDefault %formValues; 'unqualified'
+ xml:lang CDATA #IMPLIED
+ %schemaAttrs;>
+<!-- Note the xmlns declaration is NOT in the Schema for Schemas,
+ because at the Infoset level where schemas operate,
+ xmlns(:prefix) is NOT an attribute! -->
+<!-- The declaration of xmlns is a convenience for schema authors -->
+
+<!-- The id attribute here and below is for use in external references
+ from non-schemas using simple fragment identifiers.
+ It is NOT used for schema-to-schema reference, internal or
+ external. -->
+
+<!-- a type is a named content type specification which allows attribute
+ declarations-->
+<!-- -->
+
+<!ELEMENT %complexType; ((%annotation;)?,
+ (%simpleContent;|%complexContent;|
+ %particleAndAttrs;))>
+
+<!ATTLIST %complexType;
+ name %NCName; #IMPLIED
+ id ID #IMPLIED
+ abstract %boolean; #IMPLIED
+ final %complexDerivationSet; #IMPLIED
+ block %complexDerivationSet; #IMPLIED
+ mixed (true|false) 'false'
+ %complexTypeAttrs;>
+
+<!-- particleAndAttrs is shorthand for a root type -->
+<!-- mixed is disallowed if simpleContent, overriden if complexContent
+ has one too. -->
+
+<!-- If anyAttribute appears in one or more referenced attributeGroups
+ and/or explicitly, the intersection of the permissions is used -->
+
+<!ELEMENT %complexContent; ((%annotation;)?, (%restriction;|%extension;))>
+<!ATTLIST %complexContent;
+ mixed (true|false) #IMPLIED
+ id ID #IMPLIED
+ %complexContentAttrs;>
+
+<!-- restriction should use the branch defined above, not the simple
+ one from part2; extension should use the full model -->
+
+<!ELEMENT %simpleContent; ((%annotation;)?, (%restriction;|%extension;))>
+<!ATTLIST %simpleContent;
+ id ID #IMPLIED
+ %simpleContentAttrs;>
+
+<!-- restriction should use the simple branch from part2, not the
+ one defined above; extension should have no particle -->
+
+<!ELEMENT %extension; ((%annotation;)?, (%particleAndAttrs;))>
+<!ATTLIST %extension;
+ base %QName; #REQUIRED
+ id ID #IMPLIED
+ %extensionAttrs;>
+
+<!-- an element is declared by either:
+ a name and a type (either nested or referenced via the type attribute)
+ or a ref to an existing element declaration -->
+
+<!ELEMENT %element; ((%annotation;)?, (%complexType;| %simpleType;)?,
+ (%unique; | %key; | %keyref;)*)>
+<!-- simpleType or complexType only if no type|ref attribute -->
+<!-- ref not allowed at top level -->
+<!ATTLIST %element;
+ name %NCName; #IMPLIED
+ id ID #IMPLIED
+ ref %QName; #IMPLIED
+ type %QName; #IMPLIED
+ minOccurs %nonNegativeInteger; #IMPLIED
+ maxOccurs CDATA #IMPLIED
+ nillable %boolean; #IMPLIED
+ substitutionGroup %QName; #IMPLIED
+ abstract %boolean; #IMPLIED
+ final %complexDerivationSet; #IMPLIED
+ block %blockSet; #IMPLIED
+ default CDATA #IMPLIED
+ fixed CDATA #IMPLIED
+ form %formValues; #IMPLIED
+ %elementAttrs;>
+<!-- type and ref are mutually exclusive.
+ name and ref are mutually exclusive, one is required -->
+<!-- In the absence of type AND ref, type defaults to type of
+ substitutionGroup, if any, else the ur-type, i.e. unconstrained -->
+<!-- default and fixed are mutually exclusive -->
+
+<!ELEMENT %group; ((%annotation;)?,(%mgs;)?)>
+<!ATTLIST %group;
+ name %NCName; #IMPLIED
+ ref %QName; #IMPLIED
+ minOccurs %nonNegativeInteger; #IMPLIED
+ maxOccurs CDATA #IMPLIED
+ id ID #IMPLIED
+ %groupAttrs;>
+
+<!ELEMENT %all; ((%annotation;)?, (%element;)*)>
+<!ATTLIST %all;
+ minOccurs (1) #IMPLIED
+ maxOccurs (1) #IMPLIED
+ id ID #IMPLIED
+ %allAttrs;>
+
+<!ELEMENT %choice; ((%annotation;)?, (%element;| %group;| %cs; | %any;)*)>
+<!ATTLIST %choice;
+ minOccurs %nonNegativeInteger; #IMPLIED
+ maxOccurs CDATA #IMPLIED
+ id ID #IMPLIED
+ %choiceAttrs;>
+
+<!ELEMENT %sequence; ((%annotation;)?, (%element;| %group;| %cs; | %any;)*)>
+<!ATTLIST %sequence;
+ minOccurs %nonNegativeInteger; #IMPLIED
+ maxOccurs CDATA #IMPLIED
+ id ID #IMPLIED
+ %sequenceAttrs;>
+
+<!-- an anonymous grouping in a model, or
+ a top-level named group definition, or a reference to same -->
+
+<!-- Note that if order is 'all', group is not allowed inside.
+ If order is 'all' THIS group must be alone (or referenced alone) at
+ the top level of a content model -->
+<!-- If order is 'all', minOccurs==maxOccurs==1 on element/any inside -->
+<!-- Should allow minOccurs=0 inside order='all' . . . -->
+
+<!ELEMENT %any; (%annotation;)?>
+<!ATTLIST %any;
+ namespace CDATA '##any'
+ processContents (skip|lax|strict) 'strict'
+ minOccurs %nonNegativeInteger; '1'
+ maxOccurs CDATA '1'
+ id ID #IMPLIED
+ %anyAttrs;>
+
+<!-- namespace is interpreted as follows:
+ ##any - - any non-conflicting WFXML at all
+
+ ##other - - any non-conflicting WFXML from namespace other
+ than targetNamespace
+
+ ##local - - any unqualified non-conflicting WFXML/attribute
+ one or - - any non-conflicting WFXML from
+ more URI the listed namespaces
+ references
+
+ ##targetNamespace ##local may appear in the above list,
+ with the obvious meaning -->
+
+<!ELEMENT %anyAttribute; (%annotation;)?>
+<!ATTLIST %anyAttribute;
+ namespace CDATA '##any'
+ processContents (skip|lax|strict) 'strict'
+ id ID #IMPLIED
+ %anyAttributeAttrs;>
+<!-- namespace is interpreted as for 'any' above -->
+
+<!-- simpleType only if no type|ref attribute -->
+<!-- ref not allowed at top level, name iff at top level -->
+<!ELEMENT %attribute; ((%annotation;)?, (%simpleType;)?)>
+<!ATTLIST %attribute;
+ name %NCName; #IMPLIED
+ id ID #IMPLIED
+ ref %QName; #IMPLIED
+ type %QName; #IMPLIED
+ use (prohibited|optional|required) #IMPLIED
+ default CDATA #IMPLIED
+ fixed CDATA #IMPLIED
+ form %formValues; #IMPLIED
+ %attributeAttrs;>
+<!-- type and ref are mutually exclusive.
+ name and ref are mutually exclusive, one is required -->
+<!-- default for use is optional when nested, none otherwise -->
+<!-- default and fixed are mutually exclusive -->
+<!-- type attr and simpleType content are mutually exclusive -->
+
+<!-- an attributeGroup is a named collection of attribute decls, or a
+ reference thereto -->
+<!ELEMENT %attributeGroup; ((%annotation;)?,
+ (%attribute; | %attributeGroup;)*,
+ (%anyAttribute;)?) >
+<!ATTLIST %attributeGroup;
+ name %NCName; #IMPLIED
+ id ID #IMPLIED
+ ref %QName; #IMPLIED
+ %attributeGroupAttrs;>
+
+<!-- ref iff no content, no name. ref iff not top level -->
+
+<!-- better reference mechanisms -->
+<!ELEMENT %unique; ((%annotation;)?, %selector;, (%field;)+)>
+<!ATTLIST %unique;
+ name %NCName; #REQUIRED
+ id ID #IMPLIED
+ %uniqueAttrs;>
+
+<!ELEMENT %key; ((%annotation;)?, %selector;, (%field;)+)>
+<!ATTLIST %key;
+ name %NCName; #REQUIRED
+ id ID #IMPLIED
+ %keyAttrs;>
+
+<!ELEMENT %keyref; ((%annotation;)?, %selector;, (%field;)+)>
+<!ATTLIST %keyref;
+ name %NCName; #REQUIRED
+ refer %QName; #REQUIRED
+ id ID #IMPLIED
+ %keyrefAttrs;>
+
+<!ELEMENT %selector; ((%annotation;)?)>
+<!ATTLIST %selector;
+ xpath %XPathExpr; #REQUIRED
+ id ID #IMPLIED
+ %selectorAttrs;>
+<!ELEMENT %field; ((%annotation;)?)>
+<!ATTLIST %field;
+ xpath %XPathExpr; #REQUIRED
+ id ID #IMPLIED
+ %fieldAttrs;>
+
+<!-- Schema combination mechanisms -->
+<!ELEMENT %include; (%annotation;)?>
+<!ATTLIST %include;
+ schemaLocation %URIref; #REQUIRED
+ id ID #IMPLIED
+ %includeAttrs;>
+
+<!ELEMENT %import; (%annotation;)?>
+<!ATTLIST %import;
+ namespace %URIref; #IMPLIED
+ schemaLocation %URIref; #IMPLIED
+ id ID #IMPLIED
+ %importAttrs;>
+
+<!ELEMENT %redefine; (%annotation; | %simpleType; | %complexType; |
+ %attributeGroup; | %group;)*>
+<!ATTLIST %redefine;
+ schemaLocation %URIref; #REQUIRED
+ id ID #IMPLIED
+ %redefineAttrs;>
+
+<!ELEMENT %notation; (%annotation;)?>
+<!ATTLIST %notation;
+ name %NCName; #REQUIRED
+ id ID #IMPLIED
+ public CDATA #REQUIRED
+ system %URIref; #IMPLIED
+ %notationAttrs;>
+
+<!-- Annotation is either application information or documentation -->
+<!-- By having these here they are available for datatypes as well
+ as all the structures elements -->
+
+<!ELEMENT %annotation; (%appinfo; | %documentation;)*>
+<!ATTLIST %annotation; %annotationAttrs;>
+
+<!-- User must define annotation elements in internal subset for this
+ to work -->
+<!ELEMENT %appinfo; ANY> <!-- too restrictive -->
+<!ATTLIST %appinfo;
+ source %URIref; #IMPLIED
+ id ID #IMPLIED
+ %appinfoAttrs;>
+<!ELEMENT %documentation; ANY> <!-- too restrictive -->
+<!ATTLIST %documentation;
+ source %URIref; #IMPLIED
+ id ID #IMPLIED
+ xml:lang CDATA #IMPLIED
+ %documentationAttrs;>
+
+<!NOTATION XMLSchemaStructures PUBLIC
+ 'structures' 'http://www.w3.org/2001/XMLSchema.xsd' >
+<!NOTATION XML PUBLIC
+ 'REC-xml-1998-0210' 'http://www.w3.org/TR/1998/REC-xml-19980210' >
diff --git a/id.server/data/abnahme-test/ixsil/init/schemas/datatypes.dtd b/id.server/data/abnahme-test/ixsil/init/schemas/datatypes.dtd
new file mode 100644
index 000000000..59bf31d52
--- /dev/null
+++ b/id.server/data/abnahme-test/ixsil/init/schemas/datatypes.dtd
@@ -0,0 +1,203 @@
+<!--
+ DTD for XML Schemas: Part 2: Datatypes
+ $Id: datatypes.dtd,v 1.1 2003/04/08 07:20:16 knirsch Exp $
+ Note this DTD is NOT normative, or even definitive. - - the
+ prose copy in the datatypes REC is the definitive version
+ (which shouldn't differ from this one except for this comment
+ and entity expansions, but just in case)
+ -->
+
+<!--
+ This DTD cannot be used on its own, it is intended
+ only for incorporation in XMLSchema.dtd, q.v.
+ -->
+
+<!-- Define all the element names, with optional prefix -->
+<!ENTITY % simpleType "%p;simpleType">
+<!ENTITY % restriction "%p;restriction">
+<!ENTITY % list "%p;list">
+<!ENTITY % union "%p;union">
+<!ENTITY % maxExclusive "%p;maxExclusive">
+<!ENTITY % minExclusive "%p;minExclusive">
+<!ENTITY % maxInclusive "%p;maxInclusive">
+<!ENTITY % minInclusive "%p;minInclusive">
+<!ENTITY % totalDigits "%p;totalDigits">
+<!ENTITY % fractionDigits "%p;fractionDigits">
+<!ENTITY % length "%p;length">
+<!ENTITY % minLength "%p;minLength">
+<!ENTITY % maxLength "%p;maxLength">
+<!ENTITY % enumeration "%p;enumeration">
+<!ENTITY % whiteSpace "%p;whiteSpace">
+<!ENTITY % pattern "%p;pattern">
+
+<!--
+ Customisation entities for the ATTLIST of each element
+ type. Define one of these if your schema takes advantage
+ of the anyAttribute='##other' in the schema for schemas
+ -->
+
+<!ENTITY % simpleTypeAttrs "">
+<!ENTITY % restrictionAttrs "">
+<!ENTITY % listAttrs "">
+<!ENTITY % unionAttrs "">
+<!ENTITY % maxExclusiveAttrs "">
+<!ENTITY % minExclusiveAttrs "">
+<!ENTITY % maxInclusiveAttrs "">
+<!ENTITY % minInclusiveAttrs "">
+<!ENTITY % totalDigitsAttrs "">
+<!ENTITY % fractionDigitsAttrs "">
+<!ENTITY % lengthAttrs "">
+<!ENTITY % minLengthAttrs "">
+<!ENTITY % maxLengthAttrs "">
+<!ENTITY % enumerationAttrs "">
+<!ENTITY % whiteSpaceAttrs "">
+<!ENTITY % patternAttrs "">
+
+<!-- Define some entities for informative use as attribute
+ types -->
+<!ENTITY % URIref "CDATA">
+<!ENTITY % XPathExpr "CDATA">
+<!ENTITY % QName "NMTOKEN">
+<!ENTITY % QNames "NMTOKENS">
+<!ENTITY % NCName "NMTOKEN">
+<!ENTITY % nonNegativeInteger "NMTOKEN">
+<!ENTITY % boolean "(true|false)">
+<!ENTITY % simpleDerivationSet "CDATA">
+<!--
+ #all or space-separated list drawn from derivationChoice
+ -->
+
+<!--
+ Note that the use of 'facet' below is less restrictive
+ than is really intended: There should in fact be no
+ more than one of each of minInclusive, minExclusive,
+ maxInclusive, maxExclusive, totalDigits, fractionDigits,
+ length, maxLength, minLength within datatype,
+ and the min- and max- variants of Inclusive and Exclusive
+ are mutually exclusive. On the other hand, pattern and
+ enumeration may repeat.
+ -->
+<!ENTITY % minBound "(%minInclusive; | %minExclusive;)">
+<!ENTITY % maxBound "(%maxInclusive; | %maxExclusive;)">
+<!ENTITY % bounds "%minBound; | %maxBound;">
+<!ENTITY % numeric "%totalDigits; | %fractionDigits;">
+<!ENTITY % ordered "%bounds; | %numeric;">
+<!ENTITY % unordered
+ "%pattern; | %enumeration; | %whiteSpace; | %length; |
+ %maxLength; | %minLength;">
+<!ENTITY % facet "%ordered; | %unordered;">
+<!ENTITY % facetAttr
+ "value CDATA #REQUIRED
+ id ID #IMPLIED">
+<!ENTITY % fixedAttr "fixed %boolean; #IMPLIED">
+<!ENTITY % facetModel "(%annotation;)?">
+<!ELEMENT %simpleType;
+ ((%annotation;)?, (%restriction; | %list; | %union;))>
+<!ATTLIST %simpleType;
+ name %NCName; #IMPLIED
+ final %simpleDerivationSet; #IMPLIED
+ id ID #IMPLIED
+ %simpleTypeAttrs;>
+<!-- name is required at top level -->
+<!ELEMENT %restriction; ((%annotation;)?,
+ (%restriction1; |
+ ((%simpleType;)?,(%facet;)*)),
+ (%attrDecls;))>
+<!ATTLIST %restriction;
+ base %QName; #IMPLIED
+ id ID #IMPLIED
+ %restrictionAttrs;>
+<!--
+ base and simpleType child are mutually exclusive,
+ one is required.
+
+ restriction is shared between simpleType and
+ simpleContent and complexContent (in XMLSchema.xsd).
+ restriction1 is for the latter cases, when this
+ is restricting a complex type, as is attrDecls.
+ -->
+<!ELEMENT %list; ((%annotation;)?,(%simpleType;)?)>
+<!ATTLIST %list;
+ itemType %QName; #IMPLIED
+ id ID #IMPLIED
+ %listAttrs;>
+<!--
+ itemType and simpleType child are mutually exclusive,
+ one is required
+ -->
+<!ELEMENT %union; ((%annotation;)?,(%simpleType;)*)>
+<!ATTLIST %union;
+ id ID #IMPLIED
+ memberTypes %QNames; #IMPLIED
+ %unionAttrs;>
+<!--
+ At least one item in memberTypes or one simpleType
+ child is required
+ -->
+
+<!ELEMENT %maxExclusive; %facetModel;>
+<!ATTLIST %maxExclusive;
+ %facetAttr;
+ %fixedAttr;
+ %maxExclusiveAttrs;>
+<!ELEMENT %minExclusive; %facetModel;>
+<!ATTLIST %minExclusive;
+ %facetAttr;
+ %fixedAttr;
+ %minExclusiveAttrs;>
+
+<!ELEMENT %maxInclusive; %facetModel;>
+<!ATTLIST %maxInclusive;
+ %facetAttr;
+ %fixedAttr;
+ %maxInclusiveAttrs;>
+<!ELEMENT %minInclusive; %facetModel;>
+<!ATTLIST %minInclusive;
+ %facetAttr;
+ %fixedAttr;
+ %minInclusiveAttrs;>
+
+<!ELEMENT %totalDigits; %facetModel;>
+<!ATTLIST %totalDigits;
+ %facetAttr;
+ %fixedAttr;
+ %totalDigitsAttrs;>
+<!ELEMENT %fractionDigits; %facetModel;>
+<!ATTLIST %fractionDigits;
+ %facetAttr;
+ %fixedAttr;
+ %fractionDigitsAttrs;>
+
+<!ELEMENT %length; %facetModel;>
+<!ATTLIST %length;
+ %facetAttr;
+ %fixedAttr;
+ %lengthAttrs;>
+<!ELEMENT %minLength; %facetModel;>
+<!ATTLIST %minLength;
+ %facetAttr;
+ %fixedAttr;
+ %minLengthAttrs;>
+<!ELEMENT %maxLength; %facetModel;>
+<!ATTLIST %maxLength;
+ %facetAttr;
+ %fixedAttr;
+ %maxLengthAttrs;>
+
+<!-- This one can be repeated -->
+<!ELEMENT %enumeration; %facetModel;>
+<!ATTLIST %enumeration;
+ %facetAttr;
+ %enumerationAttrs;>
+
+<!ELEMENT %whiteSpace; %facetModel;>
+<!ATTLIST %whiteSpace;
+ %facetAttr;
+ %fixedAttr;
+ %whiteSpaceAttrs;>
+
+<!-- This one can be repeated -->
+<!ELEMENT %pattern; %facetModel;>
+<!ATTLIST %pattern;
+ %facetAttr;
+ %patternAttrs;>
diff --git a/id.server/data/abnahme-test/xmldata/A100/A101/htmlForm.html b/id.server/data/abnahme-test/xmldata/A100/A101/htmlForm.html
new file mode 100644
index 000000000..5f3812dbe
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A100/A101/htmlForm.html
@@ -0,0 +1,177 @@
+<html>
+<head>
+<title>MOA ID Auth Sample Login - customized</title>
+</head>
+<body>
+<h1>MOA ID Auth Sample Login - customized</h1>
+<form name="CustomizedForm"
+ action="http://localhost:3495/http-security-layer-request"
+ method="post">
+ <input type="hidden"
+ name="XMLRequest"
+ value="&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot; ?&gt;&lt;sl10:InfoboxReadRequest xmlns:sl10=&quot;http://www.buergerkarte.at/namespaces/securitylayer/20020225#&quot;&gt;&lt;sl10:InfoboxIdentifier&gt;IdentityLink&lt;/sl10:InfoboxIdentifier&gt;&lt;sl10:BinaryFileParameters ContentIsXMLEntity=&quot;true&quot;/&gt;&lt;/sl10:InfoboxReadRequest&gt;"/>
+ <input type="hidden"
+ name="DataURL"
+ value="https://localhost:8443/authVerifyIdentityLink?MOASessionID=DELETED"/>
+ <input type="submit" value="B&uuml;rgerkarte lesen"/>
+</form>
+<form name="CustomizedInfoForm"
+ action="http://localhost:3495/http-security-layer-request"
+ method="post">
+ <input type="hidden"
+ name="XMLRequest"
+ value="&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
+&lt;sl11:VerifyXMLSignatureRequest xmlns:sl11=&quot;http://www.buergerkarte.at/namespaces/securitylayer/20020831#&quot; xmlns:sl10=&quot;http://www.buergerkarte.at/namespaces/securitylayer/20020225#&quot; xmlns:xml=&quot;http://www.w3.org/XML/1998/namespace&quot; xmlns:dsig=&quot;http://www.w3.org/2000/09/xmldsig#&quot;&gt;
+ &lt;sl11:SignatureInfo&gt;
+ &lt;sl11:SignatureEnvironment&gt;
+ &lt;sl10:XMLContent xml:space=&quot;preserve&quot;&gt;&lt;dsig:Signature Id=&quot;HS_signature&quot; xmlns:dsig=&quot;http://www.w3.org/2000/09/xmldsig#&quot;&gt;&lt;dsig:SignedInfo&gt;&lt;dsig:CanonicalizationMethod Algorithm=&quot;http://www.w3.org/TR/2001/REC-xml-c14n-20010315&quot;/&gt;&lt;dsig:SignatureMethod Algorithm=&quot;http://www.w3.org/2000/09/xmldsig#rsa-sha1&quot;/&gt;&lt;dsig:Reference Id=&quot;reference-data-1&quot; URI=&quot;#signed-data&quot;&gt;&lt;dsig:Transforms&gt;&lt;dsig:Transform Algorithm=&quot;http://www.w3.org/2002/06/xmldsig-filter2&quot;&gt;&lt;xf2:XPath Filter=&quot;intersect&quot; xmlns:xf2=&quot;http://www.w3.org/2002/06/xmldsig-filter2&quot;&gt;id(&apos;signed-data&apos;)/node()&lt;/xf2:XPath&gt;&lt;/dsig:Transform&gt;&lt;/dsig:Transforms&gt;&lt;dsig:DigestMethod Algorithm=&quot;http://www.w3.org/2000/09/xmldsig#sha1&quot;/&gt;&lt;dsig:DigestValue&gt;C0hW5jQojphweuFzPb+CNkHwhe4=&lt;/dsig:DigestValue&gt;&lt;/dsig:Reference&gt;&lt;dsig:Reference Type=&quot;http://uri.etsi.org/01903/v1.1.1#SignedProperties&quot; URI=&quot;#refetsi&quot;&gt;&lt;dsig:Transforms&gt;&lt;dsig:Transform Algorithm=&quot;http://www.w3.org/2002/06/xmldsig-filter2&quot;&gt;&lt;xf2:XPath Filter=&quot;intersect&quot; xmlns:etsi=&quot;http://uri.etsi.org/01903/v1.1.1#&quot; xmlns:xf2=&quot;http://www.w3.org/2002/06/xmldsig-filter2&quot;&gt;id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties&lt;/xf2:XPath&gt;&lt;/dsig:Transform&gt;&lt;/dsig:Transforms&gt;&lt;dsig:DigestMethod Algorithm=&quot;http://www.w3.org/2000/09/xmldsig#sha1&quot;/&gt;&lt;dsig:DigestValue&gt;Bdsc7wAfyMyZ21ChcF+tRh3D7sU=&lt;/dsig:DigestValue&gt;&lt;/dsig:Reference&gt;&lt;/dsig:SignedInfo&gt;&lt;dsig:SignatureValue&gt;lCz3hDQMbqRMmCieG3fQFax3f8JX86gDi7mf4h03J7vlJjSOJQ4Wh/3Kd81ntKuh
+qFphj2cEhQYX08e6SeaU+7H7qdRa+xFRDRGav8L5x5xCUQT2SV+2/hx0C7UuJt+p
+tewtbqVAcNxgKPlBuIzyXGOrBdiinp1KftEQoVCpPCI=&lt;/dsig:SignatureValue&gt;&lt;dsig:KeyInfo&gt;&lt;dsig:X509Data&gt;&lt;dsig:X509Certificate&gt;MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==&lt;/dsig:X509Certificate&gt;&lt;/dsig:X509Data&gt;&lt;/dsig:KeyInfo&gt;&lt;dsig:Object Id=&quot;signed-data&quot;&gt;&lt;html&gt;
+&lt;head&gt;
+&lt;title&gt;&Uuml;berpr&uuml;fung des Namen des Anmelde-Servers&lt;/title&gt;
+&lt;/head&gt;
+&lt;body&gt;
+&lt;h2&gt;Pr&uuml;fung der Identit&auml;t des MOA-ID Servers&lt;/h2&gt;
+
+Bevor Sie sich in den folgenden Schritten an eine Online-Applikation anmelden,
+wird empfohlen den Namen des Anmelde-Servers zu &uuml;berpr&uuml;fen.
+Zu diesem Zweck identifiziert Ihr Webbrowser den Anmelde-Server mit Hilfe eines Zertifikates.
+Ihre Aufgabe ist es zu &uuml;berpr&uuml;fen, ob das Server-Zertifikat von einem Unternehmen ausgestellt
+wurde, dem Sie vertrauen.
+&lt;p&gt;
+Die folgenden Abs&auml;tze beschreiben, wie Sie diese &Uuml;berpr&uuml;fung durchf&uuml;hren k&ouml;nnen.
+F&uuml;hren Sie jene Arbeitsschritte durch, die f&uuml;r den von Ihnen verwendeten Webbrowser zutreffend sind.
+&lt;/p&gt;
+&lt;h3&gt;Microsoft Internet Explorer 6.0&lt;/h3&gt;
+
+&lt;ol&gt;
+&lt;li&gt;&Ouml;ffnen Sie (durch Doppel-Klicken) das Symbol mit dem gelben Vorhangschlo&szlig; am unteren Rand des Browsers.&lt;/li&gt;
+&lt;li&gt;Selektieren Sie im nun ge&ouml;ffnetem Fenster &quot;Zertifikat&quot; den Karteireiter &quot;Zertifizierungspfad&quot;.&lt;/li&gt;
+&lt;li&gt;&Ouml;ffnen Sie (durch Doppel-Klicken) das an oberster Stelle gereihte Zertifikat.&lt;/li&gt;
+&lt;li&gt;&Uuml;berpr&uuml;fen Sie ob als Aussteller dieses Zertifikat (Karteireiter &quot;Details&quot;, Eintrag &quot;Aussteller&quot;)
+ein Unternehmen aufscheint, dem Sie vertrauen den Namen des Anmelde-Servers zu &uuml;berpr&uuml;fen.&lt;/li&gt;
+&lt;li&gt;&Uuml;berpr&uuml;fen Sie, ob dieses Zertifikat authentisch vom angegebene Unternehmen stammt. Dazu k&ouml;nnen Sie den
+Fingerabdruck (Karteireiter &quot;Details&quot;, unterster Eintrag) des Zertifikats &uuml;berpr&uuml;fen. Am Ende dieses Dokuments ist
+eine von der IKT-Stabsstelle &uuml;berpr&uuml;fte Liste von Zertifikaten und deren Fingerabdruck aufgelistet.
+&Uuml;berpr&uuml;fen Sie ob das von Ihnen zu &uuml;berpr&uuml;fende Zertifikat
+in dieser Liste enthalten ist und der Fingerabruck mit dem Wert in der Liste &uuml;bereinstimmt.
+&lt;ul&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat in der Liste enthalten und stimmt der Wert des Fingerabdrucks mit dem Wert
+in der Liste &uuml;berein, dann ist das Zertifikat authentisch und der Anmeldevorgang kann fortgesetzt werden.&lt;/li&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat in der Liste enthalten aber stimmt der Wert des Fingerabdrucks nicht mit dem Wert
+in der Liste &uuml;berein, dann ist das Zertifikat nicht authentisch und der Anmeldevorgang muss abgebrochen werden.&lt;/li&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat nicht in der Liste enthalten m&uuml;ssen Sie eine andere verl&auml;ssliche Quelle f&uuml;r den
+Vergleich des Fingerabdrucks finden. Sofern das Zertifikat authentisch ist, kann der Anmeldevorgang fortgesetzt werden.&lt;/li&gt;
+&lt;/ul&gt;&lt;/li&gt;
+&lt;li&gt;Ist das in Schritt 3. ge&ouml;ffnete Zertifikat nicht im Internet Explorer installiert erscheint das Zertifikat mit
+einem roten Kreuz. Sie k&ouml;nnen das Zertifikat installieren, indem Sie die Schaltfl&auml;che &quot;Zertifikat installieren ...&quot;
+(Karteireiter &quot;Allgemein&quot;) aktivieren. In der Folge werden alle von dieser Zertifizierungsstelle ausgestellten Zertifikate
+vom Internet Explorer als vertrauensw&uuml;rdig erkannt.&lt;/li&gt;
+&lt;/ol&gt;
+&lt;h3&gt;Netscape Navigator 7.0&lt;/h3&gt;
+&lt;ol&gt;
+&lt;li&gt;&Ouml;ffnen Sie (durch Klicken) das Symbol mit dem Vorhangschloss am rechten, unteren Rand des Browsers&lt;/li&gt;
+&lt;li&gt;Aktivieren Sie die Schaltfl&auml;che &quot;Anzeigen&quot;&lt;/li&gt;
+&lt;li&gt;Selektieren Sie im nun ge&ouml;ffnetem Fenster &quot;Zertifikatsanzeige&quot; den Karteireiter &quot;Detail&quot;.&lt;/li&gt;
+&lt;li&gt;Aktivieren Sie (durch Klicken) das an oberster Stelle gereihte Zertifikat.&lt;/li&gt;
+&lt;li&gt;&Uuml;berpr&uuml;fen Sie ob als Aussteller dieses Zertifikat (Eintrag &quot;Aussteller&quot;)
+ein Unternehmen aufscheint, dem Sie vertrauen den Namen des Anmelde-Servers zu &uuml;berpr&uuml;fen.&lt;/li&gt;
+&lt;li&gt;&Uuml;berpr&uuml;fen Sie, ob dieses Zertifikat authentisch vom angegebene Unternehmen stammt. Dazu k&ouml;nnen Sie den
+Fingerabdruck des Zertifikats &uuml;berpr&uuml;fen. Am Ende dieses Dokuments ist
+eine von der IKT-Stabsstelle &uuml;berpr&uuml;fte Liste von Zertifikaten und deren Fingerabdruck aufgelistet.
+&Uuml;berpr&uuml;fen Sie ob das von Ihnen zu &uuml;berpr&uuml;fende Zertifikat
+in dieser Liste enthalten ist und der Fingerabruck mit dem Wert in der Liste &uuml;bereinstimmt.
+&lt;ul&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat in der Liste enthalten und stimmt der Wert des Fingerabdrucks mit dem Wert
+in der Liste &uuml;berein, dann ist das Zertifikat authentisch und der Anmeldevorgang kann fortgesetzt werden.&lt;/li&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat in der Liste enthalten aber stimmt der Wert des Fingerabdrucks nicht mit dem Wert
+in der Liste &uuml;berein, dann ist das Zertifikat nicht authentisch und der Anmeldevorgang muss abgebrochen werden.&lt;/li&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat nicht in der Liste enthalten m&uuml;ssen Sie eine andere verl&auml;ssliche Quelle f&uuml;r den
+Vergleich des Fingerabdrucks finden. Sofern das Zertifikat authentisch ist, kann der Anmeldevorgang fortgesetzt werden.&lt;/li&gt;
+&lt;/ul&gt;&lt;/li&gt;
+&lt;li&gt;Ist das Aussteller-Zertifikat nicht im Netscape Navigator installiert k&ouml;nnen Sie das Zertifikat installieren,
+indem Sie die &quot;*.cer&quot; Datei mit Netscape Navigator &ouml;ffnen. In der Folge werden alle von dieser Zertifizierungsstelle
+ausgestellten Zertifikate vom Internet Explorer als vertrauensw&uuml;rdig erkannt.&lt;/li&gt;
+&lt;/ol&gt;
+
+&lt;h2&gt;Zertifikate und ihr Fingerabdruck&lt;/h2&gt;
+
+&lt;table&gt;
+&lt;tr&gt;
+&lt;td&gt;Aussteller&lt;/td&gt;&lt;td&gt;CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Seriennummer&lt;/td&gt;&lt;td&gt;111 (0x6f)&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Fingerabdruck&lt;/td&gt;&lt;td&gt;SHA-1: e6 e6 fc 88 71 91 77 c9 b7 42 18 25 75 7c 5e 47 bc ac 85 f6&lt;/td&gt;
+&lt;/tr&gt;
+&lt;/table&gt;
+
+&lt;p/&gt;
+&lt;table&gt;
+&lt;tr&gt;
+&lt;td&gt;Aussteller&lt;/td&gt;&lt;td&gt;CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Seriennummer&lt;/td&gt;&lt;td&gt;531 (0x213)&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Fingerabdruck&lt;/td&gt;&lt;td&gt;SHA-1: 9e 05 12 dd 61 da 59 49 d1 d8 63 1c 3f 19 d7 5f 49 6c 37 33&lt;/td&gt;
+&lt;/tr&gt;
+&lt;/table&gt;
+
+&lt;p/&gt;
+&lt;table&gt;
+&lt;tr&gt;
+&lt;td&gt;Aussteller&lt;/td&gt;&lt;td&gt;CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Seriennummer&lt;/td&gt;&lt;td&gt;536 (0x0218)&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Fingerabdruck&lt;/td&gt;&lt;td&gt;SHA-1: 0f 5a 03 42 f5 cd 44 87 99 c3 c6 d1 78 60 7e 3f 2b 5b cb 8f&lt;/td&gt;
+&lt;/tr&gt;
+&lt;/table&gt;
+
+&lt;/body&gt;
+&lt;/html&gt;&lt;/dsig:Object&gt;&lt;dsig:Object Id=&quot;refetsi&quot;&gt;&lt;etsi:QualifyingProperties Target=&quot;#HS_signature&quot; xmlns:etsi=&quot;http://uri.etsi.org/01903/v1.1.1#&quot;&gt;&lt;etsi:SignedProperties&gt;&lt;etsi:SignedSignatureProperties&gt;&lt;etsi:SigningTime&gt;2003-05-06T07:09:50Z&lt;/etsi:SigningTime&gt;&lt;etsi:SigningCertificate&gt;&lt;etsi:Cert&gt;&lt;etsi:CertDigest&gt;&lt;etsi:DigestMethod Algorithm=&quot;http://www.w3.org/2000/09/xmldsig#sha1&quot;/&gt;&lt;etsi:DigestValue&gt;Frhu1o4mL4gQHdJcU0xSA/h4COE=&lt;/etsi:DigestValue&gt;&lt;/etsi:CertDigest&gt;&lt;etsi:IssuerSerial&gt;&lt;dsig:X509IssuerName&gt;CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT&lt;/dsig:X509IssuerName&gt;&lt;dsig:X509SerialNumber&gt;6455&lt;/dsig:X509SerialNumber&gt;&lt;/etsi:IssuerSerial&gt;&lt;/etsi:Cert&gt;&lt;/etsi:SigningCertificate&gt;&lt;etsi:SignaturePolicyIdentifier&gt;&lt;etsi:SignaturePolicyImplied/&gt;&lt;/etsi:SignaturePolicyIdentifier&gt;&lt;/etsi:SignedSignatureProperties&gt;&lt;etsi:SignedDataObjectProperties&gt;&lt;etsi:DataObjectFormat ObjectReference=&quot;#reference-data-1&quot;&gt;&lt;etsi:MimeType&gt;text/html&lt;/etsi:MimeType&gt;&lt;/etsi:DataObjectFormat&gt;&lt;/etsi:SignedDataObjectProperties&gt;&lt;/etsi:SignedProperties&gt;&lt;/etsi:QualifyingProperties&gt;&lt;/dsig:Object&gt;&lt;/dsig:Signature&gt;&lt;/sl10:XMLContent&gt;
+ &lt;/sl11:SignatureEnvironment&gt;
+ &lt;sl11:SignatureLocation&gt;//dsig:Signature&lt;/sl11:SignatureLocation&gt;
+ &lt;/sl11:SignatureInfo&gt;
+&lt;/sl11:VerifyXMLSignatureRequest&gt;
+"/>
+ <input type="hidden"
+ name="DataURL"
+ value="https://localhost:8443/authStartAuthentication?MOASessionID=DELETED"/>
+ Hier finden Sie weitere Informationen zur &Uuml;berpr&uuml;fung der Zertifikate.
+ <input type="submit" value="Weitere Info"/>
+</form></body>
+</html> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A100/A102/htmlForm.html b/id.server/data/abnahme-test/xmldata/A100/A102/htmlForm.html
new file mode 100644
index 000000000..7ba249f98
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A100/A102/htmlForm.html
@@ -0,0 +1,177 @@
+<meta http-equiv="content-type" content="text/html; charset=UTF-8">
+<html>
+<head>
+<title>Auslesen der Personenbindung</title>
+</head>
+<body>
+<form name="GetIdentityLinkForm"
+ action="http://localhost:3495/http-security-layer-request"
+ method="post">
+ <input type="hidden"
+ name="XMLRequest"
+ value="&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot; ?&gt;&lt;sl10:InfoboxReadRequest xmlns:sl10=&quot;http://www.buergerkarte.at/namespaces/securitylayer/20020225#&quot;&gt;&lt;sl10:InfoboxIdentifier&gt;IdentityLink&lt;/sl10:InfoboxIdentifier&gt;&lt;sl10:BinaryFileParameters ContentIsXMLEntity=&quot;true&quot;/&gt;&lt;/sl10:InfoboxReadRequest&gt;"/>
+ <input type="hidden"
+ name="DataURL"
+ value="https://localhost:8443/authVerifyIdentityLink?MOASessionID=DELETED"/>
+ <input type="submit" value="Auslesen der Personenbindung"/>
+</form>
+<form name="CertificateInfoForm"
+ action="http://localhost:3495/http-security-layer-request"
+ method="post">
+ <input type="hidden"
+ name="XMLRequest"
+ value="&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
+&lt;sl11:VerifyXMLSignatureRequest xmlns:sl11=&quot;http://www.buergerkarte.at/namespaces/securitylayer/20020831#&quot; xmlns:sl10=&quot;http://www.buergerkarte.at/namespaces/securitylayer/20020225#&quot; xmlns:xml=&quot;http://www.w3.org/XML/1998/namespace&quot; xmlns:dsig=&quot;http://www.w3.org/2000/09/xmldsig#&quot;&gt;
+ &lt;sl11:SignatureInfo&gt;
+ &lt;sl11:SignatureEnvironment&gt;
+ &lt;sl10:XMLContent xml:space=&quot;preserve&quot;&gt;&lt;dsig:Signature Id=&quot;HS_signature&quot; xmlns:dsig=&quot;http://www.w3.org/2000/09/xmldsig#&quot;&gt;&lt;dsig:SignedInfo&gt;&lt;dsig:CanonicalizationMethod Algorithm=&quot;http://www.w3.org/TR/2001/REC-xml-c14n-20010315&quot;/&gt;&lt;dsig:SignatureMethod Algorithm=&quot;http://www.w3.org/2000/09/xmldsig#rsa-sha1&quot;/&gt;&lt;dsig:Reference Id=&quot;reference-data-1&quot; URI=&quot;#signed-data&quot;&gt;&lt;dsig:Transforms&gt;&lt;dsig:Transform Algorithm=&quot;http://www.w3.org/2002/06/xmldsig-filter2&quot;&gt;&lt;xf2:XPath Filter=&quot;intersect&quot; xmlns:xf2=&quot;http://www.w3.org/2002/06/xmldsig-filter2&quot;&gt;id(&apos;signed-data&apos;)/node()&lt;/xf2:XPath&gt;&lt;/dsig:Transform&gt;&lt;/dsig:Transforms&gt;&lt;dsig:DigestMethod Algorithm=&quot;http://www.w3.org/2000/09/xmldsig#sha1&quot;/&gt;&lt;dsig:DigestValue&gt;C0hW5jQojphweuFzPb+CNkHwhe4=&lt;/dsig:DigestValue&gt;&lt;/dsig:Reference&gt;&lt;dsig:Reference Type=&quot;http://uri.etsi.org/01903/v1.1.1#SignedProperties&quot; URI=&quot;#refetsi&quot;&gt;&lt;dsig:Transforms&gt;&lt;dsig:Transform Algorithm=&quot;http://www.w3.org/2002/06/xmldsig-filter2&quot;&gt;&lt;xf2:XPath Filter=&quot;intersect&quot; xmlns:etsi=&quot;http://uri.etsi.org/01903/v1.1.1#&quot; xmlns:xf2=&quot;http://www.w3.org/2002/06/xmldsig-filter2&quot;&gt;id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties&lt;/xf2:XPath&gt;&lt;/dsig:Transform&gt;&lt;/dsig:Transforms&gt;&lt;dsig:DigestMethod Algorithm=&quot;http://www.w3.org/2000/09/xmldsig#sha1&quot;/&gt;&lt;dsig:DigestValue&gt;Bdsc7wAfyMyZ21ChcF+tRh3D7sU=&lt;/dsig:DigestValue&gt;&lt;/dsig:Reference&gt;&lt;/dsig:SignedInfo&gt;&lt;dsig:SignatureValue&gt;lCz3hDQMbqRMmCieG3fQFax3f8JX86gDi7mf4h03J7vlJjSOJQ4Wh/3Kd81ntKuh
+qFphj2cEhQYX08e6SeaU+7H7qdRa+xFRDRGav8L5x5xCUQT2SV+2/hx0C7UuJt+p
+tewtbqVAcNxgKPlBuIzyXGOrBdiinp1KftEQoVCpPCI=&lt;/dsig:SignatureValue&gt;&lt;dsig:KeyInfo&gt;&lt;dsig:X509Data&gt;&lt;dsig:X509Certificate&gt;MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==&lt;/dsig:X509Certificate&gt;&lt;/dsig:X509Data&gt;&lt;/dsig:KeyInfo&gt;&lt;dsig:Object Id=&quot;signed-data&quot;&gt;&lt;html&gt;
+&lt;head&gt;
+&lt;title&gt;&Uuml;berpr&uuml;fung des Namen des Anmelde-Servers&lt;/title&gt;
+&lt;/head&gt;
+&lt;body&gt;
+&lt;h2&gt;Pr&uuml;fung der Identit&auml;t des MOA-ID Servers&lt;/h2&gt;
+
+Bevor Sie sich in den folgenden Schritten an eine Online-Applikation anmelden,
+wird empfohlen den Namen des Anmelde-Servers zu &uuml;berpr&uuml;fen.
+Zu diesem Zweck identifiziert Ihr Webbrowser den Anmelde-Server mit Hilfe eines Zertifikates.
+Ihre Aufgabe ist es zu &uuml;berpr&uuml;fen, ob das Server-Zertifikat von einem Unternehmen ausgestellt
+wurde, dem Sie vertrauen.
+&lt;p&gt;
+Die folgenden Abs&auml;tze beschreiben, wie Sie diese &Uuml;berpr&uuml;fung durchf&uuml;hren k&ouml;nnen.
+F&uuml;hren Sie jene Arbeitsschritte durch, die f&uuml;r den von Ihnen verwendeten Webbrowser zutreffend sind.
+&lt;/p&gt;
+&lt;h3&gt;Microsoft Internet Explorer 6.0&lt;/h3&gt;
+
+&lt;ol&gt;
+&lt;li&gt;&Ouml;ffnen Sie (durch Doppel-Klicken) das Symbol mit dem gelben Vorhangschlo&szlig; am unteren Rand des Browsers.&lt;/li&gt;
+&lt;li&gt;Selektieren Sie im nun ge&ouml;ffnetem Fenster &quot;Zertifikat&quot; den Karteireiter &quot;Zertifizierungspfad&quot;.&lt;/li&gt;
+&lt;li&gt;&Ouml;ffnen Sie (durch Doppel-Klicken) das an oberster Stelle gereihte Zertifikat.&lt;/li&gt;
+&lt;li&gt;&Uuml;berpr&uuml;fen Sie ob als Aussteller dieses Zertifikat (Karteireiter &quot;Details&quot;, Eintrag &quot;Aussteller&quot;)
+ein Unternehmen aufscheint, dem Sie vertrauen den Namen des Anmelde-Servers zu &uuml;berpr&uuml;fen.&lt;/li&gt;
+&lt;li&gt;&Uuml;berpr&uuml;fen Sie, ob dieses Zertifikat authentisch vom angegebene Unternehmen stammt. Dazu k&ouml;nnen Sie den
+Fingerabdruck (Karteireiter &quot;Details&quot;, unterster Eintrag) des Zertifikats &uuml;berpr&uuml;fen. Am Ende dieses Dokuments ist
+eine von der IKT-Stabsstelle &uuml;berpr&uuml;fte Liste von Zertifikaten und deren Fingerabdruck aufgelistet.
+&Uuml;berpr&uuml;fen Sie ob das von Ihnen zu &uuml;berpr&uuml;fende Zertifikat
+in dieser Liste enthalten ist und der Fingerabruck mit dem Wert in der Liste &uuml;bereinstimmt.
+&lt;ul&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat in der Liste enthalten und stimmt der Wert des Fingerabdrucks mit dem Wert
+in der Liste &uuml;berein, dann ist das Zertifikat authentisch und der Anmeldevorgang kann fortgesetzt werden.&lt;/li&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat in der Liste enthalten aber stimmt der Wert des Fingerabdrucks nicht mit dem Wert
+in der Liste &uuml;berein, dann ist das Zertifikat nicht authentisch und der Anmeldevorgang muss abgebrochen werden.&lt;/li&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat nicht in der Liste enthalten m&uuml;ssen Sie eine andere verl&auml;ssliche Quelle f&uuml;r den
+Vergleich des Fingerabdrucks finden. Sofern das Zertifikat authentisch ist, kann der Anmeldevorgang fortgesetzt werden.&lt;/li&gt;
+&lt;/ul&gt;&lt;/li&gt;
+&lt;li&gt;Ist das in Schritt 3. ge&ouml;ffnete Zertifikat nicht im Internet Explorer installiert erscheint das Zertifikat mit
+einem roten Kreuz. Sie k&ouml;nnen das Zertifikat installieren, indem Sie die Schaltfl&auml;che &quot;Zertifikat installieren ...&quot;
+(Karteireiter &quot;Allgemein&quot;) aktivieren. In der Folge werden alle von dieser Zertifizierungsstelle ausgestellten Zertifikate
+vom Internet Explorer als vertrauensw&uuml;rdig erkannt.&lt;/li&gt;
+&lt;/ol&gt;
+&lt;h3&gt;Netscape Navigator 7.0&lt;/h3&gt;
+&lt;ol&gt;
+&lt;li&gt;&Ouml;ffnen Sie (durch Klicken) das Symbol mit dem Vorhangschloss am rechten, unteren Rand des Browsers&lt;/li&gt;
+&lt;li&gt;Aktivieren Sie die Schaltfl&auml;che &quot;Anzeigen&quot;&lt;/li&gt;
+&lt;li&gt;Selektieren Sie im nun ge&ouml;ffnetem Fenster &quot;Zertifikatsanzeige&quot; den Karteireiter &quot;Detail&quot;.&lt;/li&gt;
+&lt;li&gt;Aktivieren Sie (durch Klicken) das an oberster Stelle gereihte Zertifikat.&lt;/li&gt;
+&lt;li&gt;&Uuml;berpr&uuml;fen Sie ob als Aussteller dieses Zertifikat (Eintrag &quot;Aussteller&quot;)
+ein Unternehmen aufscheint, dem Sie vertrauen den Namen des Anmelde-Servers zu &uuml;berpr&uuml;fen.&lt;/li&gt;
+&lt;li&gt;&Uuml;berpr&uuml;fen Sie, ob dieses Zertifikat authentisch vom angegebene Unternehmen stammt. Dazu k&ouml;nnen Sie den
+Fingerabdruck des Zertifikats &uuml;berpr&uuml;fen. Am Ende dieses Dokuments ist
+eine von der IKT-Stabsstelle &uuml;berpr&uuml;fte Liste von Zertifikaten und deren Fingerabdruck aufgelistet.
+&Uuml;berpr&uuml;fen Sie ob das von Ihnen zu &uuml;berpr&uuml;fende Zertifikat
+in dieser Liste enthalten ist und der Fingerabruck mit dem Wert in der Liste &uuml;bereinstimmt.
+&lt;ul&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat in der Liste enthalten und stimmt der Wert des Fingerabdrucks mit dem Wert
+in der Liste &uuml;berein, dann ist das Zertifikat authentisch und der Anmeldevorgang kann fortgesetzt werden.&lt;/li&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat in der Liste enthalten aber stimmt der Wert des Fingerabdrucks nicht mit dem Wert
+in der Liste &uuml;berein, dann ist das Zertifikat nicht authentisch und der Anmeldevorgang muss abgebrochen werden.&lt;/li&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat nicht in der Liste enthalten m&uuml;ssen Sie eine andere verl&auml;ssliche Quelle f&uuml;r den
+Vergleich des Fingerabdrucks finden. Sofern das Zertifikat authentisch ist, kann der Anmeldevorgang fortgesetzt werden.&lt;/li&gt;
+&lt;/ul&gt;&lt;/li&gt;
+&lt;li&gt;Ist das Aussteller-Zertifikat nicht im Netscape Navigator installiert k&ouml;nnen Sie das Zertifikat installieren,
+indem Sie die &quot;*.cer&quot; Datei mit Netscape Navigator &ouml;ffnen. In der Folge werden alle von dieser Zertifizierungsstelle
+ausgestellten Zertifikate vom Internet Explorer als vertrauensw&uuml;rdig erkannt.&lt;/li&gt;
+&lt;/ol&gt;
+
+&lt;h2&gt;Zertifikate und ihr Fingerabdruck&lt;/h2&gt;
+
+&lt;table&gt;
+&lt;tr&gt;
+&lt;td&gt;Aussteller&lt;/td&gt;&lt;td&gt;CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Seriennummer&lt;/td&gt;&lt;td&gt;111 (0x6f)&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Fingerabdruck&lt;/td&gt;&lt;td&gt;SHA-1: e6 e6 fc 88 71 91 77 c9 b7 42 18 25 75 7c 5e 47 bc ac 85 f6&lt;/td&gt;
+&lt;/tr&gt;
+&lt;/table&gt;
+
+&lt;p/&gt;
+&lt;table&gt;
+&lt;tr&gt;
+&lt;td&gt;Aussteller&lt;/td&gt;&lt;td&gt;CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Seriennummer&lt;/td&gt;&lt;td&gt;531 (0x213)&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Fingerabdruck&lt;/td&gt;&lt;td&gt;SHA-1: 9e 05 12 dd 61 da 59 49 d1 d8 63 1c 3f 19 d7 5f 49 6c 37 33&lt;/td&gt;
+&lt;/tr&gt;
+&lt;/table&gt;
+
+&lt;p/&gt;
+&lt;table&gt;
+&lt;tr&gt;
+&lt;td&gt;Aussteller&lt;/td&gt;&lt;td&gt;CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Seriennummer&lt;/td&gt;&lt;td&gt;536 (0x0218)&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Fingerabdruck&lt;/td&gt;&lt;td&gt;SHA-1: 0f 5a 03 42 f5 cd 44 87 99 c3 c6 d1 78 60 7e 3f 2b 5b cb 8f&lt;/td&gt;
+&lt;/tr&gt;
+&lt;/table&gt;
+
+&lt;/body&gt;
+&lt;/html&gt;&lt;/dsig:Object&gt;&lt;dsig:Object Id=&quot;refetsi&quot;&gt;&lt;etsi:QualifyingProperties Target=&quot;#HS_signature&quot; xmlns:etsi=&quot;http://uri.etsi.org/01903/v1.1.1#&quot;&gt;&lt;etsi:SignedProperties&gt;&lt;etsi:SignedSignatureProperties&gt;&lt;etsi:SigningTime&gt;2003-05-06T07:09:50Z&lt;/etsi:SigningTime&gt;&lt;etsi:SigningCertificate&gt;&lt;etsi:Cert&gt;&lt;etsi:CertDigest&gt;&lt;etsi:DigestMethod Algorithm=&quot;http://www.w3.org/2000/09/xmldsig#sha1&quot;/&gt;&lt;etsi:DigestValue&gt;Frhu1o4mL4gQHdJcU0xSA/h4COE=&lt;/etsi:DigestValue&gt;&lt;/etsi:CertDigest&gt;&lt;etsi:IssuerSerial&gt;&lt;dsig:X509IssuerName&gt;CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT&lt;/dsig:X509IssuerName&gt;&lt;dsig:X509SerialNumber&gt;6455&lt;/dsig:X509SerialNumber&gt;&lt;/etsi:IssuerSerial&gt;&lt;/etsi:Cert&gt;&lt;/etsi:SigningCertificate&gt;&lt;etsi:SignaturePolicyIdentifier&gt;&lt;etsi:SignaturePolicyImplied/&gt;&lt;/etsi:SignaturePolicyIdentifier&gt;&lt;/etsi:SignedSignatureProperties&gt;&lt;etsi:SignedDataObjectProperties&gt;&lt;etsi:DataObjectFormat ObjectReference=&quot;#reference-data-1&quot;&gt;&lt;etsi:MimeType&gt;text/html&lt;/etsi:MimeType&gt;&lt;/etsi:DataObjectFormat&gt;&lt;/etsi:SignedDataObjectProperties&gt;&lt;/etsi:SignedProperties&gt;&lt;/etsi:QualifyingProperties&gt;&lt;/dsig:Object&gt;&lt;/dsig:Signature&gt;&lt;/sl10:XMLContent&gt;
+ &lt;/sl11:SignatureEnvironment&gt;
+ &lt;sl11:SignatureLocation&gt;//dsig:Signature&lt;/sl11:SignatureLocation&gt;
+ &lt;/sl11:SignatureInfo&gt;
+&lt;/sl11:VerifyXMLSignatureRequest&gt;
+"/>
+ <input type="hidden"
+ name="DataURL"
+ value="https://localhost:8443/authStartAuthentication?MOASessionID=DELETED"/>
+ <input type="submit" value="Information zu Wurzelzertifikaten"/>
+</form>
+</body>
+</html> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A100/A103/htmlForm.html b/id.server/data/abnahme-test/xmldata/A100/A103/htmlForm.html
new file mode 100644
index 000000000..5f3812dbe
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A100/A103/htmlForm.html
@@ -0,0 +1,177 @@
+<html>
+<head>
+<title>MOA ID Auth Sample Login - customized</title>
+</head>
+<body>
+<h1>MOA ID Auth Sample Login - customized</h1>
+<form name="CustomizedForm"
+ action="http://localhost:3495/http-security-layer-request"
+ method="post">
+ <input type="hidden"
+ name="XMLRequest"
+ value="&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot; ?&gt;&lt;sl10:InfoboxReadRequest xmlns:sl10=&quot;http://www.buergerkarte.at/namespaces/securitylayer/20020225#&quot;&gt;&lt;sl10:InfoboxIdentifier&gt;IdentityLink&lt;/sl10:InfoboxIdentifier&gt;&lt;sl10:BinaryFileParameters ContentIsXMLEntity=&quot;true&quot;/&gt;&lt;/sl10:InfoboxReadRequest&gt;"/>
+ <input type="hidden"
+ name="DataURL"
+ value="https://localhost:8443/authVerifyIdentityLink?MOASessionID=DELETED"/>
+ <input type="submit" value="B&uuml;rgerkarte lesen"/>
+</form>
+<form name="CustomizedInfoForm"
+ action="http://localhost:3495/http-security-layer-request"
+ method="post">
+ <input type="hidden"
+ name="XMLRequest"
+ value="&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
+&lt;sl11:VerifyXMLSignatureRequest xmlns:sl11=&quot;http://www.buergerkarte.at/namespaces/securitylayer/20020831#&quot; xmlns:sl10=&quot;http://www.buergerkarte.at/namespaces/securitylayer/20020225#&quot; xmlns:xml=&quot;http://www.w3.org/XML/1998/namespace&quot; xmlns:dsig=&quot;http://www.w3.org/2000/09/xmldsig#&quot;&gt;
+ &lt;sl11:SignatureInfo&gt;
+ &lt;sl11:SignatureEnvironment&gt;
+ &lt;sl10:XMLContent xml:space=&quot;preserve&quot;&gt;&lt;dsig:Signature Id=&quot;HS_signature&quot; xmlns:dsig=&quot;http://www.w3.org/2000/09/xmldsig#&quot;&gt;&lt;dsig:SignedInfo&gt;&lt;dsig:CanonicalizationMethod Algorithm=&quot;http://www.w3.org/TR/2001/REC-xml-c14n-20010315&quot;/&gt;&lt;dsig:SignatureMethod Algorithm=&quot;http://www.w3.org/2000/09/xmldsig#rsa-sha1&quot;/&gt;&lt;dsig:Reference Id=&quot;reference-data-1&quot; URI=&quot;#signed-data&quot;&gt;&lt;dsig:Transforms&gt;&lt;dsig:Transform Algorithm=&quot;http://www.w3.org/2002/06/xmldsig-filter2&quot;&gt;&lt;xf2:XPath Filter=&quot;intersect&quot; xmlns:xf2=&quot;http://www.w3.org/2002/06/xmldsig-filter2&quot;&gt;id(&apos;signed-data&apos;)/node()&lt;/xf2:XPath&gt;&lt;/dsig:Transform&gt;&lt;/dsig:Transforms&gt;&lt;dsig:DigestMethod Algorithm=&quot;http://www.w3.org/2000/09/xmldsig#sha1&quot;/&gt;&lt;dsig:DigestValue&gt;C0hW5jQojphweuFzPb+CNkHwhe4=&lt;/dsig:DigestValue&gt;&lt;/dsig:Reference&gt;&lt;dsig:Reference Type=&quot;http://uri.etsi.org/01903/v1.1.1#SignedProperties&quot; URI=&quot;#refetsi&quot;&gt;&lt;dsig:Transforms&gt;&lt;dsig:Transform Algorithm=&quot;http://www.w3.org/2002/06/xmldsig-filter2&quot;&gt;&lt;xf2:XPath Filter=&quot;intersect&quot; xmlns:etsi=&quot;http://uri.etsi.org/01903/v1.1.1#&quot; xmlns:xf2=&quot;http://www.w3.org/2002/06/xmldsig-filter2&quot;&gt;id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties&lt;/xf2:XPath&gt;&lt;/dsig:Transform&gt;&lt;/dsig:Transforms&gt;&lt;dsig:DigestMethod Algorithm=&quot;http://www.w3.org/2000/09/xmldsig#sha1&quot;/&gt;&lt;dsig:DigestValue&gt;Bdsc7wAfyMyZ21ChcF+tRh3D7sU=&lt;/dsig:DigestValue&gt;&lt;/dsig:Reference&gt;&lt;/dsig:SignedInfo&gt;&lt;dsig:SignatureValue&gt;lCz3hDQMbqRMmCieG3fQFax3f8JX86gDi7mf4h03J7vlJjSOJQ4Wh/3Kd81ntKuh
+qFphj2cEhQYX08e6SeaU+7H7qdRa+xFRDRGav8L5x5xCUQT2SV+2/hx0C7UuJt+p
+tewtbqVAcNxgKPlBuIzyXGOrBdiinp1KftEQoVCpPCI=&lt;/dsig:SignatureValue&gt;&lt;dsig:KeyInfo&gt;&lt;dsig:X509Data&gt;&lt;dsig:X509Certificate&gt;MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==&lt;/dsig:X509Certificate&gt;&lt;/dsig:X509Data&gt;&lt;/dsig:KeyInfo&gt;&lt;dsig:Object Id=&quot;signed-data&quot;&gt;&lt;html&gt;
+&lt;head&gt;
+&lt;title&gt;&Uuml;berpr&uuml;fung des Namen des Anmelde-Servers&lt;/title&gt;
+&lt;/head&gt;
+&lt;body&gt;
+&lt;h2&gt;Pr&uuml;fung der Identit&auml;t des MOA-ID Servers&lt;/h2&gt;
+
+Bevor Sie sich in den folgenden Schritten an eine Online-Applikation anmelden,
+wird empfohlen den Namen des Anmelde-Servers zu &uuml;berpr&uuml;fen.
+Zu diesem Zweck identifiziert Ihr Webbrowser den Anmelde-Server mit Hilfe eines Zertifikates.
+Ihre Aufgabe ist es zu &uuml;berpr&uuml;fen, ob das Server-Zertifikat von einem Unternehmen ausgestellt
+wurde, dem Sie vertrauen.
+&lt;p&gt;
+Die folgenden Abs&auml;tze beschreiben, wie Sie diese &Uuml;berpr&uuml;fung durchf&uuml;hren k&ouml;nnen.
+F&uuml;hren Sie jene Arbeitsschritte durch, die f&uuml;r den von Ihnen verwendeten Webbrowser zutreffend sind.
+&lt;/p&gt;
+&lt;h3&gt;Microsoft Internet Explorer 6.0&lt;/h3&gt;
+
+&lt;ol&gt;
+&lt;li&gt;&Ouml;ffnen Sie (durch Doppel-Klicken) das Symbol mit dem gelben Vorhangschlo&szlig; am unteren Rand des Browsers.&lt;/li&gt;
+&lt;li&gt;Selektieren Sie im nun ge&ouml;ffnetem Fenster &quot;Zertifikat&quot; den Karteireiter &quot;Zertifizierungspfad&quot;.&lt;/li&gt;
+&lt;li&gt;&Ouml;ffnen Sie (durch Doppel-Klicken) das an oberster Stelle gereihte Zertifikat.&lt;/li&gt;
+&lt;li&gt;&Uuml;berpr&uuml;fen Sie ob als Aussteller dieses Zertifikat (Karteireiter &quot;Details&quot;, Eintrag &quot;Aussteller&quot;)
+ein Unternehmen aufscheint, dem Sie vertrauen den Namen des Anmelde-Servers zu &uuml;berpr&uuml;fen.&lt;/li&gt;
+&lt;li&gt;&Uuml;berpr&uuml;fen Sie, ob dieses Zertifikat authentisch vom angegebene Unternehmen stammt. Dazu k&ouml;nnen Sie den
+Fingerabdruck (Karteireiter &quot;Details&quot;, unterster Eintrag) des Zertifikats &uuml;berpr&uuml;fen. Am Ende dieses Dokuments ist
+eine von der IKT-Stabsstelle &uuml;berpr&uuml;fte Liste von Zertifikaten und deren Fingerabdruck aufgelistet.
+&Uuml;berpr&uuml;fen Sie ob das von Ihnen zu &uuml;berpr&uuml;fende Zertifikat
+in dieser Liste enthalten ist und der Fingerabruck mit dem Wert in der Liste &uuml;bereinstimmt.
+&lt;ul&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat in der Liste enthalten und stimmt der Wert des Fingerabdrucks mit dem Wert
+in der Liste &uuml;berein, dann ist das Zertifikat authentisch und der Anmeldevorgang kann fortgesetzt werden.&lt;/li&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat in der Liste enthalten aber stimmt der Wert des Fingerabdrucks nicht mit dem Wert
+in der Liste &uuml;berein, dann ist das Zertifikat nicht authentisch und der Anmeldevorgang muss abgebrochen werden.&lt;/li&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat nicht in der Liste enthalten m&uuml;ssen Sie eine andere verl&auml;ssliche Quelle f&uuml;r den
+Vergleich des Fingerabdrucks finden. Sofern das Zertifikat authentisch ist, kann der Anmeldevorgang fortgesetzt werden.&lt;/li&gt;
+&lt;/ul&gt;&lt;/li&gt;
+&lt;li&gt;Ist das in Schritt 3. ge&ouml;ffnete Zertifikat nicht im Internet Explorer installiert erscheint das Zertifikat mit
+einem roten Kreuz. Sie k&ouml;nnen das Zertifikat installieren, indem Sie die Schaltfl&auml;che &quot;Zertifikat installieren ...&quot;
+(Karteireiter &quot;Allgemein&quot;) aktivieren. In der Folge werden alle von dieser Zertifizierungsstelle ausgestellten Zertifikate
+vom Internet Explorer als vertrauensw&uuml;rdig erkannt.&lt;/li&gt;
+&lt;/ol&gt;
+&lt;h3&gt;Netscape Navigator 7.0&lt;/h3&gt;
+&lt;ol&gt;
+&lt;li&gt;&Ouml;ffnen Sie (durch Klicken) das Symbol mit dem Vorhangschloss am rechten, unteren Rand des Browsers&lt;/li&gt;
+&lt;li&gt;Aktivieren Sie die Schaltfl&auml;che &quot;Anzeigen&quot;&lt;/li&gt;
+&lt;li&gt;Selektieren Sie im nun ge&ouml;ffnetem Fenster &quot;Zertifikatsanzeige&quot; den Karteireiter &quot;Detail&quot;.&lt;/li&gt;
+&lt;li&gt;Aktivieren Sie (durch Klicken) das an oberster Stelle gereihte Zertifikat.&lt;/li&gt;
+&lt;li&gt;&Uuml;berpr&uuml;fen Sie ob als Aussteller dieses Zertifikat (Eintrag &quot;Aussteller&quot;)
+ein Unternehmen aufscheint, dem Sie vertrauen den Namen des Anmelde-Servers zu &uuml;berpr&uuml;fen.&lt;/li&gt;
+&lt;li&gt;&Uuml;berpr&uuml;fen Sie, ob dieses Zertifikat authentisch vom angegebene Unternehmen stammt. Dazu k&ouml;nnen Sie den
+Fingerabdruck des Zertifikats &uuml;berpr&uuml;fen. Am Ende dieses Dokuments ist
+eine von der IKT-Stabsstelle &uuml;berpr&uuml;fte Liste von Zertifikaten und deren Fingerabdruck aufgelistet.
+&Uuml;berpr&uuml;fen Sie ob das von Ihnen zu &uuml;berpr&uuml;fende Zertifikat
+in dieser Liste enthalten ist und der Fingerabruck mit dem Wert in der Liste &uuml;bereinstimmt.
+&lt;ul&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat in der Liste enthalten und stimmt der Wert des Fingerabdrucks mit dem Wert
+in der Liste &uuml;berein, dann ist das Zertifikat authentisch und der Anmeldevorgang kann fortgesetzt werden.&lt;/li&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat in der Liste enthalten aber stimmt der Wert des Fingerabdrucks nicht mit dem Wert
+in der Liste &uuml;berein, dann ist das Zertifikat nicht authentisch und der Anmeldevorgang muss abgebrochen werden.&lt;/li&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat nicht in der Liste enthalten m&uuml;ssen Sie eine andere verl&auml;ssliche Quelle f&uuml;r den
+Vergleich des Fingerabdrucks finden. Sofern das Zertifikat authentisch ist, kann der Anmeldevorgang fortgesetzt werden.&lt;/li&gt;
+&lt;/ul&gt;&lt;/li&gt;
+&lt;li&gt;Ist das Aussteller-Zertifikat nicht im Netscape Navigator installiert k&ouml;nnen Sie das Zertifikat installieren,
+indem Sie die &quot;*.cer&quot; Datei mit Netscape Navigator &ouml;ffnen. In der Folge werden alle von dieser Zertifizierungsstelle
+ausgestellten Zertifikate vom Internet Explorer als vertrauensw&uuml;rdig erkannt.&lt;/li&gt;
+&lt;/ol&gt;
+
+&lt;h2&gt;Zertifikate und ihr Fingerabdruck&lt;/h2&gt;
+
+&lt;table&gt;
+&lt;tr&gt;
+&lt;td&gt;Aussteller&lt;/td&gt;&lt;td&gt;CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Seriennummer&lt;/td&gt;&lt;td&gt;111 (0x6f)&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Fingerabdruck&lt;/td&gt;&lt;td&gt;SHA-1: e6 e6 fc 88 71 91 77 c9 b7 42 18 25 75 7c 5e 47 bc ac 85 f6&lt;/td&gt;
+&lt;/tr&gt;
+&lt;/table&gt;
+
+&lt;p/&gt;
+&lt;table&gt;
+&lt;tr&gt;
+&lt;td&gt;Aussteller&lt;/td&gt;&lt;td&gt;CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Seriennummer&lt;/td&gt;&lt;td&gt;531 (0x213)&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Fingerabdruck&lt;/td&gt;&lt;td&gt;SHA-1: 9e 05 12 dd 61 da 59 49 d1 d8 63 1c 3f 19 d7 5f 49 6c 37 33&lt;/td&gt;
+&lt;/tr&gt;
+&lt;/table&gt;
+
+&lt;p/&gt;
+&lt;table&gt;
+&lt;tr&gt;
+&lt;td&gt;Aussteller&lt;/td&gt;&lt;td&gt;CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Seriennummer&lt;/td&gt;&lt;td&gt;536 (0x0218)&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Fingerabdruck&lt;/td&gt;&lt;td&gt;SHA-1: 0f 5a 03 42 f5 cd 44 87 99 c3 c6 d1 78 60 7e 3f 2b 5b cb 8f&lt;/td&gt;
+&lt;/tr&gt;
+&lt;/table&gt;
+
+&lt;/body&gt;
+&lt;/html&gt;&lt;/dsig:Object&gt;&lt;dsig:Object Id=&quot;refetsi&quot;&gt;&lt;etsi:QualifyingProperties Target=&quot;#HS_signature&quot; xmlns:etsi=&quot;http://uri.etsi.org/01903/v1.1.1#&quot;&gt;&lt;etsi:SignedProperties&gt;&lt;etsi:SignedSignatureProperties&gt;&lt;etsi:SigningTime&gt;2003-05-06T07:09:50Z&lt;/etsi:SigningTime&gt;&lt;etsi:SigningCertificate&gt;&lt;etsi:Cert&gt;&lt;etsi:CertDigest&gt;&lt;etsi:DigestMethod Algorithm=&quot;http://www.w3.org/2000/09/xmldsig#sha1&quot;/&gt;&lt;etsi:DigestValue&gt;Frhu1o4mL4gQHdJcU0xSA/h4COE=&lt;/etsi:DigestValue&gt;&lt;/etsi:CertDigest&gt;&lt;etsi:IssuerSerial&gt;&lt;dsig:X509IssuerName&gt;CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT&lt;/dsig:X509IssuerName&gt;&lt;dsig:X509SerialNumber&gt;6455&lt;/dsig:X509SerialNumber&gt;&lt;/etsi:IssuerSerial&gt;&lt;/etsi:Cert&gt;&lt;/etsi:SigningCertificate&gt;&lt;etsi:SignaturePolicyIdentifier&gt;&lt;etsi:SignaturePolicyImplied/&gt;&lt;/etsi:SignaturePolicyIdentifier&gt;&lt;/etsi:SignedSignatureProperties&gt;&lt;etsi:SignedDataObjectProperties&gt;&lt;etsi:DataObjectFormat ObjectReference=&quot;#reference-data-1&quot;&gt;&lt;etsi:MimeType&gt;text/html&lt;/etsi:MimeType&gt;&lt;/etsi:DataObjectFormat&gt;&lt;/etsi:SignedDataObjectProperties&gt;&lt;/etsi:SignedProperties&gt;&lt;/etsi:QualifyingProperties&gt;&lt;/dsig:Object&gt;&lt;/dsig:Signature&gt;&lt;/sl10:XMLContent&gt;
+ &lt;/sl11:SignatureEnvironment&gt;
+ &lt;sl11:SignatureLocation&gt;//dsig:Signature&lt;/sl11:SignatureLocation&gt;
+ &lt;/sl11:SignatureInfo&gt;
+&lt;/sl11:VerifyXMLSignatureRequest&gt;
+"/>
+ <input type="hidden"
+ name="DataURL"
+ value="https://localhost:8443/authStartAuthentication?MOASessionID=DELETED"/>
+ Hier finden Sie weitere Informationen zur &Uuml;berpr&uuml;fung der Zertifikate.
+ <input type="submit" value="Weitere Info"/>
+</form></body>
+</html> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A100/AuthTemplate.html b/id.server/data/abnahme-test/xmldata/A100/AuthTemplate.html
new file mode 100644
index 000000000..2ecfe9cfd
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A100/AuthTemplate.html
@@ -0,0 +1,30 @@
+<html>
+<head>
+<title>MOA ID Auth Sample Login - customized</title>
+</head>
+<body>
+<h1>MOA ID Auth Sample Login - customized</h1>
+<form name="CustomizedForm"
+ action="<BKU>"
+ method="post">
+ <input type="hidden"
+ name="XMLRequest"
+ value="<XMLRequest>"/>
+ <input type="hidden"
+ name="DataURL"
+ value="<DataURL>"/>
+ <input type="submit" value="B&uuml;rgerkarte lesen"/>
+</form>
+<form name="CustomizedInfoForm"
+ action="<BKU>"
+ method="post">
+ <input type="hidden"
+ name="XMLRequest"
+ value="<CertInfoXMLRequest>"/>
+ <input type="hidden"
+ name="DataURL"
+ value="<CertInfoDataURL>"/>
+ Hier finden Sie weitere Informationen zur &Uuml;berpr&uuml;fung der Zertifikate.
+ <input type="submit" value="Weitere Info"/>
+</form></body>
+</html> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A200/A201/CreateXMLSignatureRequest.xml b/id.server/data/abnahme-test/xmldata/A200/A201/CreateXMLSignatureRequest.xml
new file mode 100644
index 000000000..3877f0950
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A200/A201/CreateXMLSignatureRequest.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<sl11:CreateXMLSignatureRequest xmlns:dsig='http://www.w3.org/2000/09/xmldsig#' xmlns:sl10='http://www.buergerkarte.at/namespaces/securitylayer/20020225#' xmlns:sl11='http://www.buergerkarte.at/namespaces/securitylayer/20020831#'>
+ <sl11:KeyboxIdentifier>SecureSignatureKeypair</sl11:KeyboxIdentifier>
+ <sl11:DataObjectInfo Structure='detached'>
+ <sl10:DataObject Reference=''/>
+<sl10:TransformsInfo>
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+ <table border="1">
+ <tr>
+ <td>
+ <b>Name:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//@Issuer"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Zeit:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//@IssueInstant"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Applikation:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Geschäftsbereich:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Anmeldeserver:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:NameIdentifier"/>
+ </td>
+ </tr>
+ </table>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ </dsig:Transforms>
+ <sl10:FinalDataMetaInfo>
+ <sl10:MimeType>text/html</sl10:MimeType>
+ </sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
+ </sl11:DataObjectInfo>
+ <sl11:SignatureInfo>
+ <sl11:SignatureEnvironment>
+ <sl10:XMLContent><saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' MajorVersion='1' MinorVersion='0' AssertionID='any' Issuer='Hermann Muster' IssueInstant='2003-04-29T09:40:46+02:00'>
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>https://localhost:8443/auth</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName='Geschäftsbereich' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='OA' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion></sl10:XMLContent>
+ </sl11:SignatureEnvironment>
+ <sl11:SignatureLocation Index='2'>/saml:Assertion</sl11:SignatureLocation>
+ </sl11:SignatureInfo>
+</sl11:CreateXMLSignatureRequest> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A200/A254/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/A200/A254/InfoboxReadResponse.xml
new file mode 100644
index 000000000..f6b2aa57d
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A200/A254/InfoboxReadResponse.xml
@@ -0,0 +1,97 @@
+<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>000000000000</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A200/A255/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/A200/A255/InfoboxReadResponse.xml
new file mode 100644
index 000000000..b38e902f2
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A200/A255/InfoboxReadResponse.xml
@@ -0,0 +1,97 @@
+<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="A" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>000000000000</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A200/A256/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/A200/A256/InfoboxReadResponse.xml
new file mode 100644
index 000000000..ab5315d20
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A200/A256/InfoboxReadResponse.xml
@@ -0,0 +1,108 @@
+<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>000000000000</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>000000000000</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A200/A257/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/A200/A257/InfoboxReadResponse.xml
new file mode 100644
index 000000000..a980fabd3
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A200/A257/InfoboxReadResponse.xml
@@ -0,0 +1,97 @@
+<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>000000000000</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="NOCitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="NOCitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A200/A258/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/A200/A258/InfoboxReadResponse.xml
new file mode 100644
index 000000000..78f5ddd5c
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A200/A258/InfoboxReadResponse.xml
@@ -0,0 +1,97 @@
+<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://WRONG.NAMESPACE">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://WRONG.NAMESPACE">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A200/A259/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/A200/A259/InfoboxReadResponse.xml
new file mode 100644
index 000000000..764b08361
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A200/A259/InfoboxReadResponse.xml
@@ -0,0 +1,87 @@
+<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A200/A260/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/A200/A260/InfoboxReadResponse.xml
new file mode 100644
index 000000000..22ea67174
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A200/A260/InfoboxReadResponse.xml
@@ -0,0 +1,41 @@
+<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+</saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A200/A261/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/A200/A261/InfoboxReadResponse.xml
new file mode 100644
index 000000000..e3ca1bf66
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A200/A261/InfoboxReadResponse.xml
@@ -0,0 +1,97 @@
+<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann2</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A200/A262/Configuration.xml b/id.server/data/abnahme-test/xmldata/A200/A262/Configuration.xml
new file mode 100644
index 000000000..44b4f519b
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A200/A262/Configuration.xml
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore>
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile2</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile2</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <!--<X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>-->
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="http://localhost:9080/moa-id-auth/services/GetAuthenticationData">
+ <!-- <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> -->
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="http://localhost:9080/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfBasicAuth.xml" sessionTimeOut="10">
+ <ConnectionParameter URL="ProxyComponentURL">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="https://testP101:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfBasicAuth.xml" sessionTimeOut="20">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="https://testP102:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfParamAuth.xml" sessionTimeOut="20">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA302:9080/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="true"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA303:9080/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="true" provideIdentityLink="false"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA304:9080/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="true" provideIdentityLink="true"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA305:9080/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="false" provideIdentityLink="false"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA306:9080/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="false" provideIdentityLink="true"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA307:9080/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="false"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA308:9080/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="data/test/certs/cert-store-root"/>
+ <GenericConfiguration name="TLSTrustedCACertificates" value="file:c:/java/id.server/data/test/certs/ca-certs"/>
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A200/A262/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/A200/A262/InfoboxReadResponse.xml
new file mode 100644
index 000000000..e894f560e
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A200/A262/InfoboxReadResponse.xml
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-13T08:18:09.803" IssueInstant="2003-02-13T08:18:09.803" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns="" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>987654321098</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Monika</pr:GivenName>
+ <pr:FamilyName primary="undefined">Bürger</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1945-08-02</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>5lEaWEjW+4/6Zcp4TCAx4KDwrhqNCnwSOlyWBgAvHZs57Sg2h3lATP2SJjujzMityxI/r5XFSjNl
+D7BDml4hqy7P2Ro0z/EDKWCo+VMjZS2DKMUWoB4u+QOgovHXMcB/ko6N0MSwQxDxus7LrJ2aYT2G
+naS1u6/zULjkn3rhOjM=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>ZObnb8BKSWDhmGsQhNGWSAboNH+nJPM109g8QlTi3KrLmtbVuuQWByZmRbgT4HfRFsnD8RvG2Lw3
+cC0G8UH/BeSo5LeJSZc5TUTbWm62kjywzGp4TTX0/K1bHp2cZ/lOIpfAI1tsGerWIoX7FRd79lc+
+8Osp1AsguEm/qQH6FTs=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>N37kVznK95fiKaf1sWVHeFkbzwY=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>Rk9zppvNedEsGSx9CibYS4eu0jw=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>Hte006lAMycSR138EA/LGP/NBuaab4PzleCjl4ZvDTGKBPEzFKtVqrY+evG9aKWi
+B/yw1L5DnIn9UOKqLouwZGBzK33nyAZdr+GWYtWKogbgEeNTLxT2LNoQHthfsTLr
+g2Me//mQEqYdtMcTfmhls/qizjhgZXm16yaCWv2bIoc=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>0DHkFVM0QWLSexFR2MX0VavHHK8=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A200/A263/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/A200/A263/InfoboxReadResponse.xml
new file mode 100644
index 000000000..9ad95af1f
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A200/A263/InfoboxReadResponse.xml
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="UTF-8"?><sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent>
+<saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns="" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHN
+WW5RPGxVlPDz5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfv
+HEcxHQOA6sa42C+dFKsKIvmP3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A301/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A301/AuthenticationData.xml
new file mode 100644
index 000000000..03b1fbd3f
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A301/AuthenticationData.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData></saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'>
+ <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType">
+
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person></saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>true</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A301/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A301/Configuration.xml
new file mode 100644
index 000000000..39d9a864b
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A301/Configuration.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </BKUSelection>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore>
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="AuthComponentURL">
+ <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore>
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <GenericConfiguration name="authenticationSessionTimeOut" value="600"/>
+ <GenericConfiguration name="authenticationDataTimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A300/A302/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A302/AuthenticationData.xml
new file mode 100644
index 000000000..db46fb127
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A302/AuthenticationData.xml
@@ -0,0 +1,121 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'>
+ <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType">
+
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person></saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>true</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A302/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A302/Configuration.xml
new file mode 100644
index 000000000..804a27e92
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A302/Configuration.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </BKUSelection>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore>
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="AuthComponentURL">
+ <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore>
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <GenericConfiguration name="authenticationSessionTimeOut" value="600"/>
+ <GenericConfiguration name="authenticationDataTimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A300/A303/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A303/AuthenticationData.xml
new file mode 100644
index 000000000..12cfbb668
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A303/AuthenticationData.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData><saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' MajorVersion='1' MinorVersion='0' Issuer='Hermann Muster' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>https://localhost:8443/auth</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName='Geschäftsbereich' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='OA' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion></saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'>
+ <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType">
+
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person></saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>true</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A303/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A303/Configuration.xml
new file mode 100644
index 000000000..2067a40c7
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A303/Configuration.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </BKUSelection>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore>
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="AuthComponentURL">
+ <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore>
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="true" provideIdentityLink="false"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <GenericConfiguration name="authenticationSessionTimeOut" value="600"/>
+ <GenericConfiguration name="authenticationDataTimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A300/A304/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A304/AuthenticationData.xml
new file mode 100644
index 000000000..7e05dbfe1
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A304/AuthenticationData.xml
@@ -0,0 +1,133 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData><saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' MajorVersion='1' MinorVersion='0' Issuer='Hermann Muster' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>https://localhost:8443/auth</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName='Geschäftsbereich' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='OA' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'>
+ <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType">
+
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person></saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>true</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A304/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A304/Configuration.xml
new file mode 100644
index 000000000..bc1bc17ce
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A304/Configuration.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </BKUSelection>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore>
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="AuthComponentURL">
+ <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore>
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <GenericConfiguration name="authenticationSessionTimeOut" value="600"/>
+ <GenericConfiguration name="authenticationDataTimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A300/A305/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A305/AuthenticationData.xml
new file mode 100644
index 000000000..124f7e5d0
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A305/AuthenticationData.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData></saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'>
+ <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person></saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>true</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A305/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A305/Configuration.xml
new file mode 100644
index 000000000..7a2ed2017
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A305/Configuration.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </BKUSelection>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore>
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="AuthComponentURL">
+ <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore>
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="false" provideIdentityLink="false"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <GenericConfiguration name="authenticationSessionTimeOut" value="600"/>
+ <GenericConfiguration name="authenticationDataTimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A300/A306/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A306/AuthenticationData.xml
new file mode 100644
index 000000000..9b39890d1
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A306/AuthenticationData.xml
@@ -0,0 +1,124 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'>
+ <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person></saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>true</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A306/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A306/Configuration.xml
new file mode 100644
index 000000000..3750de781
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A306/Configuration.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </BKUSelection>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore>
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="AuthComponentURL">
+ <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore>
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="false" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <GenericConfiguration name="authenticationSessionTimeOut" value="600"/>
+ <GenericConfiguration name="authenticationDataTimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A300/A307/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A307/AuthenticationData.xml
new file mode 100644
index 000000000..499a3908e
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A307/AuthenticationData.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData><saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' MajorVersion='1' MinorVersion='0' Issuer='Hermann Muster' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>https://localhost:8443/auth</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName='Geschäftsbereich' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='OA' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion></saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'>
+ <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person></saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>true</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A307/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A307/Configuration.xml
new file mode 100644
index 000000000..7400f791a
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A307/Configuration.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </BKUSelection>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore>
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="AuthComponentURL">
+ <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore>
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="false"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <GenericConfiguration name="authenticationSessionTimeOut" value="600"/>
+ <GenericConfiguration name="authenticationDataTimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A300/A308/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A308/AuthenticationData.xml
new file mode 100644
index 000000000..32b3d31f9
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A308/AuthenticationData.xml
@@ -0,0 +1,136 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData><saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' MajorVersion='1' MinorVersion='0' Issuer='Hermann Muster' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>https://localhost:8443/auth</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName='Geschäftsbereich' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='OA' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'>
+ <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person></saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>true</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A308/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A308/Configuration.xml
new file mode 100644
index 000000000..b6b42f267
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A308/Configuration.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </BKUSelection>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore>
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="AuthComponentURL">
+ <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore>
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <GenericConfiguration name="authenticationSessionTimeOut" value="600"/>
+ <GenericConfiguration name="authenticationDataTimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A300/A309/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A309/AuthenticationData.xml
new file mode 100644
index 000000000..b3e27002e
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A309/AuthenticationData.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData></saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'>
+ <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType">
+
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person></saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>false</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A309/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A309/Configuration.xml
new file mode 100644
index 000000000..9e523773a
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A309/Configuration.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </BKUSelection>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore>
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=Isolde B\C3\BCrgerin,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</X509SubjectName>
+ <X509SubjectName>CN=Max Mustermann,O=Musterorganisation,STREET=Mustergasse 1,L=Wien,ST=Wien,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="AuthComponentURL">
+ <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore>
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <GenericConfiguration name="authenticationSessionTimeOut" value="600"/>
+ <GenericConfiguration name="authenticationDataTimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A300/A309/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A309/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..184615e91
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A309/CreateXMLSignatureResponse.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-23T09:52:28+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>https://moatestlinux:18443/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="signature-1-1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-1-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>ue7o7gdb1tN1eNQ/PTK2zBa4tzc=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#xmlns(etsi=http://uri.etsi.org/01903/v1.1.1%23)%20xpointer(id('etsi-signed-1-1')/child::etsi:QualifyingProperties/child::etsi:SignedProperties)"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>DlzOL10xqFzEPMGWmenuvyqB3+c=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>Mx68y1JK5jtEyp10w/9p5FYq0Ro5JsjOHQREag5DAfMW5Mf+6qapTjvO+eDZXYub
+Vjzph+QgxIhwfFQtrrM9M9ftuHWtD+HeVaexWNkApOBzijdTjZAS4lph4WM5wJ3M
+/vUhCJzQzC1scg7xRdNGd+aszMtksWKJpPw4oI0PayE=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIID1zCCA0SgAwIBAgIGAPMkfTU7MAkGBSsOAwIdBQAwgawxCzAJBgNVBAYTAkFU
+MSYwJAYDVQQKEx1HUkFaIFVOSVZFUlNJVFkgT0YgVEVDSE5PTE9HWTFHMEUGA1UE
+CxM+SW5zaXR1dGUgZm9yIEFwcGxpZWQgSW5mb3JtYXRpb24gUHJvY2Vzc2luZyBh
+bmQgQ29tbXVuaWNhdGlvbnMxFTATBgNVBAsTDElBSUsgVGVzdCBDQTEVMBMGA1UE
+AxMMSUFJSyBUZXN0IENBMB4XDTAzMDIwMzE2MjA1NVoXDTAzMTIzMDIyNTkzMFow
+gZgxCzAJBgNVBAYTAkFUMSYwJAYDVQQKEx1HUkFaIFVOSVZFUlNJVFkgT0YgVEVD
+SE5PTE9HWTFHMEUGA1UECxM+SW5zaXR1dGUgZm9yIEFwcGxpZWQgSW5mb3JtYXRp
+b24gUHJvY2Vzc2luZyBhbmQgQ29tbXVuaWNhdGlvbnMxGDAWBgNVBAMUD0lzb2xk
+ZSBC/HJnZXJpbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA53m0qng6O9zV
+IAuJ22Ps91X+pddhMiA9P0QusMexQ+QEkfe43nEFIToUZ3uuoAQFd+n4MXM6D68t
+ZctGU5O4W5Aq/bEjI4efIHS0EThzgNAymqmT9Z9IIEhqm/1jhQ4SXTW33y3Xn3lx
+26DiTeApftuQB388YlV+Rs+rTyF9iRUCAwEAAaOCARwwggEYMAwGA1UdEwEB/wQC
+MAAwDgYDVR0PAQH/BAQDAgbAMBEGCWCGSAGG+EIBAQQEAwIFIDBnBgNVHSAEYDBe
+MFwGDCsGAQQBlRIBAnsBATBMMEoGCCsGAQUFBwICMD4aPFRoaXMgY2VydGlmaWNh
+dGUgb25seSBtYXkgYmUgdXNlZCBmb3IgZGVtb25zdHJhdGlvbiBwdXJwb3NlczA8
+BgNVHR8ENTAzMDGgL6AthitodHRwOi8vd3d3LmlhaWsuYXQvdGVzdENBL2lhaWtf
+dGVzdF9zaWcuY3JsMB0GA1UdDgQWBBQoOuoIxS8M1o/DTZkJUs0lnN5A7TAfBgNV
+HSMEGDAWgBRMILBWAgz3iAqWiKUUtFHMOrXyvzAJBgUrDgMCHQUAA4GBACY81o8m
+zb8YCuTMgeplySm5nAkxjsv1T5n/Hzz1cLfSDJZ0HyNTVx/GDszY+Dx28MdW+6DL
+o9nWPSE/4P+k9HXJe/wEyAv44OrjvpzGGKjqoc3X8v4rzMo6MBRNluu0m3y1pktT
+V/q4aiWD/nbGXdrn/AoKAvOSAQ3Qe6X+dT/1</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="etsi-signed-1-1"><etsi:QualifyingProperties Target="#signature-1-1" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-25T10:36:37</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>dL59VDpBsujcngd207z0ohPl1/U=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=IAIK Test CA,OU=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>1044289238331</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-1-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+ </saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A310/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A310/AuthenticationData.xml
new file mode 100644
index 000000000..b3e27002e
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A310/AuthenticationData.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData></saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'>
+ <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType">
+
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person></saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>false</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A310/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A310/Configuration.xml
new file mode 100644
index 000000000..9e523773a
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A310/Configuration.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </BKUSelection>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore>
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=Isolde B\C3\BCrgerin,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</X509SubjectName>
+ <X509SubjectName>CN=Max Mustermann,O=Musterorganisation,STREET=Mustergasse 1,L=Wien,ST=Wien,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="AuthComponentURL">
+ <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore>
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <GenericConfiguration name="authenticationSessionTimeOut" value="600"/>
+ <GenericConfiguration name="authenticationDataTimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A300/A310/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A310/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..e004eb74c
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A310/CreateXMLSignatureResponse.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-23T09:52:28+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>https://moatestlinux:18443/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="signature-1-1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-1-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>ue7o7gdb1tN1eNQ/PTK2zBa4tzc=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#xmlns(etsi=http://uri.etsi.org/01903/v1.1.1%23)%20xpointer(id('etsi-signed-1-1')/child::etsi:QualifyingProperties/child::etsi:SignedProperties)"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>Q2VhPYhMbwz4beILYjMDmBsurLQ=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>lr5L9hxi1rvdm5vT9WpG8yYKv1TIjPrONJUv6O4lTUyC4E8L4nwx8mMFPd8Q7jNb
+WmMmaDCl0uZYOATdu/x2t5wYOYreBUpka3J3wPTIJhMJQwaMMu3rHM3Ewn+1Wlsw
+6VED3ZWKAmI+12Mto5RLbD5BU6757Tx42YuCkw9glZM=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIID5zCCA1SgAwIBAgIGAPR8iAdPMAkGBSsOAwIdBQAwgawxCzAJBgNVBAYTAkFU
+MSYwJAYDVQQKEx1HUkFaIFVOSVZFUlNJVFkgT0YgVEVDSE5PTE9HWTFHMEUGA1UE
+CxM+SW5zaXR1dGUgZm9yIEFwcGxpZWQgSW5mb3JtYXRpb24gUHJvY2Vzc2luZyBh
+bmQgQ29tbXVuaWNhdGlvbnMxFTATBgNVBAsTDElBSUsgVGVzdCBDQTEVMBMGA1UE
+AxMMSUFJSyBUZXN0IENBMB4XDTAzMDQxMTExNDIwNVoXDTAzMTIzMDIyNTkzMFow
+gZgxCzAJBgNVBAYTAkFUMSYwJAYDVQQKEx1HUkFaIFVOSVZFUlNJVFkgT0YgVEVD
+SE5PTE9HWTFHMEUGA1UECxM+SW5zaXR1dGUgZm9yIEFwcGxpZWQgSW5mb3JtYXRp
+b24gUHJvY2Vzc2luZyBhbmQgQ29tbXVuaWNhdGlvbnMxGDAWBgNVBAMUD0lzb2xk
+ZSBC/HJnZXJpbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0bdQqA5YFf32
+OjaZo01tpAsP/Kgor6sWGLQj2uBrQDOAOymVkIPtv4C9XQ1tH8EUexgbYI1QpE9V
+ODvoo49Bi6u9hYnlDFj+8EgQoDCmqFSy/jzwLVnRL7jwN96uAyU5WymEdPWgHRpT
+6oDxYs36MJ7+iWQISA6nl3/QTI4wnJcCAwEAAaOCASwwggEoMAwGA1UdEwEB/wQC
+MAAwDgYDVR0PAQH/BAQDAgbAMBEGCWCGSAGG+EIBAQQEAwIFIDBnBgNVHSAEYDBe
+MFwGDCsGAQQBlRIBAnsBATBMMEoGCCsGAQUFBwICMD4aPFRoaXMgY2VydGlmaWNh
+dGUgb25seSBtYXkgYmUgdXNlZCBmb3IgZGVtb25zdHJhdGlvbiBwdXJwb3NlczA8
+BgNVHR8ENTAzMDGgL6AthitodHRwOi8vd3d3LmlhaWsuYXQvdGVzdENBL2lhaWtf
+dGVzdF9zaWcuY3JsMB0GA1UdDgQWBBTehKfLADylQ4B6DyYKvUG1+pHZzzAOBgcq
+KAAKAQEBBAMBAf8wHwYDVR0jBBgwFoAUTCCwVgIM94gKloilFLRRzDq18r8wCQYF
+Kw4DAh0FAAOBgQBw2mE3PxdtcSDwCTglkNt7ww4IGmWnUCYUiV8x/lcwWdXhcnRM
+lsjmOYi0vFiV8ne6x8fI6WMQLmHQMTfra+tEBrsHOlhISz5F5VGVfj/w6DcTC2HH
+wGaIkTqAu6GZ+bu8OpXYSIZEy4ZSMTWWnomses0LyrXqmWNWh1InVjAPiw==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="etsi-signed-1-1"><etsi:QualifyingProperties Target="#signature-1-1" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-25T10:36:39</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>YrSnK0/o4nCtqxK1IpJF2Qy4ZQc=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=IAIK Test CA,OU=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>1050061309775</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-1-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+ </saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A311/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A311/AuthenticationData.xml
new file mode 100644
index 000000000..8a66f40cf
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A311/AuthenticationData.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData></saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'>
+ <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType">
+
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person></saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>false</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='isPublicAuthority' AttributeNamespace='urn:oid:1.2.40.0.10.1.1.1'>
+ <saml:AttributeValue>Musterbehörde</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A311/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A311/Configuration.xml
new file mode 100644
index 000000000..9e523773a
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A311/Configuration.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </BKUSelection>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore>
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=Isolde B\C3\BCrgerin,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</X509SubjectName>
+ <X509SubjectName>CN=Max Mustermann,O=Musterorganisation,STREET=Mustergasse 1,L=Wien,ST=Wien,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="AuthComponentURL">
+ <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore>
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <GenericConfiguration name="authenticationSessionTimeOut" value="600"/>
+ <GenericConfiguration name="authenticationDataTimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A300/A311/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A311/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..f7346ad2b
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A311/CreateXMLSignatureResponse.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-23T09:52:28+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>https://moatestlinux:18443/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="signature-1-1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-1-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>ue7o7gdb1tN1eNQ/PTK2zBa4tzc=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#xmlns(etsi=http://uri.etsi.org/01903/v1.1.1%23)%20xpointer(id('etsi-signed-1-1')/child::etsi:QualifyingProperties/child::etsi:SignedProperties)"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>nSqJkplafvE6SpfL0JP5Tbanh3Y=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>V5m5I1QA+NXzhU64G/I1vT8LAoWqaoHm2Ck807U8SVG668NmjH4wrfTln+Shx0HD
++q4c2NAb6ZFzTUQ190RlRgvEM0cvtCSpn7/AcJaBd5WuUYPRLPEmP8ca4xhLGi1t
+XZQCTpTLLnRI+5Yf5HJqc1lfs5Pkv9hQZ9W55eJgmiA=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDwTCCAy6gAwIBAgIVAOn21xTCfievvs3qbq8HRBHjXjNPMAkGBSsOAwIdBQAw
+gZUxCzAJBgNVBAYTAkFUMSYwJAYDVQQKEx1HUkFaIFVOSVZFUlNJVFkgT0YgVEVD
+SE5PTE9HWTFHMEUGA1UECxM+SW5zaXR1dGUgZm9yIEFwcGxpZWQgSW5mb3JtYXRp
+b24gUHJvY2Vzc2luZyBhbmQgQ29tbXVuaWNhdGlvbnMxFTATBgNVBAMTDElBSUsg
+VGVzdCBDQTAeFw0wMjExMTUwOTQwNTBaFw0wMzEyMzEyMjU5MzBaMHkxCzAJBgNV
+BAYTAkFUMQ0wCwYDVQQIEwRXaWVuMQ0wCwYDVQQHEwRXaWVuMRYwFAYDVQQJEw1N
+dXN0ZXJnYXNzZSAxMRswGQYDVQQKExJNdXN0ZXJvcmdhbmlzYXRpb24xFzAVBgNV
+BAMTDk1heCBNdXN0ZXJtYW5uMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDw
+Dxgoc53OFRWuZcGRkuZYYHxTeM7tLoH+9eFpqtokWHruFNn49JNWNdU2PMPeXezO
+6eYwz/214/EB/SvCx5ZRlLC7GikqUX0UyK/r36zq9Q5nOMFfSoG48hEIjzAUWnc4
+FIePYW7hdb0/nW+1CKVdpmsGHChJoN7SCiVvY0eyAQIDAQABo4IBLjCCASowDAYD
+VR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0gBGAwXjBcBgwrBgEEAZUS
+AQIDAQEwTDBKBggrBgEFBQcCAjA+GjxUaGlzIGNlcnRpZmljYXRlIG1heSBiZSB1
+c2VkIGZvciBkZW1vbnN0cmF0aW9uIHB1cnBvc2VzIG9ubHkwLwYDVR0RBCgwJoEk
+bWF4Lm11c3Rlcm1hbm5AbXVzdGVyb3JnYW5pc2F0aW9uLmF0MB0GA1UdDgQWBBTp
+9tcUwn4nr77N6m6vB0MgXEvH5TAbBgcqKAAKAQEBBBAMDk11c3RlcmJlaMO2cmRl
+MBMGA1UdJQQMMAoGCCsGAQUFBwMEMB8GA1UdIwQYMBaAFOtWHOnph3q+vzHzdX8q
+/qzlQNOOMAkGBSsOAwIdBQADgYEALbC1Ibymb3DWwB+pEezrt87+r3xi+JGFxkt0
+tw0tOoe+ejSY8AhSuY3LseLdPNDnTtlg/GlkzijCFxBHPgUKhGokA91qIoV++fZt
+3/pxjSVxl+elGDCx9WcrXB5L7m5mxSMgYGOZH2UUlFZQvtKXxU4KrXCXkQVTsg9g
+RWizwj4=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="etsi-signed-1-1"><etsi:QualifyingProperties Target="#signature-1-1" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-25T10:36:40</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>pMBCPXFi69dO65GgzApHN4TxtvM=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>1335699569126441074835341742398412708010421793615</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-1-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+ </saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A355/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A355/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..b9e0e0f9c
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A355/CreateXMLSignatureResponse.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="A" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OA&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;Geschäftsbereich&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n
+FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0
+YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+</saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A356/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A356/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..4ef49034c
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A356/CreateXMLSignatureResponse.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost2:8080/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OA&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;Geschäftsbereich&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n
+FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0
+YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+</saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A357/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A357/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..4fe3c4b2b
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A357/CreateXMLSignatureResponse.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="gb" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OA&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;Geschäftsbereich&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n
+FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0
+YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+</saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A358/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A358/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..4736c5dc3
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A358/CreateXMLSignatureResponse.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://wrong.namespace.com">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://wrong.namespace.com">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OA&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;Geschäftsbereich&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n
+FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0
+YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+</saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A359/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A359/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..7664fbe33
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A359/CreateXMLSignatureResponse.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>noTarget</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OA&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;Geschäftsbereich&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n
+FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0
+YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+</saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A360/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A360/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..a7ef7a637
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A360/CreateXMLSignatureResponse.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="noOA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OA&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;Geschäftsbereich&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n
+FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0
+YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+</saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A361/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A361/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..4736c5dc3
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A361/CreateXMLSignatureResponse.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://wrong.namespace.com">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://wrong.namespace.com">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OA&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;Geschäftsbereich&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n
+FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0
+YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+</saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A362/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A362/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..6e8393033
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A362/CreateXMLSignatureResponse.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>WRONG</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OA&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;Geschäftsbereich&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n
+FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0
+YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+</saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A363/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A363/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..96032998a
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A363/CreateXMLSignatureResponse.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement></saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A364/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A364/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..ba2749cda
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A364/CreateXMLSignatureResponse.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost:8081/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OA&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;Geschäftsbereich&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n
+FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0
+YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+</saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A366/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A366/Configuration.xml
new file mode 100644
index 000000000..9a358e434
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A366/Configuration.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore>
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile2</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <!--<X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>-->
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="http://localhost:9080/moa-id-auth/services/GetAuthenticationData">
+ <!-- <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> -->
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="http://localhost:9080/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfBasicAuth.xml" sessionTimeOut="10">
+ <ConnectionParameter URL="ProxyComponentURL">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="data/test/certs/cert-store-root"/>
+ <GenericConfiguration name="TLSTrustedCACertificates" value="file:c:/java/id.server/data/test/certs/ca-certs"/>
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A300/A367/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A367/Configuration.xml
new file mode 100644
index 000000000..5aade8185
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A367/Configuration.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore>
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <!--<X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>-->
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="http://localhost:9080/moa-id-auth/services/GetAuthenticationData">
+ <!-- <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> -->
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="http://localhost:8080/moa-id-proxy/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfBasicAuth.xml" sessionTimeOut="10">
+ <ConnectionParameter URL="ProxyComponentURL">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="data/test/certs/cert-store-root"/>
+ <GenericConfiguration name="TLSTrustedCACertificates" value="file:c:/java/id.server/data/test/certs/ca-certs"/>
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A300/A367/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A367/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..ec8cefe99
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A367/CreateXMLSignatureResponse.xml
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-05-20T10:30:56+02:00" Issuer="Monika Bürger" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>https://localhost:8443/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>http://localhost:8080/moa-id-proxy/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+ <table border="1">
+ <tr>
+ <td>
+ <b>Name:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//@Issuer"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Zeit:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//@IssueInstant"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Applikation:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OA&apos;]/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Geschäftsbereich:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName=&apos;Geschäftsbereich&apos;]/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Anmeldeserver:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:NameIdentifier"/>
+ </td>
+ </tr>
+ </table>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>Vmmkctd+R7lkSKftZO1UnenfWi0=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>vfTksPSWSacTaSWnvybsm8iV80o=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>wIqspNC5KqReKNMNO7PIemxSKwGId1HIp5r6FFtuj099C304xR5fZoCoC2Zyk6di
+bnoh+rRk9oZFeGoWvhb/JADGgtia7VUO4qc3suCNVpikRgiG5K8LXMGS3w+1wUFb
+JIkDKLuDxmXApG+BEEQXmE07zfwAzRbVBmunpWnG/us=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTkwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzI0MTlaFw0wNjAyMTAxMzI0MjBaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTEgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BMTEVMBMGA1UEBRMMMjI1NjUyMzkyMTA0
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDmURpYSNb7j/plynhMIDHgoPCu
+Go0KfBI6XJYGAC8dmzntKDaHeUBM/ZImO6PMyK3LEj+vlcVKM2UPsEOaXiGrLs/Z
+GjTP8QMpYKj5UyNlLYMoxRagHi75A6Ci8dcxwH+Sjo3QxLBDEPG6zsusnZphPYad
+pLW7r/NQuOSfeuE6MwIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECEp3ZWggbV5MMA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uMkBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAIuyADBvzJmE7yCCAilQrFl4U+HjMNF5NwbbUqjtVxCj7JliOFJBd
+en46ekG8w57tLHOhg/5N9xdmObX2jgzGZy7uJC7eDnszWjvvfsFev87MwZFy3Pm/
+wdu1+7/+RLDcrOViDn1x2n/JDvkqZJ5WFor2R76wnBIESNeHOqDW9nXHP5F5ERLI
+Ug3tVhIHCkxkBvHJkQOwMD+BhKGh/1jSBRloyrVD/5QUcbQE5wmOjv1I6LLOZRbq
+eXk8cQhwGH+K6p0BdwQc6rg3CXFqTTzP4GuUhnxfJsYtKw7qAfVSf3VRqbeVHX4M
+xDtbjTi15+0lWfB15L4jukJl10D9cFMsWA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-05-20T08:31:06Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>A6PySg7S5iw8pJEX0i5lwp43lZY=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6457</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+</saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A400/A401/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A400/A401/AuthenticationData.xml
new file mode 100644
index 000000000..32b3d31f9
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A400/A401/AuthenticationData.xml
@@ -0,0 +1,136 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData><saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' MajorVersion='1' MinorVersion='0' Issuer='Hermann Muster' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>https://localhost:8443/auth</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName='Geschäftsbereich' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='OA' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'>
+ <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person></saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>true</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A600/A601/GetAuthenticationDataWebServiceResponse.xml b/id.server/data/abnahme-test/xmldata/A600/A601/GetAuthenticationDataWebServiceResponse.xml
new file mode 100644
index 000000000..8dd0f10d6
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A600/A601/GetAuthenticationDataWebServiceResponse.xml
@@ -0,0 +1,136 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<samlp:Response InResponseTo="" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"> <samlp:Status> <samlp:StatusCode Value="samlp:Success"> </samlp:StatusCode> <samlp:StatusMessage>Anfrage erfolgreich beantwortet</samlp:StatusMessage> </samlp:Status> <saml:Assertion Issuer="https://localhost:8443/moa-id-auth/" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier NameQualifier="http://reference.e-government.gv.at/names/vpk/20020221#">kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData><saml:Assertion Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>https://localhost:8443/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion><saml:Assertion Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="PersonData" AttributeNamespace="http://reference.e-government.gv.at/namespace/persondata/20020228#">
+ <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person></saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="isQualifiedCertificate" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>true</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion></samlp:Response> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A700/A701/AuthTemplate.html b/id.server/data/abnahme-test/xmldata/A700/A701/AuthTemplate.html
new file mode 100644
index 000000000..2ecfe9cfd
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A700/A701/AuthTemplate.html
@@ -0,0 +1,30 @@
+<html>
+<head>
+<title>MOA ID Auth Sample Login - customized</title>
+</head>
+<body>
+<h1>MOA ID Auth Sample Login - customized</h1>
+<form name="CustomizedForm"
+ action="<BKU>"
+ method="post">
+ <input type="hidden"
+ name="XMLRequest"
+ value="<XMLRequest>"/>
+ <input type="hidden"
+ name="DataURL"
+ value="<DataURL>"/>
+ <input type="submit" value="B&uuml;rgerkarte lesen"/>
+</form>
+<form name="CustomizedInfoForm"
+ action="<BKU>"
+ method="post">
+ <input type="hidden"
+ name="XMLRequest"
+ value="<CertInfoXMLRequest>"/>
+ <input type="hidden"
+ name="DataURL"
+ value="<CertInfoDataURL>"/>
+ Hier finden Sie weitere Informationen zur &Uuml;berpr&uuml;fung der Zertifikate.
+ <input type="submit" value="Weitere Info"/>
+</form></body>
+</html> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A700/A701/BKUSelectionTemplate.html b/id.server/data/abnahme-test/xmldata/A700/A701/BKUSelectionTemplate.html
new file mode 100644
index 000000000..92b3f04cd
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A700/A701/BKUSelectionTemplate.html
@@ -0,0 +1,14 @@
+<html>
+<head>
+<title>BKU Auswahl - customized</title>
+</head>
+<body>
+<h1><font color="green">BKU Auswahl - customized</font></h1>
+<p>
+<form method="post" action="<StartAuth>">
+<BKUSelect>
+<input type="submit" value="Ausw&auml;hlen"/>
+</form>
+</p>
+</body>
+</html> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A700/A701/SelectBKUForm.html b/id.server/data/abnahme-test/xmldata/A700/A701/SelectBKUForm.html
new file mode 100644
index 000000000..a473a689b
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A700/A701/SelectBKUForm.html
@@ -0,0 +1,20 @@
+<html>
+<head>
+<title>BKU Auswahl - customized</title>
+</head>
+<body>
+<h1><font color="green">BKU Auswahl - customized</font></h1>
+<p>
+<form method="post" action="https://localhost:8443/authStartAuthentication?MOASessionID=6621777788841637660">
+<select name="bkuURI">
+ <option value="http://localhost:3495/http-security-layer-request" selected>Lokale B&uuml;rgerkarte</option>
+ <option value="https://provider1.at:3496/http-security-layer-request">Provider eins</option>
+ <option value="https://provider2.at:3496/http-security-layer-request">Provider zwei</option>
+ <option value="https://10.16.126.28:3496/http-security-layer-request">B&uuml;rgerkarte Arbeitsplatz Paul Ivancsics</option>
+</select>
+
+<input type="submit" value="Ausw&auml;hlen"/>
+</form>
+</p>
+</body>
+</html> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A700/A702/SelectBKUForm.html b/id.server/data/abnahme-test/xmldata/A700/A702/SelectBKUForm.html
new file mode 100644
index 000000000..a213d9de0
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A700/A702/SelectBKUForm.html
@@ -0,0 +1,20 @@
+<meta http-equiv="content-type" content="text/html; charset=UTF-8">
+<html>
+<head>
+<title>Auswahl der B&uuml;rgerkartenumgebung</title>
+</head>
+<body>
+<form name="BKUSelectionForm"
+ action="https://localhost:8443/authStartAuthentication?MOASessionID=7936129366756090040"
+ method="post">
+<select name="bkuURI">
+ <option value="http://localhost:3495/http-security-layer-request" selected>Lokale B&uuml;rgerkarte</option>
+ <option value="https://provider1.at:3496/http-security-layer-request">Provider eins</option>
+ <option value="https://provider2.at:3496/http-security-layer-request">Provider zwei</option>
+ <option value="https://10.16.126.28:3496/http-security-layer-request">B&uuml;rgerkarte Arbeitsplatz Paul Ivancsics</option>
+</select>
+
+ <input type="submit" value="B&uuml;rgerkartenumgebung ausw&auml;hlen"/>
+</form>
+</body>
+</html> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A700/A703/Configuration.xml b/id.server/data/abnahme-test/xmldata/A700/A703/Configuration.xml
new file mode 100644
index 000000000..f38dc9ee0
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A700/A703/Configuration.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <BKUSelection BKUSelectionAlternative="HTMLComplete">
+ <ConnectionParameter URL="https://auswahl.buergerkarte.at/auswahl"/>
+ </BKUSelection>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <!--<X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>-->
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ </ChainingModes>
+ <TrustedCACertificates>file:data/abnahme-test/certs/ca-certs</TrustedCACertificates>
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="C:/programme/apacheGroup/abnahme/aValidPathName"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A700/A703/SelectBKUForm.html b/id.server/data/abnahme-test/xmldata/A700/A703/SelectBKUForm.html
new file mode 100644
index 000000000..21e48a844
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A700/A703/SelectBKUForm.html
@@ -0,0 +1 @@
+https://auswahl.buergerkarte.at/auswahl?returnURI=https://localhost:8443/authStartAuthentication?MOASessionID=-1393563939984986204 \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A700/Configuration.xml b/id.server/data/abnahme-test/xmldata/A700/Configuration.xml
new file mode 100644
index 000000000..44cc09196
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A700/Configuration.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="file:data/abnahme-test/xmldata/A700/getBKUSelectTag.jsp"/>
+ </BKUSelection>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <!--<X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>-->
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ </ChainingModes>
+ <TrustedCACertificates>file:data/abnahme-test/certs/ca-certs</TrustedCACertificates>
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="C:/programme/apacheGroup/abnahme/aValidPathName"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A700/getBKUSelectTag.jsp b/id.server/data/abnahme-test/xmldata/A700/getBKUSelectTag.jsp
new file mode 100644
index 000000000..028dbd348
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A700/getBKUSelectTag.jsp
@@ -0,0 +1,6 @@
+<select name="bkuURI">
+ <option value="http://localhost:3495/http-security-layer-request" selected>Lokale B&uuml;rgerkarte</option>
+ <option value="https://provider1.at:3496/http-security-layer-request">Provider eins</option>
+ <option value="https://provider2.at:3496/http-security-layer-request">Provider zwei</option>
+ <option value="https://10.16.126.28:3496/http-security-layer-request">B&uuml;rgerkarte Arbeitsplatz Paul Ivancsics</option>
+</select>
diff --git a/id.server/data/abnahme-test/xmldata/C000/C001/Configuration.xml b/id.server/data/abnahme-test/xmldata/C000/C001/Configuration.xml
new file mode 100644
index 000000000..e125e2c38
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/C000/C001/Configuration.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <BKUSelection>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </BKUSelection>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore>
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="http://localhost:9080/moa-id-auth/services/GetAuthenticationData">
+ <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore>
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <TrustedCACertificates>http://localhost:8080/truestedCACerts</TrustedCACertificates>
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="data/test/certs/cert-store-root"/>
+ <GenericConfiguration name="TLSTrustedCACertificates" value="file:c:/java/id.server/data/test/certs/ca-certs"/>
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/C000/C002/Configuration.xml b/id.server/data/abnahme-test/xmldata/C000/C002/Configuration.xml
new file mode 100644
index 000000000..7a75d85f8
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/C000/C002/Configuration.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <OnlineApplication publicURLPrefix="http://localhost:9080/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/>
+ </OnlineApplication>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/C000/C003/Configuration.xml b/id.server/data/abnahme-test/xmldata/C000/C003/Configuration.xml
new file mode 100644
index 000000000..db84e7b12
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/C000/C003/Configuration.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="http://localhost:9080/moa-id-auth/services/GetAuthenticationData"/>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="http://localhost:9080/">
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfBasicAuth.xml" sessionTimeOut="10">
+ <ConnectionParameter URL="ProxyComponentURL">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/C000/C051/ConfigurationC051.xml b/id.server/data/abnahme-test/xmldata/C000/C051/ConfigurationC051.xml
new file mode 100644
index 000000000..e3a364514
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/C000/C051/ConfigurationC051.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <OnlineApplication2 publicURLPrefix="http://localhost:9080/">
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfBasicAuth.xml" sessionTimeOut="10">
+ <ConnectionParameter URL="ProxyComponentURL">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication2>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/Configuration.xml b/id.server/data/abnahme-test/xmldata/Configuration.xml
new file mode 100644
index 000000000..e3f1bd8b4
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/Configuration.xml
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <!--<AcceptedServerCertificates>file:data/abnahme-test/certs/server-certs</AcceptedServerCertificates>-->
+ <!--<ClientKeyStore password="Keystore Pass">file:data/abnahme-test/certs/server-certs/server.keystore</ClientKeyStore>-->
+ </ConnectionParameter>
+
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <!--<X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>-->
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData">
+ <!-- <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> -->
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="http://localhost:9080/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfBasicAuth.xml" sessionTimeOut="10">
+ <ConnectionParameter URL="ProxyComponentURL">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="https://testP101:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfBasicAuth.xml" sessionTimeOut="20">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="https://testP102:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfParamAuth.xml" sessionTimeOut="20">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA302:9080/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="true"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA303:9080/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="true" provideIdentityLink="false"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA304:9080/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="true" provideIdentityLink="true"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA305:9080/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="false" provideIdentityLink="false"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA306:9080/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="false" provideIdentityLink="true"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA307:9080/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="false"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA308:9080/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <TrustedCACertificates>file:data/abnahme-test/certs/ca-certs</TrustedCACertificates>
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="C:/programme/apacheGroup/abnahme/aValidPathName"/>
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..5a4759b7a
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/CreateXMLSignatureResponse.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OA&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;Geschäftsbereich&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n
+FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0
+YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+</saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/InfoboxReadResponse.xml
new file mode 100644
index 000000000..a35b7f209
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/InfoboxReadResponse.xml
@@ -0,0 +1,97 @@
+<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/L000/Configuration.xml b/id.server/data/abnahme-test/xmldata/L000/Configuration.xml
new file mode 100644
index 000000000..e3f1bd8b4
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/L000/Configuration.xml
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <!--<AcceptedServerCertificates>file:data/abnahme-test/certs/server-certs</AcceptedServerCertificates>-->
+ <!--<ClientKeyStore password="Keystore Pass">file:data/abnahme-test/certs/server-certs/server.keystore</ClientKeyStore>-->
+ </ConnectionParameter>
+
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <!--<X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>-->
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData">
+ <!-- <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> -->
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="http://localhost:9080/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfBasicAuth.xml" sessionTimeOut="10">
+ <ConnectionParameter URL="ProxyComponentURL">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="https://testP101:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfBasicAuth.xml" sessionTimeOut="20">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="https://testP102:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfParamAuth.xml" sessionTimeOut="20">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA302:9080/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="true"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA303:9080/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="true" provideIdentityLink="false"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA304:9080/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="true" provideIdentityLink="true"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA305:9080/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="false" provideIdentityLink="false"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA306:9080/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="false" provideIdentityLink="true"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA307:9080/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="false"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA308:9080/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <TrustedCACertificates>file:data/abnahme-test/certs/ca-certs</TrustedCACertificates>
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="C:/programme/apacheGroup/abnahme/aValidPathName"/>
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/L000/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/L000/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..0ef26ce2f
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/L000/CreateXMLSignatureResponse.xml
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-05-07T17:25:10+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>https://localhost:8443/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>http://10.16.126.28:9080/moa-id-proxy/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+ <table border="1">
+ <tr>
+ <td>
+ <b>Name:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//@Issuer"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Zeit:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//@IssueInstant"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Applikation:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OA&apos;]/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Geschäftsbereich:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName=&apos;Geschäftsbereich&apos;]/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Anmeldeserver:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:NameIdentifier"/>
+ </td>
+ </tr>
+ </table>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>bvM1wMyWDhJeTm6wYNIBeqEMGhc=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>SODqS1d8cJD301+Eq0jrCkRjSkI=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>GIWA7SDyFiDbbDxOxipEjm9lNJunrfHsLaSEaDUgzpghZ0ESdP8wkS9fBGXdErm8
+FiitoTNUquYLefUjl6i5lIpPp+FraX/6t2Oxda4N8KMamoBpffcxoiU069JOVAEL
+ohZawwD4ezgeBJSTgwX7dmPCXjpNa1M8l1wm8FhCgqo=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-05-07T15:25:17Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+</saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/L000/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/L000/InfoboxReadResponse.xml
new file mode 100644
index 000000000..a35b7f209
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/L000/InfoboxReadResponse.xml
@@ -0,0 +1,97 @@
+<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse> \ No newline at end of file
diff --git a/id.server/data/certs/TrustProfile1/A-Trust-Qual-01.cer b/id.server/data/certs/TrustProfile1/A-Trust-Qual-01.cer
new file mode 100644
index 000000000..f9f27442b
--- /dev/null
+++ b/id.server/data/certs/TrustProfile1/A-Trust-Qual-01.cer
Binary files differ
diff --git a/id.server/data/certs/TrustProfile1/A-Trust-nQual-01.cer b/id.server/data/certs/TrustProfile1/A-Trust-nQual-01.cer
new file mode 100644
index 000000000..289fc2198
--- /dev/null
+++ b/id.server/data/certs/TrustProfile1/A-Trust-nQual-01.cer
Binary files differ
diff --git a/id.server/data/certs/TrustProfile1/Buergerkarte01Root.cer b/id.server/data/certs/TrustProfile1/Buergerkarte01Root.cer
new file mode 100644
index 000000000..18e6bc109
--- /dev/null
+++ b/id.server/data/certs/TrustProfile1/Buergerkarte01Root.cer
Binary files differ
diff --git a/id.server/data/certs/TrustProfile1/C.CA.DS.cer b/id.server/data/certs/TrustProfile1/C.CA.DS.cer
new file mode 100644
index 000000000..fc5bd433b
--- /dev/null
+++ b/id.server/data/certs/TrustProfile1/C.CA.DS.cer
Binary files differ
diff --git a/id.server/data/certs/TrustProfile1/IAIKRoot.cer b/id.server/data/certs/TrustProfile1/IAIKRoot.cer
new file mode 100644
index 000000000..c0c60558a
--- /dev/null
+++ b/id.server/data/certs/TrustProfile1/IAIKRoot.cer
Binary files differ
diff --git a/id.server/data/certs/TrustProfile1/IAIKRootMusterbehoerde.cer b/id.server/data/certs/TrustProfile1/IAIKRootMusterbehoerde.cer
new file mode 100644
index 000000000..21dc972b9
--- /dev/null
+++ b/id.server/data/certs/TrustProfile1/IAIKRootMusterbehoerde.cer
Binary files differ
diff --git a/id.server/data/certs/TrustProfile1/TestPersonMOA4.cer b/id.server/data/certs/TrustProfile1/TestPersonMOA4.cer
new file mode 100644
index 000000000..99936caa8
--- /dev/null
+++ b/id.server/data/certs/TrustProfile1/TestPersonMOA4.cer
Binary files differ
diff --git a/id.server/data/certs/TrustProfile1/a-sign-TEST-Premium-Enc-01.cer b/id.server/data/certs/TrustProfile1/a-sign-TEST-Premium-Enc-01.cer
new file mode 100644
index 000000000..fc5bd433b
--- /dev/null
+++ b/id.server/data/certs/TrustProfile1/a-sign-TEST-Premium-Enc-01.cer
Binary files differ
diff --git a/id.server/data/certs/TrustProfile1/a-sign-TEST-nQual-01.cer b/id.server/data/certs/TrustProfile1/a-sign-TEST-nQual-01.cer
new file mode 100644
index 000000000..84518a6a8
--- /dev/null
+++ b/id.server/data/certs/TrustProfile1/a-sign-TEST-nQual-01.cer
Binary files differ
diff --git a/id.server/data/certs/TrustProfile1/ecdsaroot_der.cer b/id.server/data/certs/TrustProfile1/ecdsaroot_der.cer
new file mode 100644
index 000000000..dac166e9a
--- /dev/null
+++ b/id.server/data/certs/TrustProfile1/ecdsaroot_der.cer
Binary files differ
diff --git a/id.server/data/certs/TrustProfile1/hsm.cer b/id.server/data/certs/TrustProfile1/hsm.cer
new file mode 100644
index 000000000..278cb8fab
--- /dev/null
+++ b/id.server/data/certs/TrustProfile1/hsm.cer
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB6TCCAVICAQEwDQYJKoZIhvcNAQEFBQAwPTESMBAGA1UEAxMJSFNNUlNBS0VZ
+MQwwCgYDVQQKEwNCUloxDDAKBgNVBAsTA01PQTELMAkGA1UEBhMCQVQwHhcNMDMw
+NDAzMTEwNjQ5WhcNMDQwNDAzMTEwNjQ5WjA9MRIwEAYDVQQDEwlIU01SU0FLRVkx
+DDAKBgNVBAoTA0JSWjEMMAoGA1UECxMDTU9BMQswCQYDVQQGEwJBVDCBnzANBgkq
+hkiG9w0BAQEFAAOBjQAwgYkCgYEA2nygG6QL8ksWZFNAUWcLcAkRR7WHck3PFu4z
+ce2D/jeWk2pf3dC+49ZRkmJbKYclySx90BZFG6iSUkhI41eXbrRzIScFz15P9K4F
+rSg8redcdysWY/WJ2ybW05PuK8jNooyc4yAGoSfiNv7GlDfAqsZpSXB2YFvd6erF
+In5e7WECAwDL2zANBgkqhkiG9w0BAQUFAAOBgQCUhQ1YQg14ZtUGj1Zn1J5O3XXu
+RZmckYjRbqMxpY3iim+yH9+eSrDcfESUeoYQHzOB+qfOx+kU33qkWBzvP1079EbC
+v5eVi4mhJ6F/8xItuvroUtuQokiiEY8g8CSM1C124MLcJr0y90Nmb2q2cHhlBkw8
+s5uQpf4EtuqJAwMrcQ==
+-----END CERTIFICATE-----
diff --git a/id.server/data/certs/TrustProfile1/moahsmcert.cer b/id.server/data/certs/TrustProfile1/moahsmcert.cer
new file mode 100644
index 000000000..160390f35
--- /dev/null
+++ b/id.server/data/certs/TrustProfile1/moahsmcert.cer
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB7zCCAVgCAQEwDQYJKoZIhvcNAQEFBQAwQDEVMBMGA1UEAxMMTU9BSFNNUlNB
+S0VZMQwwCgYDVQQKEwNCUloxDDAKBgNVBAsTA01PQTELMAkGA1UEBhMCQVQwHhcN
+MDMwNDA3MTQwNzM3WhcNMDQwNDA3MTQwNzM3WjBAMRUwEwYDVQQDEwxNT0FIU01S
+U0FLRVkxDDAKBgNVBAoTA0JSWjEMMAoGA1UECxMDTU9BMQswCQYDVQQGEwJBVDCB
+nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuQJeLj5quuES22ZlXY2W5C/JF/7a
+WZM/EBj2hZff3i66IQYe3272E9p1utzIGvY3AfAlW0sKiOhZUpOnvFlAn+Bl86J2
+kE/mQMgVHd4fxb3onCNA+x/x5BdYVdx35il6iQy9xE0kpc01CMrUMMy0+GMcz4OR
+ziJf0WHsi9JL1nECAwCYrzANBgkqhkiG9w0BAQUFAAOBgQCDpmYSMnkjfJ4JXwwc
+Y6eqqiDBexZeVwNLjjJxwf5md4ZRiewwfY3aydcA8ffjcUh4/5XXdn5y2S2n8JEg
+N2EuHHC+k/CE2JJJylkikltE+nawdfa6MukhQ0sPKjyJ+Nr2nXOwX6O2bveaTw9J
+E2+9uU+Tuf4VG9HEHEL+IaU2tA==
+-----END CERTIFICATE-----
diff --git a/id.server/data/certs/ca-certs/GTE CyberTrust Root.cer b/id.server/data/certs/ca-certs/GTE CyberTrust Root.cer
new file mode 100644
index 000000000..bcbddd2f3
--- /dev/null
+++ b/id.server/data/certs/ca-certs/GTE CyberTrust Root.cer
Binary files differ
diff --git a/id.server/data/certs/ca-certs/TrustMark-WebServer-01.cer b/id.server/data/certs/ca-certs/TrustMark-WebServer-01.cer
new file mode 100644
index 000000000..781d1e4f2
--- /dev/null
+++ b/id.server/data/certs/ca-certs/TrustMark-WebServer-01.cer
Binary files differ
diff --git a/id.server/data/certs/ca-certs/VeriSignRSA Secure Server CA.cer b/id.server/data/certs/ca-certs/VeriSignRSA Secure Server CA.cer
new file mode 100644
index 000000000..b76137b1c
--- /dev/null
+++ b/id.server/data/certs/ca-certs/VeriSignRSA Secure Server CA.cer
Binary files differ
diff --git a/id.server/data/certs/ca-certs/a-sign-corporate-light-01.cer b/id.server/data/certs/ca-certs/a-sign-corporate-light-01.cer
new file mode 100644
index 000000000..6f97837a2
--- /dev/null
+++ b/id.server/data/certs/ca-certs/a-sign-corporate-light-01.cer
Binary files differ
diff --git a/id.server/data/certs/ca-certs/intermediate.cer b/id.server/data/certs/ca-certs/intermediate.cer
new file mode 100644
index 000000000..c945fa97d
--- /dev/null
+++ b/id.server/data/certs/ca-certs/intermediate.cer
Binary files differ
diff --git a/id.server/data/certs/ca-certs/root.cer b/id.server/data/certs/ca-certs/root.cer
new file mode 100644
index 000000000..dd22e761e
--- /dev/null
+++ b/id.server/data/certs/ca-certs/root.cer
Binary files differ
diff --git a/id.server/data/certs/client-certs/key.pem b/id.server/data/certs/client-certs/key.pem
new file mode 100644
index 000000000..a326186c7
--- /dev/null
+++ b/id.server/data/certs/client-certs/key.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FE45B3E14DF98B85
+
+e4AS6U/QUW4/ZDMFdlDAVAsd5lKT7e83SWZXZePOjFXZDO+vXmiHp15uw/xrUiqA
+R5jTMHOmxccdpnoSeEXFRApgpfMgixL8IUzec8xaScOOy1+pbSadWWq5bsnnF4fF
+bztJiF5+2RXbNYe5DO32EuGpTOPZVIdWZkvgn5krPDs0EOJrGHC9SIAn+RNS7WDr
+AgKytCjX/aRQ9lUuoT8eX4e2tzslQ/x8K+0zt0vQZWDSPLZTqJNioILWwUpVapqH
+aC/8foQeWqHc1Dj9CoMZrUsS1Jwi/Hkc70cb1+3uH/DAaDng2gN4Qa2tpbvZhWHV
+rIZYpxN0CBxe/pmSwUZeZQPVcgHniJYRondVIOCCGst2l9XunOTxGoNGE8B7A/im
+FB/kondCVL7X+5gEjuAqjFTUrdQHbjCdDSwXLMAKDJEeY3NZhxsJlbXy2pcviUWz
+k0CfGpT9yANDtNT37OfJM6OZSKjUmgeqNENyL2G3X5gjpLCRTUt4BUh5IpeW3uLu
+f/wDAETyfDvHfyf2PAPSVcecDW+py7mFP87FKDrTb8e9fNleL3mNpdLaHFm7mHMf
+imhEehxiGMRj7TVBvS+WuJp0bFYiyEh6f2cnhwP/iAFkJEx7VDslYhtt9LkDGm3t
+1utow3jc/4t6IDV/rmyfYCoy9wbUymw3trGijjMT9H3L9bBekWXfiNTwOjfBa0G5
+meUUJ+BPnm1b5Y6I0nI5T1a7uJ0WeRL08NbJ26TDALBcV6l1IovgTKCtOofOcMBo
+JexXOTvllSEsNQrEzFUkzobLg48FyV/mwrjuIXuxUFwvcqKaU6Pa4Q==
+-----END RSA PRIVATE KEY-----
diff --git a/id.server/data/certs/client-certs/key2.pem b/id.server/data/certs/client-certs/key2.pem
new file mode 100644
index 000000000..86c1d1d96
--- /dev/null
+++ b/id.server/data/certs/client-certs/key2.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,BE4627B155C4DAA7
+
+Ja5FdI9jxs0+96ELq/INvD4LrSg4ELUr9Z12zBEc4mIGZRnmPgxpgKJUaWQy+atI
+X/o+KS0HYSOHfnWiWQD4GFcjGDhs8vxTsPa6I+vtrnEvFByfOq/R8h7wdHAid14J
+2E8MBVim/TxAi/2JG7yVguKkaUR/jP8uvoiTtMQvKe/NHzQywOmiACvpkX5a9G0t
+kMZKZ23q2FuEYuNn7/9E09CWc4YDc7AwhUcuUAwZXGQTmLPWriSTUKgR88G7u2LQ
+/dO0dqpJEtZIz0h7f+s46I6B7jyXNkShx8scS6YOOrdaq2xB6wC0cOAaNMc/kl7f
+9msanW4fJbE/B0rrL6ChI8Mqlr+TJ8oFrBHt1z5wexPa9OGqBOUJmoywXEhp8WUY
+oth8HZf/thJE3DppxgRHfDKgUiv8hCSRvaSFZ33Dx7qISPVBzbmk2CF69Ok05Sc3
+sHahRIA8X01mS8fFGL6fJPLT+xW4ARiP1NnVDMBUbFDg/g9GEMvAnxh9lWLysUv5
+6LMR01H6CVhOsbKfpUqIfqT6U9HmjF1vQGD1jp9KGi12Cu6Yf6Z6OcMBmR93rao3
+50GtG0HLbhuUPIrFMYe3Dl0TfPxLj/ieNvGFgueWE7Y92mw/XGn3wLoSVKAIRrYd
+ZXh09mA3yARqY15UJWmR77WOrh4j1KybADF6F445+H64UtD1QQBHH4/K+ZJ1CUiE
+V9d1F9DAnOeU3yYvRprZU/6nbqzR7dfivgln8PE8Ht2EZf9Rk/n2/ztgKBik37MF
+WPthd+8Y+XKcjg2tZOENAxw7ikzjPIdHxFzxAnr9y5d4F6P5CSIjxw==
+-----END RSA PRIVATE KEY-----
diff --git a/id.server/data/certs/client-certs/req.cer b/id.server/data/certs/client-certs/req.cer
new file mode 100644
index 000000000..9f3f8116f
--- /dev/null
+++ b/id.server/data/certs/client-certs/req.cer
Binary files differ
diff --git a/id.server/data/certs/client-certs/req.pem b/id.server/data/certs/client-certs/req.pem
new file mode 100644
index 000000000..db4a69057
--- /dev/null
+++ b/id.server/data/certs/client-certs/req.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5jCCAk+gAwIBAgIBADANBgkqhkiG9w0BAQQFADBcMQswCQYDVQQGEwJBVDET
+MBEGA1UECBMKU29tZS1TdGF0ZTENMAsGA1UEChMEQlJaRzEMMAoGA1UECxMDTU9B
+MRswGQYDVQQDExJBYm5haG1ldGVzdCBNT0EtSUQwHhcNMDMwNTA2MTU1NjMxWhcN
+MDMwNjA1MTU1NjMxWjBcMQswCQYDVQQGEwJBVDETMBEGA1UECBMKU29tZS1TdGF0
+ZTENMAsGA1UEChMEQlJaRzEMMAoGA1UECxMDTU9BMRswGQYDVQQDExJBYm5haG1l
+dGVzdCBNT0EtSUQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOJqhoQjXmkj
+E7eX0mhX4p3vz/vlpSDcmFmOw7PJOKYF38eJpPR0IqZqrDeDUJyuPQzSluRy1A6d
+kQBt93FVIND9LBd9yr6nh1bGIMppoJ/qKPHNk3bzEaW1ITgRx8ITc1jVOO2BIvVd
+4KTnLcszRvgr/KpYqpjqHRn+Eh3JwVTBAgMBAAGjgbcwgbQwHQYDVR0OBBYEFI6P
+2FnJlpDgTb/HFhIV3yczz7Q+MIGEBgNVHSMEfTB7gBSOj9hZyZaQ4E2/xxYSFd8n
+M8+0PqFgpF4wXDELMAkGA1UEBhMCQVQxEzARBgNVBAgTClNvbWUtU3RhdGUxDTAL
+BgNVBAoTBEJSWkcxDDAKBgNVBAsTA01PQTEbMBkGA1UEAxMSQWJuYWhtZXRlc3Qg
+TU9BLUlEggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAECbLNoxp
+6B81lDvab7KVB2HcR+o7DFoejy5HjI+iQL/RoxA5L5t7giROCGXCzjb+0+pxt8fR
+4yR66YmoxUC9kjfCxr70Wob+DrBy73yCnwpw2yndcRoYe3HmyoX0HvYPjnUm0IWt
+BGAALnQn/En/ZDW0YEM5DtOsZPoZd8r49UE=
+-----END CERTIFICATE-----
diff --git a/id.server/data/certs/client-certs/req2.pem b/id.server/data/certs/client-certs/req2.pem
new file mode 100644
index 000000000..972c4a344
--- /dev/null
+++ b/id.server/data/certs/client-certs/req2.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7DCCAlWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBeMQswCQYDVQQGEwJBVDET
+MBEGA1UECBMKU29tZS1TdGF0ZTENMAsGA1UEChMEQlJaRzEMMAoGA1UECxMDTU9B
+MR0wGwYDVQQDExRBYm5haG1ldGVzdCBNT0EtSUQgMjAeFw0wMzA1MDYxNzU2MDRa
+Fw0wMzA2MDUxNzU2MDRaMF4xCzAJBgNVBAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0
+YXRlMQ0wCwYDVQQKEwRCUlpHMQwwCgYDVQQLEwNNT0ExHTAbBgNVBAMTFEFibmFo
+bWV0ZXN0IE1PQS1JRCAyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+T1D5
+sxLxeVxkJ04nRj0iP7OnuAsQBvankGkPrWRo/Z8OusG2tKp0CEgIK+nqbRzElmnL
+20ij7QKHNgUYAb/2tkMP1K2m6dr/fjBnJGle9lUCbIuzXndBgYy5+nBXVXERPo7k
+rUcbnh3hXpa2dpySqV2qgIcNWQ1zsjsYTMKOKwIDAQABo4G5MIG2MB0GA1UdDgQW
+BBS2az6C8gFXa9JjsC+7YVOz+kbQHTCBhgYDVR0jBH8wfYAUtms+gvIBV2vSY7Av
+u2FTs/pG0B2hYqRgMF4xCzAJBgNVBAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRl
+MQ0wCwYDVQQKEwRCUlpHMQwwCgYDVQQLEwNNT0ExHTAbBgNVBAMTFEFibmFobWV0
+ZXN0IE1PQS1JRCAyggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEA
+EEeNYSW9gJrxX04z6G48A+DODPzEtZeyVUE/n/OOox9pHZ0ftOj7M4XdLj6QIrES
++cSo9UWFOkPrYj3TVuJ58LLvB3VqevNu8dq1Q0u7umiCofpuqX9rQ/hcfkVWrg3/
+EZdkckT+PRAZR88omVi5q0uU/CkG8o9+KUeqezmWMg8=
+-----END CERTIFICATE-----
diff --git a/id.server/data/certs/keystores/client.keystore b/id.server/data/certs/keystores/client.keystore
new file mode 100644
index 000000000..2304628f4
--- /dev/null
+++ b/id.server/data/certs/keystores/client.keystore
Binary files differ
diff --git a/id.server/data/certs/keystores/client.p12 b/id.server/data/certs/keystores/client.p12
new file mode 100644
index 000000000..de82e3d5e
--- /dev/null
+++ b/id.server/data/certs/keystores/client.p12
Binary files differ
diff --git a/id.server/data/certs/keystores/client2.p12 b/id.server/data/certs/keystores/client2.p12
new file mode 100644
index 000000000..5147f7f9c
--- /dev/null
+++ b/id.server/data/certs/keystores/client2.p12
Binary files differ
diff --git a/id.server/data/certs/keystores/server.keystore b/id.server/data/certs/keystores/server.keystore
new file mode 100644
index 000000000..5ed848e3f
--- /dev/null
+++ b/id.server/data/certs/keystores/server.keystore
Binary files differ
diff --git a/id.server/data/certs/keystores/testlinux.keystore b/id.server/data/certs/keystores/testlinux.keystore
new file mode 100644
index 000000000..99e78638f
--- /dev/null
+++ b/id.server/data/certs/keystores/testlinux.keystore
Binary files differ
diff --git a/id.server/data/certs/keystores/testlinux_plus_client.keystore b/id.server/data/certs/keystores/testlinux_plus_client.keystore
new file mode 100644
index 000000000..cc08a127b
--- /dev/null
+++ b/id.server/data/certs/keystores/testlinux_plus_client.keystore
Binary files differ
diff --git a/id.server/data/certs/keystores/testlinux_rev.keystore b/id.server/data/certs/keystores/testlinux_rev.keystore
new file mode 100644
index 000000000..d7964e93d
--- /dev/null
+++ b/id.server/data/certs/keystores/testlinux_rev.keystore
Binary files differ
diff --git a/id.server/data/certs/server-certs/a-trust.cer b/id.server/data/certs/server-certs/a-trust.cer
new file mode 100644
index 000000000..f87f82561
--- /dev/null
+++ b/id.server/data/certs/server-certs/a-trust.cer
Binary files differ
diff --git a/id.server/data/certs/server-certs/baltimore.cer b/id.server/data/certs/server-certs/baltimore.cer
new file mode 100644
index 000000000..514c65c51
--- /dev/null
+++ b/id.server/data/certs/server-certs/baltimore.cer
Binary files differ
diff --git a/id.server/data/certs/server-certs/cio.cer b/id.server/data/certs/server-certs/cio.cer
new file mode 100644
index 000000000..560425e95
--- /dev/null
+++ b/id.server/data/certs/server-certs/cio.cer
Binary files differ
diff --git a/id.server/data/certs/server-certs/testlinux.crt b/id.server/data/certs/server-certs/testlinux.crt
new file mode 100644
index 000000000..db9201838
--- /dev/null
+++ b/id.server/data/certs/server-certs/testlinux.crt
Binary files differ
diff --git a/id.server/data/certs/server-certs/testlinux_rev.crt b/id.server/data/certs/server-certs/testlinux_rev.crt
new file mode 100644
index 000000000..ac735db10
--- /dev/null
+++ b/id.server/data/certs/server-certs/testlinux_rev.crt
Binary files differ
diff --git a/id.server/data/certs/server-certs/testwin.cer b/id.server/data/certs/server-certs/testwin.cer
new file mode 100644
index 000000000..ff2f369a8
--- /dev/null
+++ b/id.server/data/certs/server-certs/testwin.cer
Binary files differ
diff --git a/id.server/data/certs/server-certs/testwin_rev.cer b/id.server/data/certs/server-certs/testwin_rev.cer
new file mode 100644
index 000000000..b899000f2
--- /dev/null
+++ b/id.server/data/certs/server-certs/testwin_rev.cer
Binary files differ
diff --git a/id.server/data/certs/server-certs/tomcat-server.crt b/id.server/data/certs/server-certs/tomcat-server.crt
new file mode 100644
index 000000000..f7cca3e9e
--- /dev/null
+++ b/id.server/data/certs/server-certs/tomcat-server.crt
Binary files differ
diff --git a/id.server/data/certs/server-certs/verisign.cer b/id.server/data/certs/server-certs/verisign.cer
new file mode 100644
index 000000000..85f09ee4e
--- /dev/null
+++ b/id.server/data/certs/server-certs/verisign.cer
Binary files differ
diff --git a/id.server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id.server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
new file mode 100644
index 000000000..ec6203326
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <!-- für MOA-ID-AUTH -->
+ <AuthComponent>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+ <BKUSelection BKUSelectionAlternative="HTMLComplete">
+ <ConnectionParameter URL="http://auswahl.buergerkarte.at/auswahl">
+ <!-- <AcceptedServerCertificates>file:conf/moa-id/certs/server-certs</AcceptedServerCertificates> -->
+ </ConnectionParameter>
+ </BKUSelection>
+ <!-- Transformationen für die Anzeige des AUTH-Block im Secure Viewer -->
+ <SecurityLayer>
+ <TransformsInfo filename="file:conf/moa-id/transforms/TransformsInfoAuthBlock.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP über Web Service angesprochen wird -->
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification">
+ <!-- <AcceptedServerCertificates>file:conf/moa-id/certs/server-certs</AcceptedServerCertificates> -->
+ <!-- <ClientKeyStore password="Keystore Pass">file:/file_to_clientkeystore</ClientKeyStore> -->
+ </ConnectionParameter>
+ <!-- TrustProfile für den IdentityLink der Bürgerkarte;
+ muss in MOA-SP konfiguriert sein -->
+ <VerifyIdentityLink>
+ <TrustProfileID>MOAIDBuergerkarteRoot</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <!-- TrustProfile für die Signatur des AUTH-Blocks der Bürgerkarte;
+ muss in MOA-SP konfiguriert sein -->
+ <TrustProfileID>MOAIDBuergerkarteRoot</TrustProfileID>
+ <!-- VerifyTransformsInfoProfile mit den Transformationen für die Anzeige der Anmeldedaten im Secure Viewer;
+ muss in MOA-SP konfiguriert sein -->
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <!-- Gültige Signatoren des IdentityLink, der von der Bürgerkarte gelesen wird -->
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <!-- für MOA-ID-PROXY -->
+ <ProxyComponent>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service -->
+ <AuthComponent>
+ <ConnectionParameter URL="https://localhost:8443/moa-id-auth/services/GetAuthenticationData">
+ <!-- <AcceptedServerCertificates>file:conf/moa-id/certs/server-certs</AcceptedServerCertificates> -->
+ <!-- <ClientKeyStore password="Keystore Pass">file:/file_to_clientkeystore</ClientKeyStore> -->
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <!-- Eintrag für jede Online-Applikation -->
+ <OnlineApplication publicURLPrefix="http://localhost:8080/moa-id-proxy/">
+ <!-- für MOA-ID-AUTH -->
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/>
+ <!-- für MOA-ID-PROXY -->
+ <ProxyComponent configFileURL="file:conf/moa-id/oa/SampleOAConfiguration.xml" sessionTimeOut="600">
+ <!-- <ProxyComponent configFileURL="file:conf/moa-id/oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
+ <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
+ <ConnectionParameter URL="http://localhost:8080/oa/">
+ <!-- <AcceptedServerCertificates>file:conf/moa-id/certs/server-certs</AcceptedServerCertificates> -->
+ <!-- <ClientKeyStore password="Keystore Pass">file:/file_to_clientkeystore</ClientKeyStore> -->
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <!-- ChainingModes für die Zertifikatspfadüberprüfung der TLS-Zertifikate -->
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <!-- für MOA-ID-AUTH: Rootzertifikate des Servers MOA-SP, falls über HTTPS angesprochen -->
+ <!-- für MOA-ID-PROXY: Rootzertifikate des Servers MOA-ID-AUTH, falls über HTTPS angesprochen,
+ und aller Online-Applikationen, die über HTTPS angesprochen werden -->
+ <TrustedCACertificates>file:conf/moa-id/certs/ca-certs</TrustedCACertificates>
+ <!-- Cache-Verzeichnis für-Zertifikate -->
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="conf/moa-id/certs/certstore"/>
+ <!-- Time-Out für die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+ <!-- Time-Out für die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/deploy/conf/moa-id/log4j.properties b/id.server/data/deploy/conf/moa-id/log4j.properties
new file mode 100644
index 000000000..eada826da
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-id/log4j.properties
@@ -0,0 +1,22 @@
+# commons-logging setup
+org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFactory
+
+# define log4j root loggers
+log4j.rootLogger=info, stdout, R
+log4j.logger.moa.spss.server=info
+log4j.logger.iaik.server=info
+log4j.logger.moa.id.auth=info
+log4j.logger.moa.id.proxy=info
+
+# configure the stdout appender
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n
+
+# configure the rolling file appender (R)
+log4j.appender.R=org.apache.log4j.RollingFileAppender
+log4j.appender.R.File=logs/moa-id.log
+log4j.appender.R.MaxFileSize=10000KB
+log4j.appender.R.MaxBackupIndex=1
+log4j.appender.R.layout=org.apache.log4j.PatternLayout
+log4j.appender.R.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n
diff --git a/id.server/data/deploy/conf/moa-id/oa/SampleOAConfiguration.xml b/id.server/data/deploy/conf/moa-id/oa/SampleOAConfiguration.xml
new file mode 100644
index 000000000..13d99f1c1
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-id/oa/SampleOAConfiguration.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<!--Sample XML file generated by XMLSPY v5 U (http://www.xmlspy.com)-->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateless</LoginType>
+ <BasicAuth>
+ <UserID>MOAFamilyName</UserID>
+ <Password>MOAGivenName</Password>
+ </BasicAuth>
+</Configuration>
diff --git a/id.server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml b/id.server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml
new file mode 100644
index 000000000..541089ccb
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml
@@ -0,0 +1,63 @@
+<sl10:TransformsInfo>
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+ <table border="1">
+ <tr>
+ <td>
+ <b>Name:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//@Issuer"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Zeit:</b>
+ </td>
+ <td>
+ <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.<xsl:value-of select="substring(//@IssueInstant,1,4)"/>, <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Applikation:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Geschäftsbereich:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Anmeldeserver:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:NameIdentifier"/>
+ </td>
+ </tr>
+ </table>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ </dsig:Transforms>
+ <sl10:FinalDataMetaInfo>
+ <sl10:MimeType>text/html</sl10:MimeType>
+ </sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
diff --git a/id.server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id.server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
new file mode 100644
index 000000000..900f41252
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<MOAConfiguration xmlns="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:moa-spss="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <!-- Standardnamen für Kanonisierungs- und Digest-Algorithmus -->
+ <CanonicalizationAlgorithm name="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <DigestMethodAlgorithm name="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <!-- Cache-Verzeichnis für Zertifikate;
+ muss die Root- und Intermediate-CA-Zertifikate der Bürgerkarte beinhalten -->
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certstore"/>
+ <!-- VerifyTransformsInfoProfile mit den Transformationen für die Anzeige des AUTH-Block im Secure Viewer -->
+ <VerifyTransformsInfoProfile id="MOAIDTransformAuthBlock" filename="profiles/MOAIDTransformAuthBlock.xml"/>
+ <!-- TrustProfile für den IdentityLink der Bürgerkarte;
+ muss die Root- und Intermediate-CA-Zertifikate der Bürgerkarte beinhalten -->
+ <TrustProfile id="MOAIDBuergerkarteRoot" uri="trustprofiles/MOAIDBuergerkarteRoot"/>
+</MOAConfiguration>
diff --git a/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F b/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F
new file mode 100644
index 000000000..69de75609
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F
Binary files differ
diff --git a/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/9E0512DD61DA5949D1D8631C3F19D75F496C3733 b/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/9E0512DD61DA5949D1D8631C3F19D75F496C3733
new file mode 100644
index 000000000..289fc2198
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/9E0512DD61DA5949D1D8631C3F19D75F496C3733
Binary files differ
diff --git a/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/E6E6FC88719177C9B7421825757C5E47BCAC85F6 b/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/E6E6FC88719177C9B7421825757C5E47BCAC85F6
new file mode 100644
index 000000000..b7d4b08a6
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/E6E6FC88719177C9B7421825757C5E47BCAC85F6
Binary files differ
diff --git a/id.server/data/deploy/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92 b/id.server/data/deploy/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92
new file mode 100644
index 000000000..f9f27442b
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92
Binary files differ
diff --git a/id.server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml b/id.server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml
new file mode 100644
index 000000000..1d1a610b7
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+<dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="substring(//@IssueInstant,9,2)"/>.<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.<xsl:value-of select="substring(//@IssueInstant,1,4)"/>, <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:<xsl:value-of select="substring(//@IssueInstant,18,2)"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms></VerifyTransformsInfoProfile>
diff --git a/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-Qual-01-SN0291.cer b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-Qual-01-SN0291.cer
new file mode 100644
index 000000000..f9f27442b
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-Qual-01-SN0291.cer
Binary files differ
diff --git a/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN0213.cer b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN0213.cer
new file mode 100644
index 000000000..289fc2198
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN0213.cer
Binary files differ
diff --git a/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN0218.cer b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN0218.cer
new file mode 100644
index 000000000..69de75609
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN0218.cer
Binary files differ
diff --git a/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN6f.cer b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN6f.cer
new file mode 100644
index 000000000..b7d4b08a6
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN6f.cer
Binary files differ
diff --git a/id.server/data/deploy/tomcat/moa-id-env.bat b/id.server/data/deploy/tomcat/moa-id-env.bat
new file mode 100644
index 000000000..319d18f88
--- /dev/null
+++ b/id.server/data/deploy/tomcat/moa-id-env.bat
@@ -0,0 +1 @@
+set CATALINA_OPTS=-Dmoa.id.configuration=%CATALINA_HOME%\conf\moa-id\SampleMOAIDConfiguration.xml -Dmoa.spss.server.configuration=%CATALINA_HOME%\conf\moa-spss\SampleMOASPSSConfiguration.xml -Dlog4j.configuration=file:%CATALINA_HOME%\conf\moa-id\log4j.properties
diff --git a/id.server/data/deploy/tomcat/moa-id-env.sh b/id.server/data/deploy/tomcat/moa-id-env.sh
new file mode 100644
index 000000000..9acfe56c0
--- /dev/null
+++ b/id.server/data/deploy/tomcat/moa-id-env.sh
@@ -0,0 +1 @@
+export CATALINA_OPTS="-Dmoa.id.configuration=$CATALINA_HOME/conf/moa-id/SampleMOAIDConfiguration.xml -Dmoa.spss.server.configuration=$CATALINA_HOME/conf/moa-spss/SampleMOASPSSConfiguration.xml -Dlog4j.configuration=file:$CATALINA_HOME/conf/moa-id/log4j.properties"
diff --git a/id.server/data/deploy/tomcat/server.mod_jk.xml b/id.server/data/deploy/tomcat/server.mod_jk.xml
new file mode 100644
index 000000000..61100b260
--- /dev/null
+++ b/id.server/data/deploy/tomcat/server.mod_jk.xml
@@ -0,0 +1,201 @@
+<!-- Alternate Example-less Configuration File -->
+<!-- Note that component elements are nested corresponding to their
+ parent-child relationships with each other -->
+
+<!-- A "Server" is a singleton element that represents the entire JVM,
+ which may contain one or more "Service" instances. The Server
+ listens for a shutdown command on the indicated port.
+
+ Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+
+<Server port="8005" shutdown="SHUTDOWN" debug="0">
+
+
+ <!-- Uncomment this entry to enable JMX MBeans support -->
+<!--
+ <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
+ debug="0" port="-1" login="admin" password="admin"/>
+-->
+
+
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" (and therefore the web applications visible
+ within that Container). Normally, that Container is an "Engine",
+ but this is not required.
+
+ Note: A "Service" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+
+ <!-- Define the Tomcat Stand-Alone Service -->
+ <Service name="Tomcat-Standalone">
+
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Each Connector passes requests on to the
+ associated "Container" (normally an Engine) for processing.
+
+ By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
+ You can also enable an SSL HTTP/1.1 Connector on port 8443 by
+ following the instructions below and uncommenting the second Connector
+ entry. SSL support requires the following steps (see the SSL Config
+ HOWTO in the Tomcat 4.0 documentation bundle for more detailed
+ instructions):
+ * Download and install JSSE 1.0.2 or later, and put the JAR files
+ into "$JAVA_HOME/jre/lib/ext".
+ * Execute:
+ %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
+ $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
+ with a password value of "changeit" for both the certificate and
+ the keystore itself.
+
+ By default, DNS lookups are enabled when a web application calls
+ request.getRemoteHost(). This can have an adverse impact on
+ performance, so you can disable it by setting the
+ "enableLookups" attribute to "false". When DNS lookups are disabled,
+ request.getRemoteHost() will return the String version of the
+ IP address of the remote client.
+ -->
+
+ <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
+ <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
+ port="8009" minProcessors="5" maxProcessors="75"
+ enableLookups="true" redirectPort="8443"
+ acceptCount="10" debug="0" connectionTimeout="0"
+ useURIValidationHack="false"
+ protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>
+
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host). -->
+
+ <!-- Define the top level container in our container hierarchy -->
+ <Engine name="Standalone" defaultHost="localhost" debug="0">
+
+ <!-- The request dumper valve dumps useful debugging information about
+ the request headers and cookies that were received, and the response
+ headers and cookies that were sent, for all requests received by
+ this instance of Tomcat. If you care only about requests to a
+ particular virtual host, or a particular application, nest this
+ element inside the corresponding <Host> or <Context> entry instead.
+
+ For a similar mechanism that is portable to all Servlet 2.3
+ containers, check out the "RequestDumperFilter" Filter in the
+ example application (the source for this filter may be found in
+ "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
+
+ Request dumping is disabled by default. Uncomment the following
+ element to enable it. -->
+ <!--
+ <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
+ -->
+
+ <!-- Global logger unless overridden at lower levels -->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ prefix="catalina_log." suffix=".txt"
+ timestamp="true"/>
+
+ <!-- Because this Realm is here, an instance will be shared globally -->
+
+ <Realm className="org.apache.catalina.realm.MemoryRealm" />
+
+ <!-- Replace the above Realm with one of the following to get a Realm
+ stored in a database and accessed via JDBC -->
+
+ <!-- Define the default virtual host -->
+ <Host name="localhost" debug="0" appBase="webapps"
+ unpackWARs="true" autoDeploy="true">
+
+ <!-- Normally, users must authenticate themselves to each web app
+ individually. Uncomment the following entry if you would like
+ a user to be authenticated the first time they encounter a
+ resource protected by a security constraint, and then have that
+ user identity maintained across *all* web applications contained
+ in this virtual host. -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn"
+ debug="0"/>
+ -->
+
+ <!-- Access log processes all requests for this virtual host. By
+ default, log files are created in the "logs" directory relative to
+ $CATALINA_HOME. If you wish, you can specify a different
+ directory with the "directory" attribute. Specify either a relative
+ (to $CATALINA_HOME) or absolute path to the desired directory.
+ -->
+ <Valve className="org.apache.catalina.valves.AccessLogValve"
+ directory="logs" prefix="localhost_access_log." suffix=".txt"
+ pattern="common"/>
+
+ <!-- Logger shared by all Contexts related to this virtual host. By
+ default (when using FileLogger), log files are created in the "logs"
+ directory relative to $CATALINA_HOME. If you wish, you can specify
+ a different directory with the "directory" attribute. Specify either a
+ relative (to $CATALINA_HOME) or absolute path to the desired
+ directory.-->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ directory="logs" prefix="localhost_log." suffix=".txt"
+ timestamp="true"/>
+
+ <!-- Define properties for each web application. This is only needed
+ if you want to set non-default properties, or have web application
+ document roots in places other than the virtual host's appBase
+ directory. -->
+
+ <!-- Tomcat Root Context -->
+ <!--
+ <Context path="" docBase="ROOT" debug="0"/>
+ -->
+
+ </Host>
+
+ </Engine>
+
+ </Service>
+
+ <!-- The MOD_WEBAPP connector is used to connect Apache 1.3 with Tomcat 4.0
+ as its servlet container. Please read the README.txt file coming with
+ the WebApp Module distribution on how to build it.
+ (Or check out the "jakarta-tomcat-connectors/webapp" CVS repository)
+
+ To configure the Apache side, you must ensure that you have the
+ "ServerName" and "Port" directives defined in "httpd.conf". Then,
+ lines like these to the bottom of your "httpd.conf" file:
+
+ LoadModule webapp_module libexec/mod_webapp.so
+ WebAppConnection warpConnection warp localhost:8008
+ WebAppDeploy examples warpConnection /examples/
+
+ The next time you restart Apache (after restarting Tomcat, if needed)
+ the connection will be established, and all applications you make
+ visible via "WebAppDeploy" directives can be accessed through Apache.
+ -->
+
+ <!-- Define an Apache-Connector Service -->
+ <Service name="Tomcat-Apache">
+
+ <Connector className="org.apache.catalina.connector.warp.WarpConnector"
+ port="8008" minProcessors="5" maxProcessors="75"
+ enableLookups="true"
+ acceptCount="10" debug="0"/>
+
+ <!-- Replace "localhost" with what your Apache "ServerName" is set to -->
+ <Engine className="org.apache.catalina.connector.warp.WarpEngine"
+ name="Apache" debug="0" appBase="webapps">
+
+ <!-- Global logger unless overridden at lower levels -->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ prefix="apache_log." suffix=".txt"
+ timestamp="true"/>
+
+ <!-- Because this Realm is here, an instance will be shared globally -->
+ <Realm className="org.apache.catalina.realm.MemoryRealm" />
+
+ </Engine>
+
+ </Service>
+
+</Server>
+
diff --git a/id.server/data/deploy/tomcat/server.xml b/id.server/data/deploy/tomcat/server.xml
new file mode 100644
index 000000000..c99136fa2
--- /dev/null
+++ b/id.server/data/deploy/tomcat/server.xml
@@ -0,0 +1,157 @@
+<!-- Alternate Example-less Configuration File -->
+<!-- Note that component elements are nested corresponding to their
+ parent-child relationships with each other -->
+<!-- A "Server" is a singleton element that represents the entire JVM,
+ which may contain one or more "Service" instances. The Server
+ listens for a shutdown command on the indicated port.
+
+ Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+<Server port="8005" shutdown="SHUTDOWN" debug="0">
+ <!-- Uncomment this entry to enable JMX MBeans support -->
+ <!--
+ <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
+ debug="0" port="-1" login="admin" password="admin"/>
+-->
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" (and therefore the web applications visible
+ within that Container). Normally, that Container is an "Engine",
+ but this is not required.
+
+ Note: A "Service" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+ <!-- Define the Tomcat Stand-Alone Service -->
+ <Service name="Tomcat-Standalone">
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Each Connector passes requests on to the
+ associated "Container" (normally an Engine) for processing.
+
+ By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
+ You can also enable an SSL HTTP/1.1 Connector on port 8443 by
+ following the instructions below and uncommenting the second Connector
+ entry. SSL support requires the following steps (see the SSL Config
+ HOWTO in the Tomcat 4.0 documentation bundle for more detailed
+ instructions):
+ * Download and install JSSE 1.0.2 or later, and put the JAR files
+ into "$JAVA_HOME/jre/lib/ext".
+ * Execute:
+ %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
+ $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
+ with a password value of "changeit" for both the certificate and
+ the keystore itself.
+
+ By default, DNS lookups are enabled when a web application calls
+ request.getRemoteHost(). This can have an adverse impact on
+ performance, so you can disable it by setting the
+ "enableLookups" attribute to "false". When DNS lookups are disabled,
+ request.getRemoteHost() will return the String version of the
+ IP address of the remote client.
+ -->
+ <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
+ <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8080" minProcessors="5" maxProcessors="75" enableLookups="true" redirectPort="8443" acceptCount="100" debug="0" connectionTimeout="20000" useURIValidationHack="false" disableUploadTimeout="true"/>
+ <!-- Note : To disable connection timeouts, set connectionTimeout value
+ to -1 -->
+ <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
+ <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
+ port="8443" minProcessors="5" maxProcessors="75"
+ enableLookups="uri"
+ acceptCount="100" debug="0" scheme="https" secure="true"
+ useURIValidationHack="false" disableUploadTimeout="true">
+ <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
+ clientAuth="false" protocol="TLS"/>
+ </Connector>
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host). -->
+ <!-- Define the top level container in our container hierarchy -->
+ <Engine name="Standalone" defaultHost="localhost" debug="0">
+ <!-- The request dumper valve dumps useful debugging information about
+ the request headers and cookies that were received, and the response
+ headers and cookies that were sent, for all requests received by
+ this instance of Tomcat. If you care only about requests to a
+ particular virtual host, or a particular application, nest this
+ element inside the corresponding <Host> or <Context> entry instead.
+
+ For a similar mechanism that is portable to all Servlet 2.3
+ containers, check out the "RequestDumperFilter" Filter in the
+ example application (the source for this filter may be found in
+ "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
+
+ Request dumping is disabled by default. Uncomment the following
+ element to enable it. -->
+ <!--
+ <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
+ -->
+ <!-- Global logger unless overridden at lower levels -->
+ <Logger className="org.apache.catalina.logger.FileLogger" prefix="catalina_log." suffix=".txt" timestamp="true"/>
+ <!-- Because this Realm is here, an instance will be shared globally -->
+ <Realm className="org.apache.catalina.realm.MemoryRealm"/>
+ <!-- Define the default virtual host -->
+ <Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="true">
+ <!-- Normally, users must authenticate themselves to each web app
+ individually. Uncomment the following entry if you would like
+ a user to be authenticated the first time they encounter a
+ resource protected by a security constraint, and then have that
+ user identity maintained across *all* web applications contained
+ in this virtual host. -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn"
+ debug="0"/>
+ -->
+ <!-- Access log processes all requests for this virtual host. By
+ default, log files are created in the "logs" directory relative to
+ $CATALINA_HOME. If you wish, you can specify a different
+ directory with the "directory" attribute. Specify either a relative
+ (to $CATALINA_HOME) or absolute path to the desired directory.
+ -->
+ <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="common"/>
+ <!-- Logger shared by all Contexts related to this virtual host. By
+ default (when using FileLogger), log files are created in the "logs"
+ directory relative to $CATALINA_HOME. If you wish, you can specify
+ a different directory with the "directory" attribute. Specify either a
+ relative (to $CATALINA_HOME) or absolute path to the desired
+ directory.-->
+ <Logger className="org.apache.catalina.logger.FileLogger" directory="logs" prefix="localhost_log." suffix=".txt" timestamp="true"/>
+ <!-- Define properties for each web application. This is only needed
+ if you want to set non-default properties, or have web application
+ document roots in places other than the virtual host's appBase
+ directory. -->
+ <!-- Tomcat Root Context -->
+ <!--
+ <Context path="" docBase="../moa-id-proxy.war" debug="0"/>
+ -->
+ </Host>
+ </Engine>
+ </Service>
+ <!-- The MOD_WEBAPP connector is used to connect Apache 1.3 with Tomcat 4.0
+ as its servlet container. Please read the README.txt file coming with
+ the WebApp Module distribution on how to build it.
+ (Or check out the "jakarta-tomcat-connectors/webapp" CVS repository)
+
+ To configure the Apache side, you must ensure that you have the
+ "ServerName" and "Port" directives defined in "httpd.conf". Then,
+ lines like these to the bottom of your "httpd.conf" file:
+
+ LoadModule webapp_module libexec/mod_webapp.so
+ WebAppConnection warpConnection warp localhost:8008
+ WebAppDeploy examples warpConnection /examples/
+
+ The next time you restart Apache (after restarting Tomcat, if needed)
+ the connection will be established, and all applications you make
+ visible via "WebAppDeploy" directives can be accessed through Apache.
+ -->
+ <!-- Define an Apache-Connector Service -->
+ <Service name="Tomcat-Apache">
+ <Connector className="org.apache.catalina.connector.warp.WarpConnector" port="8008" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="10" debug="0"/>
+ <!-- Replace "localhost" with what your Apache "ServerName" is set to -->
+ <Engine className="org.apache.catalina.connector.warp.WarpEngine" name="Apache" debug="0" appBase="webapps">
+ <!-- Global logger unless overridden at lower levels -->
+ <Logger className="org.apache.catalina.logger.FileLogger" prefix="apache_log." suffix=".txt" timestamp="true"/>
+ <!-- Because this Realm is here, an instance will be shared globally -->
+ <Realm className="org.apache.catalina.realm.MemoryRealm"/>
+ </Engine>
+ </Service>
+</Server>
diff --git a/id.server/data/deploy/tomcat/uriworkermap.properties b/id.server/data/deploy/tomcat/uriworkermap.properties
new file mode 100644
index 000000000..daf0dca1a
--- /dev/null
+++ b/id.server/data/deploy/tomcat/uriworkermap.properties
@@ -0,0 +1,7 @@
+# a sample mod_jk uriworkermap.properties file for mapping
+# MOA-ID-AUTH and MOA-ID-PROXY web service requests to workers
+#
+# omit the mappings you don't need
+
+/moa-id-auth/*=moaworker
+/moa-id-proxy/*=moaworker \ No newline at end of file
diff --git a/id.server/data/deploy/tomcat/workers.properties b/id.server/data/deploy/tomcat/workers.properties
new file mode 100644
index 000000000..9350ddc77
--- /dev/null
+++ b/id.server/data/deploy/tomcat/workers.properties
@@ -0,0 +1,6 @@
+# a sample workers.properties file defining a single mod_jk worker
+
+worker.list=moaworker
+worker.moaworker.type=ajp13
+worker.moaworker.host=localhost
+worker.moaworker.port=8009
diff --git a/id.server/data/test/conf/ConfigurationTest.xml b/id.server/data/test/conf/ConfigurationTest.xml
new file mode 100644
index 000000000..5c18e35cc
--- /dev/null
+++ b/id.server/data/test/conf/ConfigurationTest.xml
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="https://10.16.46.108:8443/moa-spss/services">
+ <AcceptedServerCertificates>file:data/test/certs/server-certs</AcceptedServerCertificates>
+ <!-- <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore> -->
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="AuthComponentURL">
+ <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore>
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="http://localhost:9080/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfParamAuth.xml" sessionTimeOut="10" loginParameterResolverImpl="StringloginParameterResolverImpl1" connectionBuilderImpl="StringconnectionBuilderImpl1">
+ <ConnectionParameter URL="ProxyComponentURL">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://verisign.moa.gv.at/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfBasicAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl3" connectionBuilderImpl="StringconnectionBuilderImpl3">
+ <ConnectionParameter URL="https://www.verisign.com/">
+ <AcceptedServerCertificates>file:data/test/certs/server-certs</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://a-trust.moa.gv.at/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfBasicAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl3" connectionBuilderImpl="StringconnectionBuilderImpl3">
+ <ConnectionParameter URL="https://www.a-trust.at/">
+ <AcceptedServerCertificates>file:data/test/certs/server-certs</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://baltimore.moa.gv.at/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfBasicAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl3" connectionBuilderImpl="StringconnectionBuilderImpl3">
+ <ConnectionParameter URL="https://www.baltimore.com/">
+ <AcceptedServerCertificates>file:data/test/certs/server-certs</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://cio.moa.gv.at/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfBasicAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl3" connectionBuilderImpl="StringconnectionBuilderImpl3">
+ <ConnectionParameter URL="https://www.cio.gv.at/">
+ <AcceptedServerCertificates>file:data/test/certs/server-certs</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="StringOALoginURL2">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="StringOALoginURL3">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfBasicAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl3" connectionBuilderImpl="StringconnectionBuilderImpl3">
+ <ConnectionParameter URL="ProxyComponentURL3">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates3</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss3">URL:toClientKeystoreOA3</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="chaining">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <TrustedCACertificates>file:c:/java/id.server/data/test/certs/ca-certs</TrustedCACertificates>
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="c:/java/id.server/data/test/certs/cert-store-root"/>
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+ <GenericConfiguration name="ProxyComponent.DisableHostnameVerification" value="true"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/test/conf/OAConfBasicAuth.xml b/id.server/data/test/conf/OAConfBasicAuth.xml
new file mode 100644
index 000000000..61455f903
--- /dev/null
+++ b/id.server/data/test/conf/OAConfBasicAuth.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<!--Sample XML file generated by XMLSPY v5 U (http://www.xmlspy.com)-->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateful</LoginType>
+ <BasicAuth>
+ <UserID>MOAGivenName</UserID>
+ <Password>MOAFamilyName</Password>
+ </BasicAuth>
+</Configuration>
diff --git a/id.server/data/test/conf/OAConfHeaderAuth.xml b/id.server/data/test/conf/OAConfHeaderAuth.xml
new file mode 100644
index 000000000..c92e055e9
--- /dev/null
+++ b/id.server/data/test/conf/OAConfHeaderAuth.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<!--Sample XML file generated by XMLSPY v5 U (http://www.xmlspy.com)-->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateful</LoginType>
+ <HeaderAuth>
+ <Header Name="Param1" Value="MOAPublicAuthority"/>
+ <Header Name="Param2" Value="MOABKZ"/>
+ <Header Name="Param3" Value="MOAQualifiedCertificate"/>
+ <Header Name="Param4" Value="MOAZMRZahl"/>
+ <Header Name="Param5" Value="MOAIPAddress"/>
+ </HeaderAuth>
+</Configuration>
diff --git a/id.server/data/test/conf/OAConfParamAuth.xml b/id.server/data/test/conf/OAConfParamAuth.xml
new file mode 100644
index 000000000..a70f6a6c0
--- /dev/null
+++ b/id.server/data/test/conf/OAConfParamAuth.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<!--Sample XML file generated by XMLSPY v5 U (http://www.xmlspy.com)-->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateful</LoginType>
+ <ParamAuth>
+ <Parameter Name="Param1" Value="MOADateOfBirth"/>
+ <Parameter Name="Param2" Value="MOAVPK"/>
+ </ParamAuth>
+</Configuration>
diff --git a/id.server/data/test/conf/log4j.properties b/id.server/data/test/conf/log4j.properties
new file mode 100644
index 000000000..9a808f925
--- /dev/null
+++ b/id.server/data/test/conf/log4j.properties
@@ -0,0 +1,10 @@
+# commons-logging setup
+org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFactory
+
+# define log4j root loggers
+log4j.rootLogger=debug, stdout
+
+# configure the stdout appender
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n
diff --git a/id.server/data/test/conf/transforms/TransformsInfosHTML.xml b/id.server/data/test/conf/transforms/TransformsInfosHTML.xml
new file mode 100644
index 000000000..e003297f4
--- /dev/null
+++ b/id.server/data/test/conf/transforms/TransformsInfosHTML.xml
@@ -0,0 +1,63 @@
+<sl10:TransformsInfo>
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+ <table border="1">
+ <tr>
+ <td>
+ <b>Name:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//@Issuer"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Zeit:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//@IssueInstant"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Applikation:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Geschäftsbereich:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Anmeldeserver:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:NameIdentifier"/>
+ </td>
+ </tr>
+ </table>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ </dsig:Transforms>
+ <sl10:FinalDataMetaInfo>
+ <sl10:MimeType>text/html</sl10:MimeType>
+ </sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
diff --git a/id.server/data/test/ixsil/init/properties/algorithms.properties b/id.server/data/test/ixsil/init/properties/algorithms.properties
new file mode 100644
index 000000000..35a41cfdd
--- /dev/null
+++ b/id.server/data/test/ixsil/init/properties/algorithms.properties
@@ -0,0 +1,94 @@
+# IXSIL algorithm properties
+#
+# This file contains the properties which IXSIL uses to maintain the available algorithms.
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# Canonicalization algorithms
+#
+# The following properties (starting with "Canonicalization.") are associations between canonicalization
+# algorithm URIs and their corresponding implementation classes.
+#
+# For instance, if you would like to specify the implementation class for the canonicalization algorithm
+# with the identifying URI "http://www.w3.org/TR/2001/REC-xml-c14n-20010315", the name of the algorithm
+# property is "Canonicalization.http://www.w3.org/TR/2001/REC-xml-c14n-20010315", i.e. the identifying URI,
+# prepended by the canonicalization algorithm property identifier ("Canonicalization."). The value of the
+# property is the fully qualified class name of the implementation for this algorithm, for instance the
+# standard impl. shipped with IXSIL, "iaik.ixsil.algorithms.CanonicalizationAlgorithmImplCanonicalXML".
+#
+# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the
+# property name.
+
+Canonicalization.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315 = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplCanonicalXML
+Canonicalization.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplCanonicalXMLWithComments
+Canonicalization.http\://www.w3.org/2001/10/xml-exc-c14n# = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplExclusiveCanonicalXML
+Canonicalization.http\://www.w3.org/2001/10/xml-exc-c14n#WithComments = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplExclusiveCanonicalXMLWithComments
+
+#----------------------------------------------------------------------------------------------------------
+# Signature algorithms
+#
+# The following properties (starting with "Signature.") are associations between signature algorithm URIs and
+# their corresponding implementation classes.
+#
+# For instance, if you would like to specify the implementation class for the signature algorithm
+# with the identifying URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1", the name of the algorithm
+# property is "Signature.http://www.w3.org/2000/09/xmldsig#rsa-sha1", i.e. the identifying URI,
+# prepended by the signature algorithm property identifier ("Signature."). The value of the
+# property is the fully qualified class name of the implementation for this algorithm, for instance the
+# standard implementation shipped with IXSIL, "iaik.ixsil.algorithms.SignatureAlgorithmImplRSA".
+#
+# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the
+# property name.
+
+Signature.http\://www.w3.org/2000/09/xmldsig#rsa-sha1 = iaik.ixsil.algorithms.SignatureAlgorithmImplRSA
+Signature.http\://www.w3.org/2000/09/xmldsig#dsa-sha1 = iaik.ixsil.algorithms.SignatureAlgorithmImplDSA
+Signature.http\://www.w3.org/2000/09/xmldsig#hmac-sha1 = iaik.ixsil.algorithms.SignatureAlgorithmImplHMAC
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# Digest algorithms
+#
+# The following properties (starting with "Digest.") are associations between digest algorithm URIs and
+# their corresponding implementation classes.
+#
+# For instance, if you would like to specify the implementation class for the digest algorithm
+# with the identifying URI "http://www.w3.org/2000/09/xmldsig#sha1", the name of the algorithm
+# property is "Digest.http://www.w3.org/2000/09/xmldsig#sha1", i.e. the identifying URI,
+# prepended by the digest algorithm property identifier ("Digest."). The value of the
+# property is the fully qualified class name of the implementation for this algorithm, for instance the
+# standard implementation shipped with IXSIL, "iaik.ixsil.algorithms.DigestAlgorithmImplSHA1".
+#
+# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the
+# property name.
+
+Digest.http\://www.w3.org/2000/09/xmldsig#sha1 = iaik.ixsil.algorithms.DigestAlgorithmImplSHA1
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# Transform algorithms
+#
+# The following properties (starting with "Transform.") are associations between digest algorithm URIs and
+# their corresponding implementation classes.
+#
+# For instance, if you would like to specify the implementation class for the transform algorithm
+# with the identifying URI "http://www.w3.org/2000/09/xmldsig#base64", the name of the algorithm
+# property is "Transform.http://www.w3.org/2000/09/xmldsig#base64", i.e. the identifying URI,
+# prepended by the transform algorithm property identifier ("Transform."). The value of the
+# property is the fully qualified class name of the implementation for this algorithm, for instance the
+# standard implementation shipped with IXSIL, "iaik.ixsil.algorithms.TransformImplBase64Decode".
+#
+# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the
+# property name.
+
+Transform.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315 = iaik.ixsil.algorithms.TransformImplCanonicalXML
+Transform.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments = iaik.ixsil.algorithms.TransformImplCanonicalXMLWithComments
+Transform.http\://www.w3.org/2001/10/xml-exc-c14n# = iaik.ixsil.algorithms.TransformImplExclusiveCanonicalXML
+Transform.http\://www.w3.org/2001/10/xml-exc-c14n#WithComments = iaik.ixsil.algorithms.TransformImplExclusiveCanonicalXMLWithComments
+Transform.http\://www.w3.org/2000/09/xmldsig#base64 = iaik.ixsil.algorithms.TransformImplBase64Decode
+Transform.http\://www.w3.org/TR/1999/REC-xpath-19991116 = iaik.ixsil.algorithms.TransformImplXPath
+Transform.http\://www.w3.org/2000/09/xmldsig#enveloped-signature = iaik.ixsil.algorithms.TransformImplEnvelopedSignature
+Transform.http\://www.w3.org/TR/1999/REC-xslt-19991116 = iaik.ixsil.algorithms.TransformImplXSLT
+Transform.http\://www.w3.org/2002/06/xmldsig-filter2 = iaik.ixsil.algorithms.TransformImplXPath2
diff --git a/id.server/data/test/ixsil/init/properties/init.properties b/id.server/data/test/ixsil/init/properties/init.properties
new file mode 100644
index 000000000..a679a2635
--- /dev/null
+++ b/id.server/data/test/ixsil/init/properties/init.properties
@@ -0,0 +1,214 @@
+# IXSIL init properties
+#
+# This file contains the basic initialization properties for IXSIL.
+
+#----------------------------------------------------------------------------------------------------------
+# Properties for localizing exeption messages
+
+# This property specifies the ISO language code, which is used to select the appropriate exception message
+# file. Please see the documentation for Java class "java.util.RessourceBundle" for further information.
+
+IXSILException.ISOLanguageCode = "en"
+
+
+
+# This property specifies the ISO country code, which is used to select the appropriate exception message
+# file. Please see the documentation for Java class "java.util.RessourceBundle" for further information.
+
+IXSILException.ISOCountryCode = "US"
+
+
+#----------------------------------------------------------------------------------------------------------
+# Other property files
+
+# This property contains a URI specifying the (virtual) location of the IXSIL init properties file (i. e.
+# this file). The URI MUST be absolute.
+#
+# The use of this property is optional. It is only needed by IXSIL, if the library will be initialized using
+# the method IXSILInit.init(Properties, Properties, Properties). In this case it is used by IXSIL as the
+# base URI for absolutizing other property URIs, such as "DOMUtils.SignatureSchema" (see below).
+#
+# PLEASE NOTE: Contrary to URIs under e.g. http or ftp scheme, URIs under file and jar scheme do not have an
+# authority component. This means that the part following the scheme identifier starts with "/"
+# (single slash character), and not with "//" (two slash characters).
+#
+# Example 1 (absolute URI under file scheme): "file:/c:/path1/path2/init.properties"
+# Example 2 (absolute URI under jar scheme): "jar:/file:/c:/path1/path2/archive.jar!/init.properties"
+# Example 3 (absolute URI under http scheme): "http://somewhere.org/path1/path2/init.properties"
+
+location.initProperties = file:data/test/ixsil/init/properties/init.properties
+
+
+
+# This property contains a URI specifying the location of the IXSIL algorithm properties file. The URI can
+# be absolute or relative. If a relative URI is used, it will be absolutized using this init property file's
+# URI as the base.
+#
+# PLEASE NOTE: Contrary to URIs under e.g. http or ftp scheme, URIs under file and jar scheme do not have an
+# authority component. This means that the part following the scheme identifier starts with "/"
+# (single slash character), and not with "//" (two slash characters).
+#
+# Example 1 (absolute URI under file scheme): "file:/c:/path1/path2/algorithms.properties"
+# Example 2 (absolute URI under jar scheme): "jar:/file:/c:/path1/path2/archive.jar!/algorithms.properties"
+# Example 3 (absolute URI under http scheme): "http://somewhere.org/path1/path2/algorithms.properties"
+# Example 4 (relative URI): "../otherpath/algorithms.properties"
+# Example 5 (relative URI): "algorithms.properties"
+
+location.algorithmsProperties = file:data/test/ixsil/init/properties/algorithms.properties
+
+
+
+# This property contains a URI specifying the location of the IXSIL keyManager properties file. The URI can
+# be absolute or relative. If a relative URI is used, it will be absolutized using this init property file's
+# URI as the base.
+#
+# PLEASE NOTE: Contrary to URIs under e.g. http or ftp scheme, URIs under file and jar scheme do not have an
+# authority component. This means that the part following the scheme identifier starts with "/"
+# (single slash character), and not with "//" (two slash characters).
+#
+# Example 1 (absolute URI under file scheme): "file:/c:/path1/path2/keyManager.properties"
+# Example 2 (absolute URI under jar scheme): "jar:/file:/c:/path1/path2/archive.jar!/keyManager.properties"
+# Example 3 (absolute URI under http scheme): "http://somewhere.org/path1/path2/keyManager.properties"
+# Example 4 (relative URI): "../otherpath/keyManager.properties"
+# Example 5 (relative URI): "keyManager.properties"
+
+location.keyManagerProperties = file:data/test/ixsil/init/properties/keyManager.properties
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# AlgorithmFactory properties
+
+
+
+This property specifies the extension class for the abstract class
+iaik.ixsil.algorithms.AlgorithmFactory, which is instantiated at invokation of method
+iaik.ixsil.algorithms.AlgorithmFactory.createFactory().
+Please specifiy the fully qualified java class name for the class to be instantiated.
+
+AlgorithmFactory.ImplementingClass = iaik.ixsil.algorithms.AlgorithmFactoryDefaultImpl
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# VerifierKeyManager properties
+
+# This property specifies the implementation class for the interface
+# iaik.ixsil.keyinfo.VerifierKeyManager, which is instantiated by IXSIL in the verification use case, if the
+# signature algorithm does not know about the verification key, and if the XML signature bears a KeyInfo
+# element which contains hints that can be used to deduce the verification key.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+VerifierKeyManager.ImplementingClass = iaik.ixsil.keyinfo.KeyManagerImpl
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# XML namespace prefix properties
+
+# This property specifies the namespace prefix used for XML elements from the XML-Signature namespace.
+#
+# PLEASE NOTE: The prefix must not be empty.
+
+namespacePrefix.XMLSignature = dsig:
+
+
+
+# This property specifies the namespace prefix used for XML elements from the XML Schema instance namespace.
+#
+# PLEASE NOTE: The prefix must not be empty.
+
+namespacePrefix.XMLSchemaInstance = xsi:
+
+
+#----------------------------------------------------------------------------------------------------------
+# DOMUtils properties
+
+
+
+# This property specifies the implementation class IXSIL should use for the interface
+# iaik.ixsil.util.DOMUtilsInterface, which contains a couple of DOM utility methods, which IXSIL relies
+# on. If you would like to employ a parser different from Apache Xerces, you must implement the
+# DOMUtilsInterface and specify your implementation class using this property.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+DOMUtils.ImplementingClass = iaik.ixsil.util.DOMUtilsImpl
+
+
+
+# This property is used by the standard implementation class for the interface
+# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL.
+# It specifies, wheter WARNINGS generated by the Apache Xerces parser should lead to a parser exception
+# or not.
+
+DOMUtils.ErrorHandler.reportWarnings = true
+
+
+
+# This property is used by the standard implementation class for the interface
+# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL.
+# It specifies, wheter ERRORS generated by the Apache Xerces parser should lead to a parser exception
+# or not.
+
+DOMUtils.ErrorHandler.reportErrors = true
+
+
+
+# This property is used by the standard implementation class for the interface
+# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL.
+# It specifies, wheter FATAL ERRORS generated by the Apache Xerces parser should lead to a parser
+# exception or not.
+
+DOMUtils.ErrorHandler.reportFatalErrors = true
+
+
+
+# This property is used by the standard implementation class for the interface
+# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL.
+# It specifies an URI for the location of the XML schema for an XML signature, which is used as the
+# reference grammar in method iaik.ixsil.util.DOMUtilsImpl.schemaValidateSignatureElement.
+# The URI can be absolute or relative. If the URI is relative, it will be absolutized using the URI for
+# this init property file as the base.
+
+DOMUtils.SignatureSchema = ../schemas/Signature.xsd
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# XPathUtils properties
+
+# This property specifies the implementation class IXSIL should use for the interface
+# iaik.ixsil.util.XPathUtilsInterface, which contains a couple of XPath utility methods, which IXSIL relies
+# on. If you would like to employ a XPath engine different from Apache Xalan, you must implement the
+# XPathUtilsInterface and specify your implementation class using this property.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+XPathUtils.ImplementingClass = iaik.ixsil.util.XPathUtilsImpl
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# CanonicalXMLSerializer properties
+
+
+
+# This property specifies the implementation class IXSIL should use for the interface
+# iaik.ixsil.util.CanonicalXMLSerialierInterface. IXSIL relies on this interface to serialize XML according
+# to "Canonical XML" (see http://www.w3.org/TR/2001/REC-xml-c14n-20010315). If you would like to employ an
+# implemenation different from the standard implementation shipped with IXSIL, you must implement the
+# CanonicalXMLSerialierInterface and specify your implementation class using this property.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+CanonicalXMLSerializer.CanonicalXMLImplementingClass = iaik.ixsil.util.CanonicalXMLSerializerImpl
+
+
+
+# This property specifies the implementation class IXSIL should use for the interface
+# iaik.ixsil.util.ExclusiveCanonicalXMLSerialierInterface. IXSIL relies on this interface to serialize XML
+# according to "Exclusive XML Canonicalization" (see http://www.w3.org/TR/2001/WD-xml-exc-c14n-20011120).
+# If you would like to employ an implemenation different from the standard implementation shipped with
+# IXSIL, you must implement the ExclusiveCanonicalXMLSerialierInterface and specify your implementation
+# class using this property.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+CanonicalXMLSerializer.ExclusiveCanonicalXMLImplementingClass = iaik.ixsil.util.CanonicalXMLSerializerImpl
diff --git a/id.server/data/test/ixsil/init/properties/keyManager.properties b/id.server/data/test/ixsil/init/properties/keyManager.properties
new file mode 100644
index 000000000..24ece437a
--- /dev/null
+++ b/id.server/data/test/ixsil/init/properties/keyManager.properties
@@ -0,0 +1,74 @@
+# IXSIL algorithm properties
+#
+# This file contains the properties which IXSIL uses in context of key management.
+
+
+
+#----------------------------------------------------------------------------------------------------------
+#
+# The following properties are associations between the fully qualified XMLname of a "KeyInfo" subelement,
+# as used in an XML signature to specify hints how the verifier can obtain the verification key, and that
+# implementation class of the interface iaik.ixsil.keyinfo.KeyProviderInterface, which will manage
+# subelements of that type.
+#
+# These properties are only of interest, if you are using the standard key manager shipped with IXISL
+# (which is class iaik.ixsil.keyInfo.KeyManagerImpl).
+#
+# For instance, if you would like to specify the key provider implementation for "KeyValue" subelements,
+# the property name is the fully qualified XML name for the "KeyValue" element, namely
+# "http://www.w3.org/2000/09/xmldsig#:KeyValue". The value of the property is the fully qualified class
+# name of the key provider implementation class, for instance the standard implementation which ships with
+# IXSIL: "iaik.ixsil.keyinfo.KeyProviderImplKeyValue".
+#
+# PLEASE NOTE (I): A fully qualified name for an XML element consists of an URI indicating the namespace the
+# element belongs to (e.g. "http://www.w3.org/2000/09/xmldsig#") and the local name of the
+# element (e.g. "KeyValue"). Both components are seperated by a colon.
+#
+# PLEASE NOTE (II): The colon character (":") must be escaped by a leading backslash, if it appears in the
+# property name.
+
+http\://www.w3.org/2000/09/xmldsig#\:KeyValue = iaik.ixsil.keyinfo.KeyProviderImplKeyValue
+http\://www.w3.org/2000/09/xmldsig#\:X509Data = iaik.ixsil.keyinfo.x509.KeyProviderImplX509Data
+http\://www.w3.org/2000/09/xmldsig#\:RetrievalMethod = iaik.ixsil.keyinfo.retrieval.KeyProviderImplRetrievalMethod
+
+
+
+#----------------------------------------------------------------------------------------------------------
+#
+# The following properties specify the order in which the different types of "KeyInfo" subelements are used
+# by the key manager to deduce the verification key.
+#
+# These properties are only of interest, if you are using the standard key manager shipped with IXISL
+# (which is class iaik.ixsil.keyInfo.KeyManagerImpl).
+#
+# The properties are associations between a two digit number and the fully qualified XML name of a "KeyInfo"
+# subelement. The lower the number, the more important is the associated "KeyInfo" sublement. Consider an
+# example configuration:
+#
+# Subelement.01 = http://www.w3.org/2000/09/xmldsig#:KeyValue
+# Subelement.02 = http://www.w3.org/2000/09/xmldsig#:X509Data
+#
+# In this configuration, the key manager first tries to use "KeyValue" subelements to deduce the
+# verification key. Only if this does not succeed, the key manager uses "X509Data" subelements as a second
+# chance. Of course you can specify more than only two different subelement types.
+#
+# PLEASE NOTE: A fully qualified name for an XML element consists of an URI indicating the namespace the
+# element belongs to (e.g. "http://www.w3.org/2000/09/xmldsig#") and the local name of the
+# element (e.g. "KeyValue"). Both components are seperated by a colon.
+
+Subelement.01 = http://www.w3.org/2000/09/xmldsig#:KeyValue
+Subelement.02 = http://www.w3.org/2000/09/xmldsig#:X509Data
+Subelement.03 = http://www.w3.org/2000/09/xmldsig#:RetrievalMethod
+
+
+
+#----------------------------------------------------------------------------------------------------------
+#
+# The following property is used by standard implementation of the "X509Data" key provider, which ships
+# with IXSIL, namely "KeyProviderImplX509Data". It specifies the implementation class for the interface
+# iaik.ixsil.keyinfo.x509.X509TrustManagerInterface, which is to be instantiated as the backbone trust
+# manager for this key provider.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+KeyProviderImplX509Data.X509TrustManagerDefaultImplementingClass = iaik.ixsil.keyinfo.x509.X509TrustManagerDummyImpl
+
diff --git a/id.server/data/test/ixsil/init/schemas/Signature.xsd b/id.server/data/test/ixsil/init/schemas/Signature.xsd
new file mode 100644
index 000000000..7867883f9
--- /dev/null
+++ b/id.server/data/test/ixsil/init/schemas/Signature.xsd
@@ -0,0 +1,328 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE schema
+ SYSTEM "XMLSchema.dtd"
+ [
+ <!ATTLIST schema
+ xmlns:ds CDATA #FIXED "http://www.w3.org/2000/09/xmldsig#">
+ <!ENTITY dsig 'http://www.w3.org/2000/09/xmldsig#'>
+ <!ENTITY % p ''>
+ <!ENTITY % s ''>
+ ]>
+
+<!-- Schema for XML Signatures
+ http://www.w3.org/2000/09/xmldsig#
+ $Revision: 1.3 $ on $Date: 2001/08/28 16:14:01 $ by $Author: reagle $
+
+ Copyright 2001 The Internet Society and W3C (Massachusetts Institute
+ of Technology, Institut National de Recherche en Informatique et en
+ Automatique, Keio University). All Rights Reserved.
+ http://www.w3.org/Consortium/Legal/
+
+ This document is governed by the W3C Software License [1] as described
+ in the FAQ [2].
+
+ [1] http://www.w3.org/Consortium/Legal/copyright-software-19980720
+ [2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
+-->
+
+
+<schema xmlns="http://www.w3.org/2001/XMLSchema"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ targetNamespace="http://www.w3.org/2000/09/xmldsig#"
+ version="0.1" elementFormDefault="qualified">
+
+<!-- Basic Types Defined for Signatures -->
+
+<!-- modified to ensure that whiteSpace is preserved
+<simpleType name="CryptoBinary">
+ <restriction base="base64Binary">
+ </restriction>
+</simpleType>
+ -->
+
+<simpleType name="CryptoBinary">
+ <restriction base="string">
+ <whiteSpace value="preserve"/>
+ <pattern value="[A-Za-z0-9\+/=\n\r\t ]*"/>
+ </restriction>
+</simpleType>
+
+<!-- Start Signature -->
+
+<element name="Signature" type="ds:SignatureType"/>
+<complexType name="SignatureType">
+ <sequence>
+ <element ref="ds:SignedInfo"/>
+ <element ref="ds:SignatureValue"/>
+ <element ref="ds:KeyInfo" minOccurs="0"/>
+ <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="SignatureValue" type="ds:SignatureValueType"/>
+ <complexType name="SignatureValueType">
+ <simpleContent>
+ <extension base="ds:CryptoBinary">
+ <attribute name="Id" type="ID" use="optional"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+
+<!-- Start SignedInfo -->
+
+<element name="SignedInfo" type="ds:SignedInfoType"/>
+<complexType name="SignedInfoType">
+ <sequence>
+ <element ref="ds:CanonicalizationMethod"/>
+ <element ref="ds:SignatureMethod"/>
+ <element ref="ds:Reference" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="CanonicalizationMethod" type="ds:CanonicalizationMethodType"/>
+ <complexType name="CanonicalizationMethodType" mixed="true">
+ <sequence>
+ <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- (0,unbounded) elements from (1,1) namespace -->
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+ <element name="SignatureMethod" type="ds:SignatureMethodType"/>
+ <complexType name="SignatureMethodType" mixed="true">
+ <sequence>
+ <element name="HMACOutputLength" minOccurs="0" type="ds:HMACOutputLengthType"/>
+ <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- (0,unbounded) elements from (1,1) external namespace -->
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+<!-- Start Reference -->
+
+<element name="Reference" type="ds:ReferenceType"/>
+<complexType name="ReferenceType">
+ <sequence>
+ <element ref="ds:Transforms" minOccurs="0"/>
+ <element ref="ds:DigestMethod"/>
+ <element ref="ds:DigestValue"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ <attribute name="URI" type="anyURI" use="optional"/>
+ <attribute name="Type" type="anyURI" use="optional"/>
+</complexType>
+
+ <element name="Transforms" type="ds:TransformsType"/>
+ <complexType name="TransformsType">
+ <sequence>
+ <element ref="ds:Transform" maxOccurs="unbounded"/>
+ </sequence>
+ </complexType>
+
+ <element name="Transform" type="ds:TransformType"/>
+ <complexType name="TransformType" mixed="true">
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <any namespace="##other" processContents="lax"/>
+ <!-- (1,1) elements from (0,unbounded) namespaces -->
+ <element name="XPath" type="string"/>
+ </choice>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+<!-- End Reference -->
+
+<element name="DigestMethod" type="ds:DigestMethodType"/>
+<complexType name="DigestMethodType" mixed="true">
+ <sequence>
+ <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+</complexType>
+
+<element name="DigestValue" type="ds:DigestValueType"/>
+<simpleType name="DigestValueType">
+ <restriction base="ds:CryptoBinary"/>
+</simpleType>
+
+<!-- End SignedInfo -->
+
+<!-- Start KeyInfo -->
+
+<element name="KeyInfo" type="ds:KeyInfoType"/>
+<complexType name="KeyInfoType" mixed="true">
+ <choice maxOccurs="unbounded">
+ <element ref="ds:KeyName"/>
+ <element ref="ds:KeyValue"/>
+ <element ref="ds:RetrievalMethod"/>
+ <element ref="ds:X509Data"/>
+ <element ref="ds:PGPData"/>
+ <element ref="ds:SPKIData"/>
+ <element ref="ds:MgmtData"/>
+ <any processContents="lax" namespace="##other"/>
+ <!-- (1,1) elements from (0,unbounded) namespaces -->
+ </choice>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="KeyName" type="string"/>
+ <element name="MgmtData" type="string"/>
+
+ <element name="KeyValue" type="ds:KeyValueType"/>
+ <complexType name="KeyValueType" mixed="true">
+ <choice>
+ <element ref="ds:DSAKeyValue"/>
+ <element ref="ds:RSAKeyValue"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </complexType>
+
+ <element name="RetrievalMethod" type="ds:RetrievalMethodType"/>
+ <complexType name="RetrievalMethodType">
+ <sequence>
+ <element name="Transforms" type="ds:TransformsType" minOccurs="0"/>
+ </sequence>
+ <attribute name="URI" type="anyURI"/>
+ <attribute name="Type" type="anyURI" use="optional"/>
+ </complexType>
+
+<!-- Start X509Data -->
+
+<element name="X509Data" type="ds:X509DataType"/>
+<complexType name="X509DataType">
+ <sequence maxOccurs="unbounded">
+ <choice>
+ <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
+ <element name="X509SKI" type="ds:CryptoBinary"/>
+ <element name="X509SubjectName" type="string"/>
+ <element name="X509Certificate" type="ds:CryptoBinary"/>
+ <element name="X509CRL" type="ds:CryptoBinary"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </sequence>
+</complexType>
+
+<complexType name="X509IssuerSerialType">
+ <sequence>
+ <element name="X509IssuerName" type="string"/>
+ <element name="X509SerialNumber" type="integer"/>
+ </sequence>
+</complexType>
+
+<!-- End X509Data -->
+
+<!-- Begin PGPData -->
+
+<element name="PGPData" type="ds:PGPDataType"/>
+<complexType name="PGPDataType">
+ <choice>
+ <sequence>
+ <element name="PGPKeyID" type="ds:CryptoBinary"/>
+ <element name="PGPKeyPacket" type="ds:CryptoBinary" minOccurs="0"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"
+ maxOccurs="unbounded"/>
+ </sequence>
+ <sequence>
+ <element name="PGPKeyPacket" type="ds:CryptoBinary"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"
+ maxOccurs="unbounded"/>
+ </sequence>
+ </choice>
+</complexType>
+
+<!-- End PGPData -->
+
+<!-- Begin SPKIData -->
+
+<element name="SPKIData" type="ds:SPKIDataType"/>
+<complexType name="SPKIDataType">
+ <sequence maxOccurs="unbounded">
+ <element name="SPKISexp" type="ds:CryptoBinary"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"/>
+ </sequence>
+</complexType>
+
+<!-- End SPKIData -->
+
+<!-- End KeyInfo -->
+
+<!-- Start Object (Manifest, SignatureProperty) -->
+
+<element name="Object" type="ds:ObjectType"/>
+<complexType name="ObjectType" mixed="true">
+ <sequence minOccurs="0" maxOccurs="unbounded">
+ <any namespace="##any" processContents="lax"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ <attribute name="MimeType" type="string" use="optional"/> <!-- add a grep facet -->
+ <attribute name="Encoding" type="anyURI" use="optional"/>
+</complexType>
+
+<element name="Manifest" type="ds:ManifestType"/>
+<complexType name="ManifestType">
+ <sequence>
+ <element ref="ds:Reference" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+<element name="SignatureProperties" type="ds:SignaturePropertiesType"/>
+<complexType name="SignaturePropertiesType">
+ <sequence>
+ <element ref="ds:SignatureProperty" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="SignatureProperty" type="ds:SignaturePropertyType"/>
+ <complexType name="SignaturePropertyType" mixed="true">
+ <choice maxOccurs="unbounded">
+ <any namespace="##any" processContents="lax"/>
+ <!-- (1,1) elements from (1,unbounded) namespaces -->
+ </choice>
+ <attribute name="Target" type="anyURI" use="required"/>
+ <attribute name="Id" type="ID" use="optional"/>
+ </complexType>
+
+<!-- End Object (Manifest, SignatureProperty) -->
+
+<!-- Start Algorithm Parameters -->
+
+<simpleType name="HMACOutputLengthType">
+ <restriction base="integer"/>
+</simpleType>
+
+<!-- Start KeyValue Element-types -->
+
+<element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
+<complexType name="DSAKeyValueType">
+ <sequence>
+ <sequence minOccurs="0">
+ <element name="P" type="ds:CryptoBinary"/>
+ <element name="Q" type="ds:CryptoBinary"/>
+ </sequence>
+ <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
+ <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
+ <element name="Y" type="ds:CryptoBinary"/>
+ <sequence minOccurs="0">
+ <element name="Seed" type="ds:CryptoBinary"/>
+ <element name="PgenCounter" type="ds:CryptoBinary"/>
+ </sequence>
+ </sequence>
+</complexType>
+
+
+<element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
+<complexType name="RSAKeyValueType">
+ <sequence>
+ <element name="Modulus" type="ds:CryptoBinary"/>
+ <element name="Exponent" type="ds:CryptoBinary"/>
+ </sequence>
+</complexType>
+
+<!-- End KeyValue Element-types -->
+
+<!-- End Signature -->
+
+</schema>
diff --git a/id.server/data/test/ixsil/init/schemas/XMLSchema.dtd b/id.server/data/test/ixsil/init/schemas/XMLSchema.dtd
new file mode 100644
index 000000000..678cfc8dd
--- /dev/null
+++ b/id.server/data/test/ixsil/init/schemas/XMLSchema.dtd
@@ -0,0 +1,402 @@
+<!-- DTD for XML Schemas: Part 1: Structures
+ Public Identifier: "-//W3C//DTD XMLSCHEMA 200102//EN"
+ Official Location: http://www.w3.org/2001/XMLSchema.dtd -->
+<!-- $Id: XMLSchema.dtd,v 1.31 2001/10/24 15:50:16 ht Exp $ -->
+<!-- Note this DTD is NOT normative, or even definitive. --> <!--d-->
+<!-- prose copy in the structures REC is the definitive version --> <!--d-->
+<!-- (which shouldn't differ from this one except for this --> <!--d-->
+<!-- comment and entity expansions, but just in case) --> <!--d-->
+<!-- With the exception of cases with multiple namespace
+ prefixes for the XML Schema namespace, any XML document which is
+ not valid per this DTD given redefinitions in its internal subset of the
+ 'p' and 's' parameter entities below appropriate to its namespace
+ declaration of the XML Schema namespace is almost certainly not
+ a valid schema. -->
+
+<!-- The simpleType element and its constituent parts
+ are defined in XML Schema: Part 2: Datatypes -->
+<!ENTITY % xs-datatypes PUBLIC 'datatypes' 'datatypes.dtd' >
+
+<!ENTITY % p 'xs:'> <!-- can be overriden in the internal subset of a
+ schema document to establish a different
+ namespace prefix -->
+<!ENTITY % s ':xs'> <!-- if %p is defined (e.g. as foo:) then you must
+ also define %s as the suffix for the appropriate
+ namespace declaration (e.g. :foo) -->
+<!ENTITY % nds 'xmlns%s;'>
+
+<!-- Define all the element names, with optional prefix -->
+<!ENTITY % schema "%p;schema">
+<!ENTITY % complexType "%p;complexType">
+<!ENTITY % complexContent "%p;complexContent">
+<!ENTITY % simpleContent "%p;simpleContent">
+<!ENTITY % extension "%p;extension">
+<!ENTITY % element "%p;element">
+<!ENTITY % unique "%p;unique">
+<!ENTITY % key "%p;key">
+<!ENTITY % keyref "%p;keyref">
+<!ENTITY % selector "%p;selector">
+<!ENTITY % field "%p;field">
+<!ENTITY % group "%p;group">
+<!ENTITY % all "%p;all">
+<!ENTITY % choice "%p;choice">
+<!ENTITY % sequence "%p;sequence">
+<!ENTITY % any "%p;any">
+<!ENTITY % anyAttribute "%p;anyAttribute">
+<!ENTITY % attribute "%p;attribute">
+<!ENTITY % attributeGroup "%p;attributeGroup">
+<!ENTITY % include "%p;include">
+<!ENTITY % import "%p;import">
+<!ENTITY % redefine "%p;redefine">
+<!ENTITY % notation "%p;notation">
+
+<!-- annotation elements -->
+<!ENTITY % annotation "%p;annotation">
+<!ENTITY % appinfo "%p;appinfo">
+<!ENTITY % documentation "%p;documentation">
+
+<!-- Customisation entities for the ATTLIST of each element type.
+ Define one of these if your schema takes advantage of the
+ anyAttribute='##other' in the schema for schemas -->
+
+<!ENTITY % schemaAttrs ''>
+<!ENTITY % complexTypeAttrs ''>
+<!ENTITY % complexContentAttrs ''>
+<!ENTITY % simpleContentAttrs ''>
+<!ENTITY % extensionAttrs ''>
+<!ENTITY % elementAttrs ''>
+<!ENTITY % groupAttrs ''>
+<!ENTITY % allAttrs ''>
+<!ENTITY % choiceAttrs ''>
+<!ENTITY % sequenceAttrs ''>
+<!ENTITY % anyAttrs ''>
+<!ENTITY % anyAttributeAttrs ''>
+<!ENTITY % attributeAttrs ''>
+<!ENTITY % attributeGroupAttrs ''>
+<!ENTITY % uniqueAttrs ''>
+<!ENTITY % keyAttrs ''>
+<!ENTITY % keyrefAttrs ''>
+<!ENTITY % selectorAttrs ''>
+<!ENTITY % fieldAttrs ''>
+<!ENTITY % includeAttrs ''>
+<!ENTITY % importAttrs ''>
+<!ENTITY % redefineAttrs ''>
+<!ENTITY % notationAttrs ''>
+<!ENTITY % annotationAttrs ''>
+<!ENTITY % appinfoAttrs ''>
+<!ENTITY % documentationAttrs ''>
+
+<!ENTITY % complexDerivationSet "CDATA">
+ <!-- #all or space-separated list drawn from derivationChoice -->
+<!ENTITY % blockSet "CDATA">
+ <!-- #all or space-separated list drawn from
+ derivationChoice + 'substitution' -->
+
+<!ENTITY % mgs '%all; | %choice; | %sequence;'>
+<!ENTITY % cs '%choice; | %sequence;'>
+<!ENTITY % formValues '(qualified|unqualified)'>
+
+
+<!ENTITY % attrDecls '((%attribute;| %attributeGroup;)*,(%anyAttribute;)?)'>
+
+<!ENTITY % particleAndAttrs '((%mgs; | %group;)?, %attrDecls;)'>
+
+<!-- This is used in part2 -->
+<!ENTITY % restriction1 '((%mgs; | %group;)?)'>
+
+%xs-datatypes;
+
+<!-- the duplication below is to produce an unambiguous content model
+ which allows annotation everywhere -->
+<!ELEMENT %schema; ((%include; | %import; | %redefine; | %annotation;)*,
+ ((%simpleType; | %complexType;
+ | %element; | %attribute;
+ | %attributeGroup; | %group;
+ | %notation; ),
+ (%annotation;)*)* )>
+<!ATTLIST %schema;
+ targetNamespace %URIref; #IMPLIED
+ version CDATA #IMPLIED
+ %nds; %URIref; #FIXED 'http://www.w3.org/2001/XMLSchema'
+ xmlns CDATA #IMPLIED
+ finalDefault %complexDerivationSet; ''
+ blockDefault %blockSet; ''
+ id ID #IMPLIED
+ elementFormDefault %formValues; 'unqualified'
+ attributeFormDefault %formValues; 'unqualified'
+ xml:lang CDATA #IMPLIED
+ %schemaAttrs;>
+<!-- Note the xmlns declaration is NOT in the Schema for Schemas,
+ because at the Infoset level where schemas operate,
+ xmlns(:prefix) is NOT an attribute! -->
+<!-- The declaration of xmlns is a convenience for schema authors -->
+
+<!-- The id attribute here and below is for use in external references
+ from non-schemas using simple fragment identifiers.
+ It is NOT used for schema-to-schema reference, internal or
+ external. -->
+
+<!-- a type is a named content type specification which allows attribute
+ declarations-->
+<!-- -->
+
+<!ELEMENT %complexType; ((%annotation;)?,
+ (%simpleContent;|%complexContent;|
+ %particleAndAttrs;))>
+
+<!ATTLIST %complexType;
+ name %NCName; #IMPLIED
+ id ID #IMPLIED
+ abstract %boolean; #IMPLIED
+ final %complexDerivationSet; #IMPLIED
+ block %complexDerivationSet; #IMPLIED
+ mixed (true|false) 'false'
+ %complexTypeAttrs;>
+
+<!-- particleAndAttrs is shorthand for a root type -->
+<!-- mixed is disallowed if simpleContent, overriden if complexContent
+ has one too. -->
+
+<!-- If anyAttribute appears in one or more referenced attributeGroups
+ and/or explicitly, the intersection of the permissions is used -->
+
+<!ELEMENT %complexContent; ((%annotation;)?, (%restriction;|%extension;))>
+<!ATTLIST %complexContent;
+ mixed (true|false) #IMPLIED
+ id ID #IMPLIED
+ %complexContentAttrs;>
+
+<!-- restriction should use the branch defined above, not the simple
+ one from part2; extension should use the full model -->
+
+<!ELEMENT %simpleContent; ((%annotation;)?, (%restriction;|%extension;))>
+<!ATTLIST %simpleContent;
+ id ID #IMPLIED
+ %simpleContentAttrs;>
+
+<!-- restriction should use the simple branch from part2, not the
+ one defined above; extension should have no particle -->
+
+<!ELEMENT %extension; ((%annotation;)?, (%particleAndAttrs;))>
+<!ATTLIST %extension;
+ base %QName; #REQUIRED
+ id ID #IMPLIED
+ %extensionAttrs;>
+
+<!-- an element is declared by either:
+ a name and a type (either nested or referenced via the type attribute)
+ or a ref to an existing element declaration -->
+
+<!ELEMENT %element; ((%annotation;)?, (%complexType;| %simpleType;)?,
+ (%unique; | %key; | %keyref;)*)>
+<!-- simpleType or complexType only if no type|ref attribute -->
+<!-- ref not allowed at top level -->
+<!ATTLIST %element;
+ name %NCName; #IMPLIED
+ id ID #IMPLIED
+ ref %QName; #IMPLIED
+ type %QName; #IMPLIED
+ minOccurs %nonNegativeInteger; #IMPLIED
+ maxOccurs CDATA #IMPLIED
+ nillable %boolean; #IMPLIED
+ substitutionGroup %QName; #IMPLIED
+ abstract %boolean; #IMPLIED
+ final %complexDerivationSet; #IMPLIED
+ block %blockSet; #IMPLIED
+ default CDATA #IMPLIED
+ fixed CDATA #IMPLIED
+ form %formValues; #IMPLIED
+ %elementAttrs;>
+<!-- type and ref are mutually exclusive.
+ name and ref are mutually exclusive, one is required -->
+<!-- In the absence of type AND ref, type defaults to type of
+ substitutionGroup, if any, else the ur-type, i.e. unconstrained -->
+<!-- default and fixed are mutually exclusive -->
+
+<!ELEMENT %group; ((%annotation;)?,(%mgs;)?)>
+<!ATTLIST %group;
+ name %NCName; #IMPLIED
+ ref %QName; #IMPLIED
+ minOccurs %nonNegativeInteger; #IMPLIED
+ maxOccurs CDATA #IMPLIED
+ id ID #IMPLIED
+ %groupAttrs;>
+
+<!ELEMENT %all; ((%annotation;)?, (%element;)*)>
+<!ATTLIST %all;
+ minOccurs (1) #IMPLIED
+ maxOccurs (1) #IMPLIED
+ id ID #IMPLIED
+ %allAttrs;>
+
+<!ELEMENT %choice; ((%annotation;)?, (%element;| %group;| %cs; | %any;)*)>
+<!ATTLIST %choice;
+ minOccurs %nonNegativeInteger; #IMPLIED
+ maxOccurs CDATA #IMPLIED
+ id ID #IMPLIED
+ %choiceAttrs;>
+
+<!ELEMENT %sequence; ((%annotation;)?, (%element;| %group;| %cs; | %any;)*)>
+<!ATTLIST %sequence;
+ minOccurs %nonNegativeInteger; #IMPLIED
+ maxOccurs CDATA #IMPLIED
+ id ID #IMPLIED
+ %sequenceAttrs;>
+
+<!-- an anonymous grouping in a model, or
+ a top-level named group definition, or a reference to same -->
+
+<!-- Note that if order is 'all', group is not allowed inside.
+ If order is 'all' THIS group must be alone (or referenced alone) at
+ the top level of a content model -->
+<!-- If order is 'all', minOccurs==maxOccurs==1 on element/any inside -->
+<!-- Should allow minOccurs=0 inside order='all' . . . -->
+
+<!ELEMENT %any; (%annotation;)?>
+<!ATTLIST %any;
+ namespace CDATA '##any'
+ processContents (skip|lax|strict) 'strict'
+ minOccurs %nonNegativeInteger; '1'
+ maxOccurs CDATA '1'
+ id ID #IMPLIED
+ %anyAttrs;>
+
+<!-- namespace is interpreted as follows:
+ ##any - - any non-conflicting WFXML at all
+
+ ##other - - any non-conflicting WFXML from namespace other
+ than targetNamespace
+
+ ##local - - any unqualified non-conflicting WFXML/attribute
+ one or - - any non-conflicting WFXML from
+ more URI the listed namespaces
+ references
+
+ ##targetNamespace ##local may appear in the above list,
+ with the obvious meaning -->
+
+<!ELEMENT %anyAttribute; (%annotation;)?>
+<!ATTLIST %anyAttribute;
+ namespace CDATA '##any'
+ processContents (skip|lax|strict) 'strict'
+ id ID #IMPLIED
+ %anyAttributeAttrs;>
+<!-- namespace is interpreted as for 'any' above -->
+
+<!-- simpleType only if no type|ref attribute -->
+<!-- ref not allowed at top level, name iff at top level -->
+<!ELEMENT %attribute; ((%annotation;)?, (%simpleType;)?)>
+<!ATTLIST %attribute;
+ name %NCName; #IMPLIED
+ id ID #IMPLIED
+ ref %QName; #IMPLIED
+ type %QName; #IMPLIED
+ use (prohibited|optional|required) #IMPLIED
+ default CDATA #IMPLIED
+ fixed CDATA #IMPLIED
+ form %formValues; #IMPLIED
+ %attributeAttrs;>
+<!-- type and ref are mutually exclusive.
+ name and ref are mutually exclusive, one is required -->
+<!-- default for use is optional when nested, none otherwise -->
+<!-- default and fixed are mutually exclusive -->
+<!-- type attr and simpleType content are mutually exclusive -->
+
+<!-- an attributeGroup is a named collection of attribute decls, or a
+ reference thereto -->
+<!ELEMENT %attributeGroup; ((%annotation;)?,
+ (%attribute; | %attributeGroup;)*,
+ (%anyAttribute;)?) >
+<!ATTLIST %attributeGroup;
+ name %NCName; #IMPLIED
+ id ID #IMPLIED
+ ref %QName; #IMPLIED
+ %attributeGroupAttrs;>
+
+<!-- ref iff no content, no name. ref iff not top level -->
+
+<!-- better reference mechanisms -->
+<!ELEMENT %unique; ((%annotation;)?, %selector;, (%field;)+)>
+<!ATTLIST %unique;
+ name %NCName; #REQUIRED
+ id ID #IMPLIED
+ %uniqueAttrs;>
+
+<!ELEMENT %key; ((%annotation;)?, %selector;, (%field;)+)>
+<!ATTLIST %key;
+ name %NCName; #REQUIRED
+ id ID #IMPLIED
+ %keyAttrs;>
+
+<!ELEMENT %keyref; ((%annotation;)?, %selector;, (%field;)+)>
+<!ATTLIST %keyref;
+ name %NCName; #REQUIRED
+ refer %QName; #REQUIRED
+ id ID #IMPLIED
+ %keyrefAttrs;>
+
+<!ELEMENT %selector; ((%annotation;)?)>
+<!ATTLIST %selector;
+ xpath %XPathExpr; #REQUIRED
+ id ID #IMPLIED
+ %selectorAttrs;>
+<!ELEMENT %field; ((%annotation;)?)>
+<!ATTLIST %field;
+ xpath %XPathExpr; #REQUIRED
+ id ID #IMPLIED
+ %fieldAttrs;>
+
+<!-- Schema combination mechanisms -->
+<!ELEMENT %include; (%annotation;)?>
+<!ATTLIST %include;
+ schemaLocation %URIref; #REQUIRED
+ id ID #IMPLIED
+ %includeAttrs;>
+
+<!ELEMENT %import; (%annotation;)?>
+<!ATTLIST %import;
+ namespace %URIref; #IMPLIED
+ schemaLocation %URIref; #IMPLIED
+ id ID #IMPLIED
+ %importAttrs;>
+
+<!ELEMENT %redefine; (%annotation; | %simpleType; | %complexType; |
+ %attributeGroup; | %group;)*>
+<!ATTLIST %redefine;
+ schemaLocation %URIref; #REQUIRED
+ id ID #IMPLIED
+ %redefineAttrs;>
+
+<!ELEMENT %notation; (%annotation;)?>
+<!ATTLIST %notation;
+ name %NCName; #REQUIRED
+ id ID #IMPLIED
+ public CDATA #REQUIRED
+ system %URIref; #IMPLIED
+ %notationAttrs;>
+
+<!-- Annotation is either application information or documentation -->
+<!-- By having these here they are available for datatypes as well
+ as all the structures elements -->
+
+<!ELEMENT %annotation; (%appinfo; | %documentation;)*>
+<!ATTLIST %annotation; %annotationAttrs;>
+
+<!-- User must define annotation elements in internal subset for this
+ to work -->
+<!ELEMENT %appinfo; ANY> <!-- too restrictive -->
+<!ATTLIST %appinfo;
+ source %URIref; #IMPLIED
+ id ID #IMPLIED
+ %appinfoAttrs;>
+<!ELEMENT %documentation; ANY> <!-- too restrictive -->
+<!ATTLIST %documentation;
+ source %URIref; #IMPLIED
+ id ID #IMPLIED
+ xml:lang CDATA #IMPLIED
+ %documentationAttrs;>
+
+<!NOTATION XMLSchemaStructures PUBLIC
+ 'structures' 'http://www.w3.org/2001/XMLSchema.xsd' >
+<!NOTATION XML PUBLIC
+ 'REC-xml-1998-0210' 'http://www.w3.org/TR/1998/REC-xml-19980210' >
diff --git a/id.server/data/test/ixsil/init/schemas/datatypes.dtd b/id.server/data/test/ixsil/init/schemas/datatypes.dtd
new file mode 100644
index 000000000..8e48553be
--- /dev/null
+++ b/id.server/data/test/ixsil/init/schemas/datatypes.dtd
@@ -0,0 +1,203 @@
+<!--
+ DTD for XML Schemas: Part 2: Datatypes
+ $Id: datatypes.dtd,v 1.23 2001/03/16 17:36:30 ht Exp $
+ Note this DTD is NOT normative, or even definitive. - - the
+ prose copy in the datatypes REC is the definitive version
+ (which shouldn't differ from this one except for this comment
+ and entity expansions, but just in case)
+ -->
+
+<!--
+ This DTD cannot be used on its own, it is intended
+ only for incorporation in XMLSchema.dtd, q.v.
+ -->
+
+<!-- Define all the element names, with optional prefix -->
+<!ENTITY % simpleType "%p;simpleType">
+<!ENTITY % restriction "%p;restriction">
+<!ENTITY % list "%p;list">
+<!ENTITY % union "%p;union">
+<!ENTITY % maxExclusive "%p;maxExclusive">
+<!ENTITY % minExclusive "%p;minExclusive">
+<!ENTITY % maxInclusive "%p;maxInclusive">
+<!ENTITY % minInclusive "%p;minInclusive">
+<!ENTITY % totalDigits "%p;totalDigits">
+<!ENTITY % fractionDigits "%p;fractionDigits">
+<!ENTITY % length "%p;length">
+<!ENTITY % minLength "%p;minLength">
+<!ENTITY % maxLength "%p;maxLength">
+<!ENTITY % enumeration "%p;enumeration">
+<!ENTITY % whiteSpace "%p;whiteSpace">
+<!ENTITY % pattern "%p;pattern">
+
+<!--
+ Customisation entities for the ATTLIST of each element
+ type. Define one of these if your schema takes advantage
+ of the anyAttribute='##other' in the schema for schemas
+ -->
+
+<!ENTITY % simpleTypeAttrs "">
+<!ENTITY % restrictionAttrs "">
+<!ENTITY % listAttrs "">
+<!ENTITY % unionAttrs "">
+<!ENTITY % maxExclusiveAttrs "">
+<!ENTITY % minExclusiveAttrs "">
+<!ENTITY % maxInclusiveAttrs "">
+<!ENTITY % minInclusiveAttrs "">
+<!ENTITY % totalDigitsAttrs "">
+<!ENTITY % fractionDigitsAttrs "">
+<!ENTITY % lengthAttrs "">
+<!ENTITY % minLengthAttrs "">
+<!ENTITY % maxLengthAttrs "">
+<!ENTITY % enumerationAttrs "">
+<!ENTITY % whiteSpaceAttrs "">
+<!ENTITY % patternAttrs "">
+
+<!-- Define some entities for informative use as attribute
+ types -->
+<!ENTITY % URIref "CDATA">
+<!ENTITY % XPathExpr "CDATA">
+<!ENTITY % QName "NMTOKEN">
+<!ENTITY % QNames "NMTOKENS">
+<!ENTITY % NCName "NMTOKEN">
+<!ENTITY % nonNegativeInteger "NMTOKEN">
+<!ENTITY % boolean "(true|false)">
+<!ENTITY % simpleDerivationSet "CDATA">
+<!--
+ #all or space-separated list drawn from derivationChoice
+ -->
+
+<!--
+ Note that the use of 'facet' below is less restrictive
+ than is really intended: There should in fact be no
+ more than one of each of minInclusive, minExclusive,
+ maxInclusive, maxExclusive, totalDigits, fractionDigits,
+ length, maxLength, minLength within datatype,
+ and the min- and max- variants of Inclusive and Exclusive
+ are mutually exclusive. On the other hand, pattern and
+ enumeration may repeat.
+ -->
+<!ENTITY % minBound "(%minInclusive; | %minExclusive;)">
+<!ENTITY % maxBound "(%maxInclusive; | %maxExclusive;)">
+<!ENTITY % bounds "%minBound; | %maxBound;">
+<!ENTITY % numeric "%totalDigits; | %fractionDigits;">
+<!ENTITY % ordered "%bounds; | %numeric;">
+<!ENTITY % unordered
+ "%pattern; | %enumeration; | %whiteSpace; | %length; |
+ %maxLength; | %minLength;">
+<!ENTITY % facet "%ordered; | %unordered;">
+<!ENTITY % facetAttr
+ "value CDATA #REQUIRED
+ id ID #IMPLIED">
+<!ENTITY % fixedAttr "fixed %boolean; #IMPLIED">
+<!ENTITY % facetModel "(%annotation;)?">
+<!ELEMENT %simpleType;
+ ((%annotation;)?, (%restriction; | %list; | %union;))>
+<!ATTLIST %simpleType;
+ name %NCName; #IMPLIED
+ final %simpleDerivationSet; #IMPLIED
+ id ID #IMPLIED
+ %simpleTypeAttrs;>
+<!-- name is required at top level -->
+<!ELEMENT %restriction; ((%annotation;)?,
+ (%restriction1; |
+ ((%simpleType;)?,(%facet;)*)),
+ (%attrDecls;))>
+<!ATTLIST %restriction;
+ base %QName; #IMPLIED
+ id ID #IMPLIED
+ %restrictionAttrs;>
+<!--
+ base and simpleType child are mutually exclusive,
+ one is required.
+
+ restriction is shared between simpleType and
+ simpleContent and complexContent (in XMLSchema.xsd).
+ restriction1 is for the latter cases, when this
+ is restricting a complex type, as is attrDecls.
+ -->
+<!ELEMENT %list; ((%annotation;)?,(%simpleType;)?)>
+<!ATTLIST %list;
+ itemType %QName; #IMPLIED
+ id ID #IMPLIED
+ %listAttrs;>
+<!--
+ itemType and simpleType child are mutually exclusive,
+ one is required
+ -->
+<!ELEMENT %union; ((%annotation;)?,(%simpleType;)*)>
+<!ATTLIST %union;
+ id ID #IMPLIED
+ memberTypes %QNames; #IMPLIED
+ %unionAttrs;>
+<!--
+ At least one item in memberTypes or one simpleType
+ child is required
+ -->
+
+<!ELEMENT %maxExclusive; %facetModel;>
+<!ATTLIST %maxExclusive;
+ %facetAttr;
+ %fixedAttr;
+ %maxExclusiveAttrs;>
+<!ELEMENT %minExclusive; %facetModel;>
+<!ATTLIST %minExclusive;
+ %facetAttr;
+ %fixedAttr;
+ %minExclusiveAttrs;>
+
+<!ELEMENT %maxInclusive; %facetModel;>
+<!ATTLIST %maxInclusive;
+ %facetAttr;
+ %fixedAttr;
+ %maxInclusiveAttrs;>
+<!ELEMENT %minInclusive; %facetModel;>
+<!ATTLIST %minInclusive;
+ %facetAttr;
+ %fixedAttr;
+ %minInclusiveAttrs;>
+
+<!ELEMENT %totalDigits; %facetModel;>
+<!ATTLIST %totalDigits;
+ %facetAttr;
+ %fixedAttr;
+ %totalDigitsAttrs;>
+<!ELEMENT %fractionDigits; %facetModel;>
+<!ATTLIST %fractionDigits;
+ %facetAttr;
+ %fixedAttr;
+ %fractionDigitsAttrs;>
+
+<!ELEMENT %length; %facetModel;>
+<!ATTLIST %length;
+ %facetAttr;
+ %fixedAttr;
+ %lengthAttrs;>
+<!ELEMENT %minLength; %facetModel;>
+<!ATTLIST %minLength;
+ %facetAttr;
+ %fixedAttr;
+ %minLengthAttrs;>
+<!ELEMENT %maxLength; %facetModel;>
+<!ATTLIST %maxLength;
+ %facetAttr;
+ %fixedAttr;
+ %maxLengthAttrs;>
+
+<!-- This one can be repeated -->
+<!ELEMENT %enumeration; %facetModel;>
+<!ATTLIST %enumeration;
+ %facetAttr;
+ %enumerationAttrs;>
+
+<!ELEMENT %whiteSpace; %facetModel;>
+<!ATTLIST %whiteSpace;
+ %facetAttr;
+ %fixedAttr;
+ %whiteSpaceAttrs;>
+
+<!-- This one can be repeated -->
+<!ELEMENT %pattern; %facetModel;>
+<!ATTLIST %pattern;
+ %facetAttr;
+ %patternAttrs;>
diff --git a/id.server/data/test/xmldata/ErrorResponse.xml b/id.server/data/test/xmldata/ErrorResponse.xml
new file mode 100644
index 000000000..db70c2560
--- /dev/null
+++ b/id.server/data/test/xmldata/ErrorResponse.xml
@@ -0,0 +1,4 @@
+<?xml version='1.0' encoding='UTF-8'?><sl10:ErrorResponse xmlns:sl10='http://www.buergerkarte.at/namespaces/securitylayer/20020225#'>
+ <sl10:ErrorCode>29002</sl10:ErrorCode>
+ <sl10:Info>Ein unerwarteter Fehler ist aufgetreten. Die Verarbeitung wurde abgebrochen. Fehler:null</sl10:Info>
+</sl10:ErrorResponse> \ No newline at end of file
diff --git a/id.server/data/test/xmldata/GetIdentityLinkForm.html b/id.server/data/test/xmldata/GetIdentityLinkForm.html
new file mode 100644
index 000000000..b7828e598
--- /dev/null
+++ b/id.server/data/test/xmldata/GetIdentityLinkForm.html
@@ -0,0 +1,20 @@
+<html>
+<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
+<head>
+<title>Auslesen der Personenbindung</title>
+
+</head>
+<body>
+<form name="GetIdentityLinkForm"
+ action="http://localhost:3495/http-security-layer-request"
+ method="post">
+ <input type="hidden"
+ name="XMLRequest"
+ value="<?xml version='1.0' encoding='ISO-8859-1' ?><sl10:InfoboxReadRequest xmlns:sl10='http://www.buergerkarte.at/namespaces/securitylayer/20020225#'><sl10:InfoboxIdentifier>IdentityLink</sl10:InfoboxIdentifier><sl10:BinaryFileParameters ContentIsXMLEntity='true'/></sl10:InfoboxReadRequest>"/>
+ <input type="hidden"
+ name="DataURL"
+ value="https://localhost:8443/moa-id-auth/VerifyIdentityLink?MOASessionID=3579795857269397498"/>
+ <input type="submit" value="Auslesen der Personenbindung"/>
+</form>
+</body>
+</html> \ No newline at end of file
diff --git a/id.server/data/test/xmldata/standard/AuthenticationDataAssertion.xml b/id.server/data/test/xmldata/standard/AuthenticationDataAssertion.xml
new file mode 100644
index 000000000..2cfa65c96
--- /dev/null
+++ b/id.server/data/test/xmldata/standard/AuthenticationDataAssertion.xml
@@ -0,0 +1,127 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!-- edited with XMLSPY v5 rel. 3 U (http://www.xmlspy.com) by Paul Ivancsics (My Own) -->
+<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" MajorVersion="1" MinorVersion="0" AssertionID="-4633313027464114584" Issuer="http://localhost:8080/moa-id-auth/" IssueInstant="2003-04-02T14:55:42+02:00">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier NameQualifier="http://reference.e-government.gv.at/names/vpk/20020221#">MTk2OC0xMC0yMmdi</saml:NameIdentifier>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" MajorVersion="1" MinorVersion="0" AssertionID="any" Issuer="Hermann Muster" IssueInstant="2003-04-02T14:55:27+02:00">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+ </saml:Assertion>
+ <saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+ <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:SignedInfo>
+ <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+ <dsig:Reference URI="">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue>
+ </dsig:Reference>
+ <dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath>
+ </dsig:Transform>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue>
+ </dsig:Reference>
+ </dsig:SignedInfo>
+ <dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz 5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP 3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue>
+ <dsig:KeyInfo>
+ <dsig:X509Data>
+ <dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3 +UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0 lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2 fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0 Btxup/kgjGMnnS7C</dsig:X509Certificate>
+ <dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia 2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv 7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate>
+ <dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB /wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 kFfp23o/juVtJNw=</dsig:X509Certificate>
+ </dsig:X509Data>
+ </dsig:KeyInfo>
+ <dsig:Object>
+ <dsig:Manifest>
+ <dsig:Reference URI="">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue>
+ </dsig:Reference>
+ </dsig:Manifest>
+ </dsig:Object>
+ </dsig:Signature>
+ </saml:Assertion>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="PersonData" AttributeNamespace="http://reference.e-government.gv.at/namespace/persondata/20020228#">
+ <saml:AttributeValue>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="isQualifiedCertificate" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>false</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion>
diff --git a/id.server/data/test/xmldata/standard/CreateXMLSignatureRequest.xml b/id.server/data/test/xmldata/standard/CreateXMLSignatureRequest.xml
new file mode 100644
index 000000000..4a5f02dcd
--- /dev/null
+++ b/id.server/data/test/xmldata/standard/CreateXMLSignatureRequest.xml
@@ -0,0 +1,52 @@
+<?xml version='1.0' encoding='ISO-8859-1' ?>
+<sl11:CreateXMLSignatureRequest xmlns:dsig='http://www.w3.org/2000/09/xmldsig#' xmlns:sl10='http://www.buergerkarte.at/namespaces/securitylayer/20020225#' xmlns:sl11='http://www.buergerkarte.at/namespaces/securitylayer/20020831#'>
+ <sl11:KeyboxIdentifier>SecureSignatureKeypair</sl11:KeyboxIdentifier>
+ <sl11:DataObjectInfo Structure='detached'>
+ <sl10:DataObject Reference=''/>
+<sl10:TransformsInfo>
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" >
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br /><br />
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer" /></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant" /></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue" /></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue" /></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier" /></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet>
+ </dsig:Transform>
+ </dsig:Transforms>
+ <sl10:FinalDataMetaInfo>
+ <sl10:MimeType>text/html</sl10:MimeType>
+ </sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo> </sl11:DataObjectInfo>
+ <sl11:SignatureInfo>
+ <sl11:SignatureEnvironment>
+ <sl10:XMLContent><saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' MajorVersion='1' MinorVersion='0' AssertionID='any' Issuer='Hermann Muster' IssueInstant='2003-02-26T09:25:50+01:00'>
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName='Geschäftsbereich' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='OA' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>http://localhost:9080/login.html</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion></sl10:XMLContent>
+ </sl11:SignatureEnvironment>
+ <sl11:SignatureLocation Index='2'>/saml:Assertion</sl11:SignatureLocation>
+ </sl11:SignatureInfo>
+</sl11:CreateXMLSignatureRequest> \ No newline at end of file
diff --git a/id.server/data/test/xmldata/standard/CreateXMLSignatureResponse.xml b/id.server/data/test/xmldata/standard/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..5a4759b7a
--- /dev/null
+++ b/id.server/data/test/xmldata/standard/CreateXMLSignatureResponse.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OA&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;Geschäftsbereich&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n
+FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0
+YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+</saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/test/xmldata/standard/VerifyXMLSignaterResponse.xml b/id.server/data/test/xmldata/standard/VerifyXMLSignaterResponse.xml
new file mode 100644
index 000000000..9b8fa743f
--- /dev/null
+++ b/id.server/data/test/xmldata/standard/VerifyXMLSignaterResponse.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyXMLSignatureResponse xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xml="http://www.w3.org/XML/1998/namespace"><SignerInfo><dsig:X509Data><dsig:X509IssuerSerial><dsig:X509IssuerName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>0</dsig:X509SerialNumber></dsig:X509IssuerSerial><dsig:X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</dsig:X509SubjectName><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB /wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 kFfp23o/juVtJNw=</dsig:X509Certificate><PublicAuthority><Code>BMOLS-IKT</Code></PublicAuthority></dsig:X509Data></SignerInfo><HashInputData><Base64Content>PFZlcmlmeVhNTFNpZ25hdHVyZVJlcXVlc3QgeG1sbnM9Imh0dHA6Ly9yZWZlcmVu Y2UuZS1nb3Zlcm5tZW50Lmd2LmF0L25hbWVzcGFjZS9tb2EvMjAwMjA4MjIjIiB4 bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4g IDxWZXJpZnlTaWduYXR1cmVJbmZvPiAgICA8VmVyaWZ5U2lnbmF0dXJlRW52aXJv bm1lbnQ+ICAgICAgPFhNTENvbnRlbnQgeG1sOnNwYWNlPSJwcmVzZXJ2ZSI+PHNh bWw6QXNzZXJ0aW9uIHhtbG5zOnByPSJodHRwOi8vcmVmZXJlbmNlLmUtZ292ZXJu bWVudC5ndi5hdC9uYW1lc3BhY2UvcGVyc29uZGF0YS8yMDAyMDIyOCMiIHhtbG5z OnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMDphc3NlcnRpb24iIHht bG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFu Y2UiIEFzc2VydGlvbklEPSJ6bXIuYm1pLmd2LmF0LUFzc2VydGlvbklELTIwMDMt MDItMTJUMjA6Mjg6MzQuNDc0IiBJc3N1ZUluc3RhbnQ9IjIwMDMtMDItMTJUMjA6 Mjg6MzQuNDc0IiBJc3N1ZXI9Imh0dHA6Ly96bXIuYm1pLmd2LmF0L3ptcmEvbmFt ZXMjSXNzdWVyIiBNYWpvclZlcnNpb249IjEiIE1pbm9yVmVyc2lvbj0iMCI+CiAg PHNhbWw6QXR0cmlidXRlU3RhdGVtZW50PgogICAgPHNhbWw6U3ViamVjdD4KICAg ICAgPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4KICAgICAgICA8c2FtbDpDb25m aXJtYXRpb25NZXRob2Q+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOmNtOnNl bmRlci12b3VjaGVzPC9zYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD4KICAgICAgICA8 c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT4KICAgICAgICAgIDxwcjpQZXJz b24geHNpOnR5cGU9InByOlBoeXNpY2FsUGVyc29uVHlwZSI+CiAgICAgICAgICAg IAogICAgICAgICAgICA8cHI6TmFtZT4KICAgICAgICAgICAgICA8cHI6R2l2ZW5O YW1lPkhlcm1hbm48L3ByOkdpdmVuTmFtZT4KICAgICAgICAgICAgICA8cHI6RmFt aWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPk11c3RlcjwvcHI6RmFtaWx5TmFt ZT4KICAgICAgICAgICAgPC9wcjpOYW1lPgogICAgICAgICAgICA8cHI6RGF0ZU9m QmlydGg+MTk2OC0xMC0yMjwvcHI6RGF0ZU9mQmlydGg+CiAgICAgICAgICA8L3By OlBlcnNvbj4KICAgICAgICA8L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGE+ CiAgICAgIDwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPgogICAgPC9zYW1sOlN1 YmplY3Q+CiAgICA8c2FtbDpBdHRyaWJ1dGUgQXR0cmlidXRlTmFtZT0iQ2l0aXpl blB1YmxpY0tleSIgQXR0cmlidXRlTmFtZXNwYWNlPSJodHRwOi8vd3d3LmJ1ZXJn ZXJrYXJ0ZS5hdC9uYW1lc3BhY2VzL3BlcnNvbmVuYmluZHVuZy8yMDAyMDUwNiMi PgogICAgICA8c2FtbDpBdHRyaWJ1dGVWYWx1ZT4KICAgICAgICA8ZHNpZzpSU0FL ZXlWYWx1ZT4KICAgICAgICAgIDxkc2lnOk1vZHVsdXM+MHYxRnRmN1dYZ29leHgw Sm8vR3JsRXhIT0huUUlFUTVGRlNqcHRMUmQ1Qk4xbVpZUmcyUzlLZk9NYkhTQ3Np UG04QXdqQUV3RTVFTSBBNlAxOFovWXlUSXVQN2ZOR3pja2JCNVBZSWdOTUhMOC9U WUpoSEE4Q2phbXNCckVmWURYaXZFOGlBdkFMZzVJOVJNTFpBRG16TDdhIGYyZGFZ WXVPOGR5Y1F3M3hnNlU9PC9kc2lnOk1vZHVsdXM+CiAgICAgICAgICA8ZHNpZzpF eHBvbmVudD5BUUFCPC9kc2lnOkV4cG9uZW50PgogICAgICAgIDwvZHNpZzpSU0FL ZXlWYWx1ZT4KICAgICAgPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPgogICAgPC9zYW1s OkF0dHJpYnV0ZT4KICAgIDxzYW1sOkF0dHJpYnV0ZSBBdHRyaWJ1dGVOYW1lPSJD aXRpemVuUHVibGljS2V5IiBBdHRyaWJ1dGVOYW1lc3BhY2U9Imh0dHA6Ly93d3cu YnVlcmdlcmthcnRlLmF0L25hbWVzcGFjZXMvcGVyc29uZW5iaW5kdW5nLzIwMDIw NTA2IyI+CiAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlPgogICAgICAgIDxkc2ln OlJTQUtleVZhbHVlPgogICAgICAgICAgPGRzaWc6TW9kdWx1cz5pMnFhNTZYNGZw WWVYcUZMWEFjUWxqR1UzK0RXblZnTnJBeEk5Z24yYk1lRld0TFhFMlNGYTZxdmw5 RXltVWwwbm9CbEZuMHE5RFdwIEFzeWVMblJoekNBWEplU3hpd3NVRWxvT3ZjUUNW MERmVzJVVnEwWTliVmxKOEtpZkoyQVMrNUJ4WjIxbWtjL1ZZeDVRejZFWWpQcm4g cElwZEF3UjlzdzV4bkl2VHlTYz08L2RzaWc6TW9kdWx1cz4KICAgICAgICAgIDxk c2lnOkV4cG9uZW50PkFRQUI8L2RzaWc6RXhwb25lbnQ+CiAgICAgICAgPC9kc2ln OlJTQUtleVZhbHVlPgogICAgICA8L3NhbWw6QXR0cmlidXRlVmFsdWU+CiAgICA8 L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+Cjwvc2Ft bDpBc3NlcnRpb24+PC9YTUxDb250ZW50PiAgICA8L1ZlcmlmeVNpZ25hdHVyZUVu dmlyb25tZW50PiAgICA8VmVyaWZ5U2lnbmF0dXJlTG9jYXRpb24+Ly9kc2lnOlNp Z25hdHVyZTwvVmVyaWZ5U2lnbmF0dXJlTG9jYXRpb24+ICA8L1ZlcmlmeVNpZ25h dHVyZUluZm8+ICA8UmV0dXJuSGFzaElucHV0RGF0YT48L1JldHVybkhhc2hJbnB1 dERhdGE+ICA8VHJ1c3RQcm9maWxlSUQ+VHJ1c3RQcm9maWxlMTwvVHJ1c3RQcm9m aWxlSUQ+PC9WZXJpZnlYTUxTaWduYXR1cmVSZXF1ZXN0Pg==</Base64Content></HashInputData><HashInputData><Base64Content>PGRzaWc6TWFuaWZlc3QgeG1sbnM9Imh0dHA6Ly9yZWZlcmVuY2UuZS1nb3Zlcm5t ZW50Lmd2LmF0L25hbWVzcGFjZS9tb2EvMjAwMjA4MjIjIiB4bWxuczpkc2lnPSJo dHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIiB4bWxuczpwcj0iaHR0 cDovL3JlZmVyZW5jZS5lLWdvdmVybm1lbnQuZ3YuYXQvbmFtZXNwYWNlL3BlcnNv bmRhdGEvMjAwMjAyMjgjIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6 U0FNTDoxLjA6YXNzZXJ0aW9uIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3Jn LzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4bWw6c3BhY2U9InByZXNlcnZlIj48 ZHNpZzpSZWZlcmVuY2UgVVJJPSIiPjxkc2lnOlRyYW5zZm9ybXM+PGRzaWc6VHJh bnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxk c2lnI2VudmVsb3BlZC1zaWduYXR1cmUiPjwvZHNpZzpUcmFuc2Zvcm0+PC9kc2ln OlRyYW5zZm9ybXM+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDov L3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiPjwvZHNpZzpEaWdlc3RN ZXRob2Q+PGRzaWc6RGlnZXN0VmFsdWU+QnF6ZkNCN2ROZzRHM3U0WWF4cEQxdEFM ZEtJPTwvZHNpZzpEaWdlc3RWYWx1ZT48L2RzaWc6UmVmZXJlbmNlPjwvZHNpZzpN YW5pZmVzdD4=</Base64Content></HashInputData><SignatureCheck><Code>1</Code></SignatureCheck><XMLDSIGManifestCheck><Code>1</Code><Info><ReferringSigReference>1</ReferringSigReference></Info></XMLDSIGManifestCheck><CertificateCheck><Code>1</Code></CertificateCheck></VerifyXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/test/xmldata/testperson1/InfoboxReadResponse.xml b/id.server/data/test/xmldata/testperson1/InfoboxReadResponse.xml
new file mode 100644
index 000000000..a35b7f209
--- /dev/null
+++ b/id.server/data/test/xmldata/testperson1/InfoboxReadResponse.xml
@@ -0,0 +1,97 @@
+<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse> \ No newline at end of file
diff --git a/id.server/doc/Architektur ID.vsd b/id.server/doc/Architektur ID.vsd
new file mode 100644
index 000000000..d4678007a
--- /dev/null
+++ b/id.server/doc/Architektur ID.vsd
Binary files differ
diff --git a/id.server/doc/CIO X509ext-20030218.pdf b/id.server/doc/CIO X509ext-20030218.pdf
new file mode 100644
index 000000000..a0fd67e3b
--- /dev/null
+++ b/id.server/doc/CIO X509ext-20030218.pdf
Binary files differ
diff --git a/id.server/doc/MOA ID 1.x.wsdl b/id.server/doc/MOA ID 1.x.wsdl
new file mode 100644
index 000000000..06daae8f1
--- /dev/null
+++ b/id.server/doc/MOA ID 1.x.wsdl
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XML Spy v4.4 U (http://www.xmlspy.com) by patrick peck (anecon) -->
+<definitions name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/ http://schemas.xmlsoap.org/wsdl/">
+ <import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="MOA-20020812.xsd"/>
+ <message name="GetAuthenticationDataInput">
+ <part name="body" element="samlp:Request"/>
+ </message>
+ <message name="GetAuthenticationDataOutput">
+ <part name="body" element="samlp:Response"/>
+ </message>
+ <message name="MOAFault">
+ <part name="body" element="moa:ErrorResponse"/>
+ </message>
+ <portType name="IdentificationPortType">
+ <operation name="getAuthenticationData">
+ <input message="tns:GetAuthenticationDataInput"/>
+ <output message="tns:GetAuthenticationDataOutput"/>
+ <fault name="MOAFault" message="tns:MOAFault"/>
+ </operation>
+ </portType>
+ <binding name="IdentificationBinding" type="tns:IdentificationPortType" xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/soap/ http://schemas.xmlsoap.org/wsdl/soap/">
+ <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+ <operation name="getAuthenticationData">
+ <soap:operation soapAction="urn:GetAuthenticationDataAction"/>
+ <input>
+ <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+ </input>
+ <output>
+ <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+ </output>
+ <fault name="MOAFault">
+ <soap:fault name="MOAFault" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+ </fault>
+ </operation>
+ </binding>
+ <service name="GetAuthenticationDataService">
+ <port name="IdentificationPort" binding="tns:IdentificationBinding">
+ <soap:address location="http://localhost/Identification"/>
+ </port>
+ </service>
+</definitions>
diff --git a/id.server/doc/MOA-ID Feinspezifikation.doc b/id.server/doc/MOA-ID Feinspezifikation.doc
new file mode 100644
index 000000000..fa0009aa6
--- /dev/null
+++ b/id.server/doc/MOA-ID Feinspezifikation.doc
Binary files differ
diff --git a/id.server/doc/MOA-ID Testfalldokumentation.doc b/id.server/doc/MOA-ID Testfalldokumentation.doc
new file mode 100644
index 000000000..1b3241ca7
--- /dev/null
+++ b/id.server/doc/MOA-ID Testfalldokumentation.doc
Binary files differ
diff --git a/id.server/doc/MOA-ID-1.1-20030630.pdf b/id.server/doc/MOA-ID-1.1-20030630.pdf
new file mode 100644
index 000000000..8e5afb53f
--- /dev/null
+++ b/id.server/doc/MOA-ID-1.1-20030630.pdf
Binary files differ
diff --git a/id.server/doc/MOA-ID-Configuration-1.1.xsd b/id.server/doc/MOA-ID-Configuration-1.1.xsd
new file mode 100644
index 000000000..50c77a401
--- /dev/null
+++ b/id.server/doc/MOA-ID-Configuration-1.1.xsd
@@ -0,0 +1,305 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 rel. 3 U (http://www.xmlspy.com) by Stephan G (Comp) -->
+<xsd:schema targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.1.0">
+ <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+ <xsd:import namespace="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" schemaLocation="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20020831/core/Core.20020225.xsd"/>
+ <xsd:element name="Configuration">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="LoginType" type="LoginType" default="stateful"/>
+ <xsd:choice>
+ <xsd:element ref="ParamAuth"/>
+ <xsd:element ref="BasicAuth"/>
+ <xsd:element ref="HeaderAuth"/>
+ </xsd:choice>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:simpleType name="LoginType">
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="stateless"/>
+ <xsd:enumeration value="stateful"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:element name="ParamAuth">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="Parameter" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Parameter">
+ <xsd:complexType>
+ <xsd:attribute name="Name" type="xsd:token" use="required"/>
+ <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="BasicAuth">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="UserID" type="MOAAuthDataType"/>
+ <xsd:element name="Password" type="MOAAuthDataType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="HeaderAuth">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="Header" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Header">
+ <xsd:complexType>
+ <xsd:attribute name="Name" type="xsd:token" use="required"/>
+ <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:simpleType name="MOAAuthDataType">
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="MOAGivenName"/>
+ <xsd:enumeration value="MOAFamilyName"/>
+ <xsd:enumeration value="MOADateOfBirth"/>
+ <xsd:enumeration value="MOAVPK"/>
+ <xsd:enumeration value="MOAPublicAuthority"/>
+ <xsd:enumeration value="MOABKZ"/>
+ <xsd:enumeration value="MOAQualifiedCertificate"/>
+ <xsd:enumeration value="MOAZMRZahl"/>
+ <xsd:enumeration value="MOAIPAddress"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->
+ <xsd:element name="MOA-IDConfiguration">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter der Authentisierungs-Komponente</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="ProxyComponent" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Konfigurationsparameter der Proxy-Komponente</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="AuthComponent">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="OnlineApplication" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die OA</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="OnlineApplicationType">
+ <xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ChainingModes" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>spezifiziert den Algorithmus ("pkix" oder "chaining") für die Zertifikatspfadvalidierung</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence minOccurs="0" maxOccurs="unbounded">
+ <xsd:element name="TrustAnchor">
+ <xsd:annotation>
+ <xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="dsig:X509IssuerSerialType">
+ <xsd:attribute name="mode" type="ChainingModeType" use="required"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">
+ <xsd:complexType>
+ <xsd:attribute name="name" type="xsd:string" use="required"/>
+ <xsd:attribute name="value" type="xsd:string" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:complexType name="AuthComponentType">
+ <xsd:sequence>
+ <xsd:element name="BKUSelection" minOccurs="0">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>
+ </xsd:sequence>
+ <xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="SecurityLayer">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Kommunikation mit dem Security-Layer</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="TransformsInfo" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:attribute name="filename" type="xsd:anyURI" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="MOA-SP">
+ <xsd:annotation>
+ <xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="VerifyIdentityLink">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Überprüfung der Personenbindung</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="TrustProfileID"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="VerifyAuthBlock">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Überprüfung des AUTH-Blocks</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="TrustProfileID"/>
+ <xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="IdentityLinkSigners">
+ <xsd:annotation>
+ <xsd:documentation>enthält Informationen über akzeptierte Signers des IdentityLinks</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="ProxyComponentType"/>
+ <xsd:complexType name="OnlineApplicationType">
+ <xsd:sequence>
+ <xsd:element name="AuthComponent" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:attribute name="provideZMRZahl" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ProxyComponent" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>
+ <xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>
+ <xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
+ <xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="ConnectionParameterServerAuthType">
+ <xsd:sequence>
+ <xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+ </xsd:complexType>
+ <xsd:complexType name="ConnectionParameterClientAuthType">
+ <xsd:complexContent>
+ <xsd:extension base="ConnectionParameterServerAuthType">
+ <xsd:sequence>
+ <xsd:element name="ClientKeyStore" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendetwird, enthält</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:simpleContent>
+ <xsd:extension base="xsd:anyURI">
+ <xsd:attribute name="password" type="xsd:string" use="optional"/>
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:element name="TrustProfileID" type="xsd:string"/>
+ <xsd:simpleType name="ChainingModeType">
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="chaining"/>
+ <xsd:enumeration value="pkix"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:simpleType name="BKUSelectionType">
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="HTMLComplete"/>
+ <xsd:enumeration value="HTMLSelect"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+</xsd:schema>
diff --git a/id.server/doc/api-doc/allclasses-frame.html b/id.server/doc/api-doc/allclasses-frame.html
new file mode 100644
index 000000000..114c4b426
--- /dev/null
+++ b/id.server/doc/api-doc/allclasses-frame.html
@@ -0,0 +1,35 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+All Classes
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+<FONT size="+1" CLASS="FrameHeadingFont">
+<B>All Classes</B></FONT>
+<BR>
+
+<TABLE BORDER="0" WIDTH="100%">
+<TR>
+<TD NOWRAP><FONT CLASS="FrameItemFont"><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" TARGET="classFrame">AuthenticationData</A>
+<BR>
+<A HREF="at/gv/egovernment/moa/id/AuthenticationException.html" TARGET="classFrame">AuthenticationException</A>
+<BR>
+<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html" TARGET="classFrame">AuthenticationServer</A>
+<BR>
+<A HREF="at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html" TARGET="classFrame"><I>ConnectionBuilder</I></A>
+<BR>
+<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html" TARGET="classFrame"><I>LoginParameterResolver</I></A>
+<BR>
+<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" TARGET="classFrame">OAConfiguration</A>
+<BR>
+</FONT></TD>
+</TR>
+</TABLE>
+
+</BODY>
+</HTML>
diff --git a/id.server/doc/api-doc/at/gv/egovernment/moa/id/AuthenticationException.html b/id.server/doc/api-doc/at/gv/egovernment/moa/id/AuthenticationException.html
new file mode 100644
index 000000000..313defcbc
--- /dev/null
+++ b/id.server/doc/api-doc/at/gv/egovernment/moa/id/AuthenticationException.html
@@ -0,0 +1,171 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: Class AuthenticationException
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/AuthenticationException.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html"><B>PREV CLASS</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html"><B>NEXT CLASS</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationException.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY: &nbsp;INNER&nbsp;|&nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;METHOD</FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL: &nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;METHOD</FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<!-- ======== START OF CLASS DATA ======== -->
+<H2>
+<FONT SIZE="-1">
+at.gv.egovernment.moa.id</FONT>
+<BR>
+Class AuthenticationException</H2>
+<PRE>
+<B>at.gv.egovernment.moa.id.AuthenticationException</B>
+</PRE>
+<HR>
+<DL>
+<DT>public class <B>AuthenticationException</B></DL>
+
+<P>
+Exception thrown during handling of AuthenticationSession
+<P>
+<HR>
+
+<P>
+<!-- ======== INNER CLASS SUMMARY ======== -->
+
+
+<!-- =========== FIELD SUMMARY =========== -->
+
+
+<!-- ======== CONSTRUCTOR SUMMARY ======== -->
+
+<A NAME="constructor_summary"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Constructor Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><CODE><B><A HREF="../../../../../at/gv/egovernment/moa/id/AuthenticationException.html#AuthenticationException(java.lang.String, java.lang.Object[])">AuthenticationException</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;messageId,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html">Object</A>[]&nbsp;parameters)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constructor for AuthenticationException.</TD>
+</TR>
+</TABLE>
+&nbsp;
+<!-- ========== METHOD SUMMARY =========== -->
+
+
+<P>
+
+<!-- ============ FIELD DETAIL =========== -->
+
+
+<!-- ========= CONSTRUCTOR DETAIL ======== -->
+
+<A NAME="constructor_detail"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Constructor Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="AuthenticationException(java.lang.String, java.lang.Object[])"><!-- --></A><H3>
+AuthenticationException</H3>
+<PRE>
+public <B>AuthenticationException</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;messageId,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html">Object</A>[]&nbsp;parameters)</PRE>
+<DL>
+<DD>Constructor for AuthenticationException.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>messageId</CODE> - &nbsp;</DL>
+</DD>
+</DL>
+
+<!-- ============ METHOD DETAIL ========== -->
+
+<!-- ========= END OF CLASS DATA ========= -->
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/AuthenticationException.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html"><B>PREV CLASS</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html"><B>NEXT CLASS</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationException.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY: &nbsp;INNER&nbsp;|&nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;METHOD</FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL: &nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;METHOD</FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id.server/doc/api-doc/at/gv/egovernment/moa/id/auth/AuthenticationServer.html b/id.server/doc/api-doc/at/gv/egovernment/moa/id/auth/AuthenticationServer.html
new file mode 100644
index 000000000..7aaad7c68
--- /dev/null
+++ b/id.server/doc/api-doc/at/gv/egovernment/moa/id/auth/AuthenticationServer.html
@@ -0,0 +1,259 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: Class AuthenticationServer
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/AuthenticationServer.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html"><B>PREV CLASS</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html"><B>NEXT CLASS</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationServer.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY: &nbsp;INNER&nbsp;|&nbsp;<A HREF="#field_summary">FIELD</A>&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL: &nbsp;<A HREF="#field_detail">FIELD</A>&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<!-- ======== START OF CLASS DATA ======== -->
+<H2>
+<FONT SIZE="-1">
+at.gv.egovernment.moa.id.auth</FONT>
+<BR>
+Class AuthenticationServer</H2>
+<PRE>
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html">java.lang.Object</A>
+ |
+ +--<B>at.gv.egovernment.moa.id.auth.AuthenticationServer</B>
+</PRE>
+<HR>
+<DL>
+<DT>public class <B>AuthenticationServer</B><DT>extends <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html">Object</A></DL>
+
+<P>
+API for MOA ID Authentication Service.<br>
+ <CODE>AuthenticationSession</CODE> is stored in a session store and retrieved
+ by giving the session ID.
+<P>
+<HR>
+
+<P>
+<!-- ======== INNER CLASS SUMMARY ======== -->
+
+
+<!-- =========== FIELD SUMMARY =========== -->
+
+<A NAME="field_summary"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Field Summary</B></FONT></TD>
+</TR>
+</TABLE>
+&nbsp;
+<!-- ======== CONSTRUCTOR SUMMARY ======== -->
+
+<A NAME="constructor_summary"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Constructor Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#AuthenticationServer()">AuthenticationServer</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constructor for AuthenticationServer.</TD>
+</TR>
+</TABLE>
+&nbsp;
+<!-- ========== METHOD SUMMARY =========== -->
+
+<A NAME="method_summary"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Method Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#getAuthenticationData(java.lang.String)">getAuthenticationData</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;samlArtifact)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Retrieves <code>AuthenticationData</code> indexed by the SAML artifact.
+ </TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#getInstance()">getInstance</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the single instance of <code>AuthenticationServer</code>.</TD>
+</TR>
+</TABLE>
+&nbsp;<A NAME="methods_inherited_from_class_java.lang.Object"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#EEEEFF" CLASS="TableSubHeadingColor">
+<TD><B>Methods inherited from class java.lang.<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html">Object</A></B></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><CODE><A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#clone()">clone</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#equals(java.lang.Object)">equals</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#finalize()">finalize</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#getClass()">getClass</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#hashCode()">hashCode</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#notify()">notify</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#notifyAll()">notifyAll</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#toString()">toString</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait()">wait</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait(long)">wait</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait(long, int)">wait</A></CODE></TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<!-- ============ FIELD DETAIL =========== -->
+
+<A NAME="field_detail"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Field Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<!-- ========= CONSTRUCTOR DETAIL ======== -->
+
+<A NAME="constructor_detail"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Constructor Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="AuthenticationServer()"><!-- --></A><H3>
+AuthenticationServer</H3>
+<PRE>
+public <B>AuthenticationServer</B>()</PRE>
+<DL>
+<DD>Constructor for AuthenticationServer.</DL>
+
+<!-- ============ METHOD DETAIL ========== -->
+
+<A NAME="method_detail"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Method Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="getInstance()"><!-- --></A><H3>
+getInstance</H3>
+<PRE>
+public static <A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A> <B>getInstance</B>()</PRE>
+<DL>
+<DD>Returns the single instance of <code>AuthenticationServer</code>.<DD><DL>
+<DT><B>Returns:</B><DD>the single instance of <code>AuthenticationServer</code></DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getAuthenticationData(java.lang.String)"><!-- --></A><H3>
+getAuthenticationData</H3>
+<PRE>
+public <A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A> <B>getAuthenticationData</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;samlArtifact)
+ throws <A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html">AuthenticationException</A></PRE>
+<DL>
+<DD>Retrieves <code>AuthenticationData</code> indexed by the SAML artifact.
+ The <code>AuthenticationData</code> is deleted from the store upon end of this call.<DD><DL>
+<DT><B>Returns:</B><DD><code>AuthenticationData</code></DL>
+</DD>
+</DL>
+<HR>
+
+<!-- ========= END OF CLASS DATA ========= -->
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/AuthenticationServer.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html"><B>PREV CLASS</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html"><B>NEXT CLASS</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationServer.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY: &nbsp;INNER&nbsp;|&nbsp;<A HREF="#field_summary">FIELD</A>&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL: &nbsp;<A HREF="#field_detail">FIELD</A>&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id.server/doc/api-doc/at/gv/egovernment/moa/id/auth/class-use/AuthenticationServer.html b/id.server/doc/api-doc/at/gv/egovernment/moa/id/auth/class-use/AuthenticationServer.html
new file mode 100644
index 000000000..ece0242d9
--- /dev/null
+++ b/id.server/doc/api-doc/at/gv/egovernment/moa/id/auth/class-use/AuthenticationServer.html
@@ -0,0 +1,114 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: Uses of Class at.gv.egovernment.moa.id.auth.AuthenticationServer
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../../stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationServer.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<CENTER>
+<H2>
+<B>Uses of Class<br>at.gv.egovernment.moa.id.auth.AuthenticationServer</B></H2>
+</CENTER>
+<A NAME="at.gv.egovernment.moa.id.auth"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Uses of <A HREF="../../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A> in at.gv.egovernment.moa.id.auth</FONT></TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableSubHeadingColor">
+<TD COLSPAN=2>Methods in at.gv.egovernment.moa.id.auth that return <A HREF="../../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="../../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A></CODE></FONT></TD>
+<TD><CODE><B>AuthenticationServer.<A HREF="../../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#getInstance()">getInstance</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the single instance of <code>AuthenticationServer</code>.</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationServer.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id.server/doc/api-doc/at/gv/egovernment/moa/id/class-use/AuthenticationException.html b/id.server/doc/api-doc/at/gv/egovernment/moa/id/class-use/AuthenticationException.html
new file mode 100644
index 000000000..96ff7f4af
--- /dev/null
+++ b/id.server/doc/api-doc/at/gv/egovernment/moa/id/class-use/AuthenticationException.html
@@ -0,0 +1,194 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: Uses of Class at.gv.egovernment.moa.id.AuthenticationException
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationException.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<CENTER>
+<H2>
+<B>Uses of Class<br>at.gv.egovernment.moa.id.AuthenticationException</B></H2>
+</CENTER>
+<A NAME="at.gv.egovernment.moa.id.auth"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Uses of <A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html">AuthenticationException</A> in at.gv.egovernment.moa.id.auth</FONT></TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableSubHeadingColor">
+<TD COLSPAN=2>Methods in at.gv.egovernment.moa.id.auth that throw <A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html">AuthenticationException</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B>AuthenticationServer.<A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#selectBKU(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)">selectBKU</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;authURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;target,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;oaURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;bkuSelectionTemplateURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;templateURL)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Processes request to select a BKU.
+ </TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B>AuthenticationServer.<A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#startAuthentication(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)">startAuthentication</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;authURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;target,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;oaURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;templateURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;bkuURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;sessionID)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Processes the beginning of an authentication session.
+ </TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B>AuthenticationServer.<A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#verifyIdentityLink(java.lang.String, java.lang.String)">verifyIdentityLink</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;sessionID,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;xmlInfoboxReadResponse)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Processes an <code>&lt;InfoboxReadResponse&gt;</code> sent by the
+ security layer implementation.<br>
+
+ Validates given <code>&lt;InfoboxReadResponse&gt;</code>
+ Parses identity link enclosed in <code>&lt;InfoboxReadResponse&gt;</code>
+ Verifies identity link by calling the MOA SP component
+ Checks certificate authority of identity link
+ Stores identity link in the session
+ Creates an authentication block to be signed by the user
+ Creates and returns a <code>&lt;CreateXMLSignatureRequest&gt;</code>
+ containg the authentication block, meant to be returned to the
+ security layer implementation
+ </TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B>AuthenticationServer.<A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#verifyAuthenticationBlock(java.lang.String, java.lang.String)">verifyAuthenticationBlock</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;sessionID,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;xmlCreateXMLSignatureReadResponse)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Processes a <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
+ security layer implementation.<br>
+
+ Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code>
+ Parses <code>&lt;CreateXMLSignatureResponse&gt;</code> for error codes
+ Parses authentication block enclosed in
+ <code>&lt;CreateXMLSignatureResponse&gt;</code>
+ Verifies authentication block by calling the MOA SP component
+ Creates authentication data
+ Creates a corresponding SAML artifact
+ Stores authentication data in the authentication data store
+ indexed by the SAML artifact
+ Deletes authentication session
+ Returns the SAML artifact, encoded BASE64
+ </TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A></CODE></FONT></TD>
+<TD><CODE><B>AuthenticationServer.<A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#getAuthenticationData(java.lang.String)">getAuthenticationData</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;samlArtifact)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Retrieves <code>AuthenticationData</code> indexed by the SAML artifact.
+ </TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;at.gv.egovernment.moa.id.auth.data.AuthenticationSession</CODE></FONT></TD>
+<TD><CODE><B>AuthenticationServer.<A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#getSession(java.lang.String)">getSession</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;id)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Retrieves a session from the session store.</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationException.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id.server/doc/api-doc/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html b/id.server/doc/api-doc/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html
new file mode 100644
index 000000000..ec020b79d
--- /dev/null
+++ b/id.server/doc/api-doc/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html
@@ -0,0 +1,526 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: Class OAConfiguration
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../../stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/OAConfiguration.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html"><B>PREV CLASS</B></A>&nbsp;
+&nbsp;NEXT CLASS</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="OAConfiguration.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY: &nbsp;INNER&nbsp;|&nbsp;<A HREF="#field_summary">FIELD</A>&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL: &nbsp;<A HREF="#field_detail">FIELD</A>&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<!-- ======== START OF CLASS DATA ======== -->
+<H2>
+<FONT SIZE="-1">
+at.gv.egovernment.moa.id.config.proxy</FONT>
+<BR>
+Class OAConfiguration</H2>
+<PRE>
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html">java.lang.Object</A>
+ |
+ +--<B>at.gv.egovernment.moa.id.config.proxy.OAConfiguration</B>
+</PRE>
+<HR>
+<DL>
+<DT>public class <B>OAConfiguration</B><DT>extends <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html">Object</A></DL>
+
+<P>
+Holds configuration data concerning an online application for use by the MOA-ID Proxy component.
+ These include the login type (stateful or stateless), the HTTP authentication type,
+ and information needed to add authentication parameters or headers for a URL connection
+ to the remote online application.
+<P>
+<DL>
+<DT><B>See Also: </B><DD><code>MOAIDConfiguration-1.1.xsd</code>, element <code>Configuration</code></DL>
+<HR>
+
+<P>
+<!-- ======== INNER CLASS SUMMARY ======== -->
+
+
+<!-- =========== FIELD SUMMARY =========== -->
+
+<A NAME="field_summary"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Field Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#BASIC_AUTH">BASIC_AUTH</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#HEADER_AUTH">HEADER_AUTH</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#LOGINTYPE_STATEFUL">LOGINTYPE_STATEFUL</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#LOGINTYPE_STATELESS">LOGINTYPE_STATELESS</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#PARAM_AUTH">PARAM_AUTH</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+</TABLE>
+&nbsp;
+<!-- ======== CONSTRUCTOR SUMMARY ======== -->
+
+<A NAME="constructor_summary"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Constructor Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#OAConfiguration()">OAConfiguration</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+</TABLE>
+&nbsp;
+<!-- ========== METHOD SUMMARY =========== -->
+
+<A NAME="method_summary"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Method Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getAuthType()">getAuthType</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the authType.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getBasicAuthPasswordMapping()">getBasicAuthPasswordMapping</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the basicAuthPasswordMapping.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getBasicAuthUserIDMapping()">getBasicAuthUserIDMapping</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the basicAuthUserIDMapping.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html">Map</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getHeaderAuthMapping()">getHeaderAuthMapping</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the headerAuthMapping.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getLoginType()">getLoginType</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the loginType.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html">Map</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getParamAuthMapping()">getParamAuthMapping</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the paramAuthMapping.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setAuthType(java.lang.String)">setAuthType</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;authLoginType)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the authType.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setBasicAuthPasswordMapping(java.lang.String)">setBasicAuthPasswordMapping</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;basicAuthPassword)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the basicAuthPasswordMapping.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setBasicAuthUserIDMapping(java.lang.String)">setBasicAuthUserIDMapping</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;basicAuthUserID)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the basicAuthUserIDMapping.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setHeaderAuthMapping(java.util.HashMap)">setHeaderAuthMapping</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/HashMap.html">HashMap</A>&nbsp;headerAuth)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the headerAuthMapping.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setLoginType(java.lang.String)">setLoginType</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;loginType)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the loginType.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setParamAuthMapping(java.util.HashMap)">setParamAuthMapping</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/HashMap.html">HashMap</A>&nbsp;paramAuth)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the paramAuthMapping.</TD>
+</TR>
+</TABLE>
+&nbsp;<A NAME="methods_inherited_from_class_java.lang.Object"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#EEEEFF" CLASS="TableSubHeadingColor">
+<TD><B>Methods inherited from class java.lang.<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html">Object</A></B></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><CODE><A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#clone()">clone</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#equals(java.lang.Object)">equals</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#finalize()">finalize</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#getClass()">getClass</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#hashCode()">hashCode</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#notify()">notify</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#notifyAll()">notifyAll</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#toString()">toString</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait()">wait</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait(long)">wait</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait(long, int)">wait</A></CODE></TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<!-- ============ FIELD DETAIL =========== -->
+
+<A NAME="field_detail"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Field Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="LOGINTYPE_STATEFUL"><!-- --></A><H3>
+LOGINTYPE_STATEFUL</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>LOGINTYPE_STATEFUL</B></PRE>
+<DL>
+</DL>
+<HR>
+
+<A NAME="LOGINTYPE_STATELESS"><!-- --></A><H3>
+LOGINTYPE_STATELESS</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>LOGINTYPE_STATELESS</B></PRE>
+<DL>
+</DL>
+<HR>
+
+<A NAME="BASIC_AUTH"><!-- --></A><H3>
+BASIC_AUTH</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>BASIC_AUTH</B></PRE>
+<DL>
+</DL>
+<HR>
+
+<A NAME="HEADER_AUTH"><!-- --></A><H3>
+HEADER_AUTH</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>HEADER_AUTH</B></PRE>
+<DL>
+</DL>
+<HR>
+
+<A NAME="PARAM_AUTH"><!-- --></A><H3>
+PARAM_AUTH</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>PARAM_AUTH</B></PRE>
+<DL>
+</DL>
+
+<!-- ========= CONSTRUCTOR DETAIL ======== -->
+
+<A NAME="constructor_detail"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Constructor Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="OAConfiguration()"><!-- --></A><H3>
+OAConfiguration</H3>
+<PRE>
+public <B>OAConfiguration</B>()</PRE>
+<DL>
+</DL>
+
+<!-- ============ METHOD DETAIL ========== -->
+
+<A NAME="method_detail"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Method Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="getBasicAuthPasswordMapping()"><!-- --></A><H3>
+getBasicAuthPasswordMapping</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>getBasicAuthPasswordMapping</B>()</PRE>
+<DL>
+<DD>Returns the basicAuthPasswordMapping.<DD><DL>
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getBasicAuthUserIDMapping()"><!-- --></A><H3>
+getBasicAuthUserIDMapping</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>getBasicAuthUserIDMapping</B>()</PRE>
+<DL>
+<DD>Returns the basicAuthUserIDMapping.<DD><DL>
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getHeaderAuthMapping()"><!-- --></A><H3>
+getHeaderAuthMapping</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html">Map</A> <B>getHeaderAuthMapping</B>()</PRE>
+<DL>
+<DD>Returns the headerAuthMapping.<DD><DL>
+<DT><B>Returns:</B><DD>HashMap</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getLoginType()"><!-- --></A><H3>
+getLoginType</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>getLoginType</B>()</PRE>
+<DL>
+<DD>Returns the loginType.<DD><DL>
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getParamAuthMapping()"><!-- --></A><H3>
+getParamAuthMapping</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html">Map</A> <B>getParamAuthMapping</B>()</PRE>
+<DL>
+<DD>Returns the paramAuthMapping.<DD><DL>
+<DT><B>Returns:</B><DD>HashMap</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setBasicAuthPasswordMapping(java.lang.String)"><!-- --></A><H3>
+setBasicAuthPasswordMapping</H3>
+<PRE>
+public void <B>setBasicAuthPasswordMapping</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;basicAuthPassword)</PRE>
+<DL>
+<DD>Sets the basicAuthPasswordMapping.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>basicAuthPasswordMapping</CODE> - The basicAuthPasswordMapping to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setBasicAuthUserIDMapping(java.lang.String)"><!-- --></A><H3>
+setBasicAuthUserIDMapping</H3>
+<PRE>
+public void <B>setBasicAuthUserIDMapping</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;basicAuthUserID)</PRE>
+<DL>
+<DD>Sets the basicAuthUserIDMapping.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>basicAuthUserIDMapping</CODE> - The basicAuthUserIDMapping to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setHeaderAuthMapping(java.util.HashMap)"><!-- --></A><H3>
+setHeaderAuthMapping</H3>
+<PRE>
+public void <B>setHeaderAuthMapping</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/HashMap.html">HashMap</A>&nbsp;headerAuth)</PRE>
+<DL>
+<DD>Sets the headerAuthMapping.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>headerAuthMapping</CODE> - The headerAuthMapping to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setLoginType(java.lang.String)"><!-- --></A><H3>
+setLoginType</H3>
+<PRE>
+public void <B>setLoginType</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;loginType)</PRE>
+<DL>
+<DD>Sets the loginType.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>loginType</CODE> - The loginType to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setParamAuthMapping(java.util.HashMap)"><!-- --></A><H3>
+setParamAuthMapping</H3>
+<PRE>
+public void <B>setParamAuthMapping</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/HashMap.html">HashMap</A>&nbsp;paramAuth)</PRE>
+<DL>
+<DD>Sets the paramAuthMapping.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>paramAuthMapping</CODE> - The paramAuthMapping to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getAuthType()"><!-- --></A><H3>
+getAuthType</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>getAuthType</B>()</PRE>
+<DL>
+<DD>Returns the authType.<DD><DL>
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setAuthType(java.lang.String)"><!-- --></A><H3>
+setAuthType</H3>
+<PRE>
+public void <B>setAuthType</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;authLoginType)</PRE>
+<DL>
+<DD>Sets the authType.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>authType</CODE> - The authType to set</DL>
+</DD>
+</DL>
+<!-- ========= END OF CLASS DATA ========= -->
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/OAConfiguration.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html"><B>PREV CLASS</B></A>&nbsp;
+&nbsp;NEXT CLASS</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="OAConfiguration.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY: &nbsp;INNER&nbsp;|&nbsp;<A HREF="#field_summary">FIELD</A>&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL: &nbsp;<A HREF="#field_detail">FIELD</A>&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id.server/doc/api-doc/at/gv/egovernment/moa/id/config/proxy/class-use/OAConfiguration.html b/id.server/doc/api-doc/at/gv/egovernment/moa/id/config/proxy/class-use/OAConfiguration.html
new file mode 100644
index 000000000..c41742f7a
--- /dev/null
+++ b/id.server/doc/api-doc/at/gv/egovernment/moa/id/config/proxy/class-use/OAConfiguration.html
@@ -0,0 +1,126 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: Uses of Class at.gv.egovernment.moa.id.config.proxy.OAConfiguration
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../../../stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="OAConfiguration.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<CENTER>
+<H2>
+<B>Uses of Class<br>at.gv.egovernment.moa.id.config.proxy.OAConfiguration</B></H2>
+</CENTER>
+<A NAME="at.gv.egovernment.moa.id.proxy"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Uses of <A HREF="../../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A> in at.gv.egovernment.moa.id.proxy</FONT></TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableSubHeadingColor">
+<TD COLSPAN=2>Methods in at.gv.egovernment.moa.id.proxy with parameters of type <A HREF="../../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html">Map</A></CODE></FONT></TD>
+<TD><CODE><B>LoginParameterResolver.<A HREF="../../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#getAuthenticationHeaders(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)">getAuthenticationHeaders</A></B>(<A HREF="../../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>&nbsp;oaConf,
+ <A HREF="../../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>&nbsp;authData,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;clientIPAddress)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns authentication headers to be added to a URLConnection.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html">Map</A></CODE></FONT></TD>
+<TD><CODE><B>LoginParameterResolver.<A HREF="../../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#getAuthenticationParameters(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)">getAuthenticationParameters</A></B>(<A HREF="../../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>&nbsp;oaConf,
+ <A HREF="../../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>&nbsp;authData,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;clientIPAddress)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns request parameters to be added to a URLConnection.</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="OAConfiguration.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id.server/doc/api-doc/at/gv/egovernment/moa/id/data/AuthenticationData.html b/id.server/doc/api-doc/at/gv/egovernment/moa/id/data/AuthenticationData.html
new file mode 100644
index 000000000..0a0906e25
--- /dev/null
+++ b/id.server/doc/api-doc/at/gv/egovernment/moa/id/data/AuthenticationData.html
@@ -0,0 +1,751 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: Class AuthenticationData
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/AuthenticationData.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV CLASS&nbsp;
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html"><B>NEXT CLASS</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationData.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY: &nbsp;INNER&nbsp;|&nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL: &nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<!-- ======== START OF CLASS DATA ======== -->
+<H2>
+<FONT SIZE="-1">
+at.gv.egovernment.moa.id.data</FONT>
+<BR>
+Class AuthenticationData</H2>
+<PRE>
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html">java.lang.Object</A>
+ |
+ +--<B>at.gv.egovernment.moa.id.data.AuthenticationData</B>
+</PRE>
+<HR>
+<DL>
+<DT>public class <B>AuthenticationData</B><DT>extends <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html">Object</A></DL>
+
+<P>
+Encapsulates authentication data contained in a <code>&lt;saml:Assertion&gt;</code>.
+<P>
+<HR>
+
+<P>
+<!-- ======== INNER CLASS SUMMARY ======== -->
+
+
+<!-- =========== FIELD SUMMARY =========== -->
+
+
+<!-- ======== CONSTRUCTOR SUMMARY ======== -->
+
+<A NAME="constructor_summary"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Constructor Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#AuthenticationData()">AuthenticationData</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constructor for AuthenticationData.</TD>
+</TR>
+</TABLE>
+&nbsp;
+<!-- ========== METHOD SUMMARY =========== -->
+
+<A NAME="method_summary"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Method Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getAssertionID()">getAssertionID</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the assertionID.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getDateOfBirth()">getDateOfBirth</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the dateOfBirth.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getFamilyName()">getFamilyName</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the familyName.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getGivenName()">getGivenName</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the givenName.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getIdentificationValue()">getIdentificationValue</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the identificationValue.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getIssueInstant()">getIssueInstant</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the issueInstant.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getIssuer()">getIssuer</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the issuer.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;int</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getMajorVersion()">getMajorVersion</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the majorVersion.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;int</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getMinorVersion()">getMinorVersion</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the minorVersion.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getPublicAuthorityCode()">getPublicAuthorityCode</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the publicAuthorityCode.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getSamlAssertion()">getSamlAssertion</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the samlAssertion.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Date.html">Date</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getTimestamp()">getTimestamp</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the timestamp.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getVPK()">getVPK</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the vpk.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;boolean</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#isPublicAuthority()">isPublicAuthority</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the publicAuthority.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;boolean</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#isQualifiedCertificate()">isQualifiedCertificate</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the qualifiedCertificate.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setAssertionID(java.lang.String)">setAssertionID</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;assertionID)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the assertionID.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setDateOfBirth(java.lang.String)">setDateOfBirth</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;dateOfBirth)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the dateOfBirth.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setFamilyName(java.lang.String)">setFamilyName</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;gamilyName)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the familyName.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setGivenName(java.lang.String)">setGivenName</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;givenName)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the givenName.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setIdentificationValue(java.lang.String)">setIdentificationValue</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;identificationValue)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the identificationValue.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setIssueInstant(java.lang.String)">setIssueInstant</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;issueInstant)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the issueInstant.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setIssuer(java.lang.String)">setIssuer</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;issuer)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the issuer.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setMajorVersion(int)">setMajorVersion</A></B>(int&nbsp;majorVersion)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the majorVersion.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setMinorVersion(int)">setMinorVersion</A></B>(int&nbsp;minorVersion)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the minorVersion.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setPublicAuthority(boolean)">setPublicAuthority</A></B>(boolean&nbsp;publicAuthority)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the publicAuthority.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setPublicAuthorityCode(java.lang.String)">setPublicAuthorityCode</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;publicAuthorityIdentification)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the publicAuthorityCode.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setQualifiedCertificate(boolean)">setQualifiedCertificate</A></B>(boolean&nbsp;qualifiedCertificate)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the qualifiedCertificate.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setSamlAssertion(java.lang.String)">setSamlAssertion</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;samlAssertion)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the samlAssertion.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setVPK(java.lang.String)">setVPK</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;vpk)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the vpk.</TD>
+</TR>
+</TABLE>
+&nbsp;<A NAME="methods_inherited_from_class_java.lang.Object"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#EEEEFF" CLASS="TableSubHeadingColor">
+<TD><B>Methods inherited from class java.lang.<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html">Object</A></B></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><CODE><A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#clone()">clone</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#equals(java.lang.Object)">equals</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#finalize()">finalize</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#getClass()">getClass</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#hashCode()">hashCode</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#notify()">notify</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#notifyAll()">notifyAll</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#toString()">toString</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait()">wait</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait(long)">wait</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait(long, int)">wait</A></CODE></TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<!-- ============ FIELD DETAIL =========== -->
+
+
+<!-- ========= CONSTRUCTOR DETAIL ======== -->
+
+<A NAME="constructor_detail"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Constructor Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="AuthenticationData()"><!-- --></A><H3>
+AuthenticationData</H3>
+<PRE>
+public <B>AuthenticationData</B>()</PRE>
+<DL>
+<DD>Constructor for AuthenticationData.</DL>
+
+<!-- ============ METHOD DETAIL ========== -->
+
+<A NAME="method_detail"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Method Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="getMinorVersion()"><!-- --></A><H3>
+getMinorVersion</H3>
+<PRE>
+public int <B>getMinorVersion</B>()</PRE>
+<DL>
+<DD>Returns the minorVersion.<DD><DL>
+<DT><B>Returns:</B><DD>int</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="isPublicAuthority()"><!-- --></A><H3>
+isPublicAuthority</H3>
+<PRE>
+public boolean <B>isPublicAuthority</B>()</PRE>
+<DL>
+<DD>Returns the publicAuthority.<DD><DL>
+<DT><B>Returns:</B><DD>boolean</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getPublicAuthorityCode()"><!-- --></A><H3>
+getPublicAuthorityCode</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>getPublicAuthorityCode</B>()</PRE>
+<DL>
+<DD>Returns the publicAuthorityCode.<DD><DL>
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="isQualifiedCertificate()"><!-- --></A><H3>
+isQualifiedCertificate</H3>
+<PRE>
+public boolean <B>isQualifiedCertificate</B>()</PRE>
+<DL>
+<DD>Returns the qualifiedCertificate.<DD><DL>
+<DT><B>Returns:</B><DD>boolean</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getVPK()"><!-- --></A><H3>
+getVPK</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>getVPK</B>()</PRE>
+<DL>
+<DD>Returns the vpk.<DD><DL>
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setMinorVersion(int)"><!-- --></A><H3>
+setMinorVersion</H3>
+<PRE>
+public void <B>setMinorVersion</B>(int&nbsp;minorVersion)</PRE>
+<DL>
+<DD>Sets the minorVersion.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>minorVersion</CODE> - The minorVersion to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setPublicAuthority(boolean)"><!-- --></A><H3>
+setPublicAuthority</H3>
+<PRE>
+public void <B>setPublicAuthority</B>(boolean&nbsp;publicAuthority)</PRE>
+<DL>
+<DD>Sets the publicAuthority.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>publicAuthority</CODE> - The publicAuthority to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setPublicAuthorityCode(java.lang.String)"><!-- --></A><H3>
+setPublicAuthorityCode</H3>
+<PRE>
+public void <B>setPublicAuthorityCode</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;publicAuthorityIdentification)</PRE>
+<DL>
+<DD>Sets the publicAuthorityCode.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>publicAuthorityCode</CODE> - The publicAuthorityCode to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setQualifiedCertificate(boolean)"><!-- --></A><H3>
+setQualifiedCertificate</H3>
+<PRE>
+public void <B>setQualifiedCertificate</B>(boolean&nbsp;qualifiedCertificate)</PRE>
+<DL>
+<DD>Sets the qualifiedCertificate.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>qualifiedCertificate</CODE> - The qualifiedCertificate to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setVPK(java.lang.String)"><!-- --></A><H3>
+setVPK</H3>
+<PRE>
+public void <B>setVPK</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;vpk)</PRE>
+<DL>
+<DD>Sets the vpk.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>vpk</CODE> - The vpk to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getAssertionID()"><!-- --></A><H3>
+getAssertionID</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>getAssertionID</B>()</PRE>
+<DL>
+<DD>Returns the assertionID.<DD><DL>
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getDateOfBirth()"><!-- --></A><H3>
+getDateOfBirth</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>getDateOfBirth</B>()</PRE>
+<DL>
+<DD>Returns the dateOfBirth.<DD><DL>
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getFamilyName()"><!-- --></A><H3>
+getFamilyName</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>getFamilyName</B>()</PRE>
+<DL>
+<DD>Returns the familyName.<DD><DL>
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getGivenName()"><!-- --></A><H3>
+getGivenName</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>getGivenName</B>()</PRE>
+<DL>
+<DD>Returns the givenName.<DD><DL>
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getIdentificationValue()"><!-- --></A><H3>
+getIdentificationValue</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>getIdentificationValue</B>()</PRE>
+<DL>
+<DD>Returns the identificationValue.<DD><DL>
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getIssueInstant()"><!-- --></A><H3>
+getIssueInstant</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>getIssueInstant</B>()</PRE>
+<DL>
+<DD>Returns the issueInstant.<DD><DL>
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getIssuer()"><!-- --></A><H3>
+getIssuer</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>getIssuer</B>()</PRE>
+<DL>
+<DD>Returns the issuer.<DD><DL>
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getMajorVersion()"><!-- --></A><H3>
+getMajorVersion</H3>
+<PRE>
+public int <B>getMajorVersion</B>()</PRE>
+<DL>
+<DD>Returns the majorVersion.<DD><DL>
+<DT><B>Returns:</B><DD>int</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setAssertionID(java.lang.String)"><!-- --></A><H3>
+setAssertionID</H3>
+<PRE>
+public void <B>setAssertionID</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;assertionID)</PRE>
+<DL>
+<DD>Sets the assertionID.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>assertionID</CODE> - The assertionID to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setDateOfBirth(java.lang.String)"><!-- --></A><H3>
+setDateOfBirth</H3>
+<PRE>
+public void <B>setDateOfBirth</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;dateOfBirth)</PRE>
+<DL>
+<DD>Sets the dateOfBirth.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>dateOfBirth</CODE> - The dateOfBirth to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setFamilyName(java.lang.String)"><!-- --></A><H3>
+setFamilyName</H3>
+<PRE>
+public void <B>setFamilyName</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;gamilyName)</PRE>
+<DL>
+<DD>Sets the familyName.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>familyName</CODE> - The familyName to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setGivenName(java.lang.String)"><!-- --></A><H3>
+setGivenName</H3>
+<PRE>
+public void <B>setGivenName</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;givenName)</PRE>
+<DL>
+<DD>Sets the givenName.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>givenName</CODE> - The givenName to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setIdentificationValue(java.lang.String)"><!-- --></A><H3>
+setIdentificationValue</H3>
+<PRE>
+public void <B>setIdentificationValue</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;identificationValue)</PRE>
+<DL>
+<DD>Sets the identificationValue.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>identificationValue</CODE> - The identificationValue to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setIssueInstant(java.lang.String)"><!-- --></A><H3>
+setIssueInstant</H3>
+<PRE>
+public void <B>setIssueInstant</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;issueInstant)</PRE>
+<DL>
+<DD>Sets the issueInstant.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>issueInstant</CODE> - The issueInstant to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setIssuer(java.lang.String)"><!-- --></A><H3>
+setIssuer</H3>
+<PRE>
+public void <B>setIssuer</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;issuer)</PRE>
+<DL>
+<DD>Sets the issuer.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>issuer</CODE> - The issuer to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setMajorVersion(int)"><!-- --></A><H3>
+setMajorVersion</H3>
+<PRE>
+public void <B>setMajorVersion</B>(int&nbsp;majorVersion)</PRE>
+<DL>
+<DD>Sets the majorVersion.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>majorVersion</CODE> - The majorVersion to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getSamlAssertion()"><!-- --></A><H3>
+getSamlAssertion</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>getSamlAssertion</B>()</PRE>
+<DL>
+<DD>Returns the samlAssertion.<DD><DL>
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setSamlAssertion(java.lang.String)"><!-- --></A><H3>
+setSamlAssertion</H3>
+<PRE>
+public void <B>setSamlAssertion</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;samlAssertion)</PRE>
+<DL>
+<DD>Sets the samlAssertion.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>samlAssertion</CODE> - The samlAssertion to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getTimestamp()"><!-- --></A><H3>
+getTimestamp</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Date.html">Date</A> <B>getTimestamp</B>()</PRE>
+<DL>
+<DD>Returns the timestamp.<DD><DL>
+<DT><B>Returns:</B><DD>Date</DL>
+</DD>
+</DL>
+<!-- ========= END OF CLASS DATA ========= -->
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/AuthenticationData.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV CLASS&nbsp;
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html"><B>NEXT CLASS</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationData.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY: &nbsp;INNER&nbsp;|&nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL: &nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id.server/doc/api-doc/at/gv/egovernment/moa/id/data/class-use/AuthenticationData.html b/id.server/doc/api-doc/at/gv/egovernment/moa/id/data/class-use/AuthenticationData.html
new file mode 100644
index 000000000..1822504b5
--- /dev/null
+++ b/id.server/doc/api-doc/at/gv/egovernment/moa/id/data/class-use/AuthenticationData.html
@@ -0,0 +1,152 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: Uses of Class at.gv.egovernment.moa.id.data.AuthenticationData
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../../stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationData.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<CENTER>
+<H2>
+<B>Uses of Class<br>at.gv.egovernment.moa.id.data.AuthenticationData</B></H2>
+</CENTER>
+<A NAME="at.gv.egovernment.moa.id.auth"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Uses of <A HREF="../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A> in at.gv.egovernment.moa.id.auth</FONT></TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableSubHeadingColor">
+<TD COLSPAN=2>Methods in at.gv.egovernment.moa.id.auth that return <A HREF="../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A></CODE></FONT></TD>
+<TD><CODE><B>AuthenticationServer.<A HREF="../../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#getAuthenticationData(java.lang.String)">getAuthenticationData</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;samlArtifact)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Retrieves <code>AuthenticationData</code> indexed by the SAML artifact.
+ </TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<A NAME="at.gv.egovernment.moa.id.proxy"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Uses of <A HREF="../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A> in at.gv.egovernment.moa.id.proxy</FONT></TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableSubHeadingColor">
+<TD COLSPAN=2>Methods in at.gv.egovernment.moa.id.proxy with parameters of type <A HREF="../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html">Map</A></CODE></FONT></TD>
+<TD><CODE><B>LoginParameterResolver.<A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#getAuthenticationHeaders(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)">getAuthenticationHeaders</A></B>(<A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>&nbsp;oaConf,
+ <A HREF="../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>&nbsp;authData,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;clientIPAddress)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns authentication headers to be added to a URLConnection.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html">Map</A></CODE></FONT></TD>
+<TD><CODE><B>LoginParameterResolver.<A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#getAuthenticationParameters(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)">getAuthenticationParameters</A></B>(<A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>&nbsp;oaConf,
+ <A HREF="../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>&nbsp;authData,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;clientIPAddress)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns request parameters to be added to a URLConnection.</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationData.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id.server/doc/api-doc/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html b/id.server/doc/api-doc/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html
new file mode 100644
index 000000000..7d9bcef1d
--- /dev/null
+++ b/id.server/doc/api-doc/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html
@@ -0,0 +1,204 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: Interface ConnectionBuilder
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/ConnectionBuilder.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html"><B>PREV CLASS</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html"><B>NEXT CLASS</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="ConnectionBuilder.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY: &nbsp;INNER&nbsp;|&nbsp;FIELD&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL: &nbsp;FIELD&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<!-- ======== START OF CLASS DATA ======== -->
+<H2>
+<FONT SIZE="-1">
+at.gv.egovernment.moa.id.proxy</FONT>
+<BR>
+Interface ConnectionBuilder</H2>
+<HR>
+<DL>
+<DT>public interface <B>ConnectionBuilder</B></DL>
+
+<P>
+Builder for <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URLConnection.html"><CODE>URLConnection</CODE></A> objects used to forward requests
+ to the remote online application.
+<P>
+<HR>
+
+<P>
+<!-- ======== INNER CLASS SUMMARY ======== -->
+
+
+<!-- =========== FIELD SUMMARY =========== -->
+
+
+<!-- ======== CONSTRUCTOR SUMMARY ======== -->
+
+
+<!-- ========== METHOD SUMMARY =========== -->
+
+<A NAME="method_summary"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Method Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/HttpURLConnection.html">HttpURLConnection</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html#buildConnection(javax.servlet.http.HttpServletRequest, java.lang.String, java.lang.String, javax.net.ssl.SSLSocketFactory)">buildConnection</A></B>(javax.servlet.http.HttpServletRequest&nbsp;request,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;publicURLPrefix,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;realURLPrefix,
+ javax.net.ssl.SSLSocketFactory&nbsp;sslSocketFactory)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Builds an HttpURLConnection to a <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URL.html"><CODE>URL</CODE></A> which is derived
+ from an <CODE>HttpServletRequest</CODE> URL, by substitution of a
+ public URL prefix for the real URL prefix.<br>
+ The HttpURLConnection has been created by <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URL.html#openConnection()"><CODE>URL.openConnection()</CODE></A>, but
+ it has not yet been connected to by <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URLConnection.html#connect()"><CODE>URLConnection.connect()</CODE></A>.<br>
+ The field settings of the HttpURLConnection are:
+
+ <code>allowUserInteraction = false</code>
+ <code>doInput = true</code>
+ <code>doOutput = true</code>
+ <code>requestMethod = request.getMethod()</code>
+ <code>useCaches = false</code>
+ </TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<!-- ============ FIELD DETAIL =========== -->
+
+
+<!-- ========= CONSTRUCTOR DETAIL ======== -->
+
+
+<!-- ============ METHOD DETAIL ========== -->
+
+<A NAME="method_detail"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Method Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="buildConnection(javax.servlet.http.HttpServletRequest, java.lang.String, java.lang.String, javax.net.ssl.SSLSocketFactory)"><!-- --></A><H3>
+buildConnection</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/HttpURLConnection.html">HttpURLConnection</A> <B>buildConnection</B>(javax.servlet.http.HttpServletRequest&nbsp;request,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;publicURLPrefix,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;realURLPrefix,
+ javax.net.ssl.SSLSocketFactory&nbsp;sslSocketFactory)
+ throws <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/io/IOException.html">IOException</A></PRE>
+<DL>
+<DD>Builds an HttpURLConnection to a <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URL.html"><CODE>URL</CODE></A> which is derived
+ from an <CODE>HttpServletRequest</CODE> URL, by substitution of a
+ public URL prefix for the real URL prefix.<br>
+ The HttpURLConnection has been created by <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URL.html#openConnection()"><CODE>URL.openConnection()</CODE></A>, but
+ it has not yet been connected to by <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URLConnection.html#connect()"><CODE>URLConnection.connect()</CODE></A>.<br>
+ The field settings of the HttpURLConnection are:
+ <ul>
+ <li><code>allowUserInteraction = false</code></li>
+ <li><code>doInput = true</code></li>
+ <li><code>doOutput = true</code></li>
+ <li><code>requestMethod = request.getMethod()</code></li>
+ <li><code>useCaches = false</code></li>
+ </ul><DD><DL>
+<DT><B>Parameters:</B><DD><CODE>request</CODE> - the incoming request which shall be forwarded<DD><CODE>publicURLPrefix</CODE> - the public URL prefix to be substituted by the real URL prefix<DD><CODE>realURLPrefix</CODE> - the URL prefix to substitute the public URL prefix<DD><CODE>sslSocketFactory</CODE> - factory to be used for creating an SSL socket in case
+ of a URL for scheme <code>"https:"</code>;
+ <br>if <code>null</code>, the default SSL socket factory would be used<DT><B>Returns:</B><DD>a URLConnection created by <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URL.html#openConnection()"><CODE>URL.openConnection()</CODE></A>, connecting to
+ the requested URL with <code>publicURLPrefix</code> substituted by <code>realURLPrefix</code><DT><B>Throws:</B><DD><A HREF="http://java.sun.com/j2se/1.3/docs/api/java/io/IOException.html">IOException</A> - if an I/O exception occurs during opening the connection<DT><B>See Also: </B><DD><A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URL.html#openConnection()"><CODE>URL.openConnection()</CODE></A>,
+<CODE>com.sun.net.ssl.HttpsURLConnection#getDefaultSSLSocketFactory()</CODE></DL>
+</DD>
+</DL>
+<!-- ========= END OF CLASS DATA ========= -->
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/ConnectionBuilder.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html"><B>PREV CLASS</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html"><B>NEXT CLASS</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="ConnectionBuilder.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY: &nbsp;INNER&nbsp;|&nbsp;FIELD&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL: &nbsp;FIELD&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id.server/doc/api-doc/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html b/id.server/doc/api-doc/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html
new file mode 100644
index 000000000..717ab1ee6
--- /dev/null
+++ b/id.server/doc/api-doc/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html
@@ -0,0 +1,364 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: Interface LoginParameterResolver
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/LoginParameterResolver.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html"><B>PREV CLASS</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html"><B>NEXT CLASS</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="LoginParameterResolver.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY: &nbsp;INNER&nbsp;|&nbsp;<A HREF="#field_summary">FIELD</A>&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL: &nbsp;<A HREF="#field_detail">FIELD</A>&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<!-- ======== START OF CLASS DATA ======== -->
+<H2>
+<FONT SIZE="-1">
+at.gv.egovernment.moa.id.proxy</FONT>
+<BR>
+Interface LoginParameterResolver</H2>
+<HR>
+<DL>
+<DT>public interface <B>LoginParameterResolver</B></DL>
+
+<P>
+Determines authentication parameters and headers to be added to a <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URLConnection.html"><CODE>URLConnection</CODE></A>
+ to the remote online application.
+ Utilizes <A HREF="../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html"><CODE>OAConfiguration</CODE></A> and <A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html"><CODE>AuthenticationData</CODE></A>.
+<P>
+<HR>
+
+<P>
+<!-- ======== INNER CLASS SUMMARY ======== -->
+
+
+<!-- =========== FIELD SUMMARY =========== -->
+
+<A NAME="field_summary"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Field Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOABKZ">MOABKZ</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOADateOfBirth">MOADateOfBirth</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAFamilyName">MOAFamilyName</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAGivenName">MOAGivenName</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constants used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code>,
+ naming predicates used by the <code>LoginParameterResolver</code>.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAIPAddress">MOAIPAddress</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAPublicAuthority">MOAPublicAuthority</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAQualifiedCertificate">MOAQualifiedCertificate</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAVPK">MOAVPK</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAZMRZahl">MOAZMRZahl</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+</TABLE>
+&nbsp;
+<!-- ======== CONSTRUCTOR SUMMARY ======== -->
+
+
+<!-- ========== METHOD SUMMARY =========== -->
+
+<A NAME="method_summary"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Method Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html">Map</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#getAuthenticationHeaders(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)">getAuthenticationHeaders</A></B>(<A HREF="../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>&nbsp;oaConf,
+ <A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>&nbsp;authData,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;clientIPAddress)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns authentication headers to be added to a URLConnection.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html">Map</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#getAuthenticationParameters(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)">getAuthenticationParameters</A></B>(<A HREF="../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>&nbsp;oaConf,
+ <A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>&nbsp;authData,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;clientIPAddress)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns request parameters to be added to a URLConnection.</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<!-- ============ FIELD DETAIL =========== -->
+
+<A NAME="field_detail"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Field Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="MOAGivenName"><!-- --></A><H3>
+MOAGivenName</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>MOAGivenName</B></PRE>
+<DL>
+<DD>Constants used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code>,
+ naming predicates used by the <code>LoginParameterResolver</code>.</DL>
+<HR>
+
+<A NAME="MOAFamilyName"><!-- --></A><H3>
+MOAFamilyName</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>MOAFamilyName</B></PRE>
+<DL>
+</DL>
+<HR>
+
+<A NAME="MOADateOfBirth"><!-- --></A><H3>
+MOADateOfBirth</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>MOADateOfBirth</B></PRE>
+<DL>
+</DL>
+<HR>
+
+<A NAME="MOAVPK"><!-- --></A><H3>
+MOAVPK</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>MOAVPK</B></PRE>
+<DL>
+</DL>
+<HR>
+
+<A NAME="MOAPublicAuthority"><!-- --></A><H3>
+MOAPublicAuthority</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>MOAPublicAuthority</B></PRE>
+<DL>
+</DL>
+<HR>
+
+<A NAME="MOABKZ"><!-- --></A><H3>
+MOABKZ</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>MOABKZ</B></PRE>
+<DL>
+</DL>
+<HR>
+
+<A NAME="MOAQualifiedCertificate"><!-- --></A><H3>
+MOAQualifiedCertificate</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>MOAQualifiedCertificate</B></PRE>
+<DL>
+</DL>
+<HR>
+
+<A NAME="MOAZMRZahl"><!-- --></A><H3>
+MOAZMRZahl</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>MOAZMRZahl</B></PRE>
+<DL>
+</DL>
+<HR>
+
+<A NAME="MOAIPAddress"><!-- --></A><H3>
+MOAIPAddress</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>MOAIPAddress</B></PRE>
+<DL>
+</DL>
+
+<!-- ========= CONSTRUCTOR DETAIL ======== -->
+
+
+<!-- ============ METHOD DETAIL ========== -->
+
+<A NAME="method_detail"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Method Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="getAuthenticationHeaders(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)"><!-- --></A><H3>
+getAuthenticationHeaders</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html">Map</A> <B>getAuthenticationHeaders</B>(<A HREF="../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>&nbsp;oaConf,
+ <A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>&nbsp;authData,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;clientIPAddress)</PRE>
+<DL>
+<DD>Returns authentication headers to be added to a URLConnection.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>authConf</CODE> - configuration data<DD><CODE>authData</CODE> - authentication data<DD><CODE>clientIPAddress</CODE> - client IP address<DT><B>Returns:</B><DD>A map, the keys being header names and values being corresponding header values.
+ <br>In case of authentication type <code>"basic-auth"</code>, header fields
+ <code>username</code> and <code>password</code>.
+ <br>In case of authentication type <code>"header-auth"</code>, header fields
+ derived from parameter mapping and authentication data provided.
+ <br>Otherwise, an empty map.</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getAuthenticationParameters(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)"><!-- --></A><H3>
+getAuthenticationParameters</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html">Map</A> <B>getAuthenticationParameters</B>(<A HREF="../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>&nbsp;oaConf,
+ <A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>&nbsp;authData,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;clientIPAddress)</PRE>
+<DL>
+<DD>Returns request parameters to be added to a URLConnection.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>authConf</CODE> - configuration data<DD><CODE>authData</CODE> - authentication data<DD><CODE>clientIPAddress</CODE> - client IP address<DT><B>Returns:</B><DD>A map, the keys being parameter names and values being corresponding parameter values.
+ <br>In case of authentication type <code>"param-auth"</code>, parameters
+ derived from parameter mapping and authentication data provided.
+ <br>Otherwise, an empty map.</DL>
+</DD>
+</DL>
+<!-- ========= END OF CLASS DATA ========= -->
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/LoginParameterResolver.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html"><B>PREV CLASS</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html"><B>NEXT CLASS</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="LoginParameterResolver.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY: &nbsp;INNER&nbsp;|&nbsp;<A HREF="#field_summary">FIELD</A>&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL: &nbsp;<A HREF="#field_detail">FIELD</A>&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id.server/doc/api-doc/at/gv/egovernment/moa/id/proxy/class-use/ConnectionBuilder.html b/id.server/doc/api-doc/at/gv/egovernment/moa/id/proxy/class-use/ConnectionBuilder.html
new file mode 100644
index 000000000..c40b34e9f
--- /dev/null
+++ b/id.server/doc/api-doc/at/gv/egovernment/moa/id/proxy/class-use/ConnectionBuilder.html
@@ -0,0 +1,91 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: Uses of Interface at.gv.egovernment.moa.id.proxy.ConnectionBuilder
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../../stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="ConnectionBuilder.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<CENTER>
+<H2>
+<B>Uses of Interface<br>at.gv.egovernment.moa.id.proxy.ConnectionBuilder</B></H2>
+</CENTER>
+No usage of at.gv.egovernment.moa.id.proxy.ConnectionBuilder
+<P>
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="ConnectionBuilder.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id.server/doc/api-doc/at/gv/egovernment/moa/id/proxy/class-use/LoginParameterResolver.html b/id.server/doc/api-doc/at/gv/egovernment/moa/id/proxy/class-use/LoginParameterResolver.html
new file mode 100644
index 000000000..9bad43a2a
--- /dev/null
+++ b/id.server/doc/api-doc/at/gv/egovernment/moa/id/proxy/class-use/LoginParameterResolver.html
@@ -0,0 +1,91 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: Uses of Interface at.gv.egovernment.moa.id.proxy.LoginParameterResolver
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../../stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="LoginParameterResolver.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<CENTER>
+<H2>
+<B>Uses of Interface<br>at.gv.egovernment.moa.id.proxy.LoginParameterResolver</B></H2>
+</CENTER>
+No usage of at.gv.egovernment.moa.id.proxy.LoginParameterResolver
+<P>
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="LoginParameterResolver.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id.server/doc/api-doc/deprecated-list.html b/id.server/doc/api-doc/deprecated-list.html
new file mode 100644
index 000000000..78f7d881f
--- /dev/null
+++ b/id.server/doc/api-doc/deprecated-list.html
@@ -0,0 +1,89 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: Deprecated List
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Deprecated</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="deprecated-list.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<CENTER>
+<H2>
+<B>Deprecated API</B></H2>
+</CENTER>
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Deprecated</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="deprecated-list.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id.server/doc/api-doc/help-doc.html b/id.server/doc/api-doc/help-doc.html
new file mode 100644
index 000000000..79438069d
--- /dev/null
+++ b/id.server/doc/api-doc/help-doc.html
@@ -0,0 +1,142 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: API Help
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Help</B></FONT>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="help-doc.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<CENTER>
+<H1>
+How This API Document Is Organized</H1>
+</CENTER>
+This API (Application Programming Interface) document has pages corresponding to the items in the navigation bar, described as follows.<H3>
+Package</H3>
+<BLOCKQUOTE>
+
+<P>
+Each package has a page that contains a list of its classes and interfaces, with a summary for each. This page can contain four categories:<UL>
+<LI>Interfaces (italic)<LI>Classes<LI>Exceptions<LI>Errors</UL>
+</BLOCKQUOTE>
+<H3>
+Class/Interface</H3>
+<BLOCKQUOTE>
+
+<P>
+Each class, interface, inner class and inner interface has its own separate page. Each of these pages has three sections consisting of a class/interface description, summary tables, and detailed member descriptions:<UL>
+<LI>Class inheritance diagram<LI>Direct Subclasses<LI>All Known Subinterfaces<LI>All Known Implementing Classes<LI>Class/interface declaration<LI>Class/interface description
+<P>
+<LI>Inner Class Summary<LI>Field Summary<LI>Constructor Summary<LI>Method Summary
+<P>
+<LI>Field Detail<LI>Constructor Detail<LI>Method Detail</UL>
+Each summary entry contains the first sentence from the detailed description for that item. The summary entries are alphabetical, while the detailed descriptions are in the order they appear in the source code. This preserves the logical groupings established by the programmer.</BLOCKQUOTE>
+<H3>
+Use</H3>
+<BLOCKQUOTE>
+Each documented package, class and interface has its own Use page. This page describes what packages, classes, methods, constructors and fields use any part of the given class or package. Given a class or interface A, its Use page includes subclasses of A, fields declared as A, methods that return A, and methods and constructors with parameters of type A. You can access this page by first going to the package, class or interface, then clicking on the "Use" link in the navigation bar.</BLOCKQUOTE>
+<H3>
+Tree (Class Hierarchy)</H3>
+<BLOCKQUOTE>
+There is a <A HREF="overview-tree.html">Class Hierarchy</A> page for all packages, plus a hierarchy for each package. Each hierarchy page contains a list of classes and a list of interfaces. The classes are organized by inheritance structure starting with <code>java.lang.Object</code>. The interfaces do not inherit from <code>java.lang.Object</code>.<UL>
+<LI>When viewing the Overview page, clicking on "Tree" displays the hierarchy for all packages.<LI>When viewing a particular package, class or interface page, clicking "Tree" displays the hierarchy for only that package.</UL>
+</BLOCKQUOTE>
+<H3>
+Deprecated API</H3>
+<BLOCKQUOTE>
+The <A HREF="deprecated-list.html">Deprecated API</A> page lists all of the API that have been deprecated. A deprecated API is not recommended for use, generally due to improvements, and a replacement API is usually given. Deprecated APIs may be removed in future implementations.</BLOCKQUOTE>
+<H3>
+Index</H3>
+<BLOCKQUOTE>
+The <A HREF="index-all.html">Index</A> contains an alphabetic list of all classes, interfaces, constructors, methods, and fields.</BLOCKQUOTE>
+<H3>
+Prev/Next</H3>
+These links take you to the next or previous class, interface, package, or related page.<H3>
+Frames/No Frames</H3>
+These links show and hide the HTML frames. All pages are available with or without frames.
+<P>
+<H3>
+Serialized Form</H3>
+Each serializable or externalizable class has a description of its serialization fields and methods. This information is of interest to re-implementors, not to developers using the API. While there is no link in the navigation bar, you can get to this information by going to any serialized class and clicking "Serialized Form" in the "See also" section of the class description.
+<P>
+<FONT SIZE="-1">
+<EM>
+This help file applies to API documentation generated using the standard doclet. </EM>
+</FONT>
+<BR>
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Help</B></FONT>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="help-doc.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id.server/doc/api-doc/index-all.html b/id.server/doc/api-doc/index-all.html
new file mode 100644
index 000000000..a66b0252e
--- /dev/null
+++ b/id.server/doc/api-doc/index-all.html
@@ -0,0 +1,422 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: Index
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Index</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="index-all.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<A HREF="#_A_">A</A> <A HREF="#_B_">B</A> <A HREF="#_C_">C</A> <A HREF="#_G_">G</A> <A HREF="#_H_">H</A> <A HREF="#_I_">I</A> <A HREF="#_L_">L</A> <A HREF="#_M_">M</A> <A HREF="#_O_">O</A> <A HREF="#_P_">P</A> <A HREF="#_R_">R</A> <A HREF="#_S_">S</A> <A HREF="#_V_">V</A> <HR>
+<A NAME="_A_"><!-- --></A><H2>
+<B>A</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html"><B>AuthenticationData</B></A> - class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>.<DD>Encapsulates authentication data contained in a <code>&lt;saml:Assertion&gt;</code>.<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#AuthenticationData()"><B>AuthenticationData()</B></A> -
+Constructor for class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Constructor for AuthenticationData.
+<DT><A HREF="at/gv/egovernment/moa/id/AuthenticationException.html"><B>AuthenticationException</B></A> - class at.gv.egovernment.moa.id.<A HREF="at/gv/egovernment/moa/id/AuthenticationException.html">AuthenticationException</A>.<DD>Exception thrown during handling of AuthenticationSession<DT><A HREF="at/gv/egovernment/moa/id/AuthenticationException.html#AuthenticationException(java.lang.String, java.lang.Object[])"><B>AuthenticationException(String, Object[])</B></A> -
+Constructor for class at.gv.egovernment.moa.id.<A HREF="at/gv/egovernment/moa/id/AuthenticationException.html">AuthenticationException</A>
+<DD>Constructor for AuthenticationException.
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html"><B>AuthenticationServer</B></A> - class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A>.<DD>API for MOA ID Authentication Service.<br>
+ <CODE>AuthenticationSession</CODE> is stored in a session store and retrieved
+ by giving the session ID.<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#AuthenticationServer()"><B>AuthenticationServer()</B></A> -
+Constructor for class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A>
+<DD>Constructor for AuthenticationServer.
+</DL>
+<HR>
+<A NAME="_B_"><!-- --></A><H2>
+<B>B</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#BASIC_AUTH"><B>BASIC_AUTH</B></A> -
+Static variable in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>&nbsp;
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html#buildConnection(javax.servlet.http.HttpServletRequest, java.lang.String, java.lang.String, javax.net.ssl.SSLSocketFactory)"><B>buildConnection(HttpServletRequest, String, String, SSLSocketFactory)</B></A> -
+Method in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html">ConnectionBuilder</A>
+<DD>Builds an HttpURLConnection to a <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URL.html"><CODE>URL</CODE></A> which is derived
+ from an <CODE>HttpServletRequest</CODE> URL, by substitution of a
+ public URL prefix for the real URL prefix.<br>
+ The HttpURLConnection has been created by <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URL.html#openConnection()"><CODE>URL.openConnection()</CODE></A>, but
+ it has not yet been connected to by <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URLConnection.html#connect()"><CODE>URLConnection.connect()</CODE></A>.<br>
+ The field settings of the HttpURLConnection are:
+
+ <code>allowUserInteraction = false</code>
+ <code>doInput = true</code>
+ <code>doOutput = true</code>
+ <code>requestMethod = request.getMethod()</code>
+ <code>useCaches = false</code>
+
+</DL>
+<HR>
+<A NAME="_C_"><!-- --></A><H2>
+<B>C</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#cleanup()"><B>cleanup()</B></A> -
+Method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A>
+<DD>Cleans up expired session and authentication data stores.
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html"><B>ConnectionBuilder</B></A> - interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html">ConnectionBuilder</A>.<DD>Builder for <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URLConnection.html"><CODE>URLConnection</CODE></A> objects used to forward requests
+ to the remote online application.</DL>
+<HR>
+<A NAME="_G_"><!-- --></A><H2>
+<B>G</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getAssertionID()"><B>getAssertionID()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Returns the assertionID.
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#getAuthenticationData(java.lang.String)"><B>getAuthenticationData(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A>
+<DD>Retrieves <code>AuthenticationData</code> indexed by the SAML artifact.
+
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#getAuthenticationHeaders(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)"><B>getAuthenticationHeaders(OAConfiguration, AuthenticationData, String)</B></A> -
+Method in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html">LoginParameterResolver</A>
+<DD>Returns authentication headers to be added to a URLConnection.
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#getAuthenticationParameters(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)"><B>getAuthenticationParameters(OAConfiguration, AuthenticationData, String)</B></A> -
+Method in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html">LoginParameterResolver</A>
+<DD>Returns request parameters to be added to a URLConnection.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getAuthType()"><B>getAuthType()</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>Returns the authType.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getBasicAuthPasswordMapping()"><B>getBasicAuthPasswordMapping()</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>Returns the basicAuthPasswordMapping.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getBasicAuthUserIDMapping()"><B>getBasicAuthUserIDMapping()</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>Returns the basicAuthUserIDMapping.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getDateOfBirth()"><B>getDateOfBirth()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Returns the dateOfBirth.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getFamilyName()"><B>getFamilyName()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Returns the familyName.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getGivenName()"><B>getGivenName()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Returns the givenName.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getHeaderAuthMapping()"><B>getHeaderAuthMapping()</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>Returns the headerAuthMapping.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getIdentificationValue()"><B>getIdentificationValue()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Returns the identificationValue.
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#getInstance()"><B>getInstance()</B></A> -
+Static method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A>
+<DD>Returns the single instance of <code>AuthenticationServer</code>.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getIssueInstant()"><B>getIssueInstant()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Returns the issueInstant.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getIssuer()"><B>getIssuer()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Returns the issuer.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getLoginType()"><B>getLoginType()</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>Returns the loginType.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getMajorVersion()"><B>getMajorVersion()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Returns the majorVersion.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getMinorVersion()"><B>getMinorVersion()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Returns the minorVersion.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getParamAuthMapping()"><B>getParamAuthMapping()</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>Returns the paramAuthMapping.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getPublicAuthorityCode()"><B>getPublicAuthorityCode()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Returns the publicAuthorityCode.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getSamlAssertion()"><B>getSamlAssertion()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Returns the samlAssertion.
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#getSession(java.lang.String)"><B>getSession(String)</B></A> -
+Static method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A>
+<DD>Retrieves a session from the session store.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getTimestamp()"><B>getTimestamp()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Returns the timestamp.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getVPK()"><B>getVPK()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Returns the vpk.
+</DL>
+<HR>
+<A NAME="_H_"><!-- --></A><H2>
+<B>H</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#HEADER_AUTH"><B>HEADER_AUTH</B></A> -
+Static variable in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>&nbsp;
+</DL>
+<HR>
+<A NAME="_I_"><!-- --></A><H2>
+<B>I</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#isPublicAuthority()"><B>isPublicAuthority()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Returns the publicAuthority.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#isQualifiedCertificate()"><B>isQualifiedCertificate()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Returns the qualifiedCertificate.
+</DL>
+<HR>
+<A NAME="_L_"><!-- --></A><H2>
+<B>L</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html"><B>LoginParameterResolver</B></A> - interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html">LoginParameterResolver</A>.<DD>Determines authentication parameters and headers to be added to a <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URLConnection.html"><CODE>URLConnection</CODE></A>
+ to the remote online application.
+ <DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#LOGINTYPE_STATEFUL"><B>LOGINTYPE_STATEFUL</B></A> -
+Static variable in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>&nbsp;
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#LOGINTYPE_STATELESS"><B>LOGINTYPE_STATELESS</B></A> -
+Static variable in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>&nbsp;
+</DL>
+<HR>
+<A NAME="_M_"><!-- --></A><H2>
+<B>M</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOABKZ"><B>MOABKZ</B></A> -
+Static variable in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html">LoginParameterResolver</A>
+<DD>&nbsp;
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOADateOfBirth"><B>MOADateOfBirth</B></A> -
+Static variable in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html">LoginParameterResolver</A>
+<DD>&nbsp;
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAFamilyName"><B>MOAFamilyName</B></A> -
+Static variable in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html">LoginParameterResolver</A>
+<DD>&nbsp;
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAGivenName"><B>MOAGivenName</B></A> -
+Static variable in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html">LoginParameterResolver</A>
+<DD>Constants used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code>,
+ naming predicates used by the <code>LoginParameterResolver</code>.
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAIPAddress"><B>MOAIPAddress</B></A> -
+Static variable in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html">LoginParameterResolver</A>
+<DD>&nbsp;
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAPublicAuthority"><B>MOAPublicAuthority</B></A> -
+Static variable in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html">LoginParameterResolver</A>
+<DD>&nbsp;
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAQualifiedCertificate"><B>MOAQualifiedCertificate</B></A> -
+Static variable in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html">LoginParameterResolver</A>
+<DD>&nbsp;
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAVPK"><B>MOAVPK</B></A> -
+Static variable in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html">LoginParameterResolver</A>
+<DD>&nbsp;
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAZMRZahl"><B>MOAZMRZahl</B></A> -
+Static variable in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html">LoginParameterResolver</A>
+<DD>&nbsp;
+</DL>
+<HR>
+<A NAME="_O_"><!-- --></A><H2>
+<B>O</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html"><B>OAConfiguration</B></A> - class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>.<DD>Holds configuration data concerning an online application for use by the MOA-ID Proxy component.
+ <DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#OAConfiguration()"><B>OAConfiguration()</B></A> -
+Constructor for class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>&nbsp;
+</DL>
+<HR>
+<A NAME="_P_"><!-- --></A><H2>
+<B>P</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#PARAM_AUTH"><B>PARAM_AUTH</B></A> -
+Static variable in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>&nbsp;
+</DL>
+<HR>
+<A NAME="_R_"><!-- --></A><H2>
+<B>R</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#REQ_START_AUTHENTICATION"><B>REQ_START_AUTHENTICATION</B></A> -
+Static variable in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A>
+<DD>Request name <CODE>at.gv.egovernment.moa.id.auth.servlet.StartAuthenticationServlet</CODE> is mapped to
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#REQ_VERIFY_AUTH_BLOCK"><B>REQ_VERIFY_AUTH_BLOCK</B></A> -
+Static variable in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A>
+<DD>Request name <CODE>at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet</CODE> is mapped to
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#REQ_VERIFY_IDENTITY_LINK"><B>REQ_VERIFY_IDENTITY_LINK</B></A> -
+Static variable in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A>
+<DD>Request name <CODE>at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet</CODE> is mapped to
+</DL>
+<HR>
+<A NAME="_S_"><!-- --></A><H2>
+<B>S</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#selectBKU(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)"><B>selectBKU(String, String, String, String, String)</B></A> -
+Method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A>
+<DD>Processes request to select a BKU.
+
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setAssertionID(java.lang.String)"><B>setAssertionID(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Sets the assertionID.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setAuthType(java.lang.String)"><B>setAuthType(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>Sets the authType.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setBasicAuthPasswordMapping(java.lang.String)"><B>setBasicAuthPasswordMapping(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>Sets the basicAuthPasswordMapping.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setBasicAuthUserIDMapping(java.lang.String)"><B>setBasicAuthUserIDMapping(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>Sets the basicAuthUserIDMapping.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setDateOfBirth(java.lang.String)"><B>setDateOfBirth(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Sets the dateOfBirth.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setFamilyName(java.lang.String)"><B>setFamilyName(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Sets the familyName.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setGivenName(java.lang.String)"><B>setGivenName(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Sets the givenName.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setHeaderAuthMapping(java.util.HashMap)"><B>setHeaderAuthMapping(HashMap)</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>Sets the headerAuthMapping.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setIdentificationValue(java.lang.String)"><B>setIdentificationValue(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Sets the identificationValue.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setIssueInstant(java.lang.String)"><B>setIssueInstant(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Sets the issueInstant.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setIssuer(java.lang.String)"><B>setIssuer(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Sets the issuer.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setLoginType(java.lang.String)"><B>setLoginType(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>Sets the loginType.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setMajorVersion(int)"><B>setMajorVersion(int)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Sets the majorVersion.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setMinorVersion(int)"><B>setMinorVersion(int)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Sets the minorVersion.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setParamAuthMapping(java.util.HashMap)"><B>setParamAuthMapping(HashMap)</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>Sets the paramAuthMapping.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setPublicAuthority(boolean)"><B>setPublicAuthority(boolean)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Sets the publicAuthority.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setPublicAuthorityCode(java.lang.String)"><B>setPublicAuthorityCode(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Sets the publicAuthorityCode.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setQualifiedCertificate(boolean)"><B>setQualifiedCertificate(boolean)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Sets the qualifiedCertificate.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setSamlAssertion(java.lang.String)"><B>setSamlAssertion(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Sets the samlAssertion.
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#setSecondsAuthDataTimeOut(long)"><B>setSecondsAuthDataTimeOut(long)</B></A> -
+Method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A>
+<DD>Sets the authDataTimeOut.
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#setSecondsSessionTimeOut(long)"><B>setSecondsSessionTimeOut(long)</B></A> -
+Method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A>
+<DD>Sets the sessionTimeOut.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setVPK(java.lang.String)"><B>setVPK(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Sets the vpk.
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#startAuthentication(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)"><B>startAuthentication(String, String, String, String, String, String)</B></A> -
+Method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A>
+<DD>Processes the beginning of an authentication session.
+
+</DL>
+<HR>
+<A NAME="_V_"><!-- --></A><H2>
+<B>V</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#verifyAuthenticationBlock(java.lang.String, java.lang.String)"><B>verifyAuthenticationBlock(String, String)</B></A> -
+Method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A>
+<DD>Processes a <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
+ security layer implementation.<br>
+
+ Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code>
+ Parses <code>&lt;CreateXMLSignatureResponse&gt;</code> for error codes
+ Parses authentication block enclosed in
+ <code>&lt;CreateXMLSignatureResponse&gt;</code>
+ Verifies authentication block by calling the MOA SP component
+ Creates authentication data
+ Creates a corresponding SAML artifact
+ Stores authentication data in the authentication data store
+ indexed by the SAML artifact
+ Deletes authentication session
+ Returns the SAML artifact, encoded BASE64
+
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#verifyIdentityLink(java.lang.String, java.lang.String)"><B>verifyIdentityLink(String, String)</B></A> -
+Method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A>
+<DD>Processes an <code>&lt;InfoboxReadResponse&gt;</code> sent by the
+ security layer implementation.<br>
+
+ Validates given <code>&lt;InfoboxReadResponse&gt;</code>
+ Parses identity link enclosed in <code>&lt;InfoboxReadResponse&gt;</code>
+ Verifies identity link by calling the MOA SP component
+ Checks certificate authority of identity link
+ Stores identity link in the session
+ Creates an authentication block to be signed by the user
+ Creates and returns a <code>&lt;CreateXMLSignatureRequest&gt;</code>
+ containg the authentication block, meant to be returned to the
+ security layer implementation
+
+</DL>
+<HR>
+<A HREF="#_A_">A</A> <A HREF="#_B_">B</A> <A HREF="#_C_">C</A> <A HREF="#_G_">G</A> <A HREF="#_H_">H</A> <A HREF="#_I_">I</A> <A HREF="#_L_">L</A> <A HREF="#_M_">M</A> <A HREF="#_O_">O</A> <A HREF="#_P_">P</A> <A HREF="#_R_">R</A> <A HREF="#_S_">S</A> <A HREF="#_V_">V</A>
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Index</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="index-all.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id.server/doc/api-doc/index.html b/id.server/doc/api-doc/index.html
new file mode 100644
index 000000000..7eb5deff7
--- /dev/null
+++ b/id.server/doc/api-doc/index.html
@@ -0,0 +1,22 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN""http://www.w3.org/TR/REC-html40/loose.dtd>
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003-->
+<TITLE>
+MOA ID API
+</TITLE>
+</HEAD>
+<FRAMESET cols="20%,80%">
+<FRAME src="allclasses-frame.html" name="packageFrame">
+<FRAME src="at/gv/egovernment/moa/id/data/AuthenticationData.html" name="classFrame">
+</FRAMESET>
+<NOFRAMES>
+<H2>
+Frame Alert</H2>
+
+<P>
+This document is designed to be viewed using the frames feature. If you see this message, you are using a non-frame-capable web client.
+<BR>
+Link to <A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">Non-frame version.</A></NOFRAMES>
+</HTML>
diff --git a/id.server/doc/api-doc/overview-tree.html b/id.server/doc/api-doc/overview-tree.html
new file mode 100644
index 000000000..bcd54df75
--- /dev/null
+++ b/id.server/doc/api-doc/overview-tree.html
@@ -0,0 +1,101 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: Class Hierarchy
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Tree</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="overview-tree.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<CENTER>
+<H2>
+Hierarchy For All Packages</H2>
+</CENTER>
+<H2>
+Class Hierarchy
+</H2>
+<UL>
+<LI TYPE="circle">class java.lang.<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html"><B>Object</B></A><UL>
+<LI TYPE="circle">class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html"><B>AuthenticationData</B></A><LI TYPE="circle">class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html"><B>AuthenticationServer</B></A><LI TYPE="circle">class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html"><B>OAConfiguration</B></A></UL>
+<LI TYPE="circle">class at.gv.egovernment.moa.id.<A HREF="at/gv/egovernment/moa/id/AuthenticationException.html"><B>AuthenticationException</B></A></UL>
+<H2>
+Interface Hierarchy
+</H2>
+<UL>
+<LI TYPE="circle">interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html"><B>ConnectionBuilder</B></A><LI TYPE="circle">interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html"><B>LoginParameterResolver</B></A></UL>
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Tree</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="overview-tree.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id.server/doc/api-doc/package-list b/id.server/doc/api-doc/package-list
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/id.server/doc/api-doc/package-list
diff --git a/id.server/doc/api-doc/packages.html b/id.server/doc/api-doc/packages.html
new file mode 100644
index 000000000..f5dd01736
--- /dev/null
+++ b/id.server/doc/api-doc/packages.html
@@ -0,0 +1,26 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<BR>
+
+<BR>
+
+<BR>
+<CENTER>
+The front page has been renamed.Please see:
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<A HREF="index.html">Frame version</A>
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">Non-frame version.</A></CENTER>
+
+</BODY>
+</HTML>
diff --git a/id.server/doc/api-doc/serialized-form.html b/id.server/doc/api-doc/serialized-form.html
new file mode 100644
index 000000000..09311e7c2
--- /dev/null
+++ b/id.server/doc/api-doc/serialized-form.html
@@ -0,0 +1,89 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+Serialized Form
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="serialized-form.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<CENTER>
+<H1>
+Serialized Form</H1>
+</CENTER>
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="serialized-form.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id.server/doc/api-doc/stylesheet.css b/id.server/doc/api-doc/stylesheet.css
new file mode 100644
index 000000000..74a3534ae
--- /dev/null
+++ b/id.server/doc/api-doc/stylesheet.css
@@ -0,0 +1,29 @@
+/* Javadoc style sheet */
+
+/* Define colors, fonts and other style attributes here to override the defaults */
+
+/* Page background color */
+body { background-color: #FFFFFF }
+
+/* Table colors */
+#TableHeadingColor { background: #CCCCFF } /* Dark mauve */
+#TableSubHeadingColor { background: #EEEEFF } /* Light mauve */
+#TableRowColor { background: #FFFFFF } /* White */
+
+/* Font used in left-hand frame lists */
+#FrameTitleFont { font-size: normal; font-family: normal }
+#FrameHeadingFont { font-size: normal; font-family: normal }
+#FrameItemFont { font-size: normal; font-family: normal }
+
+/* Example of smaller, sans-serif font in frames */
+/* #FrameItemFont { font-size: 10pt; font-family: Helvetica, Arial, sans-serif } */
+
+/* Navigation bar fonts and colors */
+#NavBarCell1 { background-color:#EEEEFF;}/* Light mauve */
+#NavBarCell1Rev { background-color:#00008B;}/* Dark Blue */
+#NavBarFont1 { font-family: Arial, Helvetica, sans-serif; color:#000000;}
+#NavBarFont1Rev { font-family: Arial, Helvetica, sans-serif; color:#FFFFFF;}
+
+#NavBarCell2 { font-family: Arial, Helvetica, sans-serif; background-color:#FFFFFF;}
+#NavBarCell3 { font-family: Arial, Helvetica, sans-serif; background-color:#FFFFFF;}
+
diff --git a/id.server/doc/bku-auswahl.20030408.pdf b/id.server/doc/bku-auswahl.20030408.pdf
new file mode 100644
index 000000000..39efe315f
--- /dev/null
+++ b/id.server/doc/bku-auswahl.20030408.pdf
Binary files differ
diff --git a/id.server/doc/cs-sstc-schema-assertion-01.xsd b/id.server/doc/cs-sstc-schema-assertion-01.xsd
new file mode 100644
index 000000000..8bc5af147
--- /dev/null
+++ b/id.server/doc/cs-sstc-schema-assertion-01.xsd
@@ -0,0 +1,194 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XML Spy v3.5 NT (http://www.xmlspy.com) by Phill Hallam-Baker (VeriSign Inc.) -->
+<schema targetNamespace="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns="http://www.w3.org/2001/XMLSchema" elementFormDefault="unqualified">
+ <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+ <annotation>
+ <documentation>
+ Document identifier: cs-sstc-schema-assertion-01
+ Location: http://www.oasis-open.org/committees/security/docs/
+ </documentation>
+ </annotation>
+ <simpleType name="IDType">
+ <restriction base="string"/>
+ </simpleType>
+ <simpleType name="IDReferenceType">
+ <restriction base="string"/>
+ </simpleType>
+ <simpleType name="DecisionType">
+ <restriction base="string">
+ <enumeration value="Permit"/>
+ <enumeration value="Deny"/>
+ <enumeration value="Indeterminate"/>
+ </restriction>
+ </simpleType>
+ <element name="AssertionIDReference" type="saml:IDReferenceType"/>
+ <element name="Assertion" type="saml:AssertionType"/>
+ <complexType name="AssertionType">
+ <sequence>
+ <element ref="saml:Conditions" minOccurs="0"/>
+ <element ref="saml:Advice" minOccurs="0"/>
+ <choice maxOccurs="unbounded">
+ <element ref="saml:Statement"/>
+ <element ref="saml:SubjectStatement"/>
+ <element ref="saml:AuthenticationStatement"/>
+ <element ref="saml:AuthorizationDecisionStatement"/>
+ <element ref="saml:AttributeStatement"/>
+ </choice>
+ <element ref="ds:Signature" minOccurs="0"/>
+ </sequence>
+ <attribute name="MajorVersion" type="integer" use="required"/>
+ <attribute name="MinorVersion" type="integer" use="required"/>
+ <attribute name="AssertionID" type="saml:IDType" use="required"/>
+ <attribute name="Issuer" type="string" use="required"/>
+ <attribute name="IssueInstant" type="dateTime" use="required"/>
+ </complexType>
+ <element name="Conditions" type="saml:ConditionsType"/>
+ <complexType name="ConditionsType">
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <element ref="saml:AudienceRestrictionCondition"/>
+ <element ref="saml:Condition"/>
+ </choice>
+ <attribute name="NotBefore" type="dateTime" use="optional"/>
+ <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
+ </complexType>
+ <element name="Condition" type="saml:ConditionAbstractType"/>
+ <complexType name="ConditionAbstractType" abstract="true"/>
+ <element name="AudienceRestrictionCondition" type="saml:AudienceRestrictionConditionType"/>
+ <complexType name="AudienceRestrictionConditionType">
+ <complexContent>
+ <extension base="saml:ConditionAbstractType">
+ <sequence>
+ <element ref="saml:Audience" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="Audience" type="anyURI"/>
+ <element name="Advice" type="saml:AdviceType"/>
+ <complexType name="AdviceType">
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <element ref="saml:AssertionIDReference"/>
+ <element ref="saml:Assertion"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </complexType>
+ <element name="Statement" type="saml:StatementAbstractType"/>
+ <complexType name="StatementAbstractType" abstract="true"/>
+ <element name="SubjectStatement" type="saml:SubjectStatementAbstractType"/>
+ <complexType name="SubjectStatementAbstractType" abstract="true">
+ <complexContent>
+ <extension base="saml:StatementAbstractType">
+ <sequence>
+ <element ref="saml:Subject"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="Subject" type="saml:SubjectType"/>
+ <complexType name="SubjectType">
+ <choice>
+ <sequence>
+ <element ref="saml:NameIdentifier"/>
+ <element ref="saml:SubjectConfirmation" minOccurs="0"/>
+ </sequence>
+ <element ref="saml:SubjectConfirmation"/>
+ </choice>
+ </complexType>
+ <element name="NameIdentifier" type="saml:NameIdentifierType"/>
+ <complexType name="NameIdentifierType">
+ <simpleContent>
+ <extension base="string">
+ <attribute name="NameQualifier" type="string" use="optional"/>
+ <attribute name="Format" type="anyURI" use="optional"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+ <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>
+ <complexType name="SubjectConfirmationType">
+ <sequence>
+ <element ref="saml:ConfirmationMethod" maxOccurs="unbounded"/>
+ <element ref="saml:SubjectConfirmationData" minOccurs="0"/>
+ <element ref="ds:KeyInfo" minOccurs="0"/>
+ </sequence>
+ </complexType>
+ <element name="SubjectConfirmationData" type="anyType"/>
+ <element name="ConfirmationMethod" type="anyURI"/>
+ <element name="AuthenticationStatement" type="saml:AuthenticationStatementType"/>
+ <complexType name="AuthenticationStatementType">
+ <complexContent>
+ <extension base="saml:SubjectStatementAbstractType">
+ <sequence>
+ <element ref="saml:SubjectLocality" minOccurs="0"/>
+ <element ref="saml:AuthorityBinding" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="AuthenticationMethod" type="anyURI" use="required"/>
+ <attribute name="AuthenticationInstant" type="dateTime" use="required"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="SubjectLocality" type="saml:SubjectLocalityType"/>
+ <complexType name="SubjectLocalityType">
+ <attribute name="IPAddress" type="string" use="optional"/>
+ <attribute name="DNSAddress" type="string" use="optional"/>
+ </complexType>
+ <element name="AuthorityBinding" type="saml:AuthorityBindingType"/>
+ <complexType name="AuthorityBindingType">
+ <attribute name="AuthorityKind" type="QName" use="required"/>
+ <attribute name="Location" type="anyURI" use="required"/>
+ <attribute name="Binding" type="anyURI" use="required"/>
+ </complexType>
+ <element name="AuthorizationDecisionStatement" type="saml:AuthorizationDecisionStatementType"/>
+ <complexType name="AuthorizationDecisionStatementType">
+ <complexContent>
+ <extension base="saml:SubjectStatementAbstractType">
+ <sequence>
+ <element ref="saml:Action" maxOccurs="unbounded"/>
+ <element ref="saml:Evidence" minOccurs="0"/>
+ </sequence>
+ <attribute name="Resource" type="anyURI" use="required"/>
+ <attribute name="Decision" type="saml:DecisionType" use="required"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="Action" type="saml:ActionType"/>
+ <complexType name="ActionType">
+ <simpleContent>
+ <extension base="string">
+ <attribute name="Namespace" type="anyURI"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+ <element name="Evidence" type="saml:EvidenceType"/>
+ <complexType name="EvidenceType">
+ <choice maxOccurs="unbounded">
+ <element ref="saml:AssertionIDReference"/>
+ <element ref="saml:Assertion"/>
+ </choice>
+ </complexType>
+ <element name="AttributeStatement" type="saml:AttributeStatementType"/>
+ <complexType name="AttributeStatementType">
+ <complexContent>
+ <extension base="saml:SubjectStatementAbstractType">
+ <sequence>
+ <element ref="saml:Attribute" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AttributeDesignator" type="saml:AttributeDesignatorType"/>
+ <complexType name="AttributeDesignatorType">
+ <attribute name="AttributeName" type="string" use="required"/>
+ <attribute name="AttributeNamespace" type="anyURI" use="required"/>
+ </complexType>
+ <element name="Attribute" type="saml:AttributeType"/>
+ <complexType name="AttributeType">
+ <complexContent>
+ <extension base="saml:AttributeDesignatorType">
+ <sequence>
+ <element ref="saml:AttributeValue" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AttributeValue" type="anyType"/>
+</schema>
diff --git a/id.server/doc/cs-sstc-schema-protocol-01.xsd b/id.server/doc/cs-sstc-schema-protocol-01.xsd
new file mode 100644
index 000000000..ecad05b0f
--- /dev/null
+++ b/id.server/doc/cs-sstc-schema-protocol-01.xsd
@@ -0,0 +1,127 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XML Spy v4.2 U (http://www.xmlspy.com) by Phillip Hallam-Baker (Phillip Hallam-Baker) -->
+<schema targetNamespace="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns="http://www.w3.org/2001/XMLSchema" elementFormDefault="unqualified">
+ <import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="cs-sstc-schema-assertion-01.xsd"/>
+ <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+ <annotation>
+ <documentation>
+ Document identifier: cs-sstc-schema-protocol-01
+ Location: http://www.oasis-open.org/committees/security/docs/
+ </documentation>
+ </annotation>
+ <complexType name="RequestAbstractType" abstract="true">
+ <sequence>
+ <element ref="samlp:RespondWith" minOccurs="0" maxOccurs="unbounded"/>
+ <element ref="ds:Signature" minOccurs="0"/>
+ </sequence>
+ <attribute name="RequestID" type="saml:IDType" use="required"/>
+ <attribute name="MajorVersion" type="integer" use="required"/>
+ <attribute name="MinorVersion" type="integer" use="required"/>
+ <attribute name="IssueInstant" type="dateTime" use="required"/>
+ </complexType>
+ <element name="RespondWith" type="QName"/>
+ <element name="Request" type="samlp:RequestType"/>
+ <complexType name="RequestType">
+ <complexContent>
+ <extension base="samlp:RequestAbstractType">
+ <choice>
+ <element ref="samlp:Query"/>
+ <element ref="samlp:SubjectQuery"/>
+ <element ref="samlp:AuthenticationQuery"/>
+ <element ref="samlp:AttributeQuery"/>
+ <element ref="samlp:AuthorizationDecisionQuery"/>
+ <element ref="saml:AssertionIDReference" maxOccurs="unbounded"/>
+ <element ref="samlp:AssertionArtifact" maxOccurs="unbounded"/>
+ </choice>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AssertionArtifact" type="string"/>
+ <element name="Query" type="samlp:QueryAbstractType"/>
+ <complexType name="QueryAbstractType" abstract="true"/>
+ <element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>
+ <complexType name="SubjectQueryAbstractType" abstract="true">
+ <complexContent>
+ <extension base="samlp:QueryAbstractType">
+ <sequence>
+ <element ref="saml:Subject"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AuthenticationQuery" type="samlp:AuthenticationQueryType"/>
+ <complexType name="AuthenticationQueryType">
+ <complexContent>
+ <extension base="samlp:SubjectQueryAbstractType">
+ <attribute name="AuthenticationMethod" type="anyURI"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AttributeQuery" type="samlp:AttributeQueryType"/>
+ <complexType name="AttributeQueryType">
+ <complexContent>
+ <extension base="samlp:SubjectQueryAbstractType">
+ <sequence>
+ <element ref="saml:AttributeDesignator" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Resource" type="anyURI" use="optional"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AuthorizationDecisionQuery" type="samlp:AuthorizationDecisionQueryType"/>
+ <complexType name="AuthorizationDecisionQueryType">
+ <complexContent>
+ <extension base="samlp:SubjectQueryAbstractType">
+ <sequence>
+ <element ref="saml:Action" maxOccurs="unbounded"/>
+ <element ref="saml:Evidence" minOccurs="0" maxOccurs="1"/>
+ </sequence>
+ <attribute name="Resource" type="anyURI" use="required"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <complexType name="ResponseAbstractType" abstract="true">
+ <sequence>
+ <element ref="ds:Signature" minOccurs="0"/>
+ </sequence>
+ <attribute name="ResponseID" type="saml:IDType" use="required"/>
+ <attribute name="InResponseTo" type="saml:IDReferenceType" use="optional"/>
+ <attribute name="MajorVersion" type="integer" use="required"/>
+ <attribute name="MinorVersion" type="integer" use="required"/>
+ <attribute name="IssueInstant" type="dateTime" use="required"/>
+ <attribute name="Recipient" type="anyURI" use="optional"/>
+ </complexType>
+ <element name="Response" type="samlp:ResponseType"/>
+ <complexType name="ResponseType">
+ <complexContent>
+ <extension base="samlp:ResponseAbstractType">
+ <sequence>
+ <element ref="samlp:Status"/>
+ <element ref="saml:Assertion" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="Status" type="samlp:StatusType"/>
+ <complexType name="StatusType">
+ <sequence>
+ <element ref="samlp:StatusCode"/>
+ <element ref="samlp:StatusMessage" minOccurs="0" maxOccurs="1"/>
+ <element ref="samlp:StatusDetail" minOccurs="0"/>
+ </sequence>
+ </complexType>
+ <element name="StatusCode" type="samlp:StatusCodeType"/>
+ <complexType name="StatusCodeType">
+ <sequence>
+ <element ref="samlp:StatusCode" minOccurs="0"/>
+ </sequence>
+ <attribute name="Value" type="QName" use="required"/>
+ </complexType>
+ <element name="StatusMessage" type="string"/>
+ <element name="StatusDetail" type="samlp:StatusDetailType"/>
+ <complexType name="StatusDetailType">
+ <sequence>
+ <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ </complexType>
+</schema>
diff --git a/id.server/doc/moa-id.htm b/id.server/doc/moa-id.htm
new file mode 100644
index 000000000..74018a5ab
--- /dev/null
+++ b/id.server/doc/moa-id.htm
@@ -0,0 +1,7 @@
+<html>
+<head>
+<meta http-equiv="refresh" content="0; URL=moa_id/moa.htm">
+
+</head>
+<body></body>
+</html> \ No newline at end of file
diff --git a/id.server/doc/moa_id/examples/BKUSelectionTemplate.html b/id.server/doc/moa_id/examples/BKUSelectionTemplate.html
new file mode 100644
index 000000000..11c9352d2
--- /dev/null
+++ b/id.server/doc/moa_id/examples/BKUSelectionTemplate.html
@@ -0,0 +1,4 @@
+<form name="CustomizedForm" method="post" action="<StartAuth>">
+<BKUSelect>
+<input type="submit" value="Ausw&auml;hlen"/>
+</form>
diff --git a/id.server/doc/moa_id/examples/ChainingModes.txt b/id.server/doc/moa_id/examples/ChainingModes.txt
new file mode 100644
index 000000000..820b60d06
--- /dev/null
+++ b/id.server/doc/moa_id/examples/ChainingModes.txt
@@ -0,0 +1,6 @@
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
diff --git a/id.server/doc/moa_id/examples/IdentityLinkSigners.txt b/id.server/doc/moa_id/examples/IdentityLinkSigners.txt
new file mode 100644
index 000000000..faed15030
--- /dev/null
+++ b/id.server/doc/moa_id/examples/IdentityLinkSigners.txt
@@ -0,0 +1,3 @@
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
diff --git a/id.server/doc/moa_id/examples/LoginServletExample.txt b/id.server/doc/moa_id/examples/LoginServletExample.txt
new file mode 100644
index 000000000..e085e4126
--- /dev/null
+++ b/id.server/doc/moa_id/examples/LoginServletExample.txt
@@ -0,0 +1,171 @@
+import java.io.IOException;
+import java.util.Vector;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import javax.xml.namespace.QName;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.rpc.Call;
+import javax.xml.rpc.Service;
+import javax.xml.rpc.ServiceFactory;
+
+import org.apache.axis.message.SOAPBodyElement;
+import org.apache.xml.serialize.LineSeparator;
+import org.apache.xml.serialize.OutputFormat;
+import org.apache.xml.serialize.XMLSerializer;
+import org.jaxen.JaxenException;
+import org.jaxen.SimpleNamespaceContext;
+import org.jaxen.dom.DOMXPath;
+import org.w3c.dom.Attr;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+/**
+ * Beispiel für ein Login-Servlet, das von MOA-ID-AUTH über einen Redirect aufgerufen wird.
+ * Es werden demonstriert:
+ * - Parameterübergabe von MOA-ID-AUTH
+ * - Aufruf des MOA-ID-AUTH Web Service zum Abholen der Anmeldedaten über das Apache Axis Framework
+ * - Parsen der Anmeldedaten mittels der XPath Engine "Jaxen"
+ * - Speichern der Anmeldedaten in der HTTPSession
+ * - Redirect auf die eigentliche Startseite der OA
+ *
+ * @author Paul Ivancsics
+ */
+public class LoginServletExample extends HttpServlet {
+
+ // Web Service QName und Endpoint
+ private static final QName SERVICE_QNAME = new QName("GetAuthenticationData");
+ private static final String ENDPOINT =
+ "http://localhost:8080/moa-id-auth/services/GetAuthenticationData";
+ // NamespaceContext für Jaxen
+ private static SimpleNamespaceContext NS_CONTEXT;
+ static {
+ NS_CONTEXT = new SimpleNamespaceContext();
+ NS_CONTEXT.addNamespace("saml", "urn:oasis:names:tc:SAML:1.0:assertion");
+ NS_CONTEXT.addNamespace("samlp", "urn:oasis:names:tc:SAML:1.0:protocol");
+ NS_CONTEXT.addNamespace("pr", "http://reference.e-government.gv.at/namespace/persondata/20020228#");
+ }
+
+ /**
+ * Servlet wird von MOA-ID-AUTH nach erfolgter Authentisierung über ein Redirect aufgerufen.
+ */
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ // Parameter "Target" und "SAMLArtifact" aus dem Redirect von MOA-ID-AUTH lesen
+ String target = req.getParameter("Target");
+ String samlArtifact = req.getParameter("SAMLArtifact");
+
+ try {
+ // DOMBuilder instanzieren
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ DocumentBuilder builder = factory.newDocumentBuilder();
+
+ // <samlp:Request> zusammenstellen und in einen DOM-Baum umwandeln
+ String samlRequest =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\"?><samlp:Request IssueInstant=\"2003-01-01T00:00:00+02:00\" MajorVersion=\"1\" MinorVersion=\"0\" RequestID=\"12345678901234567890\" xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\"><samlp:AssertionArtifact>"
+ + samlArtifact
+ + "</samlp:AssertionArtifact></samlp:Request>";
+ Document root_request = builder.parse(samlRequest);
+
+ // Neues SOAPBodyElement anlegen und mit dem DOM-Baum füllen
+ SOAPBodyElement body = new SOAPBodyElement(root_request.getDocumentElement());
+ SOAPBodyElement[] params = new SOAPBodyElement[] { body };
+
+ // AXIS-Service für Aufruf von MOA-ID-AUTH instanzieren
+ Service service = ServiceFactory.newInstance().createService(SERVICE_QNAME);
+
+ // Axis-Call erzeugen und mit Endpoint verknüpfen
+ Call call = service.createCall();
+ call.setTargetEndpointAddress(ENDPOINT);
+
+ // Call aufrufen und die Antwort speichern
+ System.out.println("Calling MOA-ID-AUTH ...");
+ Vector responses = (Vector) call.invoke(params);
+
+ // erstes BodyElement auslesen
+ SOAPBodyElement response = (SOAPBodyElement) responses.get(0);
+
+ // <samlp:Response> als DOM-Baum holen
+ Document responseDocument = response.getAsDocument();
+ Element samlResponse = responseDocument.getDocumentElement();
+
+ // <samlp:Response> auf System.out ausgeben
+ System.out.println("Response received:");
+ OutputFormat format = new OutputFormat((Document) responseDocument);
+ format.setLineSeparator(LineSeparator.Windows);
+ format.setIndenting(true);
+ format.setLineWidth(0);
+ XMLSerializer serializer = new XMLSerializer(System.out, format);
+ serializer.asDOMSerializer();
+ serializer.serialize(responseDocument);
+
+ // <samlp:StatusCode> auslesen
+ Attr statusCodeAttr = (Attr)getNode(samlResponse, "/samlp:Response/samlp:Status/samlp:StatusCode/@Value");
+ String samlStatusCode = statusCodeAttr.getValue();
+ System.out.println("StatusCode: " + samlStatusCode);
+
+ // <saml:Assertion> auslesen
+ if ("samlp:Success".equals(samlStatusCode)) {
+ Element samlAssertion = (Element)getNode(samlResponse, "/samlp:Response/saml:Assertion");
+
+ // FamilyName aus der <saml:Assertion> parsen
+ Node familyNameNode = getNode(samlAssertion, "//saml:AttributeStatement/saml:Attribute[@AttributeName=\"PersonData\"]/saml:AttributeValue/pr:Person/pr:Name/pr:FamilyName");
+ String familyName = getText(familyNameNode);
+ System.out.println("Family name: " + familyName);
+
+ // weitere Anmeldedaten aus der <saml:Assertion> parsen
+ // ...
+
+ // Anmeldedaten und Target in der HTTPSession speichern
+ HttpSession session = req.getSession();
+ session.setAttribute("UserFamilyName", familyName);
+ session.setAttribute("Geschaeftsbereich", target);
+
+ // weitere Anmeldedaten in der HTTPSession speichern
+ // ...
+
+ // Redirect auf die eigentliche Startseite
+ resp.sendRedirect("/index.jsp");
+ }
+ }
+ catch (Exception ex) {
+ ex.printStackTrace();
+ }
+ }
+ /** Returns the first node matching an XPath expression. */
+ private static Node getNode(Node contextNode, String xpathExpression) throws JaxenException {
+ DOMXPath xpath = new DOMXPath(xpathExpression);
+ xpath.setNamespaceContext(NS_CONTEXT);
+ return (Node) xpath.selectSingleNode(contextNode);
+ }
+ /** Returns the text that a node contains. */
+ public static String getText(Node node) {
+ if (!node.hasChildNodes()) {
+ return "";
+ }
+
+ StringBuffer result = new StringBuffer();
+ NodeList list = node.getChildNodes();
+ for (int i = 0; i < list.getLength(); i++) {
+ Node subnode = list.item(i);
+ if (subnode.getNodeType() == Node.TEXT_NODE) {
+ result.append(subnode.getNodeValue());
+ } else if (subnode.getNodeType() == Node.CDATA_SECTION_NODE) {
+ result.append(subnode.getNodeValue());
+ } else if (subnode.getNodeType() == Node.ENTITY_REFERENCE_NODE) {
+ // Recurse into the subtree for text
+ // (and ignore comments)
+ result.append(getText(subnode));
+ }
+ }
+ return result.toString();
+ }
+}
diff --git a/id.server/doc/moa_id/examples/Template.html b/id.server/doc/moa_id/examples/Template.html
new file mode 100644
index 000000000..97e54c6af
--- /dev/null
+++ b/id.server/doc/moa_id/examples/Template.html
@@ -0,0 +1,23 @@
+<form name="CustomizedForm"
+ action="<BKU>"
+ method="post">
+ <input type="hidden"
+ name="XMLRequest"
+ value="<XMLRequest>"/>
+ <input type="hidden"
+ name="DataURL"
+ value="<DataURL>"/>
+ <input type="submit" value="B&uuml;rgerkarte lesen"/>
+</form>
+<form name="CustomizedInfoForm"
+ action="<BKU>"
+ method="post">
+ <input type="hidden"
+ name="XMLRequest"
+ value="<CertInfoXMLRequest>"/>
+ <input type="hidden"
+ name="DataURL"
+ value="<CertInfoDataURL>"/>
+ Hier finden Sie weitere Informationen zur &Uuml;berpr&uuml;fung der Zertifikate.<br/>
+ <input type="submit" value="Weitere Info"/>
+</form> \ No newline at end of file
diff --git a/id.server/doc/moa_id/examples/TransformsInfoAuthBlock.txt b/id.server/doc/moa_id/examples/TransformsInfoAuthBlock.txt
new file mode 100644
index 000000000..396d0faea
--- /dev/null
+++ b/id.server/doc/moa_id/examples/TransformsInfoAuthBlock.txt
@@ -0,0 +1,63 @@
+<sl10:TransformsInfo>
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+ <table border="1">
+ <tr>
+ <td>
+ <b>Name:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//@Issuer"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Zeit:</b>
+ </td>
+ <td>
+ <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.<xsl:value-of select="substring(//@IssueInstant,1,4)"/>, <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Applikation:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Geschäftsbereich:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Anmeldeserver:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:NameIdentifier"/>
+ </td>
+ </tr>
+ </table>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ </dsig:Transforms>
+ <sl10:FinalDataMetaInfo>
+ <sl10:MimeType>text/html</sl10:MimeType>
+ </sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
diff --git a/id.server/doc/moa_id/examples/conf/MOA-ID-Configuration.xml b/id.server/doc/moa_id/examples/conf/MOA-ID-Configuration.xml
new file mode 100644
index 000000000..6ce00228c
--- /dev/null
+++ b/id.server/doc/moa_id/examples/conf/MOA-ID-Configuration.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 rel. 3 U (http://www.xmlspy.com) by Stephan G (Comp) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <BKUSelection>
+ <ConnectionParameter URL="http://10.16.46.108:18080/oa/getBKUSelectTag.jsp"/>
+ </BKUSelection>
+ <SecurityLayer>
+ <TransformsInfo filename="file:/home/moa/id/jakarta-tomcat-4.1.18/conf/moa-id/Transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="https://10.16.46.108:8443/moa-spss/services/SignatureVerification">
+ <AcceptedServerCertificates>file:/home/moa/id/jakarta-tomcat-4.1.18/conf/moa-id/certs/server-certs</AcceptedServerCertificates>
+ <ClientKeyStore password="Keystore Pass">file:/c:/</ClientKeyStore>
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="http://moatestlinux:18080/moa-id-auth/services/GetAuthenticationData">
+ <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore>
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="https://10.16.126.28:9443/moa-id-proxy/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/>
+ <ProxyComponent configFileURL="file:/home/moa/id/jakarta-tomcat-4.1.18/conf/moa-id/oa/OAConf.xml" sessionTimeOut="600">
+ <ConnectionParameter URL="https://moatestlinux:18443/oa/">
+ <AcceptedServerCertificates>file:/home/moa/id/jakarta-tomcat-4.1.18/conf/moa-id/oa/server-certs/tomcat</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="file:/home/moa/id/jakarta-tomcat-4.1.18/conf/moa-id/certs/cert-store-root"/>
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+</MOA-IDConfiguration>
diff --git a/id.server/doc/moa_id/examples/conf/OAConfBasicAuth.xml b/id.server/doc/moa_id/examples/conf/OAConfBasicAuth.xml
new file mode 100644
index 000000000..0e4508036
--- /dev/null
+++ b/id.server/doc/moa_id/examples/conf/OAConfBasicAuth.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateful</LoginType>
+ <BasicAuth>
+ <UserID>MOAFamilyName</UserID>
+ <Password>MOADateOfBirth</Password>
+ </BasicAuth>
+</Configuration>
+
+<!-- Example for resulting "UserID:Password" used for basic authentication:
+Mustermann:1985-12-01
+--> \ No newline at end of file
diff --git a/id.server/doc/moa_id/examples/conf/OAConfHeaderAuth.xml b/id.server/doc/moa_id/examples/conf/OAConfHeaderAuth.xml
new file mode 100644
index 000000000..c1a1964bf
--- /dev/null
+++ b/id.server/doc/moa_id/examples/conf/OAConfHeaderAuth.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateful</LoginType>
+ <HeaderAuth>
+ <Parameter Name="Name" Value="MOAFamilyName"/>
+ <Parameter Name="Vorname" Value="MOAGivenName"/>
+ <Parameter Name="Geburtsdatum" Value="MOADateOfBirth"/>
+ <Parameter Name="VPK" Value="MOAVPK"/>
+ </HeaderAuth>
+</Configuration>
+
+<!-- Example for resulting request headers:
+Name:Mustermann
+Vorname:Hermann
+Geburtsdatum:1985-12-01
+VPK:kp6hOq6LRAkLtrqm6EvDm6bMwJw=
+--> \ No newline at end of file
diff --git a/id.server/doc/moa_id/examples/conf/OAConfParamAuth.xml b/id.server/doc/moa_id/examples/conf/OAConfParamAuth.xml
new file mode 100644
index 000000000..18e0a109c
--- /dev/null
+++ b/id.server/doc/moa_id/examples/conf/OAConfParamAuth.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateful</LoginType>
+ <ParamAuth>
+ <Parameter Name="Name" Value="MOAFamilyName"/>
+ <Parameter Name="Vorname" Value="MOAGivenName"/>
+ <Parameter Name="Geburtsdatum" Value="MOADateOfBirth"/>
+ <Parameter Name="VPK" Value="MOAVPK"/>
+ </ParamAuth>
+</Configuration>
+
+<!-- Example for resulting request parameters:
+Name=Mustermann&Vorname=Hermann&Geburtsdatum=1985-12-01&VPK=kp6hOq6LRAkLtrqm6EvDm6bMwJw=
+--> \ No newline at end of file
diff --git a/id.server/doc/moa_id/examples/moa-id-env-linux.txt b/id.server/doc/moa_id/examples/moa-id-env-linux.txt
new file mode 100644
index 000000000..995d0b4d4
--- /dev/null
+++ b/id.server/doc/moa_id/examples/moa-id-env-linux.txt
@@ -0,0 +1 @@
+export CATALINA_OPTS="-Dmoa.id.configuration=/home/moa/jakarta-tomcat-4.1.18/conf/moa-id/MOAIDConfiguration.xml -Dlog4j.configuration=file:/home/moa/jakarta-tomcat-4.1.18/conf/moa-id/log4j.properties"
diff --git a/id.server/doc/moa_id/examples/moa-id-env-windows.txt b/id.server/doc/moa_id/examples/moa-id-env-windows.txt
new file mode 100644
index 000000000..109c196cf
--- /dev/null
+++ b/id.server/doc/moa_id/examples/moa-id-env-windows.txt
@@ -0,0 +1 @@
+set CATALINA_OPTS=-Dmoa.id.configuration=c:\jakarta-tomcat-4.1.18\conf\moa-id\MOAIDConfiguration.xml -Dlog4j.configuration=file:c:\jakarta-tomcat-4.1.18\conf\moa-id\log4j.properties
diff --git a/id.server/doc/moa_id/faqs.htm b/id.server/doc/moa_id/faqs.htm
new file mode 100644
index 000000000..ed386e11e
--- /dev/null
+++ b/id.server/doc/moa_id/faqs.htm
@@ -0,0 +1,109 @@
+<html>
+<head>
+ <title>FAQs - Häufig gestellte Fragen </title>
+ <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
+ <meta content="heinz.rosenkranz@brz.gv.at" name="author"/>
+
+<style type="text/css">
+ body { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ td { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ th { font-family:"Verdana", "Arial"; font-size:10pt; font-weight:bold; color:#c0c0c0; background:#505050}
+ li { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ ul { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ #titel { font-family:"Verdana", "Arial"; font-size:18pt; color:#505060; }
+ #subtitel { font-family:"Verdana", "Arial"; font-size:12pt; font-weight:bold; color:#505060; }
+ #slogan { font-family:"Verdana", "Arial"; font-size:8pt; color:#808090; text-align:justify; width:160px }
+ #block { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; text-align:justify }
+ #klein { font-family:"Verdana", "Arial"; font-size:9pt; color:#505060; margin-top:6px }
+ a:link {color:#000090}
+ a:visited {color:#000090}
+ a:hover {color:#c03030}
+ a {text-decoration: none}
+</style>
+
+<script language="JavaScript">
+<!--
+function goWin(url) {
+ Fenster=window.open(url,"smallWin","toolbar=0,location=0,directories=0,status=0,menubar=0,resizable=yes,scrollbars=yes,width=500,height=480,top=20,screenY=0,left=20,screenX=0");
+ window.setTimeout("showWin()",300);
+}
+function showWin() { Fenster.focus(); }
+// -->
+</script>
+</head>
+
+<body bgcolor="#FFFFFF" >
+<div style="width:650px">
+
+<!-- Projekt-Logo -->
+<div style="height:42px; font-size:16pt; color:#b0b8c0; background:#003050">
+&#160;Module für Online-Applikationen
+</div>
+<div style="margin-left:8px; margin-top:3px; font-size:8pt; color:#707070; ">
+<!-- Development Center der BRZ GmbH, A-Trust und IAIK Graz -->&#160;
+</div>
+<div style="margin-top:-65px; text-align:right; font-size:8pt; font-weight:bold; color:#d04040;" >
+Projekt <span style="font-size:48pt; ">moa</span>&#160;
+</div>
+<br />
+
+<!-- First Section with Navigation -->
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top">
+<div style="font-weight:bold; margin-top:12px">FAQs</div><br />
+<div id="klein"><a href="moa.htm"><img src="../moa_images/west.gif" border="0" width="13" height="14" />
+ <b> Zurück</b></a></div>
+<br />
+<!-- div id="slogan">
+MOA ist eine Entwicklung des Bundesrechenzentrums BRZ in Zusammenarbeit mit A-Trust und dem Institut für angewandte Informations- und Kom-munikationstechnik (IAIK) der Universität Graz
+</div -->
+</td>
+
+<td valign="top">
+<div id="titel">FAQs - Häufig gestellte Fragen </div>
+
+<p id="subtitel">Lokal installiertes MOA-ID und Microsoft Internet Explorer</p>
+<p id="block">
+Aufgrund eines Fehlers in Microsofts Internet Explorer kann es beim Testen eines lokal installierten Tomcat mit den MOA-ID-Modulen zu Fehlern kommen, da ein Redirect von der Auth-Komponente zur Proxy-Komponente nicht ausgeführt wird.
+</p>
+<p id="block">
+Als Workaround empfiehlt es sich, zum lokalen Testen einen alternativen Browser wie <a href="http://www.opera.com/">Opera</a>, <a href="http://www.mozilla.org/">Mozilla</a> oder <a href="http://www.netscape.org/">Netscape</a> zu verwenden, da diese Probleme dort nicht auftreten.
+</p>
+<br />
+<p id="subtitel">Lokale Proxy-Komponente und HTTPS</p>
+<p id="block">
+Wenn die Proxy-Komponente lokal l&auml;uft und per TLS/SSL aufgerufen wird, kommt es zu einer Fehlermeldung.
+</p>
+<p id="block">
+Workaround: Wenn in der Konfiguration statt 'localhost' der eigene Rechnername verwendet wird, funktioniert die Proxy-Komponente wie gewohnt. <br />
+Zum Herausfinden des Rechnernamens wechselt man unter Windows auf die Kommandozeile und kann mittels 'ipconfig /all' den Rechnernamen herausfinden.
+Unix/Linux-Anwender sehen bspw. mittels 'cat' in der Datei /etc/hosts nach, der Texteintrag hinter der eigenen IP-Adresse spezifiziert den Rechnernamen.
+</p>
+<br />
+<p id="subtitel">Tomcat und starke Verschl&uuml;sselung (&gt;100 Bit)</p>
+<p id="block">
+Serverseitig kann keine starke Verschl&uuml;sselung (seitens Tomcat) erzwungen werden.
+</p>
+<p id="block">
+Als Workaround empfiehlt es sich, einen Web-Server wie Apache oder den Microsoft Internet-Information-Server f&uuml;r das SSL-Handling vorzuschalten und dort in der jeweiligen Konfiguration starke Verschl&uuml;sselung zu erzwingen.
+</p>
+<br />
+</td></tr></table>
+
+
+
+
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top"><br /></td>
+<td valign="top">
+<hr />
+<div style="font-size:8pt; color:#909090">&copy; 2003 <!-- Development Center, BRZ GmbH --></div>
+</td></tr></table>
+<br />
+
+
+</div>
+</body>
+</html> \ No newline at end of file
diff --git a/id.server/doc/moa_id/id-admin.htm b/id.server/doc/moa_id/id-admin.htm
new file mode 100644
index 000000000..718f0cd03
--- /dev/null
+++ b/id.server/doc/moa_id/id-admin.htm
@@ -0,0 +1,283 @@
+<html>
+<head>
+ <title>MOA ID-Administration</title>
+ <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
+ <meta content="heinz.rosenkranz@brz.gv.at" name="author"/>
+
+<style type="text/css">
+ body { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ td { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ th { font-family:"Verdana", "Arial"; font-size:10pt; font-weight:bold; color:#d8d8d8; background:#505050}
+ li { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ ul { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ tt { font-size:9pt; color:#505060; }
+ #titel { font-family:"Verdana", "Arial"; font-size:18pt; color:#505060; }
+ #subtitel { font-family:"Verdana", "Arial"; font-size:12pt; font-weight:bold; color:#505060; }
+ #slogan { font-family:"Verdana", "Arial"; font-size:8pt; color:#808090; text-align:justify; width:160px }
+ #block { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; text-align:justify }
+ #klein { font-family:"Verdana", "Arial"; font-size:9pt; color:#505060; margin-top:3px }
+ #info { font-family:"Verdana", "Arial"; font-size:8pt; color:#505060; padding:3px; border:solid 1px #c0c0c0 }
+ #infolist { font-family:"Verdana", "Arial"; font-size:8pt; color:#505060; }
+ a:link {color:#000090}
+ a:visited {color:#000090}
+ a:hover {color:#c03030}
+ a {text-decoration: none}
+</style>
+
+<script language="JavaScript">
+<!--
+function goWin(url) {
+ Fenster=window.open(url,"smallWin","toolbar=0,location=0,directories=0,status=0,menubar=0,resizable=yes,scrollbars=yes,width=500,height=480,top=20,screenY=0,left=20,screenX=0");
+ window.setTimeout("showWin()",300);
+}
+function showWin() { Fenster.focus(); }
+// -->
+</script>
+</head>
+
+<body bgcolor="#FFFFFF" >
+<div style="width:650px">
+
+<!-- Projekt-Logo -->
+<div style="height:42px; font-size:16pt; color:#b0b8c0; background:#003050">
+&#160;Module f&uuml;r Online-Applikationen
+</div>
+<div style="margin-left:8px; margin-top:3px; font-size:8pt; color:#707070; ">
+<!-- Development Center der BRZ GmbH, A-Trust und IAIK Graz -->&#160;
+</div>
+<div style="margin-top:-65px; text-align:right; font-size:8pt; font-weight:bold; color:#d04040;" >
+Projekt <span style="font-size:48pt; ">moa</span>&#160;
+</div>
+<br />
+
+<!-- First Section with Navigation -->
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top">
+<div style="font-weight:bold; margin-top:12px">MOA-ID</div><br />
+<div id="klein"><img src="../moa_images/select.gif" border="0" width="13" height="14" />
+ <b> Übersicht</b></div>
+<div id="klein"><a href="id-admin_1.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Basis-Installation</b></a></div>
+<div id="klein"><a href="id-admin_2.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Konfiguration </b></a></div>
+<div id="klein"><a href="id-admin_3.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Optionale<br />&#160; &#160;&#160;Komponenten</b></a></div>
+<br />
+<div id="klein"><a href="moa.htm"><img src="../moa_images/west.gif" border="0" width="13" height="14" />
+ <b> Zur&uuml;ck</b></a></div>
+<br />
+</td>
+
+<td valign="top">
+<div id="titel">MOA ID-Administration v.1.1</div>
+<p id="block">
+Die Komponenten des Moduls Identifikation (MOA-ID), MOA-ID-AUTH und MOA-ID-PROXY, sind als plattformunabh&auml;ngige Webapplikationen ausgelegt.
+MOA-ID-AUTH ist die Basiskomponente des Moduls, und MOA-ID-PROXY ist eine optionale Zusatzkomponente.
+F&uuml;r den Betrieb dieser Webapplikationen wird eine Java Virtual Machine und ein Java Servlet Container vorausgesetzt.
+<br /><br />
+Dieses Handbuch beschreibt die Installation und Konfiguration von MOA-ID-AUTH und von MOA-ID-PROXY, und die Einrichtung der Systemumgebungen.
+</p>
+</td></tr></table>
+<br />
+
+
+
+<div id="szenarien" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top" id="klein">
+<p id="titel">&#160;</p>
+</td>
+<td valign="top">
+<p id="titel">Übersicht </p>
+<div id="block">
+F&uuml;r den Betrieb von MOA-ID-AUTH sind unterschiedliche Szenarien m&ouml;glich, die unterschiedliche M&ouml;glichkeiten bieten und die Installation unterschiedlicher Software- und Hardware-Komponenten erfordern. Dieser Abschnitt gibt einen kurzen Überblick &uuml;ber die notwendige Basis-Installation und optionale weitere Konfigurationsm&ouml;glichkeiten.
+</div>
+</td></tr></table>
+<br />
+
+<div id="szenarien1" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+</td>
+<td valign="top">
+<div id="subtitel">Basis-Installation von MOA-ID-AUTH</div>
+<p id="block">
+Die Basis-Installation stellt einerseits die minimalen Anforderungen f&uuml;r den Betrieb von MOA-ID-AUTH dar, andererseits dient sie als Ausgangspunkt f&uuml;r weitere (optionale) Konfigurations-M&ouml;glichkeiten.
+<br /><br />
+Folgende Software ist Voraussetzung f&uuml;r die Basis-Installation:
+</div>
+<ul>
+<li>JDK 1.3.1 oder JDK 1.4.1</li>
+<li>Tomcat 4.1.18 </li>
+<li>MOA-ID-AUTH 1.0 </li>
+<li>MOA SP/SS 1.0 (entweder als WebService oder direkt als interne Bibliothek)</li>
+</ul>
+<div id="block">
+Um m&ouml;glichen Versionskonflikten aus dem Weg zu gehen sollten stets die neuesten Versionen von MOA-ID als auch von MOA-SP/SS verwendet werden. <br/>
+In diesem Betriebs-Szenario wird MOA-ID-AUTH in Tomcat deployt. Tomcat fungiert gleichzeitig als HTTP- und HTTPS-Endpunkt f&uuml;r MOA-ID-AUTH. Beide Protokolle werden direkt in Tomcat konfiguriert.
+<br/><br/>
+Die Webapplikation verwendet Log4j als Logging Toolkit.
+</div>
+</td></tr></table>
+<br />
+
+<div id="szenarien2" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+</td>
+<td valign="top">
+<p id="subtitel">Basis-Installation von MOA-ID-PROXY (optional)</p>
+<div id="block">
+Einer Online-Applikation, f&uuml;r die MOA-ID-AUTH die Authentisierung &uuml;bernimmt, kann die Komponente MOA-ID-PROXY vorgeschaltet werden. Diese Komponente &uuml;bernimmt die Anmeldedaten von MOA-ID-AUTH, f&uuml;hrt die Anmeldung an der Online Applikation durch und schleust in der Folge Daten an die Online-Applikation und Daten an den Benutzer durch.
+
+Die Basis-Installation von MOA-ID-PROXY geschieht im Wesentlichen analog zur Basis-Installation von MOA-ID-AUTH.
+<br/><br/>
+MOA-ID-AUTH und MOA-ID-PROXY k&ouml;nnen in verschiedenen Konstellationen zum Einsatz gebracht werden:
+<ul>
+<li>auf verschiedenen Rechnern</li>
+<li>auf ein und demselben Rechner in verschiedenen Java Servlet Containern</li>
+<li>auf ein und demselben Rechner in ein und demselben Java Servlet Container</li>
+</ul>
+<br/><br /><br />
+Ausgehend von der Basis-Installation k&ouml;nnen die optionalen Konfigurationen, die in den nachfolgenden Abschnitten beschrieben werden, unabh&auml;ngig und in beliebiger Kombination aufgesetzt werden.
+</div>
+</td></tr></table>
+<br />
+
+<div id="szenarien3" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+</td>
+<td valign="top">
+<p id="subtitel">Konfiguration mit vorgeschaltetem Webserver (optional)</p>
+<div id="block">
+Den MOA ID Webapplikationen kann jeweils optional ein Webserver vorgeschaltet sein. Unter Microsoft Windows ist das im Regelfall der Microsoft Internet Information Server (MS IIS), auf Unix-Systemen kommt &uuml;blicherweise der Apache Webserver zum Einsatz.
+<br /><br />
+ Folgende Software ist unter Windows Voraussetzung:
+</div>
+<ul>
+<li>MS IIS 5.0 </li>
+<li>Jakarta mod_jk 1.2.2 </li>
+</ul>
+<div id="block">Folgende Software ist unter Unix/Linux Voraussetzung: <div id="block">
+<ul>
+<li>Apache Webserver 2.0.x mit mod_SSL </li>
+<li>Jakarta mod_jk 1.2.2 </li>
+</ul>
+<div id="block">In diesem Fall &uuml;bernimmt der vorgeschaltete Webserver die Funktion des HTTP- und HTTPS-Endpunktes. Beide Protokolle werden im Webserver konfiguriert.
+<br /><br />
+Mittels mod_jk werden die Webservice-Aufrufe, die im vorgeschalteten Webserver eintreffen, an Tomcat weiter geleitet, bzw. die Antwort von Tomcat wieder an den Webserver zur&uuml;ck &uuml;bermittelt.
+</div>
+</td></tr></table>
+<br />
+
+<div id="szenarien4" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+</td>
+<td valign="top">
+<p id="subtitel">Konfiguration mit PostgreSQL (optional)</p>
+<div id="block">
+Das MOA ID Webservice kann eine PostgreSQL Datenbank nutzen, um:
+</div>
+<ul>
+<li>Log-Meldungen zu speichern </li>
+</ul>
+<div id="block">F&uuml;r den Zugriff auf PostgreSQL ist die Installation folgender Software Voraussetzung: </div>
+<ul>
+<li>PostgreSQL 7.3</li>
+</ul>
+</td></tr></table>
+<br />
+
+<div id="szenarien5" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+</td>
+<td valign="top">
+<p id="subtitel">Zusammenfassung</p>
+<div id="block">
+Notwendig f&uuml;r den Betrieb von MOA ID ist eine Basis-Installation. Weitere optionale Konfigurationen k&ouml;nnen unabh&auml;ngig und in beliebiger Kombination miteinander durchgef&uuml;hrt werden, um eine bessere Integration der MOA ID Webapplikationen in die vorhandene Betriebs-Infrastruktur zu erreichen.
+</div>
+</td></tr></table>
+<br /><br />
+
+
+
+<div id="referenzen" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+</td>
+<td valign="top">
+<p id="titel">Referenzierte Software</p>
+<div id="block">
+Die Versionsangaben beziehen sich auf die Versionen, mit denen die MOA ID Webapplikationen entwickelt und getestet wurde. Geringf&uuml;gig andere Software-Versionen stellen &uuml;blicherweise kein Problem dar.
+</div>
+<br /><br />
+<div id="block">
+<table border="1" width="100%" cellpadding="2" cellspacing="0">
+<tr>
+<th>Komponente</th><th>Version</th>
+</tr><tr>
+<td><a href="http://java.sun.com/j2se/1.3/download.html">JDK</a> </td><td>1.3.1_07 &#160; </td>
+</tr><tr>
+<td><a href="http://java.sun.com/j2se/1.4.1/download.html">JDK</a> </td><td>1.4.1&#160; </td>
+</tr><tr>
+<td><a href="http://jakarta.apache.org/tomcat/tomcat-4.1-doc/">Tomcat </a> </td><td>4.1.18&#160; </td>
+</tr><tr>
+<td><a href="http://cio.gv.at/">MOA-ID-AUTH </a> </td><td>1.0&#160; </td>
+</tr><tr>
+<td><a href="http://cio.gv.at/">MOA-ID-PROXY </a> </td><td>1.0&#160; </td>
+</tr><tr>
+<td><a href="http://cio.gv.at/">MOA-SPSS </a> </td><td>1.0&#160; </td>
+</tr><tr>
+<td><a href="http://httpd.apache.org/docs-2.0/">Apache Webserver</a> </td><td>1.3.23 &#160; </td>
+</tr><tr>
+<td><a href="http://www.microsoft.com/windows2000/en/server/iis/default.asp">Microsoft Internet Information Server </a> </td><td>5.0 &#160; </td>
+</tr><tr>
+<td><a href="http://httpd.apache.org/docs-2.0/ssl/">mod_SSL </a> </td><td>(*)&#160; </td>
+</tr><tr>
+<td><a href="http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/">Jakarta mod_jk </a> </td><td>1.2.2&#160; </td>
+</tr><tr>
+<td><a href="http://jakarta.apache.org/log4j/docs/index.html">Jakarta Log4j </a> </td><td>1.2.7&#160; </td>
+</tr><tr>
+<td><a href="http://techdocs.postgresql.org/installguides.php">PostgreSQL </a> </td><td>7.3&#160; </td>
+</tr>
+</table>
+</div>
+<br /><br />
+
+<div id="block">
+(*) passend zur Version des Apache Webservers
+</div>
+</td></tr></table>
+<br /><br />
+
+
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top"><br /></td>
+<td valign="top">
+<hr />
+<div style="font-size:8pt; color:#909090">&copy; 2003 <!-- Development Center, BRZ GmbH --></div>
+</td></tr></table>
+<br />
+
+
+</div>
+</body>
+</html> \ No newline at end of file
diff --git a/id.server/doc/moa_id/id-admin_1.htm b/id.server/doc/moa_id/id-admin_1.htm
new file mode 100644
index 000000000..f56338747
--- /dev/null
+++ b/id.server/doc/moa_id/id-admin_1.htm
@@ -0,0 +1,400 @@
+<html>
+<head>
+ <title>MOA ID-Administration</title>
+ <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
+ <meta content="heinz.rosenkranz@brz.gv.at" name="author"/>
+
+<style type="text/css">
+ body { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ td { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ th { font-family:"Verdana", "Arial"; font-size:10pt; font-weight:bold; color:#d8d8d8; background:#505050}
+ li { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ ul { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ tt { font-size:9pt; color:#505060; }
+ pre { font-size:9pt; color:#505060; }
+ #titel { font-family:"Verdana", "Arial"; font-size:18pt; color:#505060; }
+ #subtitel { font-family:"Verdana", "Arial"; font-size:12pt; font-weight:bold; color:#505060; }
+ #slogan { font-family:"Verdana", "Arial"; font-size:8pt; color:#808090; text-align:justify; width:160px }
+ #block { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; text-align:justify }
+ #klein { font-family:"Verdana", "Arial"; font-size:9pt; color:#505060; margin-top:3px }
+ #info { font-family:"Verdana", "Arial"; font-size:8pt; color:#505060; padding:3px; border:solid 1px #c0c0c0 }
+ #infolist { font-family:"Verdana", "Arial"; font-size:8pt; color:#505060; }
+ a:link {color:#000090}
+ a:visited {color:#000090}
+ a:hover {color:#c03030}
+ a {text-decoration: none}
+</style>
+
+<script language="JavaScript">
+<!--
+function goWin(url) {
+ Fenster=window.open(url,"smallWin","toolbar=0,location=0,directories=0,status=0,menubar=0,resizable=yes,scrollbars=yes,width=500,height=480,top=20,screenY=0,left=20,screenX=0");
+ window.setTimeout("showWin()",300);
+}
+function showWin() { Fenster.focus(); }
+// -->
+</script>
+</head>
+
+<body bgcolor="#FFFFFF" >
+<div style="width:650px">
+
+<!-- Projekt-Logo -->
+<div style="height:42px; font-size:16pt; color:#b0b8c0; background:#003050">
+&#160;Module f&uuml;r Online-Applikationen
+</div>
+<div style="margin-left:8px; margin-top:3px; font-size:8pt; color:#707070; ">
+<!-- Development Center der BRZ GmbH, A-Trust und IAIK Graz -->&#160;
+</div>
+<div style="margin-top:-65px; text-align:right; font-size:8pt; font-weight:bold; color:#d04040;" >
+Projekt <span style="font-size:48pt; ">moa</span>&#160;
+</div>
+<br />
+
+<!-- First Section with Navigation -->
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top">
+<div style="font-weight:bold; margin-top:12px">MOA-ID</div><br />
+<div id="klein"><a href="id-admin.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Übersicht</b></a></div>
+<div id="klein"><img src="../moa_images/select.gif" border="0" width="13" height="14" />
+ <b> Basis-Installation</b></div>
+<div id="klein"><a href="id-admin_2.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Konfiguration </b></a></div>
+<div id="klein"><a href="id-admin_3.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Optionale<br />&#160; &#160;&#160;Komponenten</b></a></div>
+<br />
+<div id="klein"><a href="moa.htm"><img src="../moa_images/west.gif" border="0" width="13" height="14" />
+ <b> Zur&uuml;ck</b></a></div>
+</br /><br />
+<div id="slogan">
+<b>Installationsschritte: </b>
+<br />
+<a href="#vorbereitung"><b>Vorbereitung</b></a><br />
+<a href="#Tomcat"><b>Tomcat Konfiguration</b></a><br />
+<a href="#deployment_ak"><b>Deployment<br/>MOA-ID-AUTH</b></a><br />
+<a href="#deployment_pk"><b>Deployment<br/>MOA-ID-PROXY</b></a><br />
+<a href="#Tomcat_Start"><b>Tomcat Start/Stop</b></a><br />
+<a href="#Logging"><b>Logging</b></a><br />
+</div>
+</td>
+
+<td valign="top">
+<p id="titel">Basis-Installation v.1.1</p>
+Bei der Basis-Installation von MOA-ID-AUTH und von MOA-ID-PROXY ist grunds&auml;tzlich gleichartig vorzugehen.
+Unterschiede sind in der Installationsanweisung angef&uuml;hrt.
+<div id="vorbereitung" />
+<p id="subtitel">Vorbereitung</p>
+<div id="block">
+<b>Installation des JDK</b><br />
+Installieren Sie das JDK 1.3.1 oder JDK 1.4.1 in ein beliebiges Verzeichnis. Das Wurzelverzeichnis der JDK-Installation wird im weiteren Verlauf als $JAVA_HOME bezeichnet.
+<br /><br />
+<b>Installation von Tomcat</b><br />
+Installieren Sie Tomcat in ein Verzeichnis, das keine Leerzeichen im Pfadnamen enth&auml;lt. Das Wurzelverzeichnis der Tomcat-Installation wird im weiteren Verlauf als $CATALINA_HOME bezeichnet. <b>Hinweis:</b> Tomcat wird in einer Distribution f&uuml;r JDKs ab Version 1.2 und in einer Distribution speziell f&uuml;r JDK 1.4 ausgeliefert. Installieren Sie die zur Version Ihres JDK passende Tomcat-Version.
+<br /><br />
+<b>Entpacken der MOA ID Webapplikation</b><br />
+Entpacken Sie die ausgelieferten Dateien der Webapplikation (moa-id-auth-x.y.zip oder moa-id-proxy-x.y.zip; ersetzen Sie x.y durch die Releasenummer von MOA-ID-AUTH bzw. MOA-ID-PROXY) in ein beliebiges Verzeichnis. Diese Verzeichnisse werden im weiteren Verlauf als $MOA_ID_INST_AUTH bzw. $MOA_ID_INST_PROXY bezeichnet.
+<br /><br />
+<b>Installation der IAIK JCE, des IAIK LDAP Protocol Handlers und von JSSE (JDK 1.3.1)</b><br />
+Da Java in der Version 1.3.1 ohne Unterst&uuml;tzung f&uuml;r Kryptographie, LDAP und SSL ausgeliefert wird, m&uuml;ssen diese Funktionalit&auml;ten nachtr&auml;glich installiert werden. Es stehen hierf&uuml;r zwei M&ouml;glichkeiten zur Verf&uuml;gung: <br />
+1. Installation innerhalb des JDK 1.3.1:<br />
+Die Dateien aus dem Verzeichnis $MOA_ID_INST_AUTH/ext13 (oder $MOA_ID_INST_PROXY/ext13) m&uuml;ssen in das Verzeichnis $JAVA_HOME/jre/lib/ext kopiert werden. Anschlie&szlig;end steht eine Unterst&uuml;tzung f&uuml;r Kryptographie und SSL jeder Java-Anwendung die dieses JDK verwendet zur Verf&uuml;gung.<br />
+2. Installation ausschlie&szlig;lich f&uuml;r Applikationen innerhalb von Tomcat:<br />
+Um die o.g. Unterst&uuml;tzung nur Tomcat-Anwendungen zu erm&ouml;glichen, k&ouml;nnen die Dateien aus dem Verzeichnis $MOA_ID_INST_AUTH/ext13 (oder $MOA_ID_INST_PROXY/ext13) in ein beliebiges Verzeichnis kopiert werden. Im Folgenden wird dieses Verzeichnis $MOA_ID_EXT genannt. Anschlie&szlig;end muss der Tomcat-Klassenpfad angepasst werden:<br/>
+F&uuml;r Windows-Betriebssysteme ist daf&uuml;r die Datei $CATALINA_HOME\bin\setclasspath.bat anzupassen:<br/>
+Hinter <i>'set CLASSPATH=%JAVA_HOME%\lib\tools.jar'</i> m&uuml;ssen nun jeweils mit Semikolon getrennt, die Dateien aus $MOA_ID_EXT inklusive der vollst&auml;ndigen Pfadangaben angef&uuml;gt werden.<br/>
+Anschlie&szlig;end sieht diese Zeile beispielsweise folgenderma&szlig;en aus:
+<pre>
+ set CLASSPATH=%JAVA_HOME%\lib\tools.jar;
+ $MOA_ID_EXT\iaik_jce_full.jar;
+ $MOA_ID_EXT\iaik_ldap.jar;
+ $MOA_ID_EXT\jcert.jar;
+ $MOA_ID_EXT\jnet.jar;
+ $MOA_ID_EXT\jsse.jar
+</pre>
+($MOA_ID_EXT ist durch den tats&auml;chlichen Pfad zu ersetzen)<br />
+Unix/Linux-Anwender verfahren analog mit der Datei $CATALINA_HOME/bin/setclasspath.sh wobei ';' durch ':' zu ersetzen ist.<br /><br />
+<b>Installation der IAIK JCE und des IAIK LDAP Protocol Handlers (JDK 1.4.1)</b><br />
+Die Dateien aus dem Verzeichnis $MOA_ID_INST_AUTH/ext14 (oder $MOA_ID_INST_PROXY/ext14) m&uuml;ssen in das Verzeichnis $JAVA_HOME/jre/lib/ext kopiert werden. Anschlie&szlig;end steht eine Unterst&uuml;tzung f&uuml;r Kryptographie und SSL jeder Java-Anwendung die dieses JDK verwendet zur Verf&uuml;gung.<br />
+Zus&auml;tzlich m&uuml;ssen die so genannten "Unlimited Strength Jurisdiction Policy Files 1.4.1" heruntergeladen, entpackt und ins Verzeichnis $JAVA_HOME/jre/lib/security kopiert werden. Der Download f&uuml;r diese Dateien findet sich am unteren Ende der <a href="http://java.sun.com/j2se/1.4.1/download.html">Download-Seite f&uuml;r das JDK 1.4.1</a> in der Sektion "Other Downloads".
+</div>
+
+</td></tr></table>
+
+<div id="Tomcat" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+<div id="slogan">
+<br /><br />
+</div>
+</td>
+<td valign="top">
+<p id="subtitel">Konfiguration von Tomcat</p>
+<div id="block">
+<b>Minimale Konfiguration</b> <br />
+Die zentrale Konfigurations-Datei von Tomcat ist $CATALINA_HOME/conf/server.xml. Tomcat wird grunds&auml;tzlich mit
+einer funktionierenden Default-Konfiguration ausgeliefert, die jedoch einiges an Ballast enth&auml;lt und viele Ports
+offen l&auml;sst. Die Datei $MOA_ID_INST_AUTH/tomcat/server.xml (bzw. $MOA_ID_INST_PROXY/tomcat/server.xml) enth&auml;lt eine minimale
+Tomcat-Konfiguration, die je einen Connector f&uuml;r HTTP und f&uuml;r HTTPS freischaltet.<br /><br />
+<b>SSL</b><br />
+F&uuml;r den sicheren Betrieb von MOA-ID-AUTH ist die Verwendung von SSL Voraussetzung, sofern nicht ein vorgelagerter WebServer (Apache oder IIS) das SSL-Handling &uuml;bernimmt.
+Ebenso kann SSL auch f&uuml;r MOA-ID-PROXY verwendet werden.
+Das Dokument <a href="http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html" target="_new">Tomcat SSL Configuration HOW-TO</a> gibt einen guten Überblick &uuml;ber die Konfiguration von SSL in Tomcat. Da die f&uuml;r SSL notwendigen Bibliotheken bereits im Abschnitt "Vorbereitung" eingebunden wurden, sind nur noch folgende Schritte notwendig:
+</div>
+<ul>
+<li>Erstellung eines Server-Keystores, welches den privaten Schl&uuml;ssel des Servers sowie das Server-Zertifikat enth&auml;lt,
+z.B. mit dem <a href="http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html" target="_new"> Java Keytool</a>. <br />
+<b>Hinweis:</b> Standardm&auml;&szlig;ig wird beim Erzeugen eines neuen Keystores im Home-Verzeichnis des Benutzers die Datei ".keystore" angelegt. M&ouml;chte man den Dateinamen und Pfad &auml;ndern, kann man das dem SSL-Connector in $CATALINA_HOME/conf/server.xml durch hinzuf&uuml;gen des Attributes <i>keystoreFile="NAME DES KEYSTORES"</i> im Element &lt;Factory&gt; bekannt machen. Das zum Keystore geh&ouml;rende Passwort &uuml;bergibt man Tomcat mittels des Attributes <i>keystorePass= "PASSWORT DES KEYSTORES"</i> im Element &lt;Factory&gt;. </li>
+<li>Erstellung eines Keystores mit vertrauensw&uuml;rdigen Client-Zertifikaten, z.B. mit dem <a href="http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html" target="_new"> Java Keytool</a> (nur, wenn SSL Client-Authentisierung verwendet werden soll) </li>
+<li>Falls eine Client-Authentisierung gew&uuml;nscht ist, muss die Konfiguration des SSL-Connectors in $CATALINA_HOME/conf/server.xml angepasst werden.</li>
+</ul>
+
+<div id="block">
+<b>MOA Administrator</b><br />
+Der Aufruf der URL f&uuml;r die dynamische Konfiguration von MOA-ID-AUTH ist durch eine Passwort-Abfrage gesch&uuml;tzt, und kann nur von Benutzern aufgerufen werden, die der Benutzer-Rolle <tt>moa-admin</tt> zugeordnet werden k&ouml;nnen.<br />
+Um diese Benutzer-Rolle und einen oder mehrere Benutzer einzurichten, m&uuml;ssen in der Datei $CATALINA_HOME/conf/tomcat-users.xml unter dem Element <tt>&lt;tomcat-users&gt;</tt> sinngem&auml;&szlig; folgende Eintr&auml;ge hinzugef&uuml;gt werden:
+<pre>
+&lt;role rolename="moa-admin"/&gt;
+&lt;user username="moa" password="moa" roles="moa-admin"/&gt;
+</pre>
+</div>
+</td></tr></table>
+
+<div id="deployment_ak" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+<div id="slogan">
+<br /><br />
+</div>
+</td>
+<td valign="top">
+<p id="subtitel">Deployment von MOA-ID-AUTH in Tomcat</p>
+<div id="block">
+Um MOA-ID-AUTH in Tomcat f&uuml;r den Ablauf vorzubereiten, sind folgende Schritte notwendig: <br />
+<ul>
+<li>Die Datei $MOA_ID_INST_AUTH/moa-id-auth.war wird ins Verzeichnis $CATALINA_HOME/webapps kopiert. Dort wird sie beim ersten Start von Tomcat automatisch ins Verzeichnis $CATALINA_HOME/webapps/moa-id-auth entpackt. </li>
+<li>Die MOA-ID Konfigurationsdatei und die zugeh&ouml;rigen Verzeichnisse "certs" und "transforms" werden in ein beliebiges Verzeichnis im Filesystem kopiert (z.B. $CATALINA_HOME/conf/moa-id). <br />In $MOA_ID_INST_AUTH/conf/moa-id befindet sich eine funktionsf&auml;hige Konfiguration, die als Ausgangspunkt f&uuml;r die Konfiguration von MOA-ID-AUTH dienen kann. </li>
+<li>Die endorsed Libraries f&uuml;r Tomcat m&uuml;ssen aus dem Verzeichnis $MOA_ID_INST_AUTH/endorsed in das Tomcat-Verzeichnis $CATALINA_HOME/common/endorsed kopieren werden. Folgende Libraries sind f&uuml;r das Deployment im endorsed Verzeichnis vorgesehen:
+<ul>
+<li id="klein">Xerces-J-2.0.2 (bestehend aus xercesImpl.jar und xmlParserAPIs.jar)</li>
+</ul>
+Eventuell vorhandene Dateien mit dem gleichen Namen m&uuml;ssen ersetzt werden.
+</li>
+<li>Folgende Java System Properties sind zu setzen: <br />
+<ul id="klein">
+<li id="klein">moa.id.configuration=Name der MOA ID Konfigurationsdatei. Eine beispielhafte MOA ID Konfiguration ist in $MOA_ID_INST_AUTH/conf/moa-id/ SampleMOAIDConfiguration.xml enthalten.</li>
+<li id="klein">log4j.configuration=URL der Log4j Konfigurationsdatei. Eine beispielhafte Log4j-Konfiguration ist in $MOA_ID_INST_AUTH/conf/moa-id/log4j.properties enthalten. </li>
+<li id="klein">javax.net.ssl.trustStore=Name des Truststores f&uuml;r vertrauensw&uuml;rdige SSL Client-Zertifikate (optional; nur, wenn SSL Client-Authentisierung durchgef&uuml;hrt werden soll). </li>
+</ul>
+Diese Java System-Properties werden Tomcat &uuml;ber die Umgebungsvariable CATALINA_OPTS mitgeteilt
+(siehe Beispiele f&uuml;r <a href="examples/moa-id-env-windows.txt">Windows</a> und f&uuml;r <a href="examples/moa-id-env-linux.txt">Linux</a>).
+</ul>
+</div>
+</td></tr></table>
+
+
+<div id="deployment_pk" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+<div id="slogan">
+<br /><br />
+</div>
+</td>
+<td valign="top">
+<p id="subtitel">Deployment von MOA-ID-PROXY in Tomcat</p>
+<div id="block">
+Um MOA-ID-PROXY in Tomcat f&uuml;r den Ablauf vorzubereiten, sind folgende Schritte notwendig: <br />
+<ul>
+<li>Die Datei $MOA_ID_INST_PROXY/moa-id-proxy.war wird in ein beliebiges Verzeichnis (bspw. $CATALINA_HOME) kopiert. <b>HINWEIS: Das Verzeichnis darf NICHT $CATALINA_HOME/webapps sein!</b><br />
+ Anschliessend muss in der Datei <tt>$CATALINA_HOME/conf/server.xml</tt> der Tomcat-Root-Context auf diese Datei gesetzt werden: wenn das war-file sich in $CATALINA_HOME befindet, geschieht dies mit dem Einf&uuml;gen von folgendem Element innerhalb von <tt>&lt;Server&gt;...&lt;Service&gt;...&lt;Engine&gt;...&lt;Host&gt;</tt>: </li>
+<pre>&lt;Context path="" docBase="../moa-id-proxy.war" debug="0"/&gt;</pre>
+Anmerkung: Der Root-Context von Tomcat ist normalerweise auskommentiert. <br /><br />
+<li>Die MOA-ID Konfigurationsdatei und die zugeh&ouml;rigen Verzeichnisse "certs" und "oa" werden in ein beliebiges Verzeichnis im Filesystem kopiert (z.B. $CATALINA_HOME/ conf/moa-id). <br />
+In $MOA_ID_INST_PROXY/conf/moa-id befindet sich eine funktionsf&auml;hige Konfiguration, die als Ausgangspunkt f&uuml;r die Konfiguration von MOA-ID-PROXY dienen kann. </li>
+<li>Die endorsed Libraries f&uuml;r Tomcat m&uuml;ssen aus dem Verzeichnis $MOA_ID_INST_PROXY/endorsed in das Tomcat-Verzeichnis $CATALINA_HOME/common/endorsed kopiert werden. Folgende Libraries sind f&uuml;r das Deployment im endorsed Verzeichnis vorgesehen:
+<ul>
+<li id="klein">Xerces-J-2.0.2 (bestehend aus xercesImpl.jar und xmlParserAPIs.jar)</li>
+</ul>
+Eventuell vorhandene Dateien mit dem gleichen Namen m&uuml;ssen ersetzt werden.
+</li>
+<li>Folgende Java System Properties sind zu setzen: <br />
+<ul id="klein">
+<li id="klein">moa.id.configuration=Name der MOA ID Konfigurationsdatei. Eine beispielhafte MOA ID Konfiguration ist in $MOA_ID_INST_AUTH/conf/moa-id/ SampleMOAIDConfiguration.xml enthalten.</li>
+<li id="klein">log4j.configuration=URL der Log4j Konfigurationsdatei. Eine beispielhafte Log4j-Konfiguration ist in $MOA_ID_INST_AUTH/conf/moa-id/log4j.properties enthalten. </li>
+<li id="klein">javax.net.ssl.trustStore=Name des Truststores f&uuml;r vertrauensw&uuml;rdige SSL Client-Zertifikate (optional; nur, wenn SSL Client-Authentisierung durchgef&uuml;hrt werden soll). </li>
+</ul>
+Diese Java System-Properties werden Tomcat &uuml;ber die Umgebungsvariable CATALINA_OPTS mitgeteilt
+(siehe Beispiele f&uuml;r <a href="examples/moa-id-env-windows.txt">Windows</a> und f&uuml;r <a href="examples/moa-id-env-linux.txt">Linux</a>).
+</ul>
+</div>
+</td></tr></table>
+
+<div id="Tomcat_Start" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+<div id="slogan">
+<br /><br />
+</div>
+</td>
+<td valign="top">
+<p id="subtitel">Starten und Stoppen von Tomcat </p>
+<div id="block">
+Nach dem Deployment und der Konfiguration kann Tomcat aus seinem Wurzelverzeichnis mit <br />
+<pre>
+ bin\catalina start (unter Windows) oder
+ bin/catalina.sh start (unter Unix/Linux)
+</pre>
+gestartet werden. Das Stoppen von Tomcat erfolgt analog mit <br />
+<pre>
+ bin\catalina stop (unter Windows) oder
+ bin/catalina.sh stop (unter Unix/Linux)
+</pre>
+Ein erfolgreicher Startvorgang von MOA-ID-AUTH ist an folgender Log-Meldung ersichtlich: <br />
+<pre>
+ INFO | 08 13:33:38,497 | main |
+ MOA ID Authentisierung wurde
+ erfolgreich gestartet
+</pre>
+Analog bei MOA-ID-PROXY: <br/>
+<pre>
+ INFO | 08 13:35:49,876 | main |
+ MOA ID Proxy wurde erfolgreich gestartet
+</pre>
+
+Nach dem erfolgreichen Starten von Tomcat steht MOA-ID-AUTH unter der URL
+<pre>
+http(s)://host:port/moa-id-auth/StartAuthentication
+</pre>
+zur Verf&uuml;gung. Der WebService ist unter
+<pre>
+http(s)://host:port/moa-id-auth/services/GetAuthenticationData
+</pre>
+erreichbar. Die Verf&uuml;gbarkeit der Anwendung kann &uuml;berpr&uuml;ft werden, indem die URLs mit einem Web-Browser aufgerufen werden.<br />
+<br />
+<div id="ConfigUpdate" />
+<b>Dynamische Konfigurations-Updates</b><br />
+Dynamische Konfigurations-Updates k&ouml;nnen f&uuml;r MOA-ID-AUTH durch den Aufruf der URL http://hostname:port/moa-id-auth/ConfigurationUpdate (z.B. durch Eingabe in einem Browser) durchgef&uuml;hrt werden. Analog wird die Konfiguration von MOA-ID-PROXY mittels http://hostname:port/ConfigurationUpdate aktualisiert.<br /><br />
+<b>Hinweis: </b>Konfigurations&auml;nderungen für die Online-Applikationen betreffen grunds&auml;tzlich sowohl die Auth- als auch die Proxy-Komponente.
+Wenn bspw. das <tt>publicURLPrefix</tt> der OA ge&auml;ndert wird, muss sowohl f&uuml;r die Auth- als auch für die Proxy-Komponente ein ConfigurationUpdate durchgef&uuml;hrt werden. <br /> <br />
+Konnte MOA-ID-AUTH bzw. MOA-ID-PROXY nicht ordnungsgem&auml;&szlig; konfiguriert und gestartet werden, geht das aus der Log-Meldung hervor: <br />
+<pre>
+FATAL | 03 13:19:06,924 | main | Fehler
+ beim Starten des Service MOA ID Authentisierung
+</pre>
+bzw.
+<pre>
+FATAL | 03 13:19:06,924 | main | Fehler
+ beim Starten des Service MOA ID Proxy
+</pre>
+In diesem Fall geben die WARN bzw. ERROR Log-Meldungen unmittelbar davor Aufschluss &uuml;ber den genaueren Grund. <br />
+</div>
+</td></tr></table>
+
+
+<div id="Logging" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+<div id="slogan">
+<br /><br />
+</div>
+</td>
+<td valign="top">
+<div id="Logging" />
+<p id="subtitel">Logging</p>
+<div id="block">
+Die MOA ID Webapplikation verwendet Jakarta Log4j f&uuml;r die Ausgabe von Log-Meldungen am Bildschirm bzw. in Log-Dateien. Log4j bietet zahlreiche Konfigurationsm&ouml;glichkeiten, die ausf&uuml;hrlich im <a href="http://jakarta.apache.org/log4j/docs/manual.html" target="_new">Log4j Handbuch</a> beschrieben sind. Unter anderem gibt es die M&ouml;glichkeit, folgende Einstellungen vorzunehmen: <br />
+<ul>
+<li id="klein">Das verwendete Log-Level (DEBUG, INFO, WARN, ERROR, FATAL).</li>
+<li id="klein">Name und maximale Gr&ouml;&szlig;e der Log-Datei(en).</li>
+<li id="klein">Das Aussehen der Log-Eintr&auml;ge.</li>
+</ul>
+Es werden folgende Log-Hierarchien verwendet:
+</div>
+<ul>
+<li>moa.id.auth f&uuml;r alle Log-Meldungen aus dem MOA-ID-AUTH Modul </li>
+<li>moa.id.proxy f&uuml;r alle Log-Meldungen aus dem MOA-ID-PROXY Modul </li>
+<li>moa.spss.server f&uuml;r alle Log-Meldungen aus dem MOA-SPSS Modul </li>
+<li>iaik.server f&uuml;r alle Log-Meldungen aus den IAIK Kryptographie-Modulen </li>
+</ul>
+<div id="block">
+Als Ausgangspunkt f&uuml;r die Logging-Konfiguration liegt die Datei $MOA_ID_INST_AUTH/conf/moa-id/log4j.properties (bzw. $MOA_ID_INST_PROXY/conf/moa-id/log4j.properties) bei.
+Wird diese Datei als Logging-Konfiguration verwendet, so werden alle Log-Meldungen sowohl in die Konsole, als auch in die Datei <tt>$CATALINA_HOME/logs/moa-id.log</tt> geschrieben.
+<br /><br />
+<b>Format der Log-Meldungen</b><br />
+Anhand einer konkreten Log-Meldung wird das Format der MOA ID Log-Meldungen erl&auml;utert:
+<pre>
+ INFO | 09 08:23:59,385 | Thread-8 |
+ Anmeldedaten zu MOASession -5468974113772848113
+ angelegt, SAML Artifakt
+ AAF/BrdRfnMaQVGIbP/Gf9OwDUwwsXChb7nuT+VXQzOoHbV
+</pre>
+
+Der Wert <tt>INFO</tt> besagt, dass die Log-Meldung im Log-Level <tt>INFO</tt> entstanden ist. Folgende Log-Levels existieren:<br />
+<ul>
+<li id="klein"><tt>DEBUG:</tt> Log-Meldungen im Log-Level <tt>DEBUG</tt> geben Auskunft &uuml;ber die innere Arbeitsweise des Systems. Sie sind haupts&auml;chlich f&uuml;r Entwickler interessant.</li>
+<li id="klein"><tt>INFO:</tt> Diese Log-Meldungen geben informative Status-Informationen &uuml;ber den Ablauf der Webapplikation, wie z.B., dass eine neue Anfrage eingelangt ist.</li>
+<li id="klein"><tt>WARN:</tt> Bei der Ausf&uuml;hrung einer Operation sind leichte Fehler aufgetreten. Der Ablauf der Webapplikation ist nicht weiter beeintr&auml;chtigt.</li>
+<li id="klein"><tt>ERROR:</tt> Die Ausf&uuml;hrung einer Operation musste abgebrochen werden. Die Webapplikation ist davon nicht beeintr&auml;chtigt. </li>
+<li id="klein"><tt>FATAL:</tt> Es ist ein Fehler aufgetreten, der den weiteren Betrieb der Webapplikation nicht mehr sinnvoll macht.</li>
+</ul>
+Der n&auml;chste Wert <tt>09 08:23:59,385</tt>, gibt den Zeitpunkt an, an dem die Log-Meldung generiert wurde (in diesem Fall den 9. Tag im aktuellen Monat, sowie die genaue Uhrzeit). <br />
+Der Rest der Zeile einer Log-Meldung ist der eigentliche Text, mit dem das System bestimmte Informationen anzeigt. Im Fehlerfall ist h&auml;ufig ein Java Stack-Trace angef&uuml;gt, der eine genauere Ursachen-Forschung erm&ouml;glicht.
+<br /><br />
+
+
+<b>Wichtige Log-Meldungen</b><br />
+Neben den im Abschnitt "Starten und Stoppen von Tomcat" beschriebenen Log-Meldungen, die anzeigen, ob die Webapplikation
+ordnungsgem&auml;&szlig; gestartet wurde, geben nachfolgenden Log-Meldungen Aufschluss &uuml;ber die Abarbeitung von Anfragen.
+Die Annahme einer Anfrage wird beispielsweise angezeigt durch:
+</div>
+<pre>
+ INFO | 09 08:37:17,663 | Thread-9 |
+ MOASession 6576509775379152205 angelegt
+
+ INFO | 09 08:37:20,828 | Thread-9 |
+ Anmeldedaten zu MOASession 6576509775379152205
+ angelegt, SAML Artifakt
+ AAF/BrdRfnMaQVGIbP/Gf9OwDUwwsXChb7nuT+VXQzOoHbV
+
+</pre>
+
+<div id="block">
+Die 1. Log-Meldung besagt, dass sich ein Benutzer an MOA-ID-AUTH angemeldet und eine eindeutige SessionID zugewiesen bekommen hat. <br />
+Die 2. Log-Meldung informiert dar&uuml;ber, dass die Anmeldedaten des Benutzers unter dem angezeigten SAML Artifakt abgeholt werden k&ouml;nnen.<br />
+</div>
+Wenn nun versucht wird, eine Transaktion mit einer ung&uumlltigen SessionID fortzusetzen erh&auml;lt man folgende Log-Meldung:<br />
+<pre>
+ ERROR | 09 09:34:27,105 | Thread-8 |
+ at.gv.egovernment.moa.id.AuthenticationException:
+ MOASessionID ist unbekannt
+ (MOASessionID=-8650403497547200032)
+</pre>
+<div id="block">
+In diesem Fall gibt der mitgeloggte Stacktrace Auskunft &uuml;ber die Art des Fehlers. Der Aufrufer der MOA ID Webapplikation bekommt einen Fehlercode sowie eine kurze Beschreibung des Fehlers als Antwort zur&uuml;ck.
+<br /><br />
+Die Tats&auml;chlich &uuml;bertragenen Anfragen bzw. Antworten werden aus Effizienzgr&uuml;nden nur im Log-Level DEBUG angezeigt.
+</div>
+</td></tr></table>
+<br /><br />
+
+
+
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top"><br /></td>
+<td valign="top">
+<hr />
+<div style="font-size:8pt; color:#909090">&copy; 2003 <!-- Development Center, BRZ GmbH --></div>
+</td></tr></table>
+<br />
+
+
+</div>
+</body>
+</html> \ No newline at end of file
diff --git a/id.server/doc/moa_id/id-admin_2.htm b/id.server/doc/moa_id/id-admin_2.htm
new file mode 100644
index 000000000..b4e22a36b
--- /dev/null
+++ b/id.server/doc/moa_id/id-admin_2.htm
@@ -0,0 +1,623 @@
+<html>
+<head>
+ <title>MOA ID-Administration</title>
+ <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
+ <meta content="heinz.rosenkranz@brz.gv.at" name="author"/>
+
+<style type="text/css">
+ body { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ td { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ th { font-family:"Verdana", "Arial"; font-size:10pt; font-weight:bold; color:#d8d8d8; background:#505050}
+ li { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ ul { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ tt { font-size:9pt; color:#505060; }
+ #titel { font-family:"Verdana", "Arial"; font-size:18pt; color:#505060; }
+ #subtitel { font-family:"Verdana", "Arial"; font-size:12pt; color:#505060; font-weight:bold; }
+ #slogan { font-family:"Verdana", "Arial"; font-size:8pt; color:#808090; text-align:justify; width:160px }
+ #block { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; text-align:justify }
+ #klein { font-family:"Verdana", "Arial"; font-size:9pt; color:#505060; margin-top:3px }
+ #info { font-family:"Verdana", "Arial"; font-size:8pt; color:#505060; padding:3px; border:solid 1px #c0c0c0 }
+ #infolist { font-family:"Verdana", "Arial"; font-size:8pt; color:#505060; }
+ a:link {color:#000090}
+ a:visited {color:#000090}
+ a:hover {color:#c03030}
+ a {text-decoration: none}
+</style>
+
+<script language="JavaScript">
+<!--
+function goWin(url) {
+ Fenster=window.open(url,"smallWin","toolbar=0,location=0,directories=0,status=0,menubar=0,resizable=yes,scrollbars=yes,width=500,height=480,top=20,screenY=0,left=20,screenX=0");
+ window.setTimeout("showWin()",300);
+}
+function showWin() { Fenster.focus(); }
+// -->
+</script>
+</head>
+
+<body bgcolor="#FFFFFF" >
+<div style="width:650px">
+
+<!-- Projekt-Logo -->
+<div style="height:42px; font-size:16pt; color:#b0b8c0; background:#003050">
+&#160;Module f&uuml;r Online-Applikationen
+</div>
+<div style="margin-left:8px; margin-top:3px; font-size:8pt; color:#707070; ">
+<!-- Development Center der BRZ GmbH, A-Trust und IAIK Graz -->&#160;
+</div>
+<div style="margin-top:-65px; text-align:right; font-size:8pt; font-weight:bold; color:#d04040;" >
+Projekt <span style="font-size:48pt; ">moa</span>&#160;
+</div>
+<br />
+
+<!-- First Section with Navigation -->
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top">
+<div style="font-weight:bold; margin-top:12px">MOA-ID</div><br />
+<div id="klein"><a href="id-admin.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> &uuml;bersicht</b></a></div>
+<div id="klein"><a href="id-admin_1.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Basis-Installation</b></a></div>
+<div id="klein"><img src="../moa_images/select.gif" border="0" width="13" height="14" />
+ <b> Konfiguration </b></div>
+<div id="klein"><a href="id-admin_3.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Optionale<br />&#160; &#160;&#160;Komponenten</b></a></div>
+<br />
+<div id="klein"><a href="moa.htm"><img src="../moa_images/west.gif" border="0" width="13" height="14" />
+ <b> Zur&uuml;ck</b></a></div>
+<br /><br />
+<div id="slogan">
+<a href="#moaid-konfiguration"><b>Konfiguration<br />von MOA-ID</b></a>
+<br /><br />
+<a href="examples/conf/MOA-ID-Configuration.xml" target="_new">Konfigurationsdatei</a>
+<br /><br />
+<b>Parameter-&uuml;bersicht</b><br />
+<a href="#ConnectionParameter">ConnectionParameter</a><br />
+<a href="#AuthComponent">AuthComponent</a><br />
+<a href="#BKUSelection" >&nbsp;&nbsp;BKUSelection</a><br />
+<a href="#SecurityLayer">&nbsp;&nbsp;SecurityLayer</a><br />
+<a href="#MOA-SP">&nbsp;&nbsp;MOA-SP</a><br />
+<a href="#IdentityLinkSigners">&nbsp;&nbsp;IdentityLinkSigners</a><br />
+<a href="#ProxyComponent">ProxyComponent</a><br />
+<a href="#OnlineApplication">OnlineApplication</a><br />
+<a href="#OnlineApplication/AuthComponent">&nbsp;&nbsp;AuthComponent</a><br />
+<a href="#OnlineApplication/ProxyComponent">&nbsp;&nbsp;ProxyComponent</a><br />
+<a href="#ChainingModes">ChainingModes</a><br />
+<a href="#TrustedCACertificates">TrustedCACertificates</a><br />
+<a href="#GenericConfiguration">GenericConfiguration</a><br />
+<br />
+<a href="#oa-config"><b>Konfiguration<br />der Online-Applikation</b></a><br />
+<br />
+<b>Parameter-&uuml;bersicht</b><br />
+<a href="#LoginType">LoginType</a><br />
+<a href="#ParamAuth">ParamAuth</a><br />
+<a href="#Parameter">&nbsp;&nbsp;ParamAuth/Parameter</a><br />
+<a href="#BasicAuth">BasicAuth</a><br />
+<a href="#HeaderAuth">HeaderAuth</a><br />
+<a href="#Header">&nbsp;&nbsp;HeaderAuth/Header</a><br />
+<br />
+<a href="#sp-config"><b>Konfiguration<br />von MOA-SP</b></a><br />
+<br />
+<a href="#verifytransformsInfoProfile">VerifyTransformsInfoProfile</a><br />
+<a href="#trustProfile">TrustProfile</a><br />
+<a href="#certstore">Certstore</a><br />
+<br />
+<a href="#online-config"><b>&auml;nderung der Konfig. <br />w&auml;hrend des Betriebs</b></a><br />
+
+<br />
+</div>
+
+</td>
+
+<td valign="top">
+<div id="titel">Konfiguration von MOA ID v.1.1</div>
+
+<div id="moaid-konfiguration" />
+<p id="subtitel">Konfiguration von MOA ID v.1.1</p>
+<p id="block">
+Die Konfiguration von MOA ID wird mittels einer XML-basierten Konfigurationsdatei, die dem Schema
+<a href="../MOA-ID-Configuration-1.1.xsd" target="_new">MOA-ID-Configuration-1.1.xsd</a> entspricht, durchgef&uuml;hrt.
+<p />
+Der Ort der Konfigurationsdatei wird im Abschnitt <a href="id-admin_1.htm#deployment">Deployment der Web-Applikation
+in Tomcat</a> beschrieben.
+<p />
+Die folgenden Abschnitte erl&auml;utern das Format der Konfigurationsdatei.
+<a href="examples/conf/MOA-ID-Configuration.xml" target="_new">MOA-ID-Configuration.xml</a> zeigt ein Beispiel
+f&uuml;r eine umfassende Konfigurationsdatei.
+</p>
+Enth&auml;lt die Konfigurationsdatei relative Pfadangaben, werden diese relativ zum Verzeichnis, in dem Tomcat gestartet wurde, interpretiert.
+
+<div id="ConnectionParameter" />
+<p id="block">
+<b>ConnectionParameter</b> <br />
+Das Element <tt>ConnectionParameter</tt> enth&auml;lt Parameter, die MOA-ID f&uuml;r den Aufbau von Verbindungen zu anderen Komponenten
+ben&ouml;tigt. Dieses Element tritt mehrfach in der Konfigurationsdatei auf und wird daher vorab detailliert beschrieben.
+<br /><br />
+Das Attribut <tt>URL</tt> enth&auml;lt die URL der Komponente zu der die Verbindung aufgebaut werden soll.
+Wird das Schema <tt>https</tt> verwendet, k&ouml;nnen die Kind-Elemente <tt>AcceptedServerCertificates</tt>
+und <tt>ClientKeyStore</tt> angegeben werden. Wird das Schema <tt>http</tt> verwendet m&uuml;ssen keine Kind-Elemente
+angegeben werden bzw. werden diese nicht ausgewertet. Andere Schemas werden nicht unterst&uuml;tzt.
+<br /><br />
+Wird die Verbindung &uuml;ber TLS aufgebaut und erfordert der TLS-Server eine Client-Authentisierung
+mittels Zertifikate, dann muss das Kind-Element <tt>ClientKeyStore</tt> spezifiziert werden, und es muss
+eine URL enthalten, die einen PKCS#12-Keystore mittels URL-Schema 'file:' referenziert.
+Diesem Keystore wird der private Schl&uuml;ssel f&uuml;r die TLS-Client-Authentisierung entnommen.
+Das Passwort zum Lesen des privaten Schl&uuml;ssels wird im Attribut <tt>ClientKeyStore/@password</tt> konfiguriert.<br />
+Aufgrund der Tatsache, dass starke Verschl&uuml;sselung eine Voraussetzung f&uuml;r MOA-ID darstellt, werden clientseitig nur die folgenden Cipher Suites unterst&uuml;tzt:<br/>
+<ul>
+<li><tt>SSL_RSA_WITH_RC4_128_SHA</tt></li>
+<li><tt>SSL_RSA_WITH_RC4_128_MD5</tt></li>
+<li><tt>SSL_RSA_WITH_3DES_EDE_CBC_SHA</tt></li>
+</ul>
+Im Kind-Element <tt>AcceptedServerCertificates</tt> kann ein Verzeichnisname angegeben werden, in dem die
+akzeptierten Zertifikate der TLS-Verbindung hinterlegt sind. Dieses Verzeichnis wird mittels URL-Schema 'file:' referenziert. In diesem Verzeichnis werden nur Serverzertifikate
+abgelegt. Fehlt dieser Parameter wird lediglich &uuml;berpr&uuml;ft ob ein Zertifikatspfad zu den im Element <tt>&lt;TrustedCACertificates&gt;</tt> angegebenen Zertifikaten erstellt werden kann. Falls dies nicht m&ouml;glich ist, kommt es zu einem Fehlerfall.
+</p>
+
+
+<div id="AuthComponent" />
+<p id="block">
+<b>AuthComponent</b> <br />
+<tt>AuthComponent</tt> enth&auml;lt Parameter, die nur die MOA-ID Authentisierungskomponente betreffen.
+Das Element ist optional und muss nicht verwendet werden, wenn auf dem Server keine MOA-ID Authentisierungskomponente
+installiert wird.
+<br /><br />
+Das Element <tt>AuthComponent</tt> hat vier Kind-Element:
+<ul>
+<li><tt>BKUSelection</tt> (optional)</li>
+<li><tt>SecurityLayer</tt></li>
+<li><tt>MOA-SP</tt></li>
+<li><tt>IdentityLinkSigners</tt></li>
+</ul>
+</p>
+
+<div id="BKUSelection" />
+<p id="block">
+<b>AuthComponent/BKUSelection</b> <br />
+Das optionale Element <tt>BKUSelection</tt> enth&auml;lt Parameter zur Nutzung eines Auswahldienstes f&uuml;r eine
+B&uuml;rgerkartenumgebung (BKU). Wird das Element nicht angegeben, dann wird die lokale B&uuml;rgerkartenumgebung
+auf <tt>http://localhost:3495/http-security-layer-request</tt> verwendet.
+<br /><br />
+Das Attribut <tt>BKUSelectionAlternative</tt> gibt an welche Alternative zur BKU-Auswahl verwendet werden soll. MOA-ID
+unterst&uuml;tzt die Werte <tt>HTMLComplete</tt> (vollst&auml;ndige HTML-Auswahl) und <tt>HTMLSelect</tt> (HTML-Code f&uuml;r Auswahl)
+[<a href="../bku-auswahl.20030408.pdf">"Auswahl von B&uuml;rgerkartenumge-bungen"</a>, Arno Hollosi].
+<br /><br />
+Das Kind-Element <tt>ConnectionParameter</tt> spezifiziert die Verbindung zum Auswahldienst (siehe
+<a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a>), jedoch kann das Kind-Element <tt>ClientKeyStore</tt>
+nicht angegeben werden.
+</p>
+
+<div id="SecurityLayer" />
+<p id="block">
+<b>AuthComponent/SecurityLayer</b> <br />
+Das Element <tt>SecurityLayer</tt> enth&auml;lt Parameter zur Nutzung des Security-Layers.
+<br /><br />
+Das Kind-Element <tt>TransformsInfo</tt> spezifiziert eine Transformation, die f&uuml;r die Erstellung der Signatur
+des AUTH-Blocks als Parameter in den <tt>CreateXMLSignatureRequest</tt> des Security-Layers integriert werden muss.
+Mehrere unterschiedliche Implementierungen des Security-Layer k&ouml;nnen durch die Angabe mehrerer <tt>TransformsInfo</tt>-Elemente unterst&uuml;tzt werden.
+<br /><br />
+Das Attribut <tt>TransformsInfo/@filename</tt> verweist auf eine Datei, die das globale Element <tt>TransformsInfo</tt> vom Typ
+<tt>TransformsInfo</tt> enth&auml;lt. Das Encoding dieser Datei muss (anders als im Beispiel) UTF-8 sein.
+<br /><br />
+<a href="examples/TransformsInfoAuthBlock.txt">Beispiel f&uuml;r eine TransformsInfo-Datei</a>
+</p>
+
+<div id="MOA-SP" />
+<p id="block">
+<b>AuthComponent/MOA-SP</b> <br />
+Das Element <tt>MOA-SP</tt> enth&auml;lt Parameter zur Nutzung von MOA-SP. MOA-SP wird f&uuml;r die &uuml;berpr&uuml;fung der Signatur
+der Personenbindung und des AUTH-Blocks verwendet.
+<br /><br />
+Wird das Kind-Element <tt>ConnectionParameter</tt> angegeben, dann wird MOA-SP &uuml;ber das Webservice angesprochen, andernfalls
+wird MOA-SP &uuml;ber das API angesprochen.
+<br /><br />
+Das Kind-Element <tt>VerifyIdentityLink/TrustProfileID</tt> spezifiziert eine TrustProfileID, die f&uuml;r den
+<tt>VerifyXMLSignatureRequest</tt> zur &uuml;berpr&uuml;fung der Signatur der Personenbindung verwendet werden muss.
+<br /><br />
+Die Kind-Elemente <tt>VerifyAuthBlock/TrustProfileID</tt> und <tt>VerifyAuthBlock/VerifyTransformsInfoProfileID</tt>
+spezifizieren eine TrustProfileID und eine ID f&uuml;r ein Transformationsprofil, die f&uuml;r den
+<tt>VerifyXMLSignatureRequest</tt> zur &uuml;berpr&uuml;fung der Signatur des Auth-Blocks verwendet werden m&uuml;ssen.
+</p>
+
+<div id="IdentityLinkSigners" />
+<p id="block">
+<b>AuthComponent/IdentityLinkSigners</b> <br />
+Dieses Element gibt an von welchen Signatoren die Signatur des IdentityLink erstellt werden musste
+damit der IdentityLink akzeptiert wird. F&uuml;r jeden Signator muss der <tt>X509SubjectName</tt> nach RFC 2253
+spezifiziert werden.
+<br /><br />
+<a href="examples/IdentityLinkSigners.txt">Beispiel</a>
+<br /><br />
+</p>
+
+<div id="ProxyComponent" />
+<p id="block">
+<b>ProxyComponent</b> <br />
+<tt>ProxyComponent</tt> enth&auml;lt Parameter, die nur die MOA-ID Proxykomponente betreffen.
+Das Element ist optional und muss nicht verwendet werden, wenn auf dem Server keine MOA-ID Proxykomponente
+installiert wird.
+<br /><br />
+Das Element <tt>ProxyComponent</tt> hat nur das Kind-Element <tt>AuthComponent</tt>, das die Verbindung zur
+Authentisierungs-komponente beschreibt.
+<br /><br />
+Baut die Proxykomponente die Verbindung zur Authentisierungs-komponente
+&uuml;ber ein Webservice auf, dann muss das Element <tt>ConnectionParameter</tt> spezifiziert werden.
+<br /><br />
+Baut die Proxykomponente die Verbindung zur Authentisierungs-komponente
+&uuml;ber das API auf, dann wird das Element <tt>ConnectionParameter</tt> nicht spezifiziert.
+</p>
+
+<div id="OnlineApplication" />
+<p id="block">
+<b>OnlineApplication</b> <br />
+F&uuml;r jede Online-Applikation, die &uuml;ber MOA-ID authentisiert wird, gibt es ein Element <tt>OnlineApplication</tt>.
+Die Parameter betreffen teils die MOA-ID Authentisierungskomponente, teils die MOA-ID Proxykomponente, teils beide.
+<br /><br />
+Das Attribut <tt>OnlineApplication/@publicURLPrefix</tt> entspricht dem URL-Pr&auml;fix der nach au&szlig;en sichtbaren
+Dom&auml;ne der Online-Applikation, welcher von der MOA-ID Proxykomponente durch den URL-Pr&auml;fix der wirklichen
+Dom&auml;ne (Attribut <tt>OnlineApplication/ProxyComponent/ConnectionParameter/@URL</tt>) ersetzt wird.
+Es dient als Schl&uuml;ssel zum Auffinden der Konfigurationsparameter zur Online-Applikation.
+<br /><br />
+Das Element <tt>OnlineApplication</tt> hat optional zwei Kind-Elemente: <tt>AuthComponent</tt> und <tt>ProxyComponent</tt>.
+</p>
+
+<div id="OnlineApplication/AuthComponent" />
+<p id="block">
+<b>OnlineApplication/AuthComponent</b> <br />
+Das Element <tt>OnlineApplication/AuthComponent</tt> muss verwendet werden wenn auf dem Server die Authentisierungskomponente
+installiert wird. Es enth&auml;lt Parameter, die das Verhalten der Authentisierungskomponente bez&uuml;glich der Online-Applikation
+konfiguriert.
+<br /><br />
+Das Attribut <tt>provideZMRZahl</tt> bestimmt, ob die ZMR-Zahl in den Anmeldedaten aufscheint.
+Analog steuern die Attribute <tt>provideAUTHBlock</tt> und <tt>provideIdentityLink</tt>, ob die Anmeldedaten
+den Auth-Block bzw. die Personenbindung enthalten. Alle Attribute sind optional und haben den Default-Wert <tt>false</tt>.
+<br /><br />
+</p>
+
+<div id="OnlineApplication/ProxyComponent" />
+<p id="block">
+<b>OnlineApplication/ProxyComponent</b> <br />
+Das Element <tt>OnlineApplication/ProxyComponent</tt> muss verwendet werden wenn auf dem Server die Proxykomponente
+installiert wird.
+<br /><br />
+Das optionale Attribut <tt>configFileURL</tt> verweist auf eine Konfigurationsdatei die dem Schema
+<a href="../MOA-ID-Configuration-1.1.xsd" target="_new">MOA-ID-Configuration-1.1.xsd</a> entspricht mit Dokument-Element
+<tt>Configuration</tt>.<br />
+Default-Wert: <tt>http://&lt;realURLPrefix&gt;/MOAConfig.xml</tt>
+<br/>(<tt>&lt;realURLPrefix&gt;</tt> entspricht dem Wert von <tt>OnlineApplication/ProxyComponent/ConnectionParameter/@URL</tt>)
+<br /><br />
+Das optionale Attribut <tt>sessionTimeOut</tt> legt das Timeout einer Benutzersession in der
+Proxykomponente in Sekunden fest.<br />
+Default-Wert: 3600
+<br /><br />
+Im optionalen Attribut <tt>loginParameterResolverImpl</tt> kann der Klassenname eines
+zu verwendenden <tt>LoginParameterResolver</tt> angegeben werden, welcher die Defaultimplementierung ersetzt.
+<br /><br />
+Im optionalen Attribut <tt>connectionBuilderImpl</tt> kann der Klassenname eines zu verwendenden
+ConnectionBuilder angegeben werden, welcher die Defaultimplementierung ersetzt.
+<br /><br />
+Im Kind-Element <tt>ConnectionParameter</tt> ist konfiguriert, wie MOA-ID-PROXY zur Online-Applikation verbindet.
+</p>
+
+<div id="ChainingModes" />
+<p id="block">
+<b>ChainingModes</b><br />
+Das Element <tt>ChainingModes</tt> definiert, ob bei der Zertifikatspfad-&uuml;berpr&uuml;fung das Kettenmodell
+(<tt>"chaining"</tt>) oder das Modell nach PKIX RFC 3280 (<tt>"pkix"</tt>) verwendet werden soll.
+<br /><br />
+Das Attribut <tt>systemDefaultMode</tt> spezifiziert das Modell, das im Standardfall verwendet werden soll.
+<br/><br/>
+Mit dem Kind-Element <tt>TrustAnchor</tt> kann f&uuml;r jeden Trust Anchor ein abweichendes Modell spezifiziert werden.
+Ein Trust Anchor ist ein Zertifikat, das in <tt>TrustedCACertificates</tt> spezifiziert ist.
+Ein Trust Anchor wird durch den Typ <tt>&lt;dsig:X509IssuerSerialType&gt;</tt> spezifiziert.
+Das f&uuml;r diesen Trust Anchor g&uuml;ltige Modell wird durch das Attribut <tt>mode</tt> spezifiziert.
+<br/><br/>
+G&uuml;ltige Werte f&uuml;r die Attribute <tt>systemDefaultMode</tt> und <tt>mode</tt> sind <tt>"chaining"</tt> und <tt>"pkix"</tt>.
+<br/><br/>
+<a href="examples/ChainingModes.txt">Beispiel</a>
+</p>
+
+<div id="TrustedCACertificates" />
+<p id="block">
+<b>TrustedCACertificates</b><br />
+Das Element <tt>TrustedCACertificates</tt> enth&auml;lt eine URL, die auf ein Verzeichnis verweist, das jene Zertifikate
+enth&auml;lt, die als vertrauensw&uuml;rdig betrachtet werden. Diese URL muss mittels URL-Schema 'file:' referenziert werden. Im Zuge der &Uuml;berpr&uuml;fung der TLS-Serverzertifikate wird die
+Zertifikatspfaderstellung an einem dieser Zertifikate beendet.
+</p>
+
+<div id="GenericConfiguration" />
+<p id="block">
+<b>GenericConfiguration</b><br />
+Das Element <tt>GenericConfiguration</tt> erm&ouml;glicht das Setzen von Namen-Werte Paaren mittels der Attribute
+<tt>name</tt> und <tt>value</tt>. Die folgende Liste spezifiziert
+<ul>
+<li>g&uuml;ltige Werte f&uuml;r das name-Attribut, </li>
+<li>eine Beschreibung </li>
+<li>g&uuml;ltige Werte f&uuml;r das value-Attribut und (falls vorhanden)</li>
+<li>den Default-Wert f&uuml;r das value-Attribut. </li>
+</ul>
+
+<table border="0" cellspacing="3" cellpadding="2">
+<tr id="DirectoryCertStoreParameters.RootDir"><th align="left">name: DirectoryCertStoreParameters.RootDir</th></tr>
+<tr><td id="info">
+Gibt den Pfadnamen zu einem Verzeichnis an, das als Zertifikatsspeicher im Zuge der TLS-Server-Zertifikats&uuml;berpr&uuml;fung
+verwendet wird.<br />
+<hr />
+<b>value: </b><br />
+G&uuml;ltige Werte: Name eines g&uuml;ltigen Verzeichnisses<br />
+<b>Dieser Parameter muss angegeben werden.</b>
+</td></tr>
+</table>
+
+<table border="0" cellspacing="3" cellpadding="2">
+<tr id="AuthenticationSession.TimeOut"><th align="left">name: AuthenticationSession.TimeOut</th></tr>
+<tr><td id="info">
+Gibt die Zeitspanne in Sekunden vom Beginn der Authentisierung bis zum Anlegen der Anmeldedaten an.
+Wird die Angegebene Zeitspanne &uuml;berschritten wird der Anmeldevorgang abgebrochen.
+<br />
+<hr />
+<b>value: </b><br />
+G&uuml;ltige Werte: positive Ganzzahlen <br />
+Default-Wert: 120
+</td></tr>
+</table>
+
+<table border="0" cellspacing="3" cellpadding="2">
+<tr id="AuthenticationData.TimeOut"><th align="left">name: AuthenticationData.TimeOut</th></tr>
+<tr><td id="info">
+Gibt die Zeitspanne in Sekunden an, f&uuml;r die die Anmeldedaten in der Authentisierungskomponente zum Abholen
+durch die Proxykomponente oder eine nachfolgende Applikation bereitstehen. Nach Ablauf dieser Zeitspanne werden die Anmeldedaten gel&ouml;scht.<br />
+<hr />
+<b>value: </b><br />
+G&uuml;ltige Werte: positive Ganzzahlen<br />
+Default-Wert: 600
+</td></tr>
+</table>
+
+<table border="0" cellspacing="3" cellpadding="2">
+<tr id="TrustManager.RevocationChecking"><th align="left">name: TrustManager.RevocationChecking</th></tr>
+<tr><td id="info">
+F&uuml;r die TLS-Server-Authentisierung d&uuml;rfen nur Server-Zertifikate verwendet werden, die eine CRLDP-Extension enthalten (andernfalls kann von MOA-ID keine CRL-&uuml;berpr&uuml;fung durchgef&uuml;hrt werden).
+<br />Soll das RevocationChecking generell ausgeschaltet werden, ist dieses Attribut anzugeben und auf "false" zu setzen.
+<br />
+<hr />
+<b>value: </b><br />
+G&uuml;ltige Werte: true, false<br />
+Default-Wert: true
+</td></tr>
+</table>
+
+
+</td></tr></table>
+
+
+<br /><br />
+<div id="oa-config" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+<div id="slogan">
+<br /><br />
+</div>
+</td>
+<td valign="top">
+<p id="subtitel">Konfiguration der Online-Applikation</p>
+<div id="block">
+Die Konfiguration der OA beschreibt die Art und Weise, wie die Proxykomponente die Anmeldung an der Online-Applikation
+durchf&uuml;hrt.
+<br /><br />
+Der Name der Konfigurationsdatei wird in der Konfiguration von MOA-ID als Wert des Attributs
+<tt>configFileURL</tt> des Elements <tt>MOA-IDConfiguration/OnlineApplication/ProxyComponent</tt> hinterlegt.
+<br/>Ist dieses Attribut nicht gesetzt, dann wird die Datei von <tt>http://&lt;realURLPrefix&gt;/MOAConfig.xml</tt> geladen,
+wobei <tt>&lt;realURLPrefix&gt;</tt> dem Konfigurationswert <tt>OnlineApplication/ProxyComponent/ConnectionParameter/@URL</tt> entspricht.
+<br /><br />
+Die Konfigurationsdatei ist eine XML-Datei, die dem Schema
+<a href="../MOA-ID-Configuration-1.1.xsd" target="_new">MOA-ID-Configuration-1.1.xsd</a> mit dem Wurzelelement
+<tt>Configuration</tt> entspricht.
+</div>
+
+<div id="LoginType" />
+<p id="block">
+<b>LoginType</b><br />
+Das Element <tt>LoginType</tt> gibt an, ob die Online-Applikation ein einmaliges Login erwartet (<tt>stateful</tt>),
+oder ob die Login-Parameter bei jedem Request mitgegeben werden m&uuml;ssen (<tt>stateless</tt>). Im Fall einer stateful
+Online-Applikation werden die in der HTTP-Session der Proxykomponente gespeicherten Anmeldedaten nur f&uuml;r den Aufruf
+des Login-Scripts verwendet. Unmittelbar nach dem Aufruf werden sie gel&ouml;scht.
+<br />
+Default-Wert: <tt>stateful</tt>
+</p>
+</div>
+
+<div id="ParamAuth" />
+<p id="block">
+<b>ParamAuth</b><br />
+Konfiguriert die &uuml;bergabe der Authentisierungs-Parameter an die Online-Applikation mittels URL-Parametern. Das Element
+kann ein oder mehrere Kind-Elemente <tt>&lt;Parameter&gt;</tt> beinhalten.
+</p>
+</div>
+
+<div id="Parameter" />
+<p id="block">
+<b>ParamAuth/Parameter</b><br />
+Das Element <tt>&lt;Paramter&gt;</tt> enth&auml;lt die Attribute <tt>Name</tt> und <tt>Value</tt>.
+<br /><br />
+Das Attribut <tt>Name</tt> beschreibt den Namen des Parameters und ist ein frei zu w&auml;hlender String.
+<br /><br />
+Das Attribut <tt>Value</tt> beschreibt den Inhalt des Parameters und kann einen der durch <tt>MOAAuthDataType</tt> beschriebenen
+Werte annehmen. G&uuml;ltige Werte von <tt>MOAAuthDataType</tt> sind:
+<ul>
+<li><tt>MOAGivenName</tt> - der Vorname des Benutzers, wie in der Personenbindung enthalten
+<li><tt>MOAFamilyName</tt> - der Nachname des Benutzers, wie in der Personenbindung enthalten
+<li><tt>MOADateOfBirth</tt> - das Geburtsdatum des Benutzers, wie in der Personenbindung enthalten
+<li><tt>MOAVPK</tt> - die verfahrensspezifische Personenkennzeichnung des Benutzers, wie von der
+Authentisierungskomponente berechnet
+<li><tt>MOAPublicAuthority</tt> - wird durch <tt>true</tt> ersetzt, falls der Benutzer mit einem Zertifikat signierte,
+welches eine <a href="../CIO X509ext-20030218.pdf">Beh&ouml;rdenerweiterung</a> beinhaltet. Andernfalls wird <tt>false</tt> gesetzt
+<li><tt>MOABKZ</tt> - das Beh&ouml;rdenkennzeichen (nur sinnvoll, wenn <tt>MOAPublicAuthority</tt> den Wert <tt>true</tt>
+ergibt)
+<li><tt>MOAQualifiedCertificate</tt> - wird durch <tt>true</tt> ersetzt, falls das Zertifikat des Benutzers
+qualifiziert ist, andernfalls wird <tt>false</tt> gesetzt
+<li><tt>MOAZMRZahl</tt> - die ZMR-Zahl des Benutzers; diese ist nur dann verf&uuml;gbar, wenn die Online-Applikation
+die ZMR-Zahl bekommen darf (und daher in der Personenbindung enthalten ist)
+<li><tt>MOAIPAddress</tt> - IP-Adresse des Client des Benutzers.
+</ul>
+
+Anhand der <tt>&lt;Parameter&gt;<tt>-Elemente wird der Request f&uuml;r den Login-Vorgang (f&uuml;r stateful Online-Applikationen)
+folgenderma&szlig;en zusammenge-stellt:<br />
+<blockquote>
+<code>GET https://&lt;login-url&gt;?<br />
+&nbsp;&nbsp;&lt;p1.name=p1.resolvedValue&gt;&<br />
+&nbsp;&nbsp;&lt;p2.name=p2.resolvedValue&gt;...</code>
+</blockquote>
+<p id="block">
+Die <tt>&lt;login-url&gt;</tt> ergibt sich aus dem Parameter OA des <a href="id-anwendung_1.htm">Aufrufs von MOA-ID-AUTH</a>,
+zusammen mit der Konfiguration von <tt>OnlineApplication/@publicURLPrefix</tt> und von <tt>OnlineApplication/ProxyComponent/ConnectionParameter/@URL</tt>.
+<br/>Der Wert <tt>resolvedValue</tt> wird in MOA-ID-PROXY je nach Wert des Platzhalters eingesetzt.
+</p>
+</div>
+<div id="BasicAuth" />
+<p id="block">
+<b>BasicAuth</b><br />
+Das Element <tt>BasicAuth</tt> konfiguriert die &uuml;bergabe der Authentisierungs-Parameter an die Online-Appliktion
+mittels HTTP Basic Authentication. Es enth&auml;lt zwei Kind-Elemente.
+<br /><br />
+Das Element <tt>UserID</tt> gibt die UserId des zu authentisierenden Benutzers an und kann einen der durch
+<tt>MOAAuthDataType</tt> beschriebenen Werte annehmen.
+<br /><br />
+Das Element <tt>Password</tt> gibt das Passwort des zu authentisierenden Benutzers an und kann einen der durch
+<tt>MOAAuthDataType</tt> beschriebenen Werte annehmen.
+</p>
+</div>
+
+<div id="HeaderAuth" />
+<p id="block">
+<b>HeaderAuth</b><br />
+Das Element <tt>HeaderAuth</tt> konfiguriert die &uuml;bergabe der Authentisierungs-Parameter an die Online-Applikation
+in HTTP Request Headern. Das Element kann ein oder mehrere Kind-Elemente <tt>&lt;Header&gt;</tt> beinhalten.
+</p>
+</div>
+
+<div id="Header" />
+<p id="block">
+<b>HeaderAuth/Header</b><br />
+Das Element <tt>&lt;Header&gt;</tt> enth&auml;lt die Attribute Name und Value.
+<br /><br />
+Das Attribut <tt>Name</tt> beschreibt den Namen des Header und ist ein frei zu w&auml;hlender String.
+<br /><br />
+Das Attribut <tt>Value</tt> beschreibt den Inhalt des Header und kann einen der durch <tt>MOAAuthDataType</tt>
+beschriebenen Werte annehmen.
+<br /><br />
+Die Header werden folgenderma&szlig;en in den Request an die Online-Applikation eingef&uuml;gt:
+<blockquote><pre>
+&lt;h1.name&gt;:&lt;h1.resolvedValue&gt;
+&lt;h2.name&gt;:&lt;h2.resolvedValue&gt;
+...
+</pre></blockquote>
+Der Wert <tt>resolvedValue</tt> wird in der Proxykomponente je nach Wert des Platzhalters eingesetzt.
+Etwaige Header aus dem urspr&uuml;nglichen Request an die Proxykomponente, die denselben Namen haben, m&uuml;ssen
+&uuml;berschrieben werden.
+</p>
+</div>
+</td></tr></table>
+
+
+<div id="sp-config" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+<div id="slogan">
+<br /><br />
+</div>
+</td>
+<td valign="top">
+<p id="subtitel">Konfiguration von MOA-SP</p>
+<div id="block">
+
+<p id="block">
+MOA-ID &uuml;berpr&uuml;ft die Signaturen der Personenbindung und des AUTH-Blocks mit dem <tt>VerifyXMLSignatureRequest</tt>
+von MOA-SP. Dazu muss MOA-SP wie unten beschreiben konfiguriert werden.
+<br /><br />
+Ein Auszug einer beispielhaften MOA-SP Konfigurationsdatei, die diese Konfigurationsparameter enth&auml;lt ist in
+<tt>$MOA_ID_INST_AUTH/conf/moa-spss/ SampleMOASPSSConfiguration.xml</tt> enthalten.
+
+</p>
+
+<div id="verifytransformsInfoProfile" />
+<p id="block">
+<b>VerifyTransformsInfoProfile</b><br />
+Der Request zum &uuml;berpr&uuml;fen der Signatur des AUTH-Blocks verwendet ein vordefiniertes VerifyTransformsInfoProfile.
+Die im Request verwendete Profil-ID wird in der MOA-ID Konfigurationsdatei
+im Element <tt>/MOA-IDConfiguration/ AuthComponent/MOA-SP/VerifyAuthBlock/ VerifyTransformsInfoProfileID</tt> definiert.
+Entsprechend muss am MOA-SP Server ein VerifyTransformsInfoProfile mit gleichlautender ID definiert werden. Die
+Profiledefinition selbst ist in der Auslieferung von MOA-ID in <tt>$MOA_ID_INST_AUTH/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml</tt>
+enthalten. Diese Profildefinition muss unver&auml;ndert &uuml;bernommen werden.
+</p>
+</div>
+
+<div id="trustProfile" />
+<p id="block">
+<b>TrustProfile</b><br />
+Die Requests zur &uuml;berpr&uuml;fung der Signatur verwenden vordefinierte TrustProfile.
+Die im Request verwendete Profil-IDs werden in der MOA-ID Konfigurationsdatei
+in den Elementen <tt>/MOA-IDConfiguration/AuthComponent/MOA-SP/VerifyIdentityLink/ TrustProfileID</tt> und
+<tt>/MOA-IDConfiguration/AuthComponent/MOA-SP/VerifyAuthBlock/TrustProfileID</tt> definiert. Diese beiden Elemente
+k&ouml;nnen unterschiedliche oder identische TrustProfileIDs enthalten.
+Am MOA-SP Server m&uuml;ssen TrustProfile mit gleichlautender ID definiert werden.
+Die Auslieferung von MOA-ID enth&auml;lt das Verzeichnis <tt>$MOA_ID_INST_AUTH/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot</tt>,
+das als TrustProfile verwendet werden kann. Weitere Zertifikate k&ouml;nnen als vertrauensw&uuml;rdig hinzugef&uuml;gt werden.
+</p>
+</div>
+
+<div id="certstore" />
+<p id="block">
+<b>Certstore</b><br />
+Zum Aufbau eines Zertifikatspfades k&ouml;nnen ben&ouml;tigte Zertifikate aus einem Zertifikatsspeicher verwendet werden.
+Die Auslieferung von MOA-ID enth&auml;lt das Verzeichnis <tt>$MOA_ID_INST_AUTH/conf/moa-spss/certstore</tt>, das als initialer
+Zertifikatsspeicher verwendet werden kann.
+</p>
+</div>
+
+</div>
+</td></tr></table>
+
+
+<div id="online-config" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+<div id="slogan">
+<br /><br />
+</div>
+</td>
+<td valign="top">
+<p id="subtitel">&Auml;nderung der Konfiguration w&auml;hrend des Betriebs</p>
+<div id="block">
+Der Inhalt dieser Konfiguration, bzw. jene Teile, auf die indirekt verwiesen wird, k&ouml;nnen w&auml;hrend des laufenden
+Betriebes des MOA-Servers ge&auml;ndert werden. Der Server selbst wird durch den Aufruf einer <a href="id-admin_1.htm#ConfigUpdate">URL</a>
+(im Applikationskontext von MOA ID) dazu veranlasst, die ge&auml;nderte Konfiguration neu einzulesen.
+Im Falle einer fehlerhaften neuen Konfiguration wird die urspr&uuml;ngliche Konfiguration beibehalten.
+</div>
+
+
+</td></tr></table>
+<br /><br />
+
+
+
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top"><br /></td>
+<td valign="top">
+<hr />
+<div style="font-size:8pt; color:#909090">&copy; 2003 <!-- Development Center, BRZ GmbH --></div>
+</td></tr></table>
+<br />
+
+
+</div>
+</body>
+</html> \ No newline at end of file
diff --git a/id.server/doc/moa_id/id-admin_3.htm b/id.server/doc/moa_id/id-admin_3.htm
new file mode 100644
index 000000000..92d13aa6a
--- /dev/null
+++ b/id.server/doc/moa_id/id-admin_3.htm
@@ -0,0 +1,187 @@
+<html>
+<head>
+ <title>MOA ID-Administration</title>
+ <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
+ <meta content="heinz.rosenkranz@brz.gv.at" name="author"/>
+
+<style type="text/css">
+ body { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ td { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ th { font-family:"Verdana", "Arial"; font-size:10pt; font-weight:bold; color:#d8d8d8; background:#505050}
+ li { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ ul { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ tt { font-size:9pt; color:#505060; }
+ #titel { font-family:"Verdana", "Arial"; font-size:18pt; color:#505060; }
+ #subtitel { font-family:"Verdana", "Arial"; font-size:12pt; font-weight:bold; color:#505060; }
+ #slogan { font-family:"Verdana", "Arial"; font-size:8pt; color:#808090; text-align:justify; width:160px }
+ #block { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; text-align:justify }
+ #klein { font-family:"Verdana", "Arial"; font-size:9pt; color:#505060; margin-top:3px }
+ #info { font-family:"Verdana", "Arial"; font-size:8pt; color:#505060; padding:3px; border:solid 1px #c0c0c0 }
+ #infolist { font-family:"Verdana", "Arial"; font-size:8pt; color:#505060; }
+ a:link {color:#000090}
+ a:visited {color:#000090}
+ a:hover {color:#c03030}
+ a {text-decoration: none}
+</style>
+
+<script language="JavaScript">
+<!--
+function goWin(url) {
+ Fenster=window.open(url,"smallWin","toolbar=0,location=0,directories=0,status=0,menubar=0,resizable=yes,scrollbars=yes,width=500,height=480,top=20,screenY=0,left=20,screenX=0");
+ window.setTimeout("showWin()",300);
+}
+function showWin() { Fenster.focus(); }
+// -->
+</script>
+</head>
+
+<body bgcolor="#FFFFFF" >
+<div style="width:650px">
+
+<!-- Projekt-Logo -->
+<div style="height:42px; font-size:16pt; color:#b0b8c0; background:#003050">
+&#160;Module f&uuml;r Online-Applikationen
+</div>
+<div style="margin-left:8px; margin-top:3px; font-size:8pt; color:#707070; ">
+<!-- Development Center der BRZ GmbH, A-Trust und IAIK Graz -->&#160;
+</div>
+<div style="margin-top:-65px; text-align:right; font-size:8pt; font-weight:bold; color:#d04040;" >
+Projekt <span style="font-size:48pt; ">moa</span>&#160;
+</div>
+<br />
+
+<!-- First Section with Navigation -->
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top">
+<div style="font-weight:bold; margin-top:12px">MOA-ID</div><br />
+<div id="klein"><a href="id-admin.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Übersicht</b></a></div>
+<div id="klein"><a href="id-admin_1.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Basis-Installation</b></a></div>
+<div id="klein"><a href="id-admin_2.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Konfiguration </b></a></div>
+<div id="klein"><img src="../moa_images/select.gif" border="0" width="13" height="14" />
+ <b> Optionale<br />&#160; &#160;&#160;Komponenten</b></div>
+<br />
+<div id="klein"><a href="moa.htm"><img src="../moa_images/west.gif" border="0" width="13" height="14" />
+ <b> Zur&uuml;ck</b></a></div>
+<br />
+<div id="slogan">
+<b>Optionale <br />Komponenten</b><br />
+<a href="#IIS"><b>IIS </b></a><br />
+<a href="#Apache"><b>Apache </b></a><br />
+<a href="#SQL"><b>PostgreSQL </b></a><br />
+</div>
+</td>
+
+<div id="IIS" />
+<td valign="top">
+<p id="titel">Konfiguration der optionalen Komponenten</p>
+<p id="subtitel">Konfiguration des Microsoft Internet Information Server (optional)</p>
+<div id="block">
+Vor MOA-ID-AUTH oder MOA-ID-PROXY kann optional ein MS IIS vorgeschaltet sein. In diesem Fall &uuml;bernimmt der MS IIS die HTTP bzw. HTTPS-Kommunikation mit dem Aufrufer des Webservices. Die Kommunikation zwischen MS IIS und dem in Tomcat deployten Webservice wird durch Jakarta mod_jk durchgef&uuml;hrt.<br /><br />
+<b>Konfiguration von Jakarta mod_jk im MS IIS</b><br />
+F&uuml;r die Kommunikation des MS IIS mit dem im Tomcat deployten Webservice wird das ISAPI-Modul von Jakarta mod_jk im MS IIS installiert und konfiguriert. Eine detaillierte Installations- und Konfigurationsanleitung gibt das <a href="http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk/iishowto.html" target="_new">mod_jk IIS HowTo</a>. Beispiele f&uuml;r <tt>workers.properties</tt> und <tt>uriworkermap.properties</tt> Dateien liegen im ausgelieferten moa-id-auth-x.y.zip bzw. moa-id-proxy-x.y.zip, Verzeichnis tomcat bei.
+<br /><br />
+<b>Konfiguration von Tomcat</b><br />
+Damit Tomcat die Aufrufe, die von MS IIS mittels Jakarta mod_jk weiterleitet, entgegennehmen kann, muss in $CATALINA_HOME/conf/server.xml der AJP 1.3 Connector aktiviert werden. Im Gegenzug k&ouml;nnen die Connectoren f&uuml;r HTTP und HTTPS deaktiviert werden. Das geschieht am einfachsten durch ein- bzw. auskommentieren der entsprechenden <tt>Connector</tt> Konfigurations-Elemente in dieser Datei.
+<br /><br />
+</div>
+<div id="block">
+<b>Konfiguration von SSL</b><br />
+Die Dokumentation zum Einrichten von SSL auf dem MS IIS steht nach Installation des IIS unter http://localhost/iisHelp/ bzw. <a href="http://www.microsoft.com/windows2000/en/server/iis/default.asp" target="_new">online</a> zur Verf&uuml;gung.
+</div>
+</td></tr></table>
+<br /><br />
+
+
+<div id="Apache" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+<div id="slogan">
+<br /><br />
+</div>
+</td>
+<td valign="top">
+<p id="subtitel">Konfiguration des Apache Webservers (optional)</p>
+<div id="block">
+Vor MOA-ID-AUTH oder MOA-ID-PROXY kann ein Apache Webserver vorgeschaltet sein. Das Prinzip funktioniert wie bei MS IIS, auch hier wird Jakarta mod_jk f&uuml;r die Kommunikation zwischen Webserver und Tomcat eingesetzt.
+<br /><br />
+<b>Konfiguration von Jakarta mod_jk im Apache Webserver</b><br />
+ Um MOA-ID-AUTH oder MOA-ID-PROXY hinter einem Apache Webserver zu betreiben, ist die Konfiguration des Apache-Moduls mod_jk erforderlich. Eine detaillierte Installations- und Konfigurationsanleitung gibt das <a href="http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk/aphowto.html" target="_new">mod_jk Apache HowTo</a>. Ein Beispiel f&uuml;r eine <tt>workers.properties</tt> Datei liegt im Verzeichnis $MOA_SPSS_INST/conf/moa bei.<br />
+Um MOA-ID-AUTH oder MOA-ID-PROXY dem Apache Webserver bekannt zu machen, muss folgender Eintrag in die Apache Konfigurationsdatei gemacht werden:
+<pre>
+ JkMount /moa-id-auth/* moaworker
+</pre>
+oder f&uuml;r die Proxy-Komponente
+<pre>
+ JkMount /* moaworker
+</pre>
+
+<br /><br />
+<b>Konfiguration von Tomcat</b><br />
+Die Konfiguration von Tomcat ist analog wie im Abschnitt &uuml;ber den MS IIS durchzuf&uuml;hren.
+<br /><br />
+
+<b>Konfiguration von SSL mit mod_SSL </b><br />
+Apache kann in Verbindung mit mod_SSL als SSL-Endpunkt f&uuml;r das MOA-ID-AUTH Webservice fungieren. In diesem Fall entf&auml;llt die SSL-Konfiguration in Tomcat, da Apache und Tomcat auch im Fall von SSL Daten via mod_jk austauschen. Eine detaillierte Installations- und Konfigurationsanleitung von mod_SSL gibt die <a href="http://www.modssl.org/docs/" target="_new">Online-Dokumentation</a>.
+<br /><br />
+Bei der Verwendung von Client-Authentisierung muss darauf geachtet werden, dass mod_ssl die HTTP-Header mit den Informationen &uuml;ber das Client-Zertifikat exportiert. Dies wird durch Angabe der Option<br />
+<pre>
+ SSLOptions +ExportCertData +StdEnvVars
+</pre>
+in der Apache-Konfiguration erreicht.<br />
+Weiters muss Jakarta mod_jk angewiesen werden, die SSL Schl&uuml;ssell&auml;nge zu exportieren. Dies geschieht mit der Direktive:
+<pre>
+ JkOptions +ForwardKeySize
+ +ForwardURICompat
+ -ForwardDirectories
+</pre>
+</div>
+</td></tr></table>
+<br /><br />
+
+
+<div id="SQL" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+</td>
+<td valign="top">
+<p id="subtitel">Konfiguration von PostgreSQL</p>
+<div id="block">
+MOA-ID-AUTH bzw. MOA-ID-PROXY kann PostgreSQL zum Abspeichern von Log-Meldungen verwenden. Hierf&uuml;r wird eine installierte und konfigurierte Datenbank vorausgesetzt. Eine detaillierte Übersicht &uuml;ber die Installation und Konfiguration von PostgreSQL gibt die <a href="http://techdocs.postgresql.org/">Online-Dokumentation</a>.<br /><br />
+<b>Logging</b><br />
+F&uuml;r das Logging in eine PostgreSQL Datenbank mittels Jakarta Log4j muss zun&auml;chst eine Tabelle f&uuml;r die Log-Meldungen angelegt werden. Dies kann mit folgendem SQL-Statement erreicht werden:
+<pre>
+ create table spss_log
+ (log_time timestamp,
+ log_level varchar(5),
+ log_msg varchar(256));
+</pre>
+Um das Logging in die Datenbank Log4j bekannt zu machen, muss die Log4j-Konfiguration adaptiert werden. Die Datei $MOA_SPSS_INST/conf/moa/log4.properties enth&auml;lt bereits eine beispielhafte Jakarta Log4j-Konfiguration f&uuml;r das Logging in eine PostgreSQL Datenbank, die standardm&auml;&szlig;ig ausgeschaltet ist. Hinweis: Bei Tests hat sich das Logging in eine Datenbank mit Jakarta Log4j als Performance-Engpa&szlig; herausgestellt. Es wird deshalb empfohlen, auf dieses Feature zu verzichten.
+<br /><br />
+</div>
+
+</td></tr></table>
+<br /><br />
+
+
+
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top"><br /></td>
+<td valign="top">
+<hr />
+<div style="font-size:8pt; color:#909090">&copy; 2003 <!-- Development Center, BRZ GmbH --></div>
+</td></tr></table>
+<br />
+
+
+</div>
+</body>
+</html> \ No newline at end of file
diff --git a/id.server/doc/moa_id/id-anwendung.htm b/id.server/doc/moa_id/id-anwendung.htm
new file mode 100644
index 000000000..6e33f40e8
--- /dev/null
+++ b/id.server/doc/moa_id/id-anwendung.htm
@@ -0,0 +1,104 @@
+<html>
+<head>
+ <title>MOA ID-Anwendung</title>
+ <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
+ <meta content="heinz.rosenkranz@brz.gv.at" name="author"/>
+
+<style type="text/css">
+ body { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ td { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ th { font-family:"Verdana", "Arial"; font-size:10pt; font-weight:bold; color:#d8d8d8; background:#505050}
+ li { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ ul { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ tt { font-size:9pt; color:#505060; }
+ #titel { font-family:"Verdana", "Arial"; font-size:18pt; color:#505060; }
+ #subtitel { font-family:"Verdana", "Arial"; font-size:12pt; font-weight:bold; color:#505060; }
+ #slogan { font-family:"Verdana", "Arial"; font-size:8pt; color:#808090; text-align:justify; width:160px }
+ #block { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; text-align:justify }
+ #klein { font-family:"Verdana", "Arial"; font-size:9pt; color:#505060; margin-top:3px }
+ #info { font-family:"Verdana", "Arial"; font-size:8pt; color:#505060; padding:3px; border:solid 1px #c0c0c0 }
+ #infolist { font-family:"Verdana", "Arial"; font-size:8pt; color:#505060; }
+ a:link {color:#000090}
+ a:visited {color:#000090}
+ a:hover {color:#c03030}
+ a {text-decoration: none}
+</style>
+
+<script language="JavaScript">
+<!--
+function goWin(url) {
+ Fenster=window.open(url,"smallWin","toolbar=0,location=0,directories=0,status=0,menubar=0,resizable=yes,scrollbars=yes,width=500,height=480,top=20,screenY=0,left=20,screenX=0");
+ window.setTimeout("showWin()",300);
+}
+function showWin() { Fenster.focus(); }
+// -->
+</script>
+</head>
+
+
+<body bgcolor="#FFFFFF" >
+<div style="width:650px">
+
+<!-- Projekt-Logo -->
+<div style="height:42px; font-size:16pt; color:#b0b8c0; background:#003050">
+&#160;Module für Online-Applikationen
+</div>
+<div style="margin-left:8px; margin-top:3px; font-size:8pt; color:#707070; ">
+<!-- Development Center der BRZ GmbH, A-Trust und IAIK Graz -->&#160;
+</div>
+<div style="margin-top:-65px; text-align:right; font-size:8pt; font-weight:bold; color:#d04040;" >
+Projekt <span style="font-size:48pt; ">moa</span>&#160;
+</div>
+<br />
+
+<!-- First Section with Navigation -->
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top">
+<div style="font-weight:bold; margin-top:12px">MOA-ID</div><br />
+<div id="klein"><img src="../moa_images/select.gif" border="0" width="13" height="14" />
+ <b> Übersicht</b></div>
+<div id="klein"><a href="id-anwendung_1.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Aufruf MOA-ID-AUTH</b></a></div>
+<div id="klein"><a href="id-anwendung_2.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Abfrage MOA-ID-AUTH </b></a></div>
+<br />
+<div id="klein"><a href="moa.htm"><img src="../moa_images/west.gif" border="0" width="13" height="14" />
+ <b> Zurück</b></a></div>
+<br />
+</td>
+
+<td valign="top">
+<div id="titel">MOA ID-Anwendung</div>
+<p id="block">
+MOA-ID führt für eine Online-Applikation (OA) die Benutzeridentifizierung und -authentisierung mit Hilfe der Bürgerkarte durch.
+</p>
+<p id="titel">Übersicht </p>
+Um diese Funktionalität verfügbar zu machen, ist folgendermaßen vorzugehen:<br />
+</p>
+<ul>
+<li>Die OA muss als Webapplikation installiert werden.</li>
+<li>MOA-ID-AUTH muss als Webapplikation <a href="id-admin_1.htm">installiert</a> und für die OA <a href="id-admin_2.htm">konfiguriert</a> werden.</li>
+<li>MOA-ID-AUTH wird durch einen Verweis von einer Webseite aufgerufen.
+Diese Webseite kann z.B. Teil eines Portals sein.</li>
+<li>Nach erfolgter Authentisierung holt die OA die bereitgestellten Anmeldedaten zum Bürger von MOA-ID-AUTH ab.
+Dies kann unter Mithilfe der Webapplikation MOA-ID-PROXY geschehen, die für diesen Zweck <a href="id-admin_1.htm">installiert</a> und für die OA <a href="id-admin_2.htm">konfiguriert</a> werden muss.</li>
+</ul>
+</td></tr></table>
+<br />
+
+
+
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top"><br /></td>
+<td valign="top">
+<hr />
+<div style="font-size:8pt; color:#909090">&copy; 2003 <!-- Development Center, BRZ GmbH --></div>
+</td></tr></table>
+<br />
+
+
+</div>
+</body>
+</html>
diff --git a/id.server/doc/moa_id/id-anwendung_1.htm b/id.server/doc/moa_id/id-anwendung_1.htm
new file mode 100644
index 000000000..81c4ecc9e
--- /dev/null
+++ b/id.server/doc/moa_id/id-anwendung_1.htm
@@ -0,0 +1,182 @@
+<html>
+<head>
+ <title>MOA ID-Anwendung</title>
+ <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
+ <meta content="heinz.rosenkranz@brz.gv.at" name="author"/>
+
+<style type="text/css">
+ body { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ td { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ th { font-family:"Verdana", "Arial"; font-size:10pt; font-weight:bold; color:#d8d8d8; background:#505050}
+ li { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ ul { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ tt { font-size:9pt; color:#505060; }
+ pre { font-size:9pt; color:#505060; }
+ #titel { font-family:"Verdana", "Arial"; font-size:18pt; color:#505060; }
+ #subtitel { font-family:"Verdana", "Arial"; font-size:12pt; font-weight:bold; color:#505060; }
+ #slogan { font-family:"Verdana", "Arial"; font-size:8pt; color:#808090; text-align:justify; width:160px }
+ #block { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; text-align:justify }
+ #klein { font-family:"Verdana", "Arial"; font-size:9pt; color:#505060; margin-top:3px }
+ #info { font-family:"Verdana", "Arial"; font-size:8pt; color:#505060; padding:3px; border:solid 1px #c0c0c0 }
+ #infolist { font-family:"Verdana", "Arial"; font-size:8pt; color:#505060; }
+ a:link {color:#000090}
+ a:visited {color:#000090}
+ a:hover {color:#c03030}
+ a {text-decoration: none}
+</style>
+
+<script language="JavaScript">
+<!--
+function goWin(url) {
+ Fenster=window.open(url,"smallWin","toolbar=0,location=0,directories=0,status=0,menubar=0,resizable=yes,scrollbars=yes,width=500,height=480,top=20,screenY=0,left=20,screenX=0");
+ window.setTimeout("showWin()",300);
+}
+function showWin() { Fenster.focus(); }
+// -->
+</script>
+</head>
+
+<body bgcolor="#FFFFFF" >
+<div style="width:650px">
+
+<!-- Projekt-Logo -->
+<div style="height:42px; font-size:16pt; color:#b0b8c0; background:#003050">
+&#160;Module für Online-Applikationen
+</div>
+<div style="margin-left:8px; margin-top:3px; font-size:8pt; color:#707070; ">
+<!-- Development Center der BRZ GmbH, A-Trust und IAIK Graz -->&#160;
+</div>
+<div style="margin-top:-65px; text-align:right; font-size:8pt; font-weight:bold; color:#d04040;" >
+Projekt <span style="font-size:48pt; ">moa</span>&#160;
+</div>
+<br />
+
+<!-- First Section with Navigation -->
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top">
+<div style="font-weight:bold; margin-top:12px">MOA-ID</div><br />
+<div id="klein"><a href="id-anwendung.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Übersicht</b></a></div>
+<div id="klein"><a href="id-anwendung_1.htm"><img src="../moa_images/select.gif" border="0" width="13" height="14" />
+ <b> Aufruf MOA-ID-AUTH</b></a></div>
+<div id="klein"><a href="id-anwendung_2.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Abfrage MOA-ID-AUTH </b></a></div>
+<br />
+<div id="klein"><a href="moa.htm"><img src="../moa_images/west.gif" border="0" width="13" height="14" />
+ <b> Zurück</b></a></div>
+</br /><br />
+</td>
+
+
+<td valign="top">
+<p id="titel">Aufruf von MOA-ID-AUTH </p>
+<div id="block">MOA-ID-AUTH wird immer durch eine andere (verweisende) Webseite aufgerufen. Diese Webseite kann z.B. Teil eines Portals sein.
+Der Aufruf erfolgt durch einen Verweis der Form: </div>
+<pre>&lt;a href=&quot;https://&lt;moa-id-server-und-pfad&gt;/
+StartAuthentication?Target=&lt;geschäftsbereich&gt;
+&OA=&lt;oa-url&gt;&Template=&lt;template-url&gt;&quot;&gt;</pre>
+
+<table border="1"><tbody valign="baseline">
+<tr>
+<td id="klein">&lt;moa-id-server-und-pfad&gt;</td><td id="klein">Server und Pfad, wo MOA-ID-AUTH installiert ist</td>
+</tr>
+<tr>
+<td id="klein">Target=&lt;geschäftsbereich&gt;</td><td id="klein">Angabe, f&uuml;r welches Verfahren der Benutzer authentisiert werden soll (siehe TODO: Link auf Verzeichnis der Geschäftsbereich)</td>
+</tr>
+<tr>
+<td id="klein">OA=&lt;oa-url&gt;</td><td id="klein">Webseite, auf die der Browser nach erfolgter Authentisierung weitergeleitet werden soll</td>
+</tr>
+<tr>
+<td id="klein">Template=&lt;template-url&gt;</td><td id="klein">optional; HTML-Vorlage f&uuml;r der Anmeldeseite von MOA-ID-AUTH, &uuml;ber die der B&uuml;rger den Authentisierungsvorgang startet. &Uuml;ber diesen Parameter kann das Aussehen der Anmeldeseite an das Aussehen der Online-Applikation angepasst werden.</td>
+</tr>
+</tbody></table>
+<br/><br/>
+
+<div id="block">
+<b>Template</b><br /><br />
+Ein <a href="examples/Template.html">Template</a> f&uuml;r die Anmeldeseite von MOA-ID-AUTH kann aus folgender Grundstruktur aufgebaut werden: </div>
+<pre>
+&lt;form name="CustomizedForm" action="&lt;BKU&gt;" method="post"&gt;
+ &lt;input type="hidden"
+ name="XMLRequest"
+ value="&lt;XMLRequest&gt;"/&gt;
+ &lt;input type="hidden"
+ name="DataURL"
+ value="&lt;DataURL&gt;"/&gt;
+ &lt;input type="submit" value="B&uuml;rgerkarte lesen"/&gt;
+&lt;/form&gt;
+&lt;form name="CustomizedInfoForm"
+ action="&lt;BKU&gt;"
+ method="post"&gt;
+ &lt;input type="hidden"
+ name="XMLRequest"
+ value="&lt;CertInfoXMLRequest&gt;"/&gt;
+ &lt;input type="hidden"
+ name="DataURL"
+ value="&lt;CertInfoDataURL&gt;"/&gt;
+Hier finden Sie weitere Informationen
+zur &Uuml;berpr&uuml;fung der Zertifikate.&lt;br/&gt;
+ &lt;input type="submit" value="Weitere Info"/&gt;
+&lt;/form&gt;
+</pre>
+
+<div id="block">Innerhalb dieser <tt>&lt;form&gt;</tt>-Elemente k&ouml;nnen Texte, Beschriftungen und Styles modifiziert werden,
+und es k&ouml;nnen zus&auml;tzliche Elemente darin aufgenommen werden.
+<br /><br />
+Die vorgegebene Grundstruktur ist aber in jedem Fall einzuhalten, und es m&uuml;ssen die speziellen
+Tags <tt>&lt;BKU&gt;</tt> (kommt 2x vor), <tt>&lt;XMLRequest&gt;</tt>, <tt>&lt;DataURL&gt;</tt>, <tt>&lt;CertInfoXMLRequest&gt;</tt> und <tt>&lt;CertInfoDataURL&gt;</tt>
+darin enthalten sein.
+</div>
+<br /><br />
+
+<div id="block">
+<b>BKU-Auswahl</b><br /><br />
+MOA-ID-AUTH bietet die M&ouml;glichkeit, die B&uuml;rgerkartenumgebung (BKU) auszuw&auml;hlen, &uuml;ber die in weiterer Folge die B&uuml;rgerkarte ausgelesen wird. Der Aufruf erfolgt dann durch einen Verweis der Form: </div>
+<pre>&lt;a href=&quot;https://&lt;moa-id-server-und-pfad&gt;/
+SelectBKU?Target=&lt;geschäftsbereich&gt;
+&OA=&lt;oa-url&gt;&Template=&lt;template-url&gt;
+&BKUSelectionTemplate=&lt;bku-template-url&gt;&quot;&gt;</pre>
+
+<table border="1"><tbody valign="baseline">
+<tr><td id="klein">BKUSelectionTemplate= &lt;bku-template-url&gt;</td>
+<td id="klein">optional; HTML-Vorlage f&uuml;r der BKU-Auswahlseite von MOA-ID-AUTH.
+&Uuml;ber diesen Parameter kann das Aussehen der BKU-Auswahlseite an das Aussehen der Online-Applikation angepasst werden.</td>
+</tr>
+</tbody></table>
+<br/><br/>
+
+<div id="block">
+<b>BKUSelectionTemplate</b><br /><br />
+Ein <a href="examples/BKUSelectionTemplate.html">Template f&uuml;r die BKU-Auswahl</a> von MOA-ID-AUTH kann aus folgender Grundstruktur aufgebaut werden: </div>
+<pre>
+&lt;form name="CustomizedForm" method="post" action="&lt;StartAuth&gt;"&gt;
+ &lt;BKUSelect&gt;
+ &lt;input type="submit" value="Ausw&auml;hlen"/&gt;
+&lt;/form&gt;
+</pre>
+<div id="block">Innerhalb dieser <tt>&lt;form&gt;</tt>-Elemente k&ouml;nnen Texte, Beschriftungen und Styles modifiziert werden,
+und es k&ouml;nnen zus&auml;tzliche Elemente darin aufgenommen werden.
+<br /><br />
+Auch dabei ist die vorgegebene Grundstruktur einzuhalten, die speziellen Tags <tt>&lt;StartAuth&gt;</tt> und <tt>&lt;BKUSelect&gt;</tt> sind verpflichtend.
+</div>
+<br /><br />
+
+
+</td></tr></table>
+
+
+
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top"><br /></td>
+<td valign="top">
+<hr />
+<div style="font-size:8pt; color:#909090">&copy; 2003 <!-- Development Center, BRZ GmbH --></div>
+</td></tr></table>
+<br />
+
+
+</div>
+</body>
+</html>
diff --git a/id.server/doc/moa_id/id-anwendung_2.htm b/id.server/doc/moa_id/id-anwendung_2.htm
new file mode 100644
index 000000000..1ffeb4c08
--- /dev/null
+++ b/id.server/doc/moa_id/id-anwendung_2.htm
@@ -0,0 +1,249 @@
+<html>
+<head>
+ <title>MOA ID-Anwendung</title>
+ <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
+ <meta content="heinz.rosenkranz@brz.gv.at" name="author"/>
+
+<style type="text/css">
+ body { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ td { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ th { font-family:"Verdana", "Arial"; font-size:10pt; font-weight:bold; color:#d8d8d8; background:#505050}
+ li { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ ul { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ tt { font-size:9pt; color:#505060; }
+ pre { font-size:9pt; color:#505060; }
+ #titel { font-family:"Verdana", "Arial"; font-size:18pt; color:#505060; }
+ #subtitel { font-family:"Verdana", "Arial"; font-size:12pt; font-weight:bold; color:#505060; }
+ #slogan { font-family:"Verdana", "Arial"; font-size:8pt; color:#808090; text-align:justify; width:160px }
+ #block { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; text-align:justify }
+ #klein { font-family:"Verdana", "Arial"; font-size:9pt; color:#505060; margin-top:3px }
+ #info { font-family:"Verdana", "Arial"; font-size:8pt; color:#505060; padding:3px; border:solid 1px #c0c0c0 }
+ #infolist { font-family:"Verdana", "Arial"; font-size:8pt; color:#505060; }
+ a:link {color:#000090}
+ a:visited {color:#000090}
+ a:hover {color:#c03030}
+ a {text-decoration: none}
+</style>
+
+<script language="JavaScript">
+<!--
+function goWin(url) {
+ Fenster=window.open(url,"smallWin","toolbar=0,location=0,directories=0,status=0,menubar=0,resizable=yes,scrollbars=yes,width=500,height=480,top=20,screenY=0,left=20,screenX=0");
+ window.setTimeout("showWin()",300);
+}
+function showWin() { Fenster.focus(); }
+// -->
+</script>
+</head>
+
+<body bgcolor="#FFFFFF" >
+<div style="width:650px">
+
+<!-- Projekt-Logo -->
+<div style="height:42px; font-size:16pt; color:#b0b8c0; background:#003050">
+&#160;Module für Online-Applikationen
+</div>
+<div style="margin-left:8px; margin-top:3px; font-size:8pt; color:#707070; ">
+<!-- Development Center der BRZ GmbH, A-Trust und IAIK Graz -->&#160;
+</div>
+<div style="margin-top:-65px; text-align:right; font-size:8pt; font-weight:bold; color:#d04040;" >
+Projekt <span style="font-size:48pt; ">moa</span>&#160;
+</div>
+<br />
+
+<!-- First Section with Navigation -->
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top">
+<div style="font-weight:bold; margin-top:12px">MOA-ID</div><br />
+<div id="klein"><a href="id-anwendung.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Übersicht</b></a></div>
+<div id="klein"><a href="id-anwendung_1.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Aufruf MOA-ID-AUTH</b></a></div>
+<div id="klein"><a href="id-anwendung_2.htm"><img src="../moa_images/select.gif" border="0" width="13" height="14" />
+ <b> Abfrage MOA-ID-AUTH </b></a></div>
+<br />
+<div id="klein"><a href="moa.htm"><img src="../moa_images/west.gif" border="0" width="13" height="14" />
+ <b> Zurück</b></a></div>
+</br /><br />
+<div id="slogan">
+<b>Abfragearten: </b>
+</br />
+<a href="#webservice"><b>Web Service</b></a><br />
+<a href="#proxy"><b>MOA-ID-PROXY</b></a><br />
+</div>
+</td>
+
+
+<td valign="top">
+<p id="titel">Abfrage der Anmeldedaten von MOA-ID-AUTH</p>
+<div id="block">Nach erfolgter Authentisierung stehen in MOA-ID-AUTH Anmeldedaten zum Abholen bereit,
+und MOA-ID-AUTH veranlasst einen Redirect zur Online-Applikation (OA).
+<br /><br />
+In diesem Redirect werden der Geschäftsbereich und ein SAML-Artifact als Parameter übergeben.
+</div>
+<pre>&lt;a href=&quot;https://&lt;oa-url&gt;
+?Target=&lt;geschäftsbereich&gt;
+&SAMLArtifact=&lt;saml-artifact&gt;&quot;&gt;</pre>
+
+<table border="1"><tbody valign="baseline">
+<tr><td>&lt;oa-url&gt;</td><td>URL, der beim Aufruf von MOA-ID-AUTH als Parameter &quot;OA&quot; übergeben wurde</td></tr>
+<tr><td>Target=&lt;geschäftsbereich&gt;</td><td>Parameter, der beim Aufruf von MOA-ID-AUTH übergeben wurde</td></tr>
+<tr><td>SAMLArtifact=&lt;saml-artifact&gt;</td><td>SAML-Artifact, das von MOA-ID-AUTH zu den Anmeldedaten erstellt wurde.
+Mithilfe dieses SAML-Artifacts kann die OA die Anmeldedaten von MOA-ID-AUTH abholen.</td></tr>
+</tbody></table>
+<br/><br/>
+<div id="block">Grundsätzlich stehen einer OA mehrere Arten zum Abholen der Anmeldedaten von MOA-ID-AUTH zur Verfügung: </div>
+<ol>
+<li>Die Applikation ruft selbst das MOA-ID-AUTH Web Service auf.
+<br/>Die Implementierung dieser Variante wird empfohlen, insbesondere für Online-Applikationen, die neu erstellt werden.
+</li>
+<li>Es wird die MOA-ID-PROXY Webapplikation eingesetzt, um die Anmeldedaten abzuholen und an die OA zu übergeben.
+<br/>Aus Sicht von MOA-ID-PROXY ist bedeutsam, ob die OA die Anmeldedaten nach Abarbeitung des HTTP-Requests behält.
+<ul>
+<li>Stateful OA: MOA-ID-PROXY übergibt einmalig die Anmeldedaten an die OA, und die OA speichert die Anmeldedaten, typischerweise unter Einsatz von Cookies.</li>
+<li>Stateless OA: MOA-ID-PROXY übergibt die Anmeldedaten bei jedem HTTP-Request vom Browser des Bürgers an die OA.</li>
+</ul>
+Diese Variante ist vorzuziehen, wenn
+<ul>
+<li>für die Plattform, auf der die OA aufbaut, Web Service-Schnittstellen nicht verfügbar sind</li>
+<li>das nötige Web Service-Know How nicht zur Verfügung steht</li>
+<li>die Implementierung von Variante 1 zu aufwändig wäre</li>
+<li>eine Anpassung der OA aus bestimmten Gründen nicht möglich ist</li>
+</ul>
+</li>
+</ol>
+</td></tr></table>
+
+
+
+<div id="webservice" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+<div id="slogan">
+<br /><br />
+</div>
+</td>
+
+<td valign="top">
+<p id="subtitel">Aufruf des MOA-ID-AUTH Web Service</p>
+<div id="block">Das MOA-ID-AUTH Web Service wird über einen &lt;samlp:Request&gt; aufgerufen.
+Der &lt;samlp:Request&gt; enthält in einem &lt;samlp:AssertionArtifact&gt; das von MOA-ID-AUTH übergebene SAML-Artifact.
+<br/><br/>
+MOA-ID-AUTH liefert als Antwort einen &lt;samlp:Response&gt;. Die Anmeldedaten sind im &lt;samlp:Response&gt; in Form einer &lt;saml:Assertion&gt; enthalten.
+<br/><br/>
+<a href="../cs-sstc-schema-protocol-01.xsd">SAML 1.0 Protocol Schema</a>
+<br/>
+<a href="../cs-sstc-schema-assertion-01.xsd">SAML 1.0 Assertion Schema</a>
+<br/>
+Der detaillierte Aufbau der &lt;saml:Assertion&gt; zu den Anmeldedaten ist in der <a href="../MOA-ID-1.1-20030630.pdf">Spezifikation MOA-ID 1.1</a> beschrieben.
+<br/><br/>
+<h4>Beispiel LoginServletExample</h4>
+Das Abholen der Anmeldedaten durch Aufruf des Web Service von MOA-ID-AUTH wird anhand eines beispielhaften Java Servlet gezeigt.
+Das LoginServletExample wird in einer Stateful OA von MOA-ID-AUTH nach erfolgter Authentisierung über Redirect aufgerufen.
+<br/><br/>
+Das Beispiel demonstriert insgesamt die Integration von MOA-ID-AUTH in die OA:
+</div>
+<ul>
+<li>Parameterübergabe von MOA-ID-AUTH an die OA</li>
+<li>Aufruf des MOA-ID-AUTH Web Service mittels des SOAP Frameworks "Apache AXIS"</li>
+<li>Parsen der Anmeldedaten mittels der XPath Engine "Jaxen"</li>
+<li>Speichern der Anmeldedaten in der HTTPSession</li>
+<li>Redirect auf die eigentliche Startseite der OA</li>
+</ul>
+
+
+<b>Voraussetzungen</b><br >
+<div id="block">Die folgende Liste enthält die für das Beispiel erforderlichen Java-Bibliotheken. Die angeführten Versionsnummern bezeichnen jene Versionen dieser Java-Bibliotheken, mit denen das Beispiel getestet wurde. </div>
+<br />
+<table border="1" width="100%" cellpadding="2" cellspacing="0">
+<tr>
+<th>Java-Bibliothek</th><th>Version</th><th>Bemerkung</th>
+</tr><tr>
+<tr valign="top">
+<td>JDK</td><td>1.3 bzw. 1.4.1</td><td>Java Development Kit</td>
+</tr><tr valign="top">
+<td>Xerces <br />XML Parser</td><td>2.0.2+</td>
+<td id="klein">nicht nötig wenn JDK 1.4 oder höher verwendet wird <br />
+ Download: <a href="http://xml.apache.org/xerces2-j/">xml.apache.org/xerces2-j</a> </td>
+</tr><tr valign="top">
+<td>AXIS <br />SOAP Framework</td><td>1.0+</td>
+<td id="klein">Download: <a href="http://xml.apache.org/axis/">xml.apache.org/axis</a> </td>
+</tr><tr valign="top">
+<td>Jaxen XPath Engine</td><td>1.0+</td>
+<td id="klein">Download: <a href="http://jaxen.sourceforge.net/">http://jaxen.sourceforge.net</a> </td>
+</tr><tr valign="top">
+<td>JSSE</td><td>1.0.3+</td>
+<td id="klein">wenn eine SSL Verbindung verwendet wird, nicht nötig ab JDK 1.4 <br />Download: <a href="http://java.sun.com/products/jsse/">java.sun.com/products/jsse</a> </td>
+</tr><tr valign="top">
+<td>Servlet API</td><td>2.3+</td>
+<td id="klein">Download: <a href="http://java.sun.com/products/servlet/">java.sun.com/products/servlet</a> </td>
+</tr>
+</table>
+<br/>
+<b>Code</b><br />
+<a href="examples/LoginServletExample.txt">LoginServletExample</a>
+
+</td></tr></table>
+
+<DIV bla="hhalloo">
+
+
+
+<div id="proxy" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+<div id="slogan">
+<br /><br />
+</div>
+</td>
+<td valign="top">
+<p id="subtitel">Einsatz von MOA-ID-PROXY zum Abfragen der Anmeldedaten von MOA-ID-AUTH</p>
+<div id="block">
+Anstatt den Aufruf des MOA-ID-AUTH Web Service in der OA zu implementieren, kann die MOA-ID-PROXY Webapplikation eingesetzt werden, um dies für die OA zu erledigen. MOA-ID-PROXY muss für die OA konfiguriert werden, so wie in <a href="id-admin_2.htm#OnlineApplication/ProxyComponent">MOA-ID-Administration</a> beschrieben.
+<br/><br/>
+Bei der Konfiguration ist speziell zu beachten:
+<br/><br/>
+<b>Konfigurationsdatei zur OA</b><br />
+Der <a href="id-admin_2.htm#oa-config">LoginType</a> (stateful oder stateless) ist gemäß dem Applikationstyp zu setzen.
+<br/><br/>
+Die <a href="id-admin_2.htm#oa-config">Übergabe der Anmeldedaten</a> ist in Form und Inhalt zu konfigurieren.
+</div>
+<ul>
+<li>BasicAuth: HTTP Basic Authentication (<a href="examples/conf/OAConfBasicAuth.xml">Beispiel</a>)</li>
+<li>ParamAuth: Übergabe über Requestparameter (<a href="examples/conf/OAConfParamAuth.xml">Beispiel</a>)</li>
+<li>HeaderAuth: Übergabe über Requestheader (<a href="examples/conf/OAConfHeaderAuth.xml">Beispiel</a>)</li>
+</ul>
+
+<div id="block">
+<b>LoginParameterResolver</b><br />
+Das Übergabe der Anmeldedaten an die OA über Request Parameter oder Header geschieht in einer Standardimplementierung des Interface
+<pre>at.gv.egovernment.moa.proxy.LoginParameterResolver</pre>
+Falls die Erfordernisse der OA mittels <a href="id-admin_2.htm#oa-config">Konfiguration</a> nicht abgedeckt werden können,
+so kann eine maßgeschneiderte Implementierung von <tt>LoginParameterResolver</tt> erstellt und zusammen mit MOA-ID-PROXY zum Einsatz gebracht werden
+(siehe <a href="../api-doc/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html">API</a>).
+<br/><br/>
+<b>ConnectionBuilder</b>
+Das Herstellen einer URL-Verbindung von MOA-ID-PROXY zur OA geschieht einer Standardimplementierung des Interface
+<pre>at.gv.egovernment.moa.proxy.ConnectionBuilder </pre>
+Falls nötig, kann eine maßgeschneiderte Implementierung von <tt>ConnectionBuilder</tt> erstellt und zusammen mit MOA-ID-PROXY zum Einsatz gebracht werden
+(siehe <a href="../api-doc/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html">API</a>).
+</div>
+</td></tr></table>
+
+
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top"><br /></td>
+<td valign="top">
+<hr />
+<div style="font-size:8pt; color:#909090">&copy; 2003 <!-- Development Center, BRZ GmbH --></div>
+</td></tr></table>
+<br />
+
+
+</div>
+</body>
+</html>
diff --git a/id.server/doc/moa_id/links.htm b/id.server/doc/moa_id/links.htm
new file mode 100644
index 000000000..c5a9b7113
--- /dev/null
+++ b/id.server/doc/moa_id/links.htm
@@ -0,0 +1,141 @@
+<html>
+<head>
+ <title>MOA Grundlagen</title>
+ <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
+ <meta content="heinz.rosenkranz@brz.gv.at" name="author"/>
+
+<style type="text/css">
+ body { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ td { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ th { font-family:"Verdana", "Arial"; font-size:10pt; font-weight:bold; color:#c0c0c0; background:#505050}
+ li { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ ul { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ #titel { font-family:"Verdana", "Arial"; font-size:18pt; color:#505060; }
+ #subtitel { font-family:"Verdana", "Arial"; font-size:12pt; font-weight:bold; color:#505060; }
+ #slogan { font-family:"Verdana", "Arial"; font-size:8pt; color:#808090; text-align:justify; width:160px }
+ #block { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; text-align:justify }
+ #klein { font-family:"Verdana", "Arial"; font-size:9pt; color:#505060; margin-top:6px }
+ a:link {color:#000090}
+ a:visited {color:#000090}
+ a:hover {color:#c03030}
+ a {text-decoration: none}
+</style>
+
+<script language="JavaScript">
+<!--
+function goWin(url) {
+ Fenster=window.open(url,"smallWin","toolbar=0,location=0,directories=0,status=0,menubar=0,resizable=yes,scrollbars=yes,width=500,height=480,top=20,screenY=0,left=20,screenX=0");
+ window.setTimeout("showWin()",300);
+}
+function showWin() { Fenster.focus(); }
+// -->
+</script>
+</head>
+
+<body bgcolor="#FFFFFF" >
+<div style="width:650px">
+
+<!-- Projekt-Logo -->
+<div style="height:42px; font-size:16pt; color:#b0b8c0; background:#003050">
+&#160;Module für Online-Applikationen
+</div>
+<div style="margin-left:8px; margin-top:3px; font-size:8pt; color:#707070; ">
+<!-- Development Center der BRZ GmbH, A-Trust und IAIK Graz -->&#160;
+</div>
+<div style="margin-top:-65px; text-align:right; font-size:8pt; font-weight:bold; color:#d04040;" >
+Projekt <span style="font-size:48pt; ">moa</span>&#160;
+</div>
+<br />
+
+<!-- First Section with Navigation -->
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top">
+<div style="font-weight:bold; margin-top:12px">MOA Links</div><br />
+<div id="klein"><a href="#Extern"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Ext. Komponenten</b></a></div>
+<div id="klein"><a href="#Administration"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Administration</b></a></div>
+<div id="klein"><a href="#Anwendung"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Anwendung</b></a></div>
+<div id="klein"><a href="#Spezifikationen"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Spezifikationen</b></a></div>
+<br />
+<div id="klein"><a href="moa.htm"><img src="../moa_images/west.gif" border="0" width="13" height="14" />
+ <b> Zurück</b></a></div>
+<br />
+<!-- div id="slogan">
+MOA ist eine Entwicklung des Bundesrechenzentrums BRZ in Zusammenarbeit mit A-Trust und dem Institut für angewandte Informations- und Kom-munikationstechnik (IAIK) der Universität Graz
+</div -->
+</td>
+
+<td valign="top">
+<div id="titel">MOA Links </div>
+
+<div id="Administration" />
+<p id="subtitel">Externe Komponenten</p>
+
+<div id="klein">Apache <br />
+<a href="http://httpd.apache.org/docs-2.0/">http://httpd.apache.org/docs-2.0</a></div>
+
+<div id="klein">Internet Information Server <br />
+<a href="http://www.microsoft.com/windows2000/en/server/iis/default.asp">http://www.microsoft.com/windows2000/en/server/iis/default.asp</a></div>
+
+<div id="klein">Tomcat <br />
+<a href="http://jakarta.apache.org/tomcat/tomcat-4.1-doc/">http://jakarta.apache.org/tomcat/tomcat-4.1-doc</a> </div>
+
+<div id="klein">Tomcat mod_SSL <br />
+<a href="http://httpd.apache.org/docs-2.0/ssl/">http://httpd.apache.org/docs-2.0/ssl</a></div>
+
+<div id="klein">Tomcat mod_jk <br />
+<a href="http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/">http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2</a></div>
+
+<div id="klein">Logging Toolkit <br />
+<a href="http://jakarta.apache.org/log4j/docs/index.html">http://jakarta.apache.org/log4j/docs/ </a></div>
+
+<div id="klein">IAIK JCE <br />
+<a href="http://jce.iaik.tugraz.at/products/index.php">http://jce.iaik.tugraz.at/products/index.php </a></div>
+
+<div id="klein">PostgreSQL <br />
+<a href="http://techdocs.postgresql.org/installguides.php">http://techdocs.postgresql.org </a></div>
+
+<div id="Spezifikationen" />
+<p id="subtitel">Spezifikationen</p>
+<p id="klein">
+<div id="klein">DOM <br />
+<a href="http://www.w3c.org/DOM/">http://www.w3c.org/DOM</a></div>
+
+<div id="klein">E-Government <br />
+<a href="http://reference.e-government.gv.at/">http://reference.e-government.gv.at</a></div>
+
+<div id="klein">Security Layer Version 1.1<br />
+<a href="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20020831">http://www.buergerkarte.at/konzept/securitylayer/spezifikation/2002083</a></div>
+
+<div id="klein">Personenbindung Version 1.1<br />
+<a href="http://www.buergerkarte.at/konzept/personenbindung/spezifikation/20020506">http://www.buergerkarte.at/konzept/personenbindung/spezifikation/20020506</a></div>
+
+<div id="klein">Security Assertion Markup Language <br />
+<a href="http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security">http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security</a></div>
+
+<div id="klein">Auswahl von Bürgerkartenumgebungen Version 1.0.0<br />
+<a href="../bku-auswahl.20030408.pdf">bku-auswahl.20030408.pdf</a></div>
+</p>
+
+</td></tr></table>
+
+
+
+
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top"><br /></td>
+<td valign="top">
+<hr />
+<div style="font-size:8pt; color:#909090">&copy; 2003 <!-- Development Center, BRZ GmbH --></div>
+</td></tr></table>
+<br />
+
+
+</div>
+</body>
+</html> \ No newline at end of file
diff --git a/id.server/doc/moa_id/moa-id-ablauf.jpg b/id.server/doc/moa_id/moa-id-ablauf.jpg
new file mode 100644
index 000000000..0585664f4
--- /dev/null
+++ b/id.server/doc/moa_id/moa-id-ablauf.jpg
Binary files differ
diff --git a/id.server/doc/moa_id/moa.htm b/id.server/doc/moa_id/moa.htm
new file mode 100644
index 000000000..4ffab01d5
--- /dev/null
+++ b/id.server/doc/moa_id/moa.htm
@@ -0,0 +1,247 @@
+<html>
+<head>
+ <title>MOA Module fuer Online Applikationen</title>
+ <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
+ <meta content="heinz.rosenkranz@brz.gv.at" name="author"/>
+
+<style type="text/css">
+ body { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ td { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ li { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ ul { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ tt { font-size:9pt; color:#505060; }
+ #titel { font-family:"Verdana", "Arial"; font-size:18pt; color:#505060; }
+ #subtitel { font-family:"Verdana", "Arial"; font-size:12pt; font-weight:bold; color:#505060; }
+ #slogan { font-family:"Verdana", "Arial"; font-size:8pt; color:#808090; text-align:justify; width:160px }
+ #block { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; text-align:justify }
+ #klein { font-family:"Verdana", "Arial"; font-size:9pt; color:#505060; margin-top:3px }
+ a:link {color:#000090}
+ a:visited {color:#000090}
+ a:hover {color:#c03030}
+ a {text-decoration: none}
+</style>
+
+<script language="JavaScript">
+<!--
+function goWin(url) {
+ Fenster=window.open(url,"smallWin","toolbar=0,location=0,directories=0,status=0,menubar=0,resizable=yes,scrollbars=yes,width=500,height=480,top=20,screenY=0,left=20,screenX=0");
+ window.setTimeout("showWin()",300);
+}
+function showWin() { Fenster.focus(); }
+// -->
+</script>
+</head>
+
+<body bgcolor="#FFFFFF" >
+<div style="width:650px">
+
+
+
+<!-- Projekt-Logo -->
+<div style="height:42px; font-size:16pt; color:#b0b8c0; background:#003050">
+&#160;Module f&uuml;r Online-Applikationen
+</div>
+<div style="margin-left:8px; margin-top:3px; font-size:8pt; color:#707070; ">
+<!-- Development Center der BRZ GmbH, A-Trust und IAIK Graz -->&#160;
+</div>
+<div style="margin-top:-65px; text-align:right; font-size:8pt; font-weight:bold; color:#d04040;" >
+Projekt <span style="font-size:48pt; ">moa</span>&#160;
+</div>
+<br />
+
+
+
+<!-- First Section with Navigation -->
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top">
+<div style="font-weight:bold; margin-top:12px">MOA-ID</div><br />
+<div id="klein"><img src="../moa_images/select.gif" border="0" width="13" height="14" />
+ <b> Allgemein</b></div>
+<div id="klein"><a href="id-admin.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> ID Administration</b></a></div>
+<div id="klein"><a href="id-anwendung.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> ID Anwendung</b></a></div>
+<div id="klein"><a href="../api-doc/index.html" target="_javadoc">
+ <img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> API-Dokumentation</b></a></div>
+<div id="klein"><a href="faqs.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> FAQs</b></a></div>
+<div id="klein"><a href="links.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Links</b></a></div>
+<br />
+<div> <a href="javascript:history.back()">
+ <img src="../moa_images/west.gif" border="0" width="13" height="14" /> &#160;
+ <b>Zur&uuml;ck </b></a></div>
+<br />
+<div id="slogan">
+</div>
+</td>
+
+<td valign="top">
+<img src="../moa_images/moa_thema.gif" align="right" />
+<div id="titel">Allgemein v.1.1</div>
+<p id="block">
+Dieses Dokument enth&auml;lt die Dokumentation f&uuml;r das Modul <br />
+<ul>
+<li>MOA-ID (Identifikation)</li>
+</ul></p>
+</td></tr></table>
+
+<div id="id" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+<div id="slogan">
+</div>
+</td>
+<td valign="top">
+<div id="block">
+Das Modul Identifikation stellt Online-Applikationen Funktionalit&auml;t zur Verf&uuml;gung zu stellen, damit diese
+eine Benutzer-Identifikation und -Authentisierung mit Hilfe der B&uuml;rgerkarte und deren Signaturfunktion
+realisieren k&ouml;nnen.
+<br /><br />
+Das Modul besteht aus zwei Komponenten:
+<ul>
+<li>Die Authentisierungskomponente (MOA-ID-AUTH) f&uuml;hrt die eigentliche Authentisierung des Benutzers durch und &uuml;bergibt der
+Proxykomponente die Anmeldedaten.</li>
+<li>Die Proxykomponente (MOA-ID-PROXY) &uuml;bernimmt die Anmeldedaten von der Authentisierungskomponente,
+f&uuml;hrt die Anmeldung an der Online Applikation durch und schleust in der Folge Daten an die Online-Applikation
+und Daten an den Benutzer durch.</li>
+</ul>
+Diese beiden Komponenten k&ouml;nnen auf unterschiedlichen Rechnern
+oder auf dem gleichen Rechner eingesetzt werden.
+<br /><br />
+Die Funktionalit&auml;t und der Aufbau der Schnittstelle zu MOA-ID ist in der
+<a href="../MOA-ID-1.1-20030630.pdf" target="_new">Spezifikation Version 1.1</a> detailliert beschrieben.
+<br /><br />
+F&uuml;r den Betrieb von MOA-ID ist der Einsatz von MOA-Signaturpr&uuml;fung (MOA-SP) erforderlich.
+</div>
+
+<br /><br />
+<div id="titel">Ablauf einer Anmeldung</div>
+<br />
+
+<img src="moa-id-ablauf.jpg" border="0" hspace="-200" width="500" />
+
+<table border="0" cellspacing="3" cellpadding="2">
+
+<tr>
+<td valign="top" width="30">1</td>
+<td id="block">Der Benutzer verbindet sich zu einem Web-Portal, &uuml;ber das die verf&uuml;gbaren Online-Applikationen (OA) erreichbar
+sind. Jeder Link zu einer OA verweist auf die Authentisierungs-komponente.
+</td>
+</tr>
+
+<tr>
+<td valign="top">2</td>
+<td id="block">Der Benutzer verbindet sich mit MOA-ID-AUTH, die die Authentisierung des
+Benutzers durchf&uuml;hrt:</td>
+</tr>
+
+<tr>
+<td valign="top">2.1</td>
+<td id="block">MOA-ID-AUTH bietet dem Benutzer optional eine Auswahl von verf&uuml;gbaren B&uuml;rgerkartenumgebungen (engl. Bezeichnung: Security-Layer) an.</td>
+</tr>
+
+<tr>
+<td valign="top">2.2</td>
+<td id="block">MOA-ID-AUTH erzeugt eine HTML-Seite mit einem <tt>&lt;InfoboxReadRequest&gt;</tt>
+ zum Auslesen der Personenbindung. Diese HTML-Seite wird an den Browser geschickt.</td>
+</tr>
+
+<tr>
+<td valign="top">2.3</td>
+<td id="block">Der Browser schickt den <tt>&lt;InfoboxReadRequest&gt;</tt> an den ausgew&auml;hlten Security-Layer. Der Security-Layer liest die
+Personenbindung von der B&uuml;rgerkarte und sendet diese an MOA-ID-AUTH, die die Signatur der Personenbindung durch
+einen Aufruf von MOA-SP &uuml;berpr&uuml;ft.
+</td>
+</tr>
+
+<tr>
+<td valign="top">2.4</td>
+<td id="block">MOA-ID-AUTH erstellt den AUTH-Block. Der AUTH-Block enth&auml;lt
+<ul>
+<li>Vor- und Nachname aus der Personenbindung,</li>
+<li>URL von MOA-ID-AUTH,</li>
+<li>URL und Gesch&auml;ftsbereich der Online-Applikation,</li>
+<li>die aktuelle Zeit.</li>
+</ul>
+Anschließend wird
+eine XML Antwortseite, die das Kommando zum Signieren (<tt>&lt;CreateXMLSignatureRequest&gt;</tt>) des generierten
+AUTH-Blocks enth&auml;lt, an den ausgew&auml;hlten Security-Layer gesendet.</td>
+</tr>
+
+<tr>
+<td valign="top">2.5</td>
+<td id="block">Der Request wird vom Security-Layer verarbeitet. Die signierten Daten werden an
+MOA-ID-AUTH zur&uuml;ckgesendet.</td>
+</tr>
+
+<tr>
+<td valign="top">2.6</td>
+<td id="block">MOA-ID-AUTH &uuml;berpr&uuml;ft den signierten AUTH-Block und legt f&uuml;r den Benutzer die Anmeldedaten
+an. Die Anmeldedaten enthalten
+<ul>
+<li>die verfahrensspezifische Personenkennzeichnung (VPK),</li>
+<li>den signierten AUTH-Block (optional),</li>
+<li>die Personenbindung (optional),</li>
+<li>die <tt>PersonData</tt>-Struktur aus der Personenbindung (optional),</li>
+<li>die Information, ob die Signatur des AUTH-Blocks mit einem qualifiziertem Zertifikat erfolgte,</li>
+<li>Informationen zur Beh&ouml;rde, falls die Signatur mit einem Beh&ouml;rdenzertifikat erzeugt wurde.</li>
+</ul>
+</td>
+</tr>
+
+<tr>
+<td valign="top">2.7</td>
+<td id="block">Ist der obige Authentisierungsvorgang erfolgreich, dann wird eine Redirect-Seite
+zum Browser gesendet.</td>
+</tr>
+
+<tr>
+<td valign="top">3</td>
+<td id="block">Der Browser f&uuml;hrt das Redirect zur Proxykomponente durch. Als Parameter wird das von MOA-ID-AUTH
+erzeugte SAML-Artifact &uuml;bergeben.</td>
+</tr>
+
+<tr>
+<td valign="top">4</td>
+<td id="block">Die Proxykomponente verwendet dieses eindeutige SAML-Artifact, um die Anmeldedaten
+von MOA-ID-AUTH zu erhal-ten. Danach werden die Anmeldedaten in MOA-ID-AUTH gel&ouml;scht.</td>
+</tr>
+
+<tr>
+<td valign="top">5</td>
+<td id="block">MOA-ID-PROXY liest die Konfigurationsdatei der zugeh&ouml;rigen Online-Applikation, die beschreibt, wie die Anmeldedaten
+an die nachfolgende Applikation &uuml;bergeben werden m&uuml;ssen, und meldet den Benutzer bei der Applikation an.</td>
+</tr>
+
+<tr>
+<td valign="top">6</td>
+<td id="block">Ist die betreffende OA als stateless konfiguriert, so werden in weiterer Folge die Antworten der OA
+an den Benutzer weitergeleitet und die Anfragen des Benutzers an die OA weitergeleitet.</td>
+</tr>
+
+
+</table>
+
+
+</td></tr></table>
+<br /><br />
+
+<!-- Trailer -->
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top"><br /></td>
+<td valign="top">
+<hr />
+<div style="font-size:8pt; color:#909090">&copy; 2003 <!-- Development Center, BRZ GmbH --></div>
+</td></tr></table>
+<br />
+
+
+</div>
+</body>
+</html> \ No newline at end of file
diff --git a/id.server/doc/moa_images/east.gif b/id.server/doc/moa_images/east.gif
new file mode 100644
index 000000000..e76117cb0
--- /dev/null
+++ b/id.server/doc/moa_images/east.gif
Binary files differ
diff --git a/id.server/doc/moa_images/idle.gif b/id.server/doc/moa_images/idle.gif
new file mode 100644
index 000000000..28b8148e5
--- /dev/null
+++ b/id.server/doc/moa_images/idle.gif
Binary files differ
diff --git a/id.server/doc/moa_images/moa_diagramm1.jpg b/id.server/doc/moa_images/moa_diagramm1.jpg
new file mode 100644
index 000000000..776331fb8
--- /dev/null
+++ b/id.server/doc/moa_images/moa_diagramm1.jpg
Binary files differ
diff --git a/id.server/doc/moa_images/moa_thema.gif b/id.server/doc/moa_images/moa_thema.gif
new file mode 100644
index 000000000..f59075528
--- /dev/null
+++ b/id.server/doc/moa_images/moa_thema.gif
Binary files differ
diff --git a/id.server/doc/moa_images/north.gif b/id.server/doc/moa_images/north.gif
new file mode 100644
index 000000000..b4316b5d7
--- /dev/null
+++ b/id.server/doc/moa_images/north.gif
Binary files differ
diff --git a/id.server/doc/moa_images/pfeil.gif b/id.server/doc/moa_images/pfeil.gif
new file mode 100644
index 000000000..e4eeb1740
--- /dev/null
+++ b/id.server/doc/moa_images/pfeil.gif
Binary files differ
diff --git a/id.server/doc/moa_images/print.gif b/id.server/doc/moa_images/print.gif
new file mode 100644
index 000000000..b8e59144e
--- /dev/null
+++ b/id.server/doc/moa_images/print.gif
Binary files differ
diff --git a/id.server/doc/moa_images/select.gif b/id.server/doc/moa_images/select.gif
new file mode 100644
index 000000000..59a1694c5
--- /dev/null
+++ b/id.server/doc/moa_images/select.gif
Binary files differ
diff --git a/id.server/doc/moa_images/south.gif b/id.server/doc/moa_images/south.gif
new file mode 100644
index 000000000..c70ab3e97
--- /dev/null
+++ b/id.server/doc/moa_images/south.gif
Binary files differ
diff --git a/id.server/doc/moa_images/transdot.gif b/id.server/doc/moa_images/transdot.gif
new file mode 100644
index 000000000..e31aba280
--- /dev/null
+++ b/id.server/doc/moa_images/transdot.gif
Binary files differ
diff --git a/id.server/doc/moa_images/west.gif b/id.server/doc/moa_images/west.gif
new file mode 100644
index 000000000..135698ee7
--- /dev/null
+++ b/id.server/doc/moa_images/west.gif
Binary files differ
diff --git a/id.server/html/auth/WEB-INF/server-config.wsdd b/id.server/html/auth/WEB-INF/server-config.wsdd
new file mode 100644
index 000000000..0344f24f9
--- /dev/null
+++ b/id.server/html/auth/WEB-INF/server-config.wsdd
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<deployment name="defaultClientConfig"
+ xmlns="http://xml.apache.org/axis/wsdd/"
+ xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"
+ xmlns:handler="http://xml.apache.org/axis/wsdd/providers/handler">
+
+ <handler name="URLMapper" type="java:org.apache.axis.handlers.http.URLMapper"/>
+ <handler name="MsgDispatcher" type="java:org.apache.axis.providers.java.MsgProvider"/>
+ <handler name="HTTPAuthHandler" type="java:org.apache.axis.handlers.http.HTTPAuthHandler"/>
+
+ <service name="GetAuthenticationData" provider="java:MSG">
+ <namespace>urn:oasis:names:tc:SAML:1.0:protocol</namespace>
+ <parameter name="allowedMethods" value="Request"/>
+ <parameter name="className" value="at.gv.egovernment.moa.id.auth.servlet.GetAuthenticationDataService"/>
+ <wsdlFile>/resources/wsdl/MOA-SP-SS-1.0-20020829.wsdl</wsdlFile>
+ <requestFlow>
+ </requestFlow>
+ <responseFlow>
+ </responseFlow>
+ </service>
+
+ <transport name="http">
+ <requestFlow>
+ <handler type="URLMapper"/>
+ <handler type="HTTPAuthHandler"/>
+ </requestFlow>
+ </transport>
+
+</deployment>
diff --git a/id.server/html/auth/WEB-INF/web.xml b/id.server/html/auth/WEB-INF/web.xml
new file mode 100644
index 000000000..9f713408c
--- /dev/null
+++ b/id.server/html/auth/WEB-INF/web.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN' 'http://java.sun.com/dtd/web-app_2_3.dtd'>
+<web-app>
+ <display-name>MOA ID Auth</display-name>
+ <description>MOA ID Authentication Service</description>
+ <servlet>
+ <servlet-name>SelectBKU</servlet-name>
+ <display-name>SelectBKU</display-name>
+ <description>Select Bürgerkartenartenumgebung</description>
+ <servlet-class>at.gv.egovernment.moa.id.auth.servlet.SelectBKUServlet</servlet-class>
+ </servlet>
+ <servlet>
+ <servlet-name>StartAuthentication</servlet-name>
+ <display-name>StartAuthentication</display-name>
+ <description>Start authentication process</description>
+ <servlet-class>at.gv.egovernment.moa.id.auth.servlet.StartAuthenticationServlet</servlet-class>
+ <load-on-startup>0</load-on-startup>
+ </servlet>
+ <servlet>
+ <servlet-name>VerifyIdentityLink</servlet-name>
+ <display-name>VerifyIdentityLink</display-name>
+ <description>Verify identity link coming from security layer</description>
+ <servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet</servlet-class>
+ </servlet>
+ <servlet>
+ <servlet-name>VerifyAuthBlock</servlet-name>
+ <display-name>VerifyAuthBlock</display-name>
+ <description>Verify AUTH block coming from security layer</description>
+ <servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet</servlet-class>
+ </servlet>
+ <servlet>
+ <servlet-name>ConfigurationUpdate</servlet-name>
+ <display-name>ConfigurationUpdate</display-name>
+ <description>Update MOA-ID Auth configuration from the configuration file</description>
+ <servlet-class>at.gv.egovernment.moa.id.auth.servlet.ConfigurationServlet</servlet-class>
+ </servlet>
+ <servlet>
+ <servlet-name>AxisServlet</servlet-name>
+ <display-name>Apache-Axis Servlet</display-name>
+ <servlet-class>
+ org.apache.axis.transport.http.AxisServlet
+ </servlet-class>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>SelectBKU</servlet-name>
+ <url-pattern>/SelectBKU</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>StartAuthentication</servlet-name>
+ <url-pattern>/StartAuthentication</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>VerifyIdentityLink</servlet-name>
+ <url-pattern>/VerifyIdentityLink</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>VerifyAuthBlock</servlet-name>
+ <url-pattern>/VerifyAuthBlock</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>ConfigurationUpdate</servlet-name>
+ <url-pattern>/ConfigurationUpdate</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>AxisServlet</servlet-name>
+ <url-pattern>/services/*</url-pattern>
+ </servlet-mapping>
+ <session-config>
+ <session-timeout>30</session-timeout>
+ </session-config>
+ <error-page>
+ <error-code>500</error-code>
+ <location>/errorpage.jsp</location>
+ </error-page>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>ConfigurationUpdate</web-resource-name>
+ <url-pattern>/ConfigurationUpdate</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>moa-admin</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>UserDatabase</realm-name>
+ </login-config>
+</web-app>
diff --git a/id.server/html/auth/errorpage.jsp b/id.server/html/auth/errorpage.jsp
new file mode 100644
index 000000000..a5b05d60e
--- /dev/null
+++ b/id.server/html/auth/errorpage.jsp
@@ -0,0 +1,33 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<html>
+<head>
+<title>Fehler</title>
+</head>
+<% Throwable exceptionThrown = (Throwable)request.getAttribute("ExceptionThrown");
+ String errorMessage = (String)request.getAttribute("ErrorMessage");
+ String wrongParameters = (String)request.getAttribute("WrongParameters");
+%>
+
+<body>
+<h1>Fehler bei der Anmeldung</h1>
+<p>Bei der Anmeldung ist ein Fehler aufgetreten.</p>
+<% if (errorMessage != null) { %>
+<p><%=errorMessage%></p>
+<% } %>
+<% if (exceptionThrown != null) { %>
+<p><%=exceptionThrown.getMessage()%></p>
+<% } %>
+<% if (wrongParameters != null) { %>
+<p>Die Angabe der Parameter ist unvollst&auml;ndig.<br>
+ Beispiele f&uuml;r korrekte Links zur MOA-ID Authentisierung sind:
+</p>
+<p>
+<tt>&lt;a href="https://&lt;MOA-URL&gt;/StartAuthentication?Target=&lt;Gesch&auml;ftsbereich&gt;&amp;OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&quot;&gt;</tt>
+</p>
+<p>
+<tt>&lt;a href="https://&lt;MOA-URL&gt;/SelectBKU?Target=&lt;Gesch&auml;ftsbereich&gt;&amp;OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&amp;BKUSelectionTemplate=&lt;BKU-Template-URL&gt;&quot;&gt;</tt>
+</p>
+<p>Die Angabe der Parameter <tt>&quot;Template&quot;</tt> und <tt>&quot;BKUSelectionTemplate&quot;</tt> ist optional.</p>
+<% } %>
+</body>
+</html> \ No newline at end of file
diff --git a/id.server/html/auth/index.jsp b/id.server/html/auth/index.jsp
new file mode 100644
index 000000000..cb9dde3d9
--- /dev/null
+++ b/id.server/html/auth/index.jsp
@@ -0,0 +1,40 @@
+<html>
+<head>
+<title>MOA ID Auth Sample Login</title>
+</head>
+<body>
+<%
+ String urlPath =
+ request.getScheme() + "://"
+ + request.getServerName() + ":" + request.getServerPort()
+ + request.getContextPath() + "/";
+ String params =
+ "Target=gb&" +
+ "OA=https://10.16.126.28:9443/moa-id-proxy/index.jsp";
+ String urlStartAuth =
+ urlPath +
+ "StartAuthentication?" +
+ params;
+ String templateParam =
+ "&Template=http://10.16.46.108:18080/oa/AuthTemplate.jsp";
+ String urlStartAuthCustom =
+ urlStartAuth +
+ templateParam;
+ String urlSelectBKU =
+ urlPath +
+ "SelectBKU?" +
+ params;
+ String urlSelectBKUCustom =
+ urlSelectBKU +
+ templateParam +
+ "&BKUSelectionTemplate=http://10.16.46.108:18080/oa/BKUSelectionTemplate.jsp";
+%>
+<a href="<%=urlStartAuth%>">Log in to sample application</a>
+<br>
+<a href="<%=urlStartAuthCustom%>">Log in to sample application using custom form</a>
+<br>
+<a href="<%=urlSelectBKU%>">Choose BKU (HTMLComplete or HTMLSelect) and log in</a>
+<br>
+<a href="<%=urlSelectBKUCustom%>">Choose BKU (HTMLSelect) using custom form and log in</a>
+</body>
+</html> \ No newline at end of file
diff --git a/id.server/html/proxy/WEB-INF/web.xml b/id.server/html/proxy/WEB-INF/web.xml
new file mode 100644
index 000000000..9145a48d6
--- /dev/null
+++ b/id.server/html/proxy/WEB-INF/web.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN' 'http://java.sun.com/dtd/web-app_2_3.dtd'>
+<web-app>
+ <display-name>MOA ID Proxy</display-name>
+ <description>MOA ID Proxy Service</description>
+ <servlet>
+ <servlet-name>Proxy</servlet-name>
+ <display-name>Proxy</display-name>
+ <description>Forwards requests to the online application</description>
+ <servlet-class>at.gv.egovernment.moa.id.proxy.servlet.ProxyServlet</servlet-class>
+ <load-on-startup>0</load-on-startup>
+ </servlet>
+ <servlet>
+ <servlet-name>ConfigurationUpdate</servlet-name>
+ <display-name>ConfigurationUpdate</display-name>
+ <description>Update MOA-ID Proxy configuration from the configuration file</description>
+ <servlet-class>at.gv.egovernment.moa.id.proxy.servlet.ConfigurationServlet</servlet-class>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>ConfigurationUpdate</servlet-name>
+ <url-pattern>/ConfigurationUpdate</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>Proxy</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+ <session-config>
+ <session-timeout>30</session-timeout>
+ </session-config>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>ConfigurationUpdate</web-resource-name>
+ <url-pattern>/ConfigurationUpdate</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>moa-admin</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>UserDatabase</realm-name>
+ </login-config>
+</web-app>
diff --git a/id.server/javadoc.xml b/id.server/javadoc.xml
new file mode 100644
index 000000000..c16b52819
--- /dev/null
+++ b/id.server/javadoc.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project name="id.server" default="javadoc">
+ <target name="javadoc">
+ <javadoc destdir="c:\java\id.server\doc\apidoc" access="private"
+ use="true" notree="false" nonavbar="false" noindex="false"
+ splitindex="true" author="true" version="true"
+ nodeprecatedlist="false" nodeprecated="false"
+ packagenames="at.gv.egovernment.moa.id.auth.builder,at.gv.egovernment.moa.id.auth,at.gv.egovernment.moa.id.auth.service,at.gv.egovernment.moa.id.config.auth,at.gv.egovernment.moa.id.auth.data,at.gv.egovernment.moa.id.config.proxy,at.gv.egovernment.moa.id.auth.parser,at.gv.egovernment.moa.id.auth.spss,at.gv.egovernment.moa.id.proxy,at.gv.egovernment.moa.id.config"
+ sourcepath="c:\java\id.server\src;c:\java\id.server\res" classpath="c:\java\id.server\WEB-INF\classes;c:\java\id.server\lib\axis-1.0\axis.jar;c:\java\id.server\lib\commons-logging-1.0.2\commons-logging-api.jar;c:\java\id.server\lib\jaxen-1.0\jaxen-core.jar;c:\java\id.server\lib\jaxp-1.2_01\dom.jar;c:\java\id.server\lib\jsse-1.0.3_01\jcert.jar;c:\java\id.server\lib\log4j-1.2.7\log4j-1.2.7.jar;c:\java\id.server\lib\servlet-2.3\servlet-2_3-fcs-classfiles.zip;c:\java\id.server\lib\xalan-j-2.2\xalan.jar;c:\java\id.server\lib\xerces-j-2.0.2\xercesImpl.jar;c:\java\id.server\lib\axis-1.0\commons-discovery.jar;c:\java\id.server\lib\axis-1.0\jaxrpc.jar;c:\java\id.server\lib\axis-1.0\saaj.jar;c:\java\id.server\lib\commons-logging-1.0.2\commons-logging.jar;c:\java\id.server\lib\jaxen-1.0\jaxen-dom.jar;c:\java\id.server\lib\jaxen-1.0\saxpath.jar;c:\java\id.server\lib\jaxp-1.2_01\jaxp-api.jar;c:\java\id.server\lib\jaxp-1.2_01\sax.jar;c:\java\id.server\lib\jsse-1.0.3_01\jnet.jar;c:\java\id.server\lib\jsse-1.0.3_01\jsse.jar;c:\java\id.server\lib\xerces-j-2.0.2\xmlParserAPIs.jar;c:\java\common\bin;c:\java\common\lib\commons-logging-1.0.2\commons-logging-api.jar;c:\java\common\lib\jaxen-1.0\jaxen-core.jar;c:\java\common\lib\xerces-j-2.0.2\xmlParserAPIs.jar;c:\java\common\lib\jaxp-1.2_01\dom.jar;c:\java\common\lib\xalan-j-2.2\xalan.jar;c:\java\common\lib\jaxen-1.0\jaxen-dom.jar;c:\java\common\lib\jaxp-1.2_01\jaxp-api.jar;c:\java\common\lib\jaxen-1.0\saxpath.jar;c:\java\common\lib\xerces-j-2.0.2\xercesImpl.jar;c:\java\common\lib\junit-3.8.1\junit.jar;c:\java\common\lib\iaik-jce-3.01\iaik_jce_full.jar;c:\java\id.server\lib\iaik-jce-3.01\iaik_jce_full.jar">
+ <link href="http://java.sun.com/j2se/1.3/docs/api"/>
+ <link href="http://java.sun.com/products/jsse/doc/apidoc/index.html"/>
+ <link href="http://java.sun.com/j2ee/sdk_1.3/techdocs/api/"/>
+ <link href="http://java.sun.com/products/jsse/doc/apidoc/index.html"/>
+ <link href="http://java.sun.com/products/jsse/doc/apidoc/index.html"/>
+ </javadoc>
+ </target>
+</project>
+ \ No newline at end of file
diff --git a/id.server/lib/axis-1.1rc2/axis.jar b/id.server/lib/axis-1.1rc2/axis.jar
new file mode 100644
index 000000000..445ff8134
--- /dev/null
+++ b/id.server/lib/axis-1.1rc2/axis.jar
Binary files differ
diff --git a/id.server/lib/axis-1.1rc2/commons-discovery.jar b/id.server/lib/axis-1.1rc2/commons-discovery.jar
new file mode 100644
index 000000000..9dcd95038
--- /dev/null
+++ b/id.server/lib/axis-1.1rc2/commons-discovery.jar
Binary files differ
diff --git a/id.server/lib/axis-1.1rc2/jaxrpc.jar b/id.server/lib/axis-1.1rc2/jaxrpc.jar
new file mode 100644
index 000000000..dcf9c3ac1
--- /dev/null
+++ b/id.server/lib/axis-1.1rc2/jaxrpc.jar
Binary files differ
diff --git a/id.server/lib/axis-1.1rc2/saaj.jar b/id.server/lib/axis-1.1rc2/saaj.jar
new file mode 100644
index 000000000..839f81879
--- /dev/null
+++ b/id.server/lib/axis-1.1rc2/saaj.jar
Binary files differ
diff --git a/id.server/lib/axis-1.1rc2/wsdl4j.jar b/id.server/lib/axis-1.1rc2/wsdl4j.jar
new file mode 100644
index 000000000..de45fea68
--- /dev/null
+++ b/id.server/lib/axis-1.1rc2/wsdl4j.jar
Binary files differ
diff --git a/id.server/lib/commons-logging-1.0.2/commons-logging-api.jar b/id.server/lib/commons-logging-1.0.2/commons-logging-api.jar
new file mode 100644
index 000000000..d6ad90330
--- /dev/null
+++ b/id.server/lib/commons-logging-1.0.2/commons-logging-api.jar
Binary files differ
diff --git a/id.server/lib/commons-logging-1.0.2/commons-logging.jar b/id.server/lib/commons-logging-1.0.2/commons-logging.jar
new file mode 100644
index 000000000..aca1e4132
--- /dev/null
+++ b/id.server/lib/commons-logging-1.0.2/commons-logging.jar
Binary files differ
diff --git a/id.server/lib/iaik-moa-1.06/iaik-moa-full.jar b/id.server/lib/iaik-moa-1.06/iaik-moa-full.jar
new file mode 100644
index 000000000..343875e6d
--- /dev/null
+++ b/id.server/lib/iaik-moa-1.06/iaik-moa-full.jar
Binary files differ
diff --git a/id.server/lib/iaik-moa-1.06/iaik_X509TrustManager.jar b/id.server/lib/iaik-moa-1.06/iaik_X509TrustManager.jar
new file mode 100644
index 000000000..952d0a781
--- /dev/null
+++ b/id.server/lib/iaik-moa-1.06/iaik_X509TrustManager.jar
Binary files differ
diff --git a/id.server/lib/iaik-moa-1.06/iaik_ecc.jar b/id.server/lib/iaik-moa-1.06/iaik_ecc.jar
new file mode 100644
index 000000000..8c528a215
--- /dev/null
+++ b/id.server/lib/iaik-moa-1.06/iaik_ecc.jar
Binary files differ
diff --git a/id.server/lib/iaik-moa-1.06/iaik_jce_full.jar b/id.server/lib/iaik-moa-1.06/iaik_jce_full.jar
new file mode 100644
index 000000000..8d0f093e6
--- /dev/null
+++ b/id.server/lib/iaik-moa-1.06/iaik_jce_full.jar
Binary files differ
diff --git a/id.server/lib/iaik-moa-1.06/iaik_ldap.jar b/id.server/lib/iaik-moa-1.06/iaik_ldap.jar
new file mode 100644
index 000000000..afe683ed0
--- /dev/null
+++ b/id.server/lib/iaik-moa-1.06/iaik_ldap.jar
Binary files differ
diff --git a/id.server/lib/iaik-moa-1.06/ixsil.jar b/id.server/lib/iaik-moa-1.06/ixsil.jar
new file mode 100644
index 000000000..d60a0a39d
--- /dev/null
+++ b/id.server/lib/iaik-moa-1.06/ixsil.jar
Binary files differ
diff --git a/id.server/lib/jaxen-1.0/jaxen-core.jar b/id.server/lib/jaxen-1.0/jaxen-core.jar
new file mode 100644
index 000000000..e52bf679c
--- /dev/null
+++ b/id.server/lib/jaxen-1.0/jaxen-core.jar
Binary files differ
diff --git a/id.server/lib/jaxen-1.0/jaxen-dom.jar b/id.server/lib/jaxen-1.0/jaxen-dom.jar
new file mode 100644
index 000000000..1a9926357
--- /dev/null
+++ b/id.server/lib/jaxen-1.0/jaxen-dom.jar
Binary files differ
diff --git a/id.server/lib/jaxen-1.0/saxpath.jar b/id.server/lib/jaxen-1.0/saxpath.jar
new file mode 100644
index 000000000..2b43955ba
--- /dev/null
+++ b/id.server/lib/jaxen-1.0/saxpath.jar
Binary files differ
diff --git a/id.server/lib/jaxp-1.2_01/dom.jar b/id.server/lib/jaxp-1.2_01/dom.jar
new file mode 100644
index 000000000..f91f80a8b
--- /dev/null
+++ b/id.server/lib/jaxp-1.2_01/dom.jar
Binary files differ
diff --git a/id.server/lib/jaxp-1.2_01/jaxp-api.jar b/id.server/lib/jaxp-1.2_01/jaxp-api.jar
new file mode 100644
index 000000000..7a3295ee6
--- /dev/null
+++ b/id.server/lib/jaxp-1.2_01/jaxp-api.jar
Binary files differ
diff --git a/id.server/lib/jaxp-1.2_01/sax.jar b/id.server/lib/jaxp-1.2_01/sax.jar
new file mode 100644
index 000000000..9ffb844e5
--- /dev/null
+++ b/id.server/lib/jaxp-1.2_01/sax.jar
Binary files differ
diff --git a/id.server/lib/jsse-1.0.3_01/jcert.jar b/id.server/lib/jsse-1.0.3_01/jcert.jar
new file mode 100644
index 000000000..d33134214
--- /dev/null
+++ b/id.server/lib/jsse-1.0.3_01/jcert.jar
Binary files differ
diff --git a/id.server/lib/jsse-1.0.3_01/jnet.jar b/id.server/lib/jsse-1.0.3_01/jnet.jar
new file mode 100644
index 000000000..e1d340093
--- /dev/null
+++ b/id.server/lib/jsse-1.0.3_01/jnet.jar
Binary files differ
diff --git a/id.server/lib/jsse-1.0.3_01/jsse.jar b/id.server/lib/jsse-1.0.3_01/jsse.jar
new file mode 100644
index 000000000..123188c5e
--- /dev/null
+++ b/id.server/lib/jsse-1.0.3_01/jsse.jar
Binary files differ
diff --git a/id.server/lib/junit-3.8.1/junit.jar b/id.server/lib/junit-3.8.1/junit.jar
new file mode 100644
index 000000000..674d71e89
--- /dev/null
+++ b/id.server/lib/junit-3.8.1/junit.jar
Binary files differ
diff --git a/id.server/lib/log4j-1.2.7/log4j-1.2.7.jar b/id.server/lib/log4j-1.2.7/log4j-1.2.7.jar
new file mode 100644
index 000000000..1595a56ef
--- /dev/null
+++ b/id.server/lib/log4j-1.2.7/log4j-1.2.7.jar
Binary files differ
diff --git a/id.server/lib/moa-spss-1.0.8a/moa-common.jar b/id.server/lib/moa-spss-1.0.8a/moa-common.jar
new file mode 100644
index 000000000..ce59f8c26
--- /dev/null
+++ b/id.server/lib/moa-spss-1.0.8a/moa-common.jar
Binary files differ
diff --git a/id.server/lib/moa-spss-1.0.8a/moa-spss.jar b/id.server/lib/moa-spss-1.0.8a/moa-spss.jar
new file mode 100644
index 000000000..efd525f46
--- /dev/null
+++ b/id.server/lib/moa-spss-1.0.8a/moa-spss.jar
Binary files differ
diff --git a/id.server/lib/postgres-jdbc2-7.3/pg73jdbc2.jar b/id.server/lib/postgres-jdbc2-7.3/pg73jdbc2.jar
new file mode 100644
index 000000000..8bf46dd8e
--- /dev/null
+++ b/id.server/lib/postgres-jdbc2-7.3/pg73jdbc2.jar
Binary files differ
diff --git a/id.server/lib/servlet-2.3/servlet-2_3-fcs-classfiles.zip b/id.server/lib/servlet-2.3/servlet-2_3-fcs-classfiles.zip
new file mode 100644
index 000000000..c450772ea
--- /dev/null
+++ b/id.server/lib/servlet-2.3/servlet-2_3-fcs-classfiles.zip
Binary files differ
diff --git a/id.server/lib/xalan-j-2.2/bsf.jar b/id.server/lib/xalan-j-2.2/bsf.jar
new file mode 100644
index 000000000..19036c1bc
--- /dev/null
+++ b/id.server/lib/xalan-j-2.2/bsf.jar
Binary files differ
diff --git a/id.server/lib/xalan-j-2.2/xalan.jar b/id.server/lib/xalan-j-2.2/xalan.jar
new file mode 100644
index 000000000..8dd6dca25
--- /dev/null
+++ b/id.server/lib/xalan-j-2.2/xalan.jar
Binary files differ
diff --git a/id.server/lib/xerces-j-2.0.2/xercesImpl.jar b/id.server/lib/xerces-j-2.0.2/xercesImpl.jar
new file mode 100644
index 000000000..f25d73cd7
--- /dev/null
+++ b/id.server/lib/xerces-j-2.0.2/xercesImpl.jar
Binary files differ
diff --git a/id.server/lib/xerces-j-2.0.2/xmlParserAPIs.jar b/id.server/lib/xerces-j-2.0.2/xmlParserAPIs.jar
new file mode 100644
index 000000000..c1fa1d645
--- /dev/null
+++ b/id.server/lib/xerces-j-2.0.2/xmlParserAPIs.jar
Binary files differ
diff --git a/id.server/res/META-INF/services/org.apache.axis.components.net.SecureSocketFactory b/id.server/res/META-INF/services/org.apache.axis.components.net.SecureSocketFactory
new file mode 100644
index 000000000..c4547e804
--- /dev/null
+++ b/id.server/res/META-INF/services/org.apache.axis.components.net.SecureSocketFactory
@@ -0,0 +1 @@
+at.gv.egovernment.moa.id.util.AxisSecureSocketFactory
diff --git a/id.server/res/resources/properties/id_messages_de.properties b/id.server/res/resources/properties/id_messages_de.properties
new file mode 100644
index 000000000..4c27031b5
--- /dev/null
+++ b/id.server/res/resources/properties/id_messages_de.properties
@@ -0,0 +1,101 @@
+# This file contains exception messages in the standard Java properties
+# format. The messages may contain formatting patterns as definied in the
+# java.text.MessageFormat class.
+
+#
+# Error messages: the key corresponds to the error code
+#
+
+# status messages included in <samlp:Response> of GetAuthenticationDataService
+1200=Anfrage erfolgreich beantwortet
+1201=Fehlerhaftes Requestformat: mehr als 1 Request übergeben
+1202=Fehlerhaftes Requestformat: kein SAML-Artifakt übergeben
+1203=Fehlerhaftes Requestformat: mehr als 1 SAML-Artifakt übergeben
+1204=Fehlerhaftes Requestformat
+1205=Fehler beim Abholen der Anmeldedaten, fehlerhaftes SAML-Artifakt Format (SAML-Artifakt={0}): {1}
+1206=Fehler beim Abholen der Anmeldedaten, unbekanntes SAML-Artifakt (SAML-Artifakt={0})
+1207=Zeitüberschreitung beim Abholen der Anmeldedaten (SAML-Artifakt={0})
+1299=Interner Server-Fehler
+
+auth.00=Anmeldung an dieser Applikation wird nicht unterstützt (URL={0})
+auth.01=Die Anmeldung ist bereits im Gange (MOASessionID={0})
+auth.02=MOASessionID ist unbekannt (MOASessionID={0})
+auth.03=Fehler beim Abholen des URL "{0}": {1}
+auth.04=Fehler beim Auslesen der Resource "{0}": {1}
+auth.05=Fehlender Parameter "{1}" beim Aufruf von "{0}"
+auth.06=Fehler beim Speichern der Anmeldedaten, fehlerhaftes SAML-Artifact Format (SAML-Artifact={0})
+auth.07=Aufruf muss über "https:" erfolgen
+auth.08=In der Bürgerkartenumgebung ist ein Fehler aufgetreten: <br>Fehlercode <i>{0}</i>: {1}
+
+init.00=MOA ID Authentisierung wurde erfolgreich gestartet
+init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround: SSL ist möglicherweise nicht verfügbar
+init.02=Fehler beim Starten des Service MOA ID Authentisierung
+
+config.00=MOA ID Konfiguration erfolgreich geladen
+config.01=Umgebungsvariable "moa.id.configuration" nicht gesetzt
+config.02=Nicht klassifizierter Fehler in der Konfiguration (siehe Log-Datei für Details)
+config.03=Fehler beim Einlesen der Konfiguration
+config.04=Fehler beim Lesen der MOA ID Konfiguration; es wird weiterhin die ursprüngliche Konfiguration verwendet
+config.05=Fehlerhafter Wert für "{0}" in der MOA ID Konfiguration
+config.06=Doppelter Eintrag in der Konfiguration für die Online-Applikation gefunden: {0}
+config.07=Klasse {0} kann nicht instanziert werden
+config.08=Fehlender Wert für "{0}" in der MOA ID Konfiguration
+config.09=Fehler beim Erstellen von X509IssuerSerial (IssuerName={0}, SerialNumber={1})
+config.10=Fehler in der MOA SPSS Konfiguration: {0}
+
+parser.00=Leichter Fehler beim Parsen: {0}
+parser.01=Fehler beim Parsen: {0}
+parser.02=Schwerer Fehler beim Parsen: {0}
+
+builder.00=Fehler beim Aufbau der Struktur "{0}": {1}
+builder.01=Fehlerhaftes Template: Kennung "{0}" fehlt
+
+service.00=Fehler beim Aufruf des Web Service: {0}
+service.01=Fehler beim Aufruf des Web Service: kein Endpoint
+service.02=Fehler beim Aufruf des Web Service, Status {0}: {1}
+service.03=Fehler beim Aufruf des SPSS-API: {0}
+
+cleaner.00=AuthenticationSessionCleaner wurde gestartet
+cleaner.01=Fehler im AuthenticationSessionCleaner
+cleaner.02=MOASession {0} ist abgelaufen
+cleaner.03=Anmeldedaten zu SAML-Artifakt {0} sind abgelaufen
+
+proxy.00=MOA ID Proxy wurde erfolgreich gestartet
+proxy.01=Unbekannter URL {0}, erwarteter URL auf {1}
+proxy.02=Unbekannter URL {0}
+proxy.04=URL {0} : {1}
+proxy.05=Fehler beim Aufbauen der SSLSocketFactory für {0} : {1}
+proxy.06=Fehler beim Starten des Service MOA ID Proxy
+proxy.07=Sie sind nicht angemeldet. Melden Sie sich erneut an.
+proxy.08=Kein URL-Mapping in der HttpSession verfügbar (URL {0})
+proxy.09=Fehler beim Aufruf des MOA-ID Auth API: {0}
+proxy.10=Fehler beim Weiterleiten (MOA-ID Proxy)
+proxy.11=Beim Weiterleiten des Request ist ein Fehler aufgetreten.
+proxy.12=Fehler bei der Anmeldung. <br>Eine Anmeldung an der Anwendung <b>{0}</b> war nicht m&ouml;glich. <br>Pr&uuml;fen Sie bitte ihre Berechtigung.
+
+validator.00=Kein SAML:Assertion Objekt gefunden {0}
+validator.01=Im Subject kommt mehr als ein Element des Typs PhysicalPersonType vor {0}
+validator.02=Das verwendete Schlüsselformat eines öffentlichen Schlüssels ist unbekannt {0}
+validator.03=Der Namespace eines öffentlichen Schlüssels ist ungültig {0}
+validator.04=Es wurde ein SAML:Attribut ohne öffentlichen Schlüssel gefunden {0}
+validator.05=Es wurde keine DSIG:Signature gefunden {0}
+
+validator.06=Die Signatur ist ungültig
+validator.07=Das Zertifikat der Personenbindung ist ungültig
+validator.08=Das Manifest ist ungültig
+validator.09=Die öffentlichen Schlüssel des Identitiy Link stimmen nicht mit dem retournierten Zertifikat überein
+
+validator.10=Anzahl der URLs zur Authentisierungskomponente ungültig {0}
+validator.11="Geschäftsbereich" wurde nicht in den SAML-Attributen gefunden {0}
+validator.12=Der Namespace des SAML-Attributs "Geschäftsbereich" ist ungültig {0}
+validator.13=Das Target des 'Geschäftsbereichs' ist ungültig {0}
+validator.14="OA" wurde nicht in den SAML-Attributen gefunden {0}
+validator.15=Der Namespace des SAML-Attributs "OA" ist ungültig {0}
+validator.16=Die vorkonfigurierte URL der OnlineApplikation ist fehlerhaft {0}
+
+validator.17= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist ungültig {0}
+validator.18= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist nicht als gültiger SubjectDN-Name für eine Personenbindung konfiguriert. <b>{0}</b> wurde NICHT in der Konfiguration gefunden
+
+validator.19=Das verwendete Zertifikat zum Signieren ist ungültig
+
+ssl.01=Validierung des SSL-Server-Endzertifikates hat fehlgeschlagen \ No newline at end of file
diff --git a/id.server/res/resources/wsdl/MOA-ID-1.0.wsdl b/id.server/res/resources/wsdl/MOA-ID-1.0.wsdl
new file mode 100644
index 000000000..5751b3e58
--- /dev/null
+++ b/id.server/res/resources/wsdl/MOA-ID-1.0.wsdl
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<definitions name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/ http://schemas.xmlsoap.org/wsdl/">
+ <import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="MOA-20020812.xsd"/>
+ <message name="GetAuthenticationDataInput">
+ <part name="body" element="samlp:Request"/>
+ </message>
+ <message name="GetAuthenticationDataOutput">
+ <part name="body" element="samlp:Response"/>
+ </message>
+ <message name="MOAFault">
+ <part name="body" element="moa:ErrorResponse"/>
+ </message>
+ <portType name="IdentificationPortType">
+ <operation name="getAuthenticationData">
+ <input message="tns:GetAuthenticationDataInput"/>
+ <output message="tns:GetAuthenticationDataOutput"/>
+ <fault name="MOAFault" message="tns:MOAFault"/>
+ </operation>
+ </portType>
+ <binding name="IdentificationBinding" type="tns:IdentificationPortType" xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/soap/ http://schemas.xmlsoap.org/wsdl/soap/">
+ <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+ <operation name="getAuthenticationData">
+ <soap:operation soapAction="urn:GetAuthenticationDataAction"/>
+ <input>
+ <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+ </input>
+ <output>
+ <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+ </output>
+ <fault name="MOAFault">
+ <soap:fault name="MOAFault" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+ </fault>
+ </operation>
+ </binding>
+ <service name="GetAuthenticationDataService">
+ <port name="IdentificationPort" binding="tns:IdentificationBinding">
+ <soap:address location="http://localhost/moa-id-auth/services/GetAuthenticationData"/>
+ </port>
+ </service>
+</definitions>
diff --git a/id.server/res/resources/xmldata/CertInfoDsigSignature.xml b/id.server/res/resources/xmldata/CertInfoDsigSignature.xml
new file mode 100644
index 000000000..bf35dc73f
--- /dev/null
+++ b/id.server/res/resources/xmldata/CertInfoDsigSignature.xml
@@ -0,0 +1,139 @@
+<dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI="#signed-data"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;signed-data&apos;)/node()</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>C0hW5jQojphweuFzPb+CNkHwhe4=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>Bdsc7wAfyMyZ21ChcF+tRh3D7sU=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>lCz3hDQMbqRMmCieG3fQFax3f8JX86gDi7mf4h03J7vlJjSOJQ4Wh/3Kd81ntKuh
+qFphj2cEhQYX08e6SeaU+7H7qdRa+xFRDRGav8L5x5xCUQT2SV+2/hx0C7UuJt+p
+tewtbqVAcNxgKPlBuIzyXGOrBdiinp1KftEQoVCpPCI=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="signed-data"><html>
+<head>
+<title>Überprüfung des Namen des Anmelde-Servers</title>
+</head>
+<body>
+<h2>Prüfung der Identität des MOA-ID Servers</h2>
+
+Bevor Sie sich in den folgenden Schritten an eine Online-Applikation anmelden,
+wird empfohlen den Namen des Anmelde-Servers zu überprüfen.
+Zu diesem Zweck identifiziert Ihr Webbrowser den Anmelde-Server mit Hilfe eines Zertifikates.
+Ihre Aufgabe ist es zu überprüfen, ob das Server-Zertifikat von einem Unternehmen ausgestellt
+wurde, dem Sie vertrauen.
+<p>
+Die folgenden Absätze beschreiben, wie Sie diese Überprüfung durchführen können.
+Führen Sie jene Arbeitsschritte durch, die für den von Ihnen verwendeten Webbrowser zutreffend sind.
+</p>
+<h3>Microsoft Internet Explorer 6.0</h3>
+
+<ol>
+<li>Öffnen Sie (durch Doppel-Klicken) das Symbol mit dem gelben Vorhangschloß am unteren Rand des Browsers.</li>
+<li>Selektieren Sie im nun geöffnetem Fenster &quot;Zertifikat&quot; den Karteireiter &quot;Zertifizierungspfad&quot;.</li>
+<li>Öffnen Sie (durch Doppel-Klicken) das an oberster Stelle gereihte Zertifikat.</li>
+<li>Überprüfen Sie ob als Aussteller dieses Zertifikat (Karteireiter &quot;Details&quot;, Eintrag &quot;Aussteller&quot;)
+ein Unternehmen aufscheint, dem Sie vertrauen den Namen des Anmelde-Servers zu überprüfen.</li>
+<li>Überprüfen Sie, ob dieses Zertifikat authentisch vom angegebene Unternehmen stammt. Dazu können Sie den
+Fingerabdruck (Karteireiter &quot;Details&quot;, unterster Eintrag) des Zertifikats überprüfen. Am Ende dieses Dokuments ist
+eine von der IKT-Stabsstelle überprüfte Liste von Zertifikaten und deren Fingerabdruck aufgelistet.
+Überprüfen Sie ob das von Ihnen zu überprüfende Zertifikat
+in dieser Liste enthalten ist und der Fingerabruck mit dem Wert in der Liste übereinstimmt.
+<ul>
+<li>Ist Ihr zu prüfendes Zertifikat in der Liste enthalten und stimmt der Wert des Fingerabdrucks mit dem Wert
+in der Liste überein, dann ist das Zertifikat authentisch und der Anmeldevorgang kann fortgesetzt werden.</li>
+<li>Ist Ihr zu prüfendes Zertifikat in der Liste enthalten aber stimmt der Wert des Fingerabdrucks nicht mit dem Wert
+in der Liste überein, dann ist das Zertifikat nicht authentisch und der Anmeldevorgang muss abgebrochen werden.</li>
+<li>Ist Ihr zu prüfendes Zertifikat nicht in der Liste enthalten müssen Sie eine andere verlässliche Quelle für den
+Vergleich des Fingerabdrucks finden. Sofern das Zertifikat authentisch ist, kann der Anmeldevorgang fortgesetzt werden.</li>
+</ul></li>
+<li>Ist das in Schritt 3. geöffnete Zertifikat nicht im Internet Explorer installiert erscheint das Zertifikat mit
+einem roten Kreuz. Sie können das Zertifikat installieren, indem Sie die Schaltfläche &quot;Zertifikat installieren ...&quot;
+(Karteireiter &quot;Allgemein&quot;) aktivieren. In der Folge werden alle von dieser Zertifizierungsstelle ausgestellten Zertifikate
+vom Internet Explorer als vertrauenswürdig erkannt.</li>
+</ol>
+<h3>Netscape Navigator 7.0</h3>
+<ol>
+<li>Öffnen Sie (durch Klicken) das Symbol mit dem Vorhangschloss am rechten, unteren Rand des Browsers</li>
+<li>Aktivieren Sie die Schaltfläche &quot;Anzeigen&quot;</li>
+<li>Selektieren Sie im nun geöffnetem Fenster &quot;Zertifikatsanzeige&quot; den Karteireiter &quot;Detail&quot;.</li>
+<li>Aktivieren Sie (durch Klicken) das an oberster Stelle gereihte Zertifikat.</li>
+<li>Überprüfen Sie ob als Aussteller dieses Zertifikat (Eintrag &quot;Aussteller&quot;)
+ein Unternehmen aufscheint, dem Sie vertrauen den Namen des Anmelde-Servers zu überprüfen.</li>
+<li>Überprüfen Sie, ob dieses Zertifikat authentisch vom angegebene Unternehmen stammt. Dazu können Sie den
+Fingerabdruck des Zertifikats überprüfen. Am Ende dieses Dokuments ist
+eine von der IKT-Stabsstelle überprüfte Liste von Zertifikaten und deren Fingerabdruck aufgelistet.
+Überprüfen Sie ob das von Ihnen zu überprüfende Zertifikat
+in dieser Liste enthalten ist und der Fingerabruck mit dem Wert in der Liste übereinstimmt.
+<ul>
+<li>Ist Ihr zu prüfendes Zertifikat in der Liste enthalten und stimmt der Wert des Fingerabdrucks mit dem Wert
+in der Liste überein, dann ist das Zertifikat authentisch und der Anmeldevorgang kann fortgesetzt werden.</li>
+<li>Ist Ihr zu prüfendes Zertifikat in der Liste enthalten aber stimmt der Wert des Fingerabdrucks nicht mit dem Wert
+in der Liste überein, dann ist das Zertifikat nicht authentisch und der Anmeldevorgang muss abgebrochen werden.</li>
+<li>Ist Ihr zu prüfendes Zertifikat nicht in der Liste enthalten müssen Sie eine andere verlässliche Quelle für den
+Vergleich des Fingerabdrucks finden. Sofern das Zertifikat authentisch ist, kann der Anmeldevorgang fortgesetzt werden.</li>
+</ul></li>
+<li>Ist das Aussteller-Zertifikat nicht im Netscape Navigator installiert können Sie das Zertifikat installieren,
+indem Sie die &quot;*.cer&quot; Datei mit Netscape Navigator öffnen. In der Folge werden alle von dieser Zertifizierungsstelle
+ausgestellten Zertifikate vom Internet Explorer als vertrauenswürdig erkannt.</li>
+</ol>
+
+<h2>Zertifikate und ihr Fingerabdruck</h2>
+
+<table>
+<tr>
+<td>Aussteller</td><td>CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT</td>
+</tr>
+<tr>
+<td>Seriennummer</td><td>111 (0x6f)</td>
+</tr>
+<tr>
+<td>Fingerabdruck</td><td>SHA-1: e6 e6 fc 88 71 91 77 c9 b7 42 18 25 75 7c 5e 47 bc ac 85 f6</td>
+</tr>
+</table>
+
+<p/>
+<table>
+<tr>
+<td>Aussteller</td><td>CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT</td>
+</tr>
+<tr>
+<td>Seriennummer</td><td>531 (0x213)</td>
+</tr>
+<tr>
+<td>Fingerabdruck</td><td>SHA-1: 9e 05 12 dd 61 da 59 49 d1 d8 63 1c 3f 19 d7 5f 49 6c 37 33</td>
+</tr>
+</table>
+
+<p/>
+<table>
+<tr>
+<td>Aussteller</td><td>CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT</td>
+</tr>
+<tr>
+<td>Seriennummer</td><td>536 (0x0218)</td>
+</tr>
+<tr>
+<td>Fingerabdruck</td><td>SHA-1: 0f 5a 03 42 f5 cd 44 87 99 c3 c6 d1 78 60 7e 3f 2b 5b cb 8f</td>
+</tr>
+</table>
+
+</body>
+</html></dsig:Object><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-05-06T07:09:50Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature> \ No newline at end of file
diff --git a/id.server/res/resources/xmldata/CertInfoVerifyXMLSignatureRequest.xml b/id.server/res/resources/xmldata/CertInfoVerifyXMLSignatureRequest.xml
new file mode 100644
index 000000000..1966d2ca2
--- /dev/null
+++ b/id.server/res/resources/xmldata/CertInfoVerifyXMLSignatureRequest.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:VerifyXMLSignatureRequest xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <sl11:SignatureInfo>
+ <sl11:SignatureEnvironment>
+ <sl10:XMLContent xml:space="preserve"><dsig:Signature/></sl10:XMLContent>
+ </sl11:SignatureEnvironment>
+ <sl11:SignatureLocation>//dsig:Signature</sl11:SignatureLocation>
+ </sl11:SignatureInfo>
+</sl11:VerifyXMLSignatureRequest>
diff --git a/id.server/src/at/gv/egovernment/moa/id/AuthenticationException.java b/id.server/src/at/gv/egovernment/moa/id/AuthenticationException.java
new file mode 100644
index 000000000..96a5e0673
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/AuthenticationException.java
@@ -0,0 +1,31 @@
+package at.gv.egovernment.moa.id;
+
+
+/**
+ * Exception thrown during handling of AuthenticationSession
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AuthenticationException extends MOAIDException {
+
+ /**
+ * Constructor for AuthenticationException.
+ * @param messageId
+ */
+ public AuthenticationException(String messageId, Object[] parameters) {
+ super(messageId, parameters, null);
+ }
+ /**
+ * Constructor for AuthenticationException.
+ * @param messageId
+ * @param parameters
+ * @param wrapped
+ */
+ public AuthenticationException(
+ String messageId,
+ Object[] parameters,
+ Throwable wrapped) {
+ super(messageId, parameters, wrapped);
+ }
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/BuildException.java b/id.server/src/at/gv/egovernment/moa/id/BuildException.java
new file mode 100644
index 000000000..785dce7a3
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/BuildException.java
@@ -0,0 +1,34 @@
+package at.gv.egovernment.moa.id;
+
+
+/**
+ * Exception thrown while building an XML or HTML structure.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class BuildException extends MOAIDException {
+
+ /**
+ * Constructor for BuildException.
+ * @param messageId
+ * @param parameters
+ */
+ public BuildException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ /**
+ * Constructor for BuildException.
+ * @param messageId
+ * @param parameters
+ * @param wrapped
+ */
+ public BuildException(
+ String messageId,
+ Object[] parameters,
+ Throwable wrapped) {
+ super(messageId, parameters, wrapped);
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/MOAIDException.java b/id.server/src/at/gv/egovernment/moa/id/MOAIDException.java
new file mode 100644
index 000000000..bce2c4778
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/MOAIDException.java
@@ -0,0 +1,159 @@
+package at.gv.egovernment.moa.id;
+
+import java.io.PrintStream;
+import java.io.PrintWriter;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.w3c.dom.DOMImplementation;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * Base class of technical MOA exceptions.
+ *
+ * Technical exceptions are exceptions that originate from system failure (e.g.,
+ * a database connection fails, a component is not available, etc.)
+ *
+ * @author Patrick Peck, Ivancsics Paul
+ * @version $Id$
+ */
+public class MOAIDException extends Exception {
+ /** message ID */
+ private String messageId;
+ /** wrapped exception */
+ private Throwable wrapped;
+
+ /**
+ * Create a new <code>MOAIDException</code>.
+ *
+ * @param messageId The identifier of the message associated with this
+ * exception.
+ * @param parameters Additional message parameters.
+ */
+ public MOAIDException(String messageId, Object[] parameters) {
+ super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters));
+ this.messageId = messageId;
+ }
+
+ /**
+ * Create a new <code>MOAIDException</code>.
+ *
+ * @param messageId The identifier of the message associated with this
+ * <code>MOAIDException</code>.
+ * @param parameters Additional message parameters.
+ * @param wrapped The exception wrapped by this
+ * <code>MOAIDException</code>.
+ */
+ public MOAIDException(
+ String messageId,
+ Object[] parameters,
+ Throwable wrapped) {
+
+ super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters));
+ this.messageId = messageId;
+ this.wrapped = wrapped;
+ }
+
+ /**
+ * Print a stack trace of this exception to <code>System.err</code>.
+ *
+ * @see java.lang.Throwable#printStackTrace()
+ */
+ public void printStackTrace() {
+ printStackTrace(System.err);
+ }
+
+ /**
+ * Print a stack trace of this exception, including the wrapped exception.
+ *
+ * @param s The stream to write the stack trace to.
+ * @see java.lang.Throwable#printStackTrace(java.io.PrintStream)
+ */
+ public void printStackTrace(PrintStream s) {
+ if (getWrapped() == null)
+ super.printStackTrace(s);
+ else {
+ s.print("Root exception: ");
+ getWrapped().printStackTrace(s);
+ }
+ }
+
+ /**
+ * Print a stack trace of this exception, including the wrapped exception.
+ *
+ * @param s The stream to write the stacktrace to.
+ * @see java.lang.Throwable#printStackTrace(java.io.PrintWriter)
+ */
+ public void printStackTrace(PrintWriter s) {
+ if (getWrapped() == null)
+ super.printStackTrace(s);
+ else {
+ s.print("Root exception: ");
+ getWrapped().printStackTrace(s);
+ }
+ }
+
+ /**
+ * @return message ID
+ */
+ public String getMessageId() {
+ return messageId;
+ }
+
+ /**
+ * @return wrapped exception
+ */
+ public Throwable getWrapped() {
+ return wrapped;
+ }
+
+ /**
+ * Convert this <code>MOAIDException</code> to an <code>ErrorResponse</code>
+ * element from the MOA namespace.
+ *
+ * @return An <code>ErrorResponse</code> element, containing the subelements
+ * <code>ErrorCode</code> and <code>Info</code> required by the MOA schema.
+ */
+ public Element toErrorResponse() {
+ DocumentBuilder builder;
+ DOMImplementation impl;
+ Document doc;
+ Element errorResponse;
+ Element errorCode;
+ Element info;
+
+ // create a new document
+ try {
+ builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ impl = builder.getDOMImplementation();
+ } catch (ParserConfigurationException e) {
+ return null;
+ }
+
+ // build the ErrorResponse element
+ doc = impl.createDocument(Constants.MOA_NS_URI, "ErrorResponse", null);
+ errorResponse = doc.getDocumentElement();
+
+ // add MOA namespace declaration
+ errorResponse.setAttributeNS(
+ Constants.XMLNS_NS_URI,
+ "xmlns",
+ Constants.MOA_NS_URI);
+
+ // build the child elements
+ errorCode = doc.createElementNS(Constants.MOA_NS_URI, "ErrorCode");
+ errorCode.appendChild(doc.createTextNode(messageId));
+ info = doc.createElementNS(Constants.MOA_NS_URI, "Info");
+ info.appendChild(doc.createTextNode(toString()));
+ errorResponse.appendChild(errorCode);
+ errorResponse.appendChild(info);
+ return errorResponse;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/ParseException.java b/id.server/src/at/gv/egovernment/moa/id/ParseException.java
new file mode 100644
index 000000000..a5e0088d9
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/ParseException.java
@@ -0,0 +1,34 @@
+package at.gv.egovernment.moa.id;
+
+
+/**
+ * Exception thrown while parsing an XML structure.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class ParseException extends MOAIDException {
+
+ /**
+ * Constructor for ParseException.
+ * @param messageId
+ * @param parameters
+ */
+ public ParseException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ /**
+ * Constructor for ParseException.
+ * @param messageId
+ * @param parameters
+ * @param wrapped
+ */
+ public ParseException(
+ String messageId,
+ Object[] parameters,
+ Throwable wrapped) {
+ super(messageId, parameters, wrapped);
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/ServiceException.java b/id.server/src/at/gv/egovernment/moa/id/ServiceException.java
new file mode 100644
index 000000000..9e6ab2361
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/ServiceException.java
@@ -0,0 +1,34 @@
+package at.gv.egovernment.moa.id;
+
+
+/**
+ * Exception thrown while calling the MOA-SPSS web service.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class ServiceException extends MOAIDException {
+
+ /**
+ * Constructor for ServiceException.
+ * @param messageId
+ * @param parameters
+ */
+ public ServiceException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ /**
+ * Constructor for ServiceException.
+ * @param messageId
+ * @param parameters
+ * @param wrapped
+ */
+ public ServiceException(
+ String messageId,
+ Object[] parameters,
+ Throwable wrapped) {
+ super(messageId, parameters, wrapped);
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
new file mode 100644
index 000000000..e9d9c7175
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -0,0 +1,648 @@
+package at.gv.egovernment.moa.id.auth;
+
+import iaik.pki.PKIException;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.util.Calendar;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.ServiceException;
+import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
+import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
+import at.gv.egovernment.moa.id.auth.builder.CertInfoVerifyXMLSignatureRequestBuilder;
+import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder;
+import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder;
+import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
+import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
+import at.gv.egovernment.moa.id.auth.builder.SelectBKUFormBuilder;
+import at.gv.egovernment.moa.id.auth.builder.VPKBuilder;
+import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
+import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
+import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
+import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator;
+import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
+import at.gv.egovernment.moa.id.auth.validator.ValidateException;
+import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.DateTimeUtils;
+import at.gv.egovernment.moa.util.FileUtils;
+
+/**
+ * API for MOA ID Authentication Service.<br>
+ * {@link AuthenticationSession} is stored in a session store and retrieved
+ * by giving the session ID.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AuthenticationServer implements MOAIDAuthConstants {
+
+ /** single instance */
+ private static AuthenticationServer instance;
+ /** session data store (session ID -> AuthenticationSession) */
+ private static Map sessionStore = new HashMap();
+ /** authentication data store (assertion handle -> AuthenticationData) */
+ private static Map authenticationDataStore = new HashMap();
+ /**
+ * time out in milliseconds used by {@link cleanup} for session store
+ */
+ private long sessionTimeOut = 10*60*1000; // default 10 minutes
+ /**
+ * time out in milliseconds used by {@link cleanup} for authentication data store
+ */
+ private long authDataTimeOut = 2*60*1000; // default 2 minutes
+
+ /**
+ * Returns the single instance of <code>AuthenticationServer</code>.
+ *
+ * @return the single instance of <code>AuthenticationServer</code>
+ */
+ public static AuthenticationServer getInstance() {
+ if (instance == null)
+ instance = new AuthenticationServer();
+ return instance;
+ }
+ /**
+ * Constructor for AuthenticationServer.
+ */
+ public AuthenticationServer() {
+ super();
+ }
+ /**
+ * Processes request to select a BKU.
+ * <br/>Processing depends on value of {@link AuthConfigurationProvider#getBKUSelectionType}.
+ * <br/>For <code>bkuSelectionType==HTMLComplete</code>, a <code>returnURI</code> for the
+ * "BKU Auswahl" service is returned.
+ * <br/>For <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU selection is returned.
+ * @param authURL base URL of MOA-ID Auth component
+ * @param target "Gesch&auml;ftsbereich"
+ * @param oaURL online application URL requested
+ * @param bkuSelectionTemplateURL template for BKU selection form to be used
+ * in case of <code>HTMLSelect</code>; may be null
+ * @param templateURL URL providing an HTML template for the HTML form to be used
+ * for call <code>startAuthentication</code>
+ * @return for <code>bkuSelectionType==HTMLComplete</code>, the <code>returnURI</code> for the
+ * "BKU Auswahl" service;
+ * for <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU selection
+ * @throws WrongParametersException upon missing parameters
+ * @throws AuthenticationException when the configured BKU selection service cannot be reached,
+ * and when the given bkuSelectionTemplateURL cannot be reached
+ * @throws ConfigurationException on missing configuration data
+ * @throws BuildException while building the HTML form
+ */
+ public String selectBKU(
+ String authURL, String target, String oaURL, String bkuSelectionTemplateURL, String templateURL)
+ throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException {
+
+ if (isEmpty(authURL))
+ throw new WrongParametersException("StartAuthentication", "AuthURL");
+ if (isEmpty(target))
+ throw new WrongParametersException("StartAuthentication", PARAM_TARGET);
+ if (isEmpty(oaURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_OA);
+ if (! authURL.startsWith("https:"))
+ throw new AuthenticationException("auth.07", null);
+ ConnectionParameter bkuConnParam = AuthConfigurationProvider.getInstance().getBKUConnectionParameter();
+ if (bkuConnParam == null)
+ throw new ConfigurationException("config.08", new Object[] {"BKUSelection/ConnectionParameter"});
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00", new Object[] {oaURL});
+ AuthenticationSession session = newSession();
+ Logger.info("MOASession " + session.getSessionID() + " angelegt");
+ session.setTarget(target);
+ session.setOAURLRequested(oaURL);
+ session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
+ session.setAuthURL(authURL);
+ session.setTemplateURL(templateURL);
+ String returnURL = new DataURLBuilder().buildDataURL(authURL, REQ_START_AUTHENTICATION, session.getSessionID());
+ String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType();
+ if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) {
+ // bkuSelectionType==HTMLComplete
+ String redirectURL = bkuConnParam.getUrl() + "?" + AuthServlet.PARAM_RETURN + "=" + returnURL;
+ return redirectURL;
+ }
+ else {
+ // bkuSelectionType==HTMLSelect
+ String bkuSelectTag;
+ try {
+ bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider.getInstance(), bkuConnParam);
+ }
+ catch (Throwable ex) {
+ throw new AuthenticationException("auth.03", new Object[] {bkuConnParam.getUrl(), ex.toString()}, ex);
+ }
+ String bkuSelectionTemplate = null;
+ if (bkuSelectionTemplateURL != null) {
+ try {
+ bkuSelectionTemplate = new String(FileUtils.readURL(bkuSelectionTemplateURL));
+ }
+ catch (IOException ex) {
+ throw new AuthenticationException("auth.03", new Object[] {bkuSelectionTemplateURL, ex.toString()}, ex);
+ }
+ }
+ String htmlForm = new SelectBKUFormBuilder().build(bkuSelectionTemplate, returnURL, bkuSelectTag);
+ return htmlForm;
+ }
+ }
+ /**
+ * Method readBKUSelectTag.
+ * @param conf the ConfigurationProvider
+ * @param connParam the ConnectionParameter for that connection
+ * @return String
+ * @throws ConfigurationException on config-errors
+ * @throws PKIException on PKI errors
+ * @throws IOException on any data error
+ * @throws GeneralSecurityException on security errors
+ */
+ private String readBKUSelectTag(ConfigurationProvider conf, ConnectionParameter connParam)
+ throws ConfigurationException, PKIException, IOException, GeneralSecurityException {
+
+ if (connParam.isHTTPSURL())
+ return new String(SSLUtils.readHttpsURL(conf, connParam));
+ else
+ return new String(FileUtils.readURL(connParam.getUrl()));
+ }
+ /**
+ * Processes the beginning of an authentication session.
+ * <ul>
+ * <li>Starts an authentication session</li>
+ * <li>Creates an <code>&lt;InfoboxReadRequest&gt;</code></li>
+ * <li>Creates an HTML form for querying the identity link from the
+ * security layer implementation.
+ * <br>Form parameters include
+ * <ul>
+ * <li>the <code>&lt;InfoboxReadRequest&gt;</code></li>
+ * <li>the data URL where the security layer implementation sends it response to</li>
+ * </ul>
+ * </ul>
+ * @param authURL URL of the servlet to be used as data URL
+ * @param target "Gesch&auml;ftsbereich" of the online application requested
+ * @param oaURL online application URL requested
+ * @param bkuURL URL of the "B&uuml;rgerkartenumgebung" to be used;
+ * may be <code>null</code>; in this case, the default location will be used
+ * @param templateURL URL providing an HTML template for the HTML form generated
+ * @return HTML form
+ * @throws AuthenticationException
+ * @see GetIdentityLinkFormBuilder
+ * @see InfoboxReadRequestBuilder
+ */
+ public String startAuthentication(
+ String authURL, String target, String oaURL, String templateURL, String bkuURL, String sessionID)
+ throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException {
+
+ if (isEmpty(sessionID)) {
+ if (isEmpty(authURL))
+ throw new WrongParametersException("StartAuthentication", "AuthURL");
+ if (! authURL.startsWith("https:"))
+ throw new AuthenticationException("auth.07", null);
+ if (isEmpty(target))
+ throw new WrongParametersException("StartAuthentication", PARAM_TARGET);
+ if (isEmpty(oaURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_OA);
+ }
+ AuthenticationSession session;
+ if (sessionID != null)
+ session = getSession(sessionID);
+ else {
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00", new Object[] {oaURL});
+ session = newSession();
+ Logger.info("MOASession " + session.getSessionID() + " angelegt");
+ session.setTarget(target);
+ session.setOAURLRequested(oaURL);
+ session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
+ session.setAuthURL(authURL);
+ session.setTemplateURL(templateURL);
+ }
+ String infoboxReadRequest = new InfoboxReadRequestBuilder().build();
+ String dataURL = new DataURLBuilder().buildDataURL(
+ session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session.getSessionID());
+ String template = null;
+ if (session.getTemplateURL() != null) {
+ try {
+ template = new String(FileUtils.readURL(session.getTemplateURL()));
+ }
+ catch (IOException ex) {
+ throw new AuthenticationException("auth.03", new Object[] {session.getTemplateURL(), ex.toString()}, ex);
+ }
+ }
+ String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build();
+ String certInfoDataURL = new DataURLBuilder().buildDataURL(
+ session.getAuthURL(), REQ_START_AUTHENTICATION, session.getSessionID());
+ String htmlForm = new GetIdentityLinkFormBuilder().build(
+ template, bkuURL, infoboxReadRequest, dataURL, certInfoRequest, certInfoDataURL);
+ return htmlForm;
+ }
+ /**
+ * Processes an <code>&lt;InfoboxReadResponse&gt;</code> sent by the
+ * security layer implementation.<br>
+ * <ul>
+ * <li>Validates given <code>&lt;InfoboxReadResponse&gt;</code></li>
+ * <li>Parses identity link enclosed in <code>&lt;InfoboxReadResponse&gt;</code></li>
+ * <li>Verifies identity link by calling the MOA SP component</li>
+ * <li>Checks certificate authority of identity link</li>
+ * <li>Stores identity link in the session</li>
+ * <li>Creates an authentication block to be signed by the user</li>
+ * <li>Creates and returns a <code>&lt;CreateXMLSignatureRequest&gt;</code>
+ * containg the authentication block, meant to be returned to the
+ * security layer implementation</li>
+ * </ul>
+ *
+ * @param sessionID ID of associated authentication session data
+ * @param xmlInfoboxReadResponse String representation of the
+ * <code>&lt;InfoboxReadResponse&gt;</code>
+ * @return String representation of the <code>&lt;CreateXMLSignatureRequest&gt;</code>
+ */
+ public String verifyIdentityLink (String sessionID, String xmlInfoboxReadResponse)
+ throws AuthenticationException, ParseException, ConfigurationException, ValidateException, ServiceException, WrongParametersException {
+
+ if (isEmpty(sessionID))
+ throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID);
+ if (isEmpty(xmlInfoboxReadResponse))
+ throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE);
+ AuthenticationSession session = getSession(sessionID);
+ if (session.getTimestampIdentityLink() != null)
+ throw new AuthenticationException("auth.01", new Object[] {sessionID});
+ session.setTimestampIdentityLink();
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+ // parses the <InfoboxReadResponse>
+ IdentityLink identityLink = new InfoboxReadResponseParser(xmlInfoboxReadResponse).
+ parseIdentityLink();
+ // validates the identity link
+ IdentityLinkValidator.getInstance().validate(identityLink);
+ // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
+ Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(
+ identityLink, authConf.getMoaSpIdentityLinkTrustProfileID());
+ // debug output
+ debugOutputXMLFile("VerifyIdentityLinkRequest.xml", domVerifyXMLSignatureRequest);
+ // invokes the call
+ Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().
+ verifyXMLSignature(domVerifyXMLSignatureRequest);
+ // parses the <VerifyXMLSignatureResponse>
+ VerifyXMLSignatureResponse verifyXMLSignatureResponse =
+ new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse).parseData();
+ // debug output
+ debugOutputXMLFile("VerifyIdentityLinkResponse.xml", domVerifyXMLSignatureResponse);
+ // validates the <VerifyXMLSignatureResponse>
+ VerifyXMLSignatureResponseValidator.getInstance().validate(
+ verifyXMLSignatureResponse,
+ authConf.getIdentityLinkX509SubjectNames(),
+ VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK);
+
+ session.setIdentityLink(identityLink);
+ // builds the AUTH-block
+ String authBlock = buildAuthenticationBlock(session);
+ session.setAuthBlock(authBlock);
+ // builds the <CreateXMLSignatureRequest>
+ String[] transformInfos = authConf.getTransformsInfos();
+ String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder().
+ build(authBlock, transformInfos);
+ return createXMLSignatureRequest;
+ }
+ /**
+ * Builds an authentication block <code>&lt;saml:Assertion&gt;</code> from given session data.
+ * @param session authentication session
+ * @return <code>&lt;saml:Assertion&gt;</code> as a String
+ */
+ private String buildAuthenticationBlock(AuthenticationSession session) {
+ IdentityLink identityLink = session.getIdentityLink();
+ String issuer = identityLink.getGivenName() + " " + identityLink.getFamilyName();
+ String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
+ String authURL = session.getAuthURL();
+ String target = session.getTarget();
+ String oaURL = session.getPublicOAURLPrefix();
+ String authBlock = new AuthenticationBlockAssertionBuilder().
+ build(issuer, issueInstant, authURL, target, oaURL);
+ return authBlock;
+ }
+ /**
+ * Processes a <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
+ * security layer implementation.<br>
+ * <ul>
+ * <li>Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+ * <li>Parses <code>&lt;CreateXMLSignatureResponse&gt;</code> for error codes</li>
+ * <li>Parses authentication block enclosed in
+ * <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+ * <li>Verifies authentication block by calling the MOA SP component</li>
+ * <li>Creates authentication data</li>
+ * <li>Creates a corresponding SAML artifact</li>
+ * <li>Stores authentication data in the authentication data store
+ * indexed by the SAML artifact</li>
+ * <li>Deletes authentication session</li>
+ * <li>Returns the SAML artifact, encoded BASE64</li>
+ * </ul>
+ *
+ * @param sessionID session ID of the running authentication session
+ * @param xmlCreateXMLSignatureReadResponse String representation of the
+ * <code>&lt;CreateXMLSignatureResponse&gt;</code>
+ * @return SAML artifact needed for retrieving authentication data, encoded BASE64
+ */
+ public String verifyAuthenticationBlock(
+ String sessionID, String xmlCreateXMLSignatureReadResponse)
+ throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException, WrongParametersException {
+
+ if (isEmpty(sessionID))
+ throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID);
+ if (isEmpty(xmlCreateXMLSignatureReadResponse))
+ throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE);
+ AuthenticationSession session = getSession(sessionID);
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+ // parses <CreateXMLSignatureResponse>
+ CreateXMLSignatureResponse csresp =
+ new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse();
+ // validates <CreateXMLSignatureResponse>
+ new CreateXMLSignatureResponseValidator().validate(csresp, session.getTarget(), session.getPublicOAURLPrefix());
+ // builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call
+ String[] vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs();
+ String tpid = authConf.getMoaSpAuthBlockTrustProfileID();
+ Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid);
+ // debug output
+ AuthenticationServer.debugOutputXMLFile("VerifyAuthenticationBlockRequest.xml", domVsreq);
+ // invokes the call
+ Element domVsresp = new SignatureVerificationInvoker().verifyXMLSignature(domVsreq);
+ // parses the <VerifyXMLSignatureResponse>
+ VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(domVsresp).parseData();
+ // debug output
+ AuthenticationServer.debugOutputXMLFile("VerifyAuthenticationBlockResponse.xml", domVsresp);
+ // validates the <VerifyXMLSignatureResponse>
+ VerifyXMLSignatureResponseValidator.getInstance().validate(
+ vsresp, null,VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK);
+ // compares the public keys from the identityLink with the AuthBlock
+ VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(vsresp, session.getIdentityLink());
+
+ // builds authentication data and stores it together with a SAML artifact
+ AuthenticationData authData = buildAuthenticationData(session, vsresp);
+ String samlArtifact = new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID());
+ storeAuthenticationData(samlArtifact, authData);
+ // invalidates the authentication session
+ sessionStore.remove(sessionID);
+ Logger.info("Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact);
+ return samlArtifact;
+ }
+ /**
+ * Builds the AuthenticationData object together with the
+ * corresponding <code>&lt;saml:Assertion&gt;</code>
+ * @param session authentication session
+ * @param verifyXMLSigResp VerifyXMLSignatureResponse from MOA-SP
+ * @return AuthenticationData object
+ * @throws ConfigurationException while accessing configuration data
+ * @throws BuildException while building the <code>&lt;saml:Assertion&gt;</code>
+ */
+ private AuthenticationData buildAuthenticationData(
+ AuthenticationSession session,
+ VerifyXMLSignatureResponse verifyXMLSigResp)
+ throws ConfigurationException, BuildException {
+
+ IdentityLink identityLink = session.getIdentityLink();
+ AuthenticationData authData = new AuthenticationData();
+ authData.setMajorVersion(1);
+ authData.setMinorVersion(0);
+ authData.setAssertionID(Random.nextRandom());
+ authData.setIssuer(session.getAuthURL());
+ authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance()));
+ String vpkBase64 = new VPKBuilder().buildVPK(
+ identityLink.getIdentificationValue(), identityLink.getDateOfBirth(), session.getTarget());
+ authData.setVPK(vpkBase64);
+ authData.setGivenName(identityLink.getGivenName());
+ authData.setFamilyName(identityLink.getFamilyName());
+ authData.setDateOfBirth(identityLink.getDateOfBirth());
+ authData.setQualifiedCertificate(verifyXMLSigResp.isQualifiedCertificate());
+ authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority());
+ authData.setPublicAuthorityCode(verifyXMLSigResp.getPublicAuthorityCode());
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+ session.getPublicOAURLPrefix());
+ String prPerson = new PersonDataBuilder().build(
+ identityLink, oaParam.getProvideZMRZahl());
+
+ try {
+ String ilAssertion =
+ oaParam.getProvideIdentityLink() ? DOMUtils.serializeNode(identityLink.getSamlAssertion()) : "";
+ String authBlock = oaParam.getProvideAuthBlock() ? session.getAuthBlock() : "";
+ String samlAssertion = new AuthenticationDataAssertionBuilder().build(
+ authData, prPerson, authBlock, ilAssertion);
+ authData.setSamlAssertion(samlAssertion);
+ return authData;
+ }
+ catch (Throwable ex) {
+ throw new BuildException(
+ "builder.00",
+ new Object[] { "AuthenticationData", ex.toString() },
+ ex);
+ }
+ }
+ /**
+ * Retrieves <code>AuthenticationData</code> indexed by the SAML artifact.
+ * The <code>AuthenticationData</code> is deleted from the store upon end of this call.
+ *
+ * @return <code>AuthenticationData</code>
+ */
+ public AuthenticationData getAuthenticationData(String samlArtifact) throws AuthenticationException {
+ String assertionHandle;
+ try {
+ assertionHandle = new SAMLArtifactParser(samlArtifact).parseAssertionHandle();
+ }
+ catch (ParseException ex) {
+ throw new AuthenticationException("1205", new Object[] {samlArtifact, ex.toString()});
+ }
+ AuthenticationData authData = null;
+ synchronized (authenticationDataStore) {
+ authData = (AuthenticationData)authenticationDataStore.get(assertionHandle);
+ if (authData == null) {
+ Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
+ throw new AuthenticationException("1206", new Object[] {samlArtifact});
+ }
+ authenticationDataStore.remove(assertionHandle);
+ }
+ long now = new Date().getTime();
+ if (now - authData.getTimestamp().getTime() > authDataTimeOut)
+ throw new AuthenticationException("1207", new Object[] {samlArtifact});
+ Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact);
+ return authData;
+ }
+ /**
+ * Stores authentication data indexed by the assertion handle contained in the
+ * given saml artifact.
+ * @param samlArtifact SAML artifact
+ * @param authData authentication data
+ * @throws AuthenticationException when SAML artifact is invalid
+ */
+ private void storeAuthenticationData(String samlArtifact, AuthenticationData authData)
+ throws AuthenticationException {
+
+ try {
+ SAMLArtifactParser parser = new SAMLArtifactParser(samlArtifact);
+ // check type code 0x0001
+ byte[] typeCode = parser.parseTypeCode();
+ if (typeCode[0] != 0 || typeCode[1] != 1)
+ throw new AuthenticationException("auth.06", new Object[] {samlArtifact});
+ String assertionHandle = parser.parseAssertionHandle();
+ synchronized(authenticationDataStore) {
+ Logger.debug("Assertion stored for SAML Artifact: " + samlArtifact);
+ authenticationDataStore.put(assertionHandle, authData);
+ }
+ }
+ catch (AuthenticationException ex) {
+ throw ex;
+ }
+ catch (Throwable ex) {
+ throw new AuthenticationException("auth.06", new Object[] {samlArtifact});
+ }
+ }
+ /**
+ * Creates a new session and puts it into the session store.
+ *
+ * @param id Session ID
+ * @return AuthenticationSession created
+ * @exception AuthenticationException
+ * thrown when an <code>AuthenticationSession</code> is running
+ * already for the given session ID
+ */
+ private static AuthenticationSession newSession() throws AuthenticationException {
+ String sessionID = Random.nextRandom();
+ AuthenticationSession newSession = new AuthenticationSession(sessionID);
+ synchronized (sessionStore) {
+ AuthenticationSession session = (AuthenticationSession)sessionStore.get(sessionID);
+ if (session != null)
+ throw new AuthenticationException("auth.01", new Object[] { sessionID });
+ sessionStore.put(sessionID, newSession);
+ }
+ return newSession;
+ }
+ /**
+ * Retrieves a session from the session store.
+ *
+ * @param id session ID
+ * @return <code>AuthenticationSession</code> stored with given session ID,
+ * <code>null</code> if session ID unknown
+ */
+ public static AuthenticationSession getSession(String id) throws AuthenticationException {
+ AuthenticationSession session = (AuthenticationSession)sessionStore.get(id);
+ if (session == null)
+ throw new AuthenticationException("auth.02", new Object[] { id });
+ return session;
+ }
+ /**
+ * Cleans up expired session and authentication data stores.
+ */
+ public void cleanup() {
+ long now = new Date().getTime();
+ synchronized(sessionStore) {
+ Set keys = new HashSet(sessionStore.keySet());
+ for (Iterator iter = keys.iterator(); iter.hasNext(); ) {
+ String sessionID = (String) iter.next();
+ AuthenticationSession session = (AuthenticationSession) sessionStore.get(sessionID);
+ if (now - session.getTimestampStart().getTime() > sessionTimeOut) {
+ Logger.info(MOAIDMessageProvider.getInstance().getMessage("cleaner.02", new Object[] {sessionID}));
+ sessionStore.remove(sessionID);
+ }
+ }
+ }
+ synchronized(authenticationDataStore) {
+ Set keys = new HashSet(authenticationDataStore.keySet());
+ for (Iterator iter = keys.iterator(); iter.hasNext(); ) {
+ String samlArtifact = (String) iter.next();
+ AuthenticationData authData = (AuthenticationData) authenticationDataStore.get(samlArtifact);
+ if (now - authData.getTimestamp().getTime() > authDataTimeOut) {
+ Logger.info(MOAIDMessageProvider.getInstance().getMessage("cleaner.03", new Object[] {samlArtifact}));
+ authenticationDataStore.remove(samlArtifact);
+ }
+ }
+ }
+ }
+
+ /**
+ * Sets the sessionTimeOut.
+ * @param sessionTimeOut time out in seconds
+ */
+ public void setSecondsSessionTimeOut(long seconds) {
+ sessionTimeOut = 1000 * seconds;
+ }
+ /**
+ * Sets the authDataTimeOut.
+ * @param authDataTimeOut time out in seconds
+ */
+ public void setSecondsAuthDataTimeOut(long seconds) {
+ authDataTimeOut = 1000 * seconds;
+ }
+
+ /**
+ * Checks a parameter.
+ * @param param parameter
+ * @return true if the parameter is null or empty
+ */
+ private boolean isEmpty(String param) {
+ return param == null || param.length() == 0;
+ }
+
+ /**
+ * Writes an XML structure to file for debugging purposes, encoding UTF-8.
+ *
+ * @param filename file name
+ * @param rootElem root element in DOM tree
+ */
+ public static void debugOutputXMLFile(String filename, Element rootElem) {
+ if (Logger.isDebugEnabled(DEBUG_OUTPUT_HIERARCHY)) {
+ try {
+ String xmlString = new String(DOMUtils.serializeNode(rootElem));
+ debugOutputXMLFile(filename, xmlString);
+ }
+ catch (Exception ex) {
+ ex.printStackTrace();
+ }
+ }
+ }
+ /**
+ * Writes an XML structure to file for debugging purposes, encoding UTF-8.
+ *
+ * @param filename file name
+ * @param xmlString XML string
+ */
+ public static void debugOutputXMLFile(String filename, String xmlString) {
+ if (Logger.isDebugEnabled(DEBUG_OUTPUT_HIERARCHY)) {
+ try {
+ java.io.OutputStream fout = new java.io.FileOutputStream(filename);
+ byte[] xmlData = xmlString.getBytes("UTF-8");
+ fout.write(xmlData);
+ fout.close();
+ }
+ catch (Exception ex) {
+ ex.printStackTrace();
+ }
+ }
+ }
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
new file mode 100644
index 000000000..7e5ed6ec7
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
@@ -0,0 +1,52 @@
+package at.gv.egovernment.moa.id.auth;
+
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Thread cleaning the <code>AuthenticationServer</code> session store
+ * and authentication data store from garbage.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AuthenticationSessionCleaner implements Runnable {
+
+ /** interval the <code>AuthenticationSessionCleaner</code> is run in */
+ private static final long SESSION_CLEANUP_INTERVAL = 30 * 60; // 30 min
+
+ /**
+ * Runs the thread. Cleans the <code>AuthenticationServer</code> session store
+ * and authentication data store from garbage, then sleeps for given interval, and restarts.
+ */
+ public void run() {
+ while (true) {
+ try {
+ Logger.debug("AuthenticationSessionCleaner run");
+ AuthenticationServer.getInstance().cleanup();
+ }
+ catch (Exception e) {
+ Logger.error(MOAIDMessageProvider.getInstance().getMessage("cleaner.01", null), e);
+ }
+ try {
+ Thread.sleep(SESSION_CLEANUP_INTERVAL * 1000);
+ }
+ catch (InterruptedException e) {
+ }
+ }
+ }
+
+ /**
+ * start the sessionCleaner
+ */
+ public static void start() {
+ // start the session cleanup thread
+ Thread sessionCleaner =
+ new Thread(new AuthenticationSessionCleaner());
+ sessionCleaner.setName("SessionCleaner");
+ sessionCleaner.setDaemon(true);
+ sessionCleaner.setPriority(Thread.MIN_PRIORITY);
+ sessionCleaner.start();
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
new file mode 100644
index 000000000..ddba20049
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -0,0 +1,53 @@
+package at.gv.egovernment.moa.id.auth;
+
+/**
+ * Constants used throughout moa-id-auth component.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public interface MOAIDAuthConstants {
+
+ /** servlet parameter &quot;Target&quot; */
+ public static final String PARAM_TARGET = "Target";
+ /** servlet parameter &quot;OA&quot; */
+ public static final String PARAM_OA = "OA";
+ /** servlet parameter &quot;bkuURI&quot; */
+ public static final String PARAM_BKU = "bkuURI";
+ /** servlet parameter &quot;BKUSelectionTemplate&quot; */
+ public static final String PARAM_BKUTEMPLATE = "BKUSelectionTemplate";
+ /** servlet parameter &quot;returnURI&quot; */
+ public static final String PARAM_RETURN = "returnURI";
+ /** servlet parameter &quot;Template&quot; */
+ public static final String PARAM_TEMPLATE = "Template";
+ /** servlet parameter &quot;MOASessionID&quot; */
+ public static final String PARAM_SESSIONID = "MOASessionID";
+ /** servlet parameter &quot;XMLResponse&quot; */
+ public static final String PARAM_XMLRESPONSE = "XMLResponse";
+ /** servlet parameter &quot;SAMLArtifact&quot; */
+ public static final String PARAM_SAMLARTIFACT = "SAMLArtifact";
+ /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.StartAuthenticationServlet} is mapped to */
+ public static final String REQ_START_AUTHENTICATION = "StartAuthentication";
+ /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet} is mapped to */
+ public static final String REQ_VERIFY_IDENTITY_LINK = "VerifyIdentityLink";
+ /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet} is mapped to */
+ public static final String REQ_VERIFY_AUTH_BLOCK = "VerifyAuthBlock";
+ /** Logging hierarchy used for controlling debug output of XML structures to files */
+ public static final String DEBUG_OUTPUT_HIERARCHY = "moa.id.auth";
+ /** Header Name for controlling the caching mechanism of the browser */
+ public static final String HEADER_EXPIRES = "Expires";
+ /** Header Value for controlling the caching mechanism of the browser */
+ public static final String HEADER_VALUE_EXPIRES = "Sat, 6 May 1995 12:00:00 GMT";
+ /** Header Name for controlling the caching mechanism of the browser */
+ public static final String HEADER_PRAGMA = "Pragma";
+ /** Header Value for controlling the caching mechanism of the browser */
+ public static final String HEADER_VALUE_PRAGMA = "no-cache";
+ /** Header Name for controlling the caching mechanism of the browser */
+ public static final String HEADER_CACHE_CONTROL = "Cache-control";
+ /** Header Value for controlling the caching mechanism of the browser */
+ public static final String HEADER_VALUE_CACHE_CONTROL = "no-store, no-cache, must-revalidate";
+ /** Header Value for controlling the caching mechanism of the browser */
+ public static final String HEADER_VALUE_CACHE_CONTROL_IE = "post-check=0, pre-check=0";
+
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
new file mode 100644
index 000000000..f9bec8b76
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -0,0 +1,118 @@
+package at.gv.egovernment.moa.id.auth;
+
+import iaik.pki.PKIException;
+import iaik.pki.jsse.IAIKX509TrustManager;
+
+import java.security.GeneralSecurityException;
+
+import java.io.IOException;
+
+import javax.net.ssl.SSLSocketFactory;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl;
+import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.logging.LoggingContext;
+import at.gv.egovernment.moa.logging.LoggingContextManager;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
+
+/**
+ * Web application initializer
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class MOAIDAuthInitializer {
+
+ /** a boolean identifying if the MOAIDAuthInitializer has been startet */
+ public static boolean initialized = false;
+
+
+
+ /**
+ * Initializes the web application components which need initialization:
+ * logging, JSSE, MOA-ID Auth configuration, Axis, session cleaner.
+ */
+ public static void initialize()
+ throws ConfigurationException, PKIException, IOException, GeneralSecurityException {
+ if (initialized)
+ return;
+ initialized=true;
+ Logger.setHierarchy("moa.id.auth");
+ // Restricts TLS cipher suites
+ System.setProperty("https.cipherSuites", "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA");
+ // load some jsse classes so that the integrity of the jars can be verified
+ // before the iaik jce is installed as the security provider
+ // this workaround is only needed when sun jsse is used in conjunction with
+ // iaik-jce (on jdk1.3)
+ ClassLoader cl = MOAIDAuthInitializer.class.getClassLoader();
+ try {
+ cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar
+ }
+ catch (ClassNotFoundException e) {
+ Logger.warn(MOAIDMessageProvider.getInstance().getMessage("init.01", null), e);
+ }
+
+ // Initializes SSLSocketFactory store
+ SSLUtils.initialize();
+
+ // Loads the configuration
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.reload();
+ ConnectionParameter moaSPConnParam = authConf.getMoaSpConnectionParameter();
+
+ // If MOA-SP API calls: loads MOA-SP configuration and configures IAIK
+ if (moaSPConnParam == null) {
+ try {
+ LoggingContextManager.getInstance().setLoggingContext(
+ new LoggingContext("startup"));
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+ new IaikConfigurator().configure(config);
+ }
+ catch (at.gv.egovernment.moa.spss.server.config.ConfigurationException ex) {
+ throw new ConfigurationException("config.10", new Object[] { ex.toString() }, ex);
+ }
+ }
+
+ // Initializes IAIKX509TrustManager logging
+ String log4jConfigURL = System.getProperty("log4j.configuration");
+ if (log4jConfigURL != null) {
+ IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL));
+ }
+
+ // Initializes the Axis secure socket factory for use in calling the MOA-SP web service
+ if (moaSPConnParam != null && moaSPConnParam.isHTTPSURL()) {
+ SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(authConf, moaSPConnParam);
+ AxisSecureSocketFactory.initialize(ssf);
+ }
+
+ // sets the authentication session and authentication data time outs
+ String param = authConf.getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY);
+ if (param != null) {
+ long sessionTimeOut = 0;
+ try { sessionTimeOut = new Long(param).longValue(); }
+ catch (NumberFormatException ex) {
+ Logger.error(MOAIDMessageProvider.getInstance().getMessage("config.05", new Object[] {AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY}));
+ }
+ if (sessionTimeOut > 0)
+ AuthenticationServer.getInstance().setSecondsSessionTimeOut(sessionTimeOut);
+ }
+ param = authConf.getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY);
+ if (param != null) {
+ long authDataTimeOut = 0;
+ try { authDataTimeOut = new Long(param).longValue(); }
+ catch (NumberFormatException ex) {
+ Logger.error(MOAIDMessageProvider.getInstance().getMessage("config.05", new Object[] {AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY}));
+ }
+ if (authDataTimeOut > 0)
+ AuthenticationServer.getInstance().setSecondsAuthDataTimeOut(authDataTimeOut);
+ }
+
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/WrongParametersException.java b/id.server/src/at/gv/egovernment/moa/id/auth/WrongParametersException.java
new file mode 100644
index 000000000..3ce2798ea
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/WrongParametersException.java
@@ -0,0 +1,21 @@
+package at.gv.egovernment.moa.id.auth;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+/**
+ * Exception thrown when the <code>AuthenticationServer</code> API is
+ * called with wrong parameters provided.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class WrongParametersException extends MOAIDException {
+
+ /**
+ * Constructor
+ */
+ public WrongParametersException(String call, String parameter) {
+ super("auth.05", new Object[] {call, parameter});
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
new file mode 100644
index 000000000..4babf948c
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -0,0 +1,56 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.text.MessageFormat;
+
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * Builder for the authentication block <code>&lt;saml:Assertion&gt;</code>
+ * to be included in a <code>&lt;CreateXMLSignatureResponse&gt;</code>.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AuthenticationBlockAssertionBuilder implements Constants {
+ /** private static String nl contains the NewLine representation in Java*/
+ private static String nl = "\n";
+ /** private static String AUTH_BLOCK contains an XML-Auth-Block-Template */
+ private static String AUTH_BLOCK =
+ "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "'' MajorVersion=''1'' MinorVersion=''0'' AssertionID=''any'' Issuer=''{0}'' IssueInstant=''{1}''>" + nl +
+ " <saml:AttributeStatement>" + nl +
+ " <saml:Subject>" + nl +
+ " <saml:NameIdentifier>{2}</saml:NameIdentifier>" + nl +
+ " </saml:Subject>" + nl +
+ " <saml:Attribute AttributeName=''Geschäftsbereich'' AttributeNamespace=''" + MOA_NS_URI + "''>" + nl +
+ " <saml:AttributeValue>{3}</saml:AttributeValue>" + nl +
+ " </saml:Attribute>" + nl +
+ " <saml:Attribute AttributeName=''OA'' AttributeNamespace=''" + MOA_NS_URI + "''>" + nl +
+ " <saml:AttributeValue>{4}</saml:AttributeValue>" + nl +
+ " </saml:Attribute>" + nl +
+ " </saml:AttributeStatement>" + nl +
+ "</saml:Assertion>";
+
+ /**
+ * Constructor for AuthenticationBlockAssertionBuilder.
+ */
+ public AuthenticationBlockAssertionBuilder() {
+ super();
+ }
+ /**
+ * Builds the authentication block <code>&lt;saml:Assertion&gt;</code>.
+ *
+ * @param issuer authentication block issuer; <code>"GivenName FamilyName"</code>
+ * @param issueInstant current timestamp
+ * @param authURL URL of MOA-ID authentication component
+ * @param target "Gesch&auml;ftsbereich"
+ * @param oaURL public URL of online application requested
+ * @return String representation of authentication block
+ * <code>&lt;saml:Assertion&gt;</code> built
+ */
+ public String build(String issuer, String issueInstant, String authURL, String target, String oaURL) {
+ String assertion = MessageFormat.format(
+ AUTH_BLOCK, new Object[] { issuer, issueInstant, authURL, target, oaURL });
+ return assertion;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
new file mode 100644
index 000000000..fd7cb1a9d
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
@@ -0,0 +1,114 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.text.MessageFormat;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * Builder for the authentication data <code>&lt;saml:Assertion&gt;</code>
+ * to be provided by the MOA ID Auth component.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AuthenticationDataAssertionBuilder implements Constants {
+ /** private static String NL contains the NewLine representation in Java*/
+ private static final String NL = "\n";
+ /**
+ * XML template for the <code>&lt;saml:Assertion&gt;</code> to be built
+ */
+ private static final String AUTH_DATA =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + NL +
+ "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "'' xmlns:pr=''" + PD_NS_URI + "'' xmlns:xsi=''" + XSI_NS_URI + "''" +
+ " MajorVersion=''1'' MinorVersion=''0'' AssertionID=''{0}'' Issuer=''{1}'' IssueInstant=''{2}''>" + NL +
+ " <saml:AttributeStatement>" + NL +
+ " <saml:Subject>" + NL +
+ " <saml:NameIdentifier NameQualifier=''http://reference.e-government.gv.at/names/vpk/20020221#''>{3}</saml:NameIdentifier>" + NL +
+ " <saml:SubjectConfirmation>" + NL +
+ " <saml:ConfirmationMethod>" + MOA_NS_URI + "cm</saml:ConfirmationMethod>" + NL +
+ " <saml:SubjectConfirmationData>{4}{5}</saml:SubjectConfirmationData>" + NL +
+ " </saml:SubjectConfirmation>" + NL +
+ " </saml:Subject>" + NL +
+ " <saml:Attribute AttributeName=''PersonData'' AttributeNamespace=''" + PD_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{6}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL +
+ " <saml:Attribute AttributeName=''isQualifiedCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{7}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL +
+ "{8}" +
+ " </saml:AttributeStatement>" + NL +
+ "</saml:Assertion>";
+ /**
+ * XML template for the <code>&lt;saml:Attribute&gt;</code> named <code>"isPublicAuthority"</code>,
+ * to be inserted into the <code>&lt;saml:Assertion&gt;</code>
+ */
+ private static final String PUBLIC_AUTHORITY_ATT =
+ " <saml:Attribute AttributeName=''isPublicAuthority'' AttributeNamespace=''urn:oid:1.2.40.0.10.1.1.1''>" + NL +
+ " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL;
+
+ /**
+ * Constructor for AuthenticationDataAssertionBuilder.
+ */
+ public AuthenticationDataAssertionBuilder() {
+ super();
+ }
+
+ /**
+ * Builds the authentication data <code>&lt;saml:Assertion&gt;</code>.
+ *
+ * @param authData the <code>AuthenticationData</code> to build the
+ * <code>&lt;saml:Assertion&gt;</code> from
+ * @param xmlPersonData <code>lt;pr:Person&gt;</code> element as a String
+ * @param xmlAuthBlock authentication block to be included in a
+ * <code>lt;saml:SubjectConfirmationData&gt;</code> element; may include
+ * the <code>"ZMR-Zahl"</code> or not; may be empty
+ * @param xmlIdentityLink the IdentityLink
+ * @return the <code>&lt;saml:Assertion&gt;</code>
+ * @throws BuildException if an error occurs during the build process
+ */
+ public String build(
+ AuthenticationData authData,
+ String xmlPersonData,
+ String xmlAuthBlock,
+ String xmlIdentityLink) throws BuildException {
+
+ String isQualifiedCertificate = authData.isQualifiedCertificate() ? "true" : "false";
+ String publicAuthorityAttribute = "";
+ if (authData.isPublicAuthority()) {
+ String publicAuthorityIdentification = authData.getPublicAuthorityCode();
+ if (publicAuthorityIdentification == null)
+ publicAuthorityIdentification = "True";
+ publicAuthorityAttribute = MessageFormat.format(
+ PUBLIC_AUTHORITY_ATT, new Object[] { publicAuthorityIdentification });
+ }
+
+ String assertion = MessageFormat.format(AUTH_DATA, new Object[] {
+ authData.getAssertionID(),
+ authData.getIssuer(),
+ authData.getIssueInstant(),
+ authData.getVPK(),
+ removeXMLDeclaration(xmlAuthBlock),
+ removeXMLDeclaration(xmlIdentityLink),
+ removeXMLDeclaration(xmlPersonData),
+ isQualifiedCertificate,
+ publicAuthorityAttribute});
+ return assertion;
+ }
+
+ /**
+ * Removes the XML declaration from an XML expression.
+ * @param xmlString XML expression as String
+ * @return XML expression, XML declaration removed
+ */
+ private String removeXMLDeclaration(String xmlString) {
+ if (xmlString.startsWith("<?xml")) {
+ int firstElement = xmlString.indexOf("<", 1);
+ return xmlString.substring(firstElement);
+ }
+ else return xmlString;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/Builder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/Builder.java
new file mode 100644
index 000000000..e5bbaa585
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/Builder.java
@@ -0,0 +1,30 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import at.gv.egovernment.moa.id.BuildException;
+
+/**
+ * Base class for HTML/XML builders providing commonly useful functions.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class Builder {
+
+ /**
+ * Replaces a special tag in an XML or HTML template by a value.
+ * @param htmlTemplate template
+ * @param tag special tag
+ * @param value value replacing the tag
+ * @return XML or HTML code, the tag replaced
+ * @throws BuildException when template does not contain the tag
+ */
+ protected String replaceTag(String template, String tag, String value) throws BuildException {
+ int index = template.indexOf(tag);
+ if (index < 0)
+ throw new BuildException(
+ "builder.01",
+ new Object[] {"&lt;" + tag.substring(1, tag.length() - 1) + "&gt;"});
+ return template.substring(0, index) + value + template.substring(index + tag.length());
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
new file mode 100644
index 000000000..5ceb1d1c0
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
@@ -0,0 +1,51 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.io.IOException;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.util.FileUtils;
+
+/**
+ * Builder for the <code>&lt;VerifyXMLSignatureRequest&gt;</code> structure
+ * used for presenting certificate information in the secure viewer of the security layer implementation.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class CertInfoVerifyXMLSignatureRequestBuilder extends Builder {
+
+ /** special tag in the VerifyXMLRequest template to be substituted for a <code>&lt;dsig:Signature&gt;</code> */
+ private static final String SIGNATURE_TAG = "<dsig:Signature/>";
+
+ /**
+ * Constructor
+ */
+ public CertInfoVerifyXMLSignatureRequestBuilder() {
+ super();
+ }
+ /**
+ * Builds the <code>&lt;VerifyXMLSignatureRequest&gt;</code> structure.
+ * @return the XML structure
+ * @throws BuildException
+ */
+ public String build() throws BuildException {
+ String resCertInfoRequest = "resources/xmldata/CertInfoVerifyXMLSignatureRequest.xml";
+ String resDsigSignature = "resources/xmldata/CertInfoDsigSignature.xml";
+ String certInfoRequest;
+ try {
+ certInfoRequest = FileUtils.readResource(resCertInfoRequest, "UTF-8");
+ }
+ catch (IOException ex) {
+ throw new BuildException("auth.04", new Object[] {resCertInfoRequest, ex.toString()});
+ }
+ try {
+ String dsigSignature = FileUtils.readResource(resDsigSignature, "UTF-8");
+ certInfoRequest = replaceTag(certInfoRequest, SIGNATURE_TAG, dsigSignature);
+ return certInfoRequest;
+ }
+ catch (IOException ex) {
+ throw new BuildException("auth.04", new Object[] {resDsigSignature, ex.toString()});
+ }
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
new file mode 100644
index 000000000..8693c71a9
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
@@ -0,0 +1,58 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.text.MessageFormat;
+
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * Builder for the <code>&lt;CreateXMLSignatureRequest&gt;</code> structure
+ * used for requesting a signature under the authentication block from the
+ * security layer implementation.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class CreateXMLSignatureRequestBuilder implements Constants {
+ /** private static String nl contains the NewLine representation in Java*/
+ private static final String nl = "\n";
+ /**
+ * XML template for the <code>&lt;moa:CreateXMLSignatureRequest&gt;</code> to be built
+ */
+ private static final String CREATE_XML_SIGNATURE_REQUEST =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + nl +
+ "<sl11:CreateXMLSignatureRequest xmlns:dsig=''" + DSIG_NS_URI + "'' xmlns:sl10=''" + SL10_NS_URI + "'' xmlns:sl11=''" + SL11_NS_URI + "''>" + nl +
+ " <sl11:KeyboxIdentifier>SecureSignatureKeypair</sl11:KeyboxIdentifier>" + nl +
+ " <sl11:DataObjectInfo Structure=''detached''>" + nl +
+ " <sl10:DataObject Reference=''''/>" + nl +
+ "{1}" +
+ " </sl11:DataObjectInfo>" + nl +
+ " <sl11:SignatureInfo>" + nl +
+ " <sl11:SignatureEnvironment>" + nl +
+ " <sl10:XMLContent>{0}</sl10:XMLContent>" + nl +
+ " </sl11:SignatureEnvironment>" + nl +
+ " <sl11:SignatureLocation Index=''2''>/saml:Assertion</sl11:SignatureLocation>" + nl +
+ " </sl11:SignatureInfo>" + nl +
+ "</sl11:CreateXMLSignatureRequest>";
+
+ /**
+ * Constructor for CreateXMLSignatureRequestBuilder.
+ */
+ public CreateXMLSignatureRequestBuilder() {
+ super();
+ }
+
+ /**
+ * Builds the <code>&lt;CreateXMLSignatureRequest&gt;</code>.
+ *
+ * @param authBlock String representation of XML authentication block
+ * @return String representation of <code>&lt;CreateXMLSignatureRequest&gt;</code>
+ */
+ public String build(String authBlock, String[] dsigTransformInfos) {
+ String dsigTransformInfosString = "";
+ for (int i = 0; i < dsigTransformInfos.length; i++)
+ dsigTransformInfosString += dsigTransformInfos[i];
+ String request = MessageFormat.format(
+ CREATE_XML_SIGNATURE_REQUEST, new Object[] { authBlock, dsigTransformInfosString });
+ return request;
+ }
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
new file mode 100644
index 000000000..575149d9e
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
@@ -0,0 +1,55 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
+
+/**
+ * Builds a DataURL parameter meant for the security layer implementation
+ * to respond to.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class DataURLBuilder {
+
+ /**
+ * Constructor for DataURLBuilder.
+ */
+ public DataURLBuilder() {
+ super();
+ }
+
+ /**
+ * Constructs a data URL for <code>VerifyIdentityLink</code> or <code>VerifyAuthenticationBlock</code>,
+ * including the <code>MOASessionID</code> as a parameter.
+ *
+ * @param authBaseURL base URL (context path) of the MOA ID Authentication component,
+ * including a trailing <code>'/'</code>
+ * @param authServletName request part of the data URL
+ * @param sessionID sessionID to be included in the dataURL
+ * @return String
+ */
+ public String buildDataURL(String authBaseURL, String authServletName, String sessionID) {
+ String dataURL = authBaseURL + authServletName;
+ dataURL = addParameter(dataURL, AuthServlet.PARAM_SESSIONID, sessionID);
+ return dataURL;
+ }
+
+ /**
+ * Method addParameter.
+ * @param urlString represents the url
+ * @param paramname is the parameter to be added
+ * @param value is the value of that parameter
+ * @return String
+ */
+ private String addParameter(String urlString, String paramname, String value) {
+ String url = urlString;
+ if (paramname != null) {
+ if (url.indexOf("?") < 0)
+ url += "?";
+ else
+ url += "&";
+ url += paramname + "=" + value;
+ }
+ return url;
+ }
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
new file mode 100644
index 000000000..8391fdd62
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
@@ -0,0 +1,137 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.io.IOException;
+import java.io.StringReader;
+import java.io.StringWriter;
+
+import at.gv.egovernment.moa.id.BuildException;
+
+/**
+ * Builder for HTML form requesting the security layer implementation
+ * to get the identity link from smartcard by a <code>&lt;InfoboxReadRequest&gt;</code>.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class GetIdentityLinkFormBuilder extends Builder {
+ /** private static String NL contains the NewLine representation in Java*/
+ private static final String nl = "\n";
+ /** special tag in the HTML template to be substituted for the BKU URL */
+ private static final String BKU_TAG = "<BKU>";
+ /** special tag in the HTML template to be substituted for the XML request */
+ private static final String XMLREQUEST_TAG = "<XMLRequest>";
+ /** special tag in the HTML template to be substituted for the data URL */
+ private static final String DATAURL_TAG = "<DataURL>";
+ /** special tag in the HTML template to be substituted for certificate info XML request */
+ private static final String CERTINFO_XMLREQUEST_TAG = "<CertInfoXMLRequest>";
+ /** special tag in the HTML template to be substituted for the certificate info data URL */
+ private static final String CERTINFO_DATAURL_TAG = "<CertInfoDataURL>";
+
+ /** default BKU URL */
+ private static final String DEFAULT_BKU = "http://localhost:3495/http-security-layer-request";
+ /** default HTML template */
+ private static final String DEFAULT_HTML_TEMPLATE =
+ "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + nl +
+ "<html>" + nl +
+ "<head>" + nl +
+ "<title>Auslesen der Personenbindung</title>" + nl +
+ "</head>" + nl +
+ "<body>" + nl +
+ "<form name=\"GetIdentityLinkForm\"" + nl +
+ " action=\"" + BKU_TAG + "\"" + nl +
+ " method=\"post\">" + nl +
+ " <input type=\"hidden\" " + nl +
+ " name=\"XMLRequest\"" + nl +
+ " value=\"" + XMLREQUEST_TAG + "\"/>" + nl +
+ " <input type=\"hidden\" " + nl +
+ " name=\"DataURL\"" + nl +
+ " value=\"" + DATAURL_TAG + "\"/>" + nl +
+ " <input type=\"submit\" value=\"Auslesen der Personenbindung\"/>" + nl +
+ "</form>" + nl +
+ "<form name=\"CertificateInfoForm\"" + nl +
+ " action=\"" + BKU_TAG + "\"" + nl +
+ " method=\"post\">" + nl +
+ " <input type=\"hidden\" " + nl +
+ " name=\"XMLRequest\"" + nl +
+ " value=\"" + CERTINFO_XMLREQUEST_TAG + "\"/>" + nl +
+ " <input type=\"hidden\" " + nl +
+ " name=\"DataURL\"" + nl +
+ " value=\"" + CERTINFO_DATAURL_TAG + "\"/>" + nl +
+ " <input type=\"submit\" value=\"Information zu Wurzelzertifikaten\"/>" + nl +
+ "</form>" + nl +
+ "</body>" + nl +
+ "</html>";
+
+ /**
+ * Constructor for GetIdentityLinkFormBuilder.
+ */
+ public GetIdentityLinkFormBuilder() {
+ super();
+ }
+ /**
+ * Builds the HTML form, including XML Request and data URL as parameters.
+ *
+ * @param htmlTemplate template to be used for the HTML form;
+ * may be <code>null</code>, in this case a default layout will be produced
+ * @param xmlRequest XML Request to be sent as a parameter in the form
+ * @param bkuURL URL of the "B&uuml;rgerkartenumgebung" the form will be submitted to;
+ * may be <code>null</code>, in this case the default URL will be used
+ * @param dataURL DataURL to be sent as a parameter in the form
+ */
+ public String build(
+ String htmlTemplate, String bkuURL, String xmlRequest, String dataURL, String certInfoXMLRequest, String certInfoDataURL)
+ throws BuildException {
+
+ String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate;
+ String bku = bkuURL == null ? DEFAULT_BKU : bkuURL;
+ htmlForm = replaceTag(htmlForm, BKU_TAG, bku);
+ htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest));
+ htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL);
+ htmlForm = replaceTag(htmlForm, BKU_TAG, bku);
+ htmlForm = replaceTag(htmlForm, CERTINFO_XMLREQUEST_TAG, encodeParameter(certInfoXMLRequest));
+ htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL);
+ return htmlForm;
+ }
+ /**
+ * Encodes a string for inclusion as a parameter in the form.
+ * Double quotes are substituted by <code>"&amp;quot;"</code>.
+ * @param s the string to be encoded
+ * @return the string encoded
+ * @throws BuildException on any exception encountered
+ */
+ public static String encodeParameter(String s) throws BuildException {
+ StringReader in = new StringReader(s);
+ StringWriter out = new StringWriter();
+ try {
+ for (int ch = in.read(); ch >= 0; ch = in.read()) {
+ if (ch == '"')
+ out.write("&quot;");
+ else if (ch == '<')
+ out.write("&lt;");
+ else if (ch == '>')
+ out.write("&gt;");
+ else if (ch == 'ä')
+ out.write("&auml;");
+ else if (ch == 'ö')
+ out.write("&ouml;");
+ else if (ch == 'ü')
+ out.write("&uuml;");
+ else if (ch == 'Ä')
+ out.write("&Auml;");
+ else if (ch == 'Ö')
+ out.write("&Ouml;");
+ else if (ch == 'Ü')
+ out.write("&Uuml;");
+ else if (ch == 'ß')
+ out.write("&szlig;");
+ else
+ out.write(ch);
+ }
+ }
+ catch (IOException ex) {
+ throw new BuildException("builder.00", new Object[] {"GetIdentityLinkForm", ex.toString()});
+ }
+ return out.toString();
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java
new file mode 100644
index 000000000..d3e100671
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java
@@ -0,0 +1,39 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * Builder for the <code>&lt;InfoboxReadRequest&gt;</code> structure
+ * used for requesting the identity link from the security layer implementation.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class InfoboxReadRequestBuilder implements Constants {
+
+ /**
+ * XML template for the <code>&lt;sl10:InfoboxReadRequest&gt;</code> to be built
+ */
+ String INFOBOX_READ_REQUEST =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" +
+ "<sl10:InfoboxReadRequest xmlns:sl10=\"" + SL10_NS_URI + "\">" +
+ "<sl10:InfoboxIdentifier>IdentityLink</sl10:InfoboxIdentifier>" +
+ "<sl10:BinaryFileParameters ContentIsXMLEntity=\"true\"/>" +
+ "</sl10:InfoboxReadRequest>";
+
+ /**
+ * Constructor for InfoboxReadRequestBuilder.
+ */
+ public InfoboxReadRequestBuilder() {
+ }
+ /**
+ * Builds an <code>&lt;InfoboxReadRequest&gt;</code>.
+ *
+ * @return <code>&lt;InfoboxReadRequest&gt;</code> as String
+ */
+ public String build() {
+ String request = INFOBOX_READ_REQUEST;
+ return request;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
new file mode 100644
index 000000000..85ec1cb7f
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
@@ -0,0 +1,58 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * Builder for the <code>lt;pr:Person&gt;</code> element to be inserted
+ * in the authentication data <code>lt;saml:Assertion&gt;</code>.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class PersonDataBuilder {
+
+ /**
+ * Constructor for PersonDataBuilder.
+ */
+ public PersonDataBuilder() {
+ super();
+ }
+ /**
+ * Builds the <code>&lt;pr:Person&gt;</code> element.<br/>
+ * Utilizes the parsed <code>&lt;prPerson&gt;</code> from the identity link
+ * and the information regarding inclusion of <code>"ZMR-Zahl"</code> in the
+ * <code>&lt;pr:Person&gt;</code> data.
+ *
+ * @param identityLink <code>IdentityLink</code> containing the
+ * attribute <code>prPerson</code>
+ * @param provideZMRZahl true if <code>"ZMR-Zahl"</code> is to be included;
+ * false otherwise
+ * @return the <code>&lt;pr:Person&gt;</code> element as a String
+ * @throws BuildException on any error
+ */
+ public String build(IdentityLink identityLink, boolean provideZMRZahl)
+ throws BuildException {
+
+ try {
+ Element prPerson = (Element)identityLink.getPrPerson().cloneNode(true);
+ if (! provideZMRZahl) {
+ Node prIdentification = XPathUtils.selectSingleNode(prPerson, "pr:Identification");
+ prPerson.removeChild(prIdentification);
+ }
+ String xmlString = DOMUtils.serializeNode(prPerson);
+ return xmlString;
+ }
+ catch (Exception ex) {
+ throw new BuildException(
+ "builder.00",
+ new Object[] {"PersonData", ex.toString()},
+ ex);
+ }
+ }
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
new file mode 100644
index 000000000..27e19e830
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
@@ -0,0 +1,60 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.io.ByteArrayOutputStream;
+import java.security.MessageDigest;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.util.Base64Utils;
+
+/**
+ * Builder for the SAML artifact, as defined in the
+ * Browser/Artifact profile of SAML.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SAMLArtifactBuilder {
+
+ /**
+ * Constructor for SAMLArtifactBuilder.
+ */
+ public SAMLArtifactBuilder() {
+ super();
+ }
+
+ /**
+ * Builds the SAML artifact, encoded BASE64.
+ * <ul>
+ * <li><code>TypeCode</code>: <code>0x0001</code>.</li>
+ * <li><code>SourceID</code>: SHA-1 hash of the authURL</li>
+ * <li><code>AssertionHandle</code>: SHA-1 hash of the <code>MOASessionID</code></li>
+ * </ul>
+ * @param authURL URL auf the MOA-ID Auth component to be used for construction
+ * of <code>SourceID</code>
+ * @param sessionID <code>MOASessionID</code> to be used for construction
+ * of <code>AssertionHandle</code>
+ * @return the 42-byte SAML artifact, encoded BASE64
+ */
+ public String build(String authURL, String sessionID) throws BuildException {
+ try {
+ MessageDigest md = MessageDigest.getInstance("SHA-1");
+ byte[] sourceID = md.digest(authURL.getBytes());
+ byte[] assertionHandle = md.digest(sessionID.getBytes());
+ ByteArrayOutputStream out = new ByteArrayOutputStream(42);
+ out.write(0);
+ out.write(1);
+ out.write(sourceID, 0, 20);
+ out.write(assertionHandle, 0, 20);
+ byte[] samlArtifact = out.toByteArray();
+ String samlArtifactBase64 = Base64Utils.encode(samlArtifact);
+ return samlArtifactBase64;
+ }
+ catch (Throwable ex) {
+ throw new BuildException(
+ "builder.00",
+ new Object[] {"SAML Artifact, MOASessionID=" + sessionID, ex.toString()},
+ ex);
+ }
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java
new file mode 100644
index 000000000..a4fb5579e
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java
@@ -0,0 +1,100 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.text.MessageFormat;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.*;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+/**
+ * Builder for the <code>lt;samlp:Response&gt;</code> used for passing
+ * result and status information from the <code>GetAuthenticationData</code>
+ * web service.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SAMLResponseBuilder implements Constants {
+ /** XML - Template for samlp:Response */
+ private static final String RESPONSE =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" +
+ "<samlp:Response xmlns:samlp=\"" + SAMLP_NS_URI + "\" xmlns:saml=\"" + SAML_NS_URI + "\"" +
+ " ResponseID=\"{0}\" InResponseTo=\"{1}\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"{2}\">" +
+ " <samlp:Status>" +
+ " <samlp:StatusCode Value=\"{3}\">" +
+ " {4}" +
+ " </samlp:StatusCode>" +
+ " <samlp:StatusMessage>{5}</samlp:StatusMessage>" +
+ " </samlp:Status>" +
+ " {6}" +
+ "</samlp:Response>";
+ /** XML - Template for samlp:StatusCode */
+ private static final String SUB_STATUS_CODE =
+ "<samlp:StatusCode Value=\"{0}\"></samlp:StatusCode>";
+
+ /**
+ * Constructor for SAMLResponseBuilder.
+ */
+ public SAMLResponseBuilder() {
+ super();
+ }
+ /**
+ * Builds the SAML response.
+ * @param responseID response ID
+ * @param inResponseTo request ID of <code>lt;samlp:Request&gt;</code> responded to
+ * @param issueInstant current timestamp
+ * @param statusCode status code
+ * @param subStatusCode sub-status code refining the status code; may be <code>null</code>
+ * @param statusMessage status message
+ * @param samlAssertion SAML assertion representing authentication data
+ * @return SAML response as a DOM element
+ */
+ public Element build(
+ String responseID,
+ String inResponseTo,
+ String issueInstant,
+ String statusCode,
+ String subStatusCode,
+ String statusMessage,
+ String samlAssertion)
+ throws BuildException {
+
+ try {
+ String xmlSubStatusCode =
+ subStatusCode == null ?
+ "" :
+ MessageFormat.format(SUB_STATUS_CODE, new Object[] {subStatusCode});
+ String xmlResponse = MessageFormat.format(RESPONSE, new Object[] {
+ responseID,
+ inResponseTo,
+ issueInstant,
+ statusCode,
+ xmlSubStatusCode,
+ statusMessage,
+ removeXMLDeclaration(samlAssertion) });
+ Element domResponse = DOMUtils.parseDocument(xmlResponse, true, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+ return domResponse;
+ }
+ catch (Throwable ex) {
+ throw new BuildException(
+ "builder.00",
+ new Object[] { "samlp:Response", ex.toString() },
+ ex);
+ }
+ }
+ /**
+ * Removes the XML declaration from an XML expression.
+ * @param xmlString XML expression as String
+ * @return XML expression, XML declaration removed
+ */
+ private String removeXMLDeclaration(String xmlString) {
+ if (xmlString.startsWith("<?xml")) {
+ int firstElement = xmlString.indexOf("<", 1);
+ return xmlString.substring(firstElement);
+ }
+ else return xmlString;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java
new file mode 100644
index 000000000..363cd65a3
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java
@@ -0,0 +1,63 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import at.gv.egovernment.moa.id.BuildException;
+
+/**
+ * Builder for the BKU selection form requesting the user to choose
+ * a BKU from a list.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SelectBKUFormBuilder extends Builder {
+ /** private static String NL contains the NewLine representation in Java*/
+ private static final String nl = "\n";
+ /** special tag in the HTML template to be substituted for the form action which is
+ * a URL of MOA-ID Auth */
+ private static final String ACTION_TAG = "<StartAuth>";
+ /** special tag in the HTML template to be substituted for the <code>&lt;select;gt;</code> tag
+ * containing the BKU selection options */
+ private static final String SELECT_TAG = "<BKUSelect>";
+ /**
+ * Template for the default html-code to be returned as security-layer-selection to be built
+ */
+ private static final String DEFAULT_HTML_TEMPLATE =
+ "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + nl +
+ "<html>" + nl +
+ "<head>" + nl +
+ "<title>Auswahl der B&uuml;rgerkartenumgebung</title>" + nl +
+ "</head>" + nl +
+ "<body>" + nl +
+ "<form name=\"BKUSelectionForm\"" + nl +
+ " action=\"" + ACTION_TAG + "\"" + nl +
+ " method=\"post\">" + nl +
+ SELECT_TAG + nl +
+ " <input type=\"submit\" value=\"B&uuml;rgerkartenumgebung ausw&auml;hlen\"/>" + nl +
+ "</form>" + nl +
+ "</body>" + nl +
+ "</html>";
+
+ /**
+ * Constructor
+ */
+ public SelectBKUFormBuilder() {
+ super();
+ }
+ /**
+ * Method build. Builds the form
+ * @param htmlTemplate to be used
+ * @param startAuthenticationURL the url where the startAuthenticationServlet can be found
+ * @param bkuSelectTag if a special bku should be used
+ * @return String
+ * @throws BuildException on any error
+ */
+ public String build(String htmlTemplate, String startAuthenticationURL, String bkuSelectTag)
+ throws BuildException {
+
+ String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate;
+ htmlForm = replaceTag(htmlForm, ACTION_TAG, startAuthenticationURL);
+ htmlForm = replaceTag(htmlForm, SELECT_TAG, bkuSelectTag);
+ return htmlForm;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VPKBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VPKBuilder.java
new file mode 100644
index 000000000..c18156a01
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VPKBuilder.java
@@ -0,0 +1,52 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.security.MessageDigest;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.util.Base64Utils;
+
+/**
+ * Builder for the VPK, as defined in
+ * <code>&quot;Ableitung f&uml;r die verfahrensspezifische Personenkennzeichnung&quot;</code>
+ * version <code>1.0.1</code> from <code>&quot;reference.e-government.gv.at&quot;</code>.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class VPKBuilder {
+
+ /**
+ * Builds the VPK from given parameters.
+ * @param identificationValue "ZMR-Zahl"
+ * @param dateOfBirth "Geburtsdatum"
+ * @param target "Verfahrensname"; will be transformed to lower case
+ * @return VPK in a BASE64 encoding
+ * @throws BuildException while building the VPK
+ */
+ public String buildVPK(String identificationValue, String dateOfBirth, String target)
+ throws BuildException {
+
+ if (identificationValue == null || identificationValue.length() == 0
+ || dateOfBirth == null || dateOfBirth.length() == 0
+ || target == null || target.length() == 0)
+ throw new BuildException(
+ "builder.00",
+ new Object[] {"VPK",
+ "Unvollständige Parameterangaben: identificationValue=" + identificationValue +
+ ",dateOfBirth=" + dateOfBirth + ",target=" + target});
+ String basisbegriff = identificationValue + "+" + dateOfBirth + "+" + target.toLowerCase();
+ try {
+ MessageDigest md = MessageDigest.getInstance("SHA-1");
+ byte[] hash = md.digest(basisbegriff.getBytes());
+ String hashBase64 = Base64Utils.encode(hash);
+ return hashBase64;
+ }
+ catch (Exception ex) {
+ throw new BuildException(
+ "builder.00",
+ new Object[] {"VPK", ex.toString()},
+ ex);
+ }
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
new file mode 100644
index 000000000..863162fd9
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
@@ -0,0 +1,203 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.*;
+import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * Builder for the <code>&lt;VerifyXMLSignatureRequestBuilder&gt;</code> structure
+ * used for sending the DSIG-Signature of the Security Layer card for validating to MOA-SP.
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class VerifyXMLSignatureRequestBuilder {
+ /** The MOA-Prefix */
+ private static final String MOA = Constants.MOA_PREFIX + ":";
+ /** the request as string */
+ private String request;
+ /** the request as DOM-Element */
+ private Element reqElem;
+
+ /**
+ * Constructor for VerifyXMLSignatureRequestBuilder.
+ */
+ public VerifyXMLSignatureRequestBuilder() {}
+ /**
+ * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
+ * from an IdentityLink with a known trustProfileID which
+ * has to exist in MOA-SP
+ * @param idl - The IdentityLink
+ * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
+ * @return Element - The complete request as Dom-Element
+ * @throws ParseException
+ */
+ public Element build(IdentityLink idl, String trustProfileID) throws ParseException
+ { //samlAssertionObject
+ request =
+ "<?xml version='1.0' encoding='UTF-8' ?>"
+ + "<VerifyXMLSignatureRequest xmlns=\"http://reference.e-government.gv.at/namespace/moa/20020822#\" xmlns:xml=\"http://www.w3.org/XML/1998/namespace\" xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">"
+ + " <VerifySignatureInfo>"
+ + " <VerifySignatureEnvironment>"
+ + " <XMLContent xml:space=\"preserve\"/>"
+ + " </VerifySignatureEnvironment>"
+ + " <VerifySignatureLocation>//dsig:Signature</VerifySignatureLocation>"
+ + " </VerifySignatureInfo>"
+ + " <SignatureManifestCheckParams ReturnReferenceInputData=\"false\">" // True bei CreateXMLSig Überprüfung
+ +" <ReferenceInfo>" + " <VerifyTransformsInfoProfile/>"
+ // Profile ID für create (alle auslesen aus IDCOnfig VerifyAuthBlock)
+ +" </ReferenceInfo>" + " </SignatureManifestCheckParams>"
+
+ // Testweise ReturnReferenceInputData = False
+
+ +" <ReturnHashInputData/>"
+ + " <TrustProfileID>"
+ + trustProfileID
+ + "</TrustProfileID>"
+ + "</VerifyXMLSignatureRequest>";
+
+ try {
+ InputStream s = new ByteArrayInputStream(request.getBytes("UTF-8"));
+ reqElem = DOMUtils.parseXmlValidating(s);
+
+ String CONTENT_XPATH =
+ "//"
+ + MOA
+ + "VerifyXMLSignatureRequest/"
+ + MOA
+ + "VerifySignatureInfo/"
+ + MOA
+ + "VerifySignatureEnvironment/"
+ + MOA
+ + "XMLContent";
+
+ Element insertTo =
+ (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH);
+ insertTo.appendChild(
+ insertTo.getOwnerDocument().importNode(idl.getSamlAssertion(), true));
+
+ String SIGN_MANI_CHECK_PARAMS_XPATH =
+ "//"
+ + MOA
+ + "VerifyXMLSignatureRequest/"
+ + MOA
+ + "SignatureManifestCheckParams";
+ insertTo =
+ (Element) XPathUtils.selectSingleNode(
+ reqElem,
+ SIGN_MANI_CHECK_PARAMS_XPATH);
+ insertTo.removeChild(
+ (Element) XPathUtils.selectSingleNode(
+ reqElem,
+ SIGN_MANI_CHECK_PARAMS_XPATH + "/" + MOA + "ReferenceInfo"));
+ Element[] dsigTransforms = idl.getDsigReferenceTransforms();
+ for (int i = 0; i < 1; i++) //dsigTransforms.length; i++)
+ {
+ Element refInfo =
+ insertTo.getOwnerDocument().createElementNS(
+ Constants.MOA_NS_URI,
+ "ReferenceInfo");
+ insertTo.appendChild(refInfo);
+ Element verifyTransformsInfoProfile =
+ insertTo.getOwnerDocument().createElementNS(
+ Constants.MOA_NS_URI,
+ "VerifyTransformsInfoProfile");
+ refInfo.appendChild(verifyTransformsInfoProfile);
+ verifyTransformsInfoProfile.appendChild(
+ insertTo.getOwnerDocument().importNode(dsigTransforms[i], true));
+ }
+ }
+ catch (Throwable t) {
+ throw new ParseException( //"VerifyXMLSignatureRequest (IdentityLink)");
+ "builder.00",
+ new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" },
+ t);
+ }
+
+ return reqElem;
+ }
+
+ /**
+ * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
+ * from an IdentityLink with a known trustProfileID which
+ * has to exist in MOA-SP
+ * @param idl - The IdentityLink
+ * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
+ * @return Element - The complete request as Dom-Element
+ * @throws ParseException
+ */
+ public Element build(
+ CreateXMLSignatureResponse csr,
+ String[] verifyTransformsInfoProfileID,
+ String trustProfileID)
+ throws ParseException { //samlAssertionObject
+ request =
+ "<?xml version='1.0' encoding='UTF-8' ?>"
+ + "<VerifyXMLSignatureRequest xmlns=\"http://reference.e-government.gv.at/namespace/moa/20020822#\" xmlns:xml=\"http://www.w3.org/XML/1998/namespace\" xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">"
+ + " <VerifySignatureInfo>"
+ + " <VerifySignatureEnvironment>"
+ + " <XMLContent xml:space=\"preserve\"/>"
+ + " </VerifySignatureEnvironment>"
+ + " <VerifySignatureLocation>//dsig:Signature</VerifySignatureLocation>"
+ + " </VerifySignatureInfo>"
+ + " <SignatureManifestCheckParams ReturnReferenceInputData=\"true\">"
+ + " <ReferenceInfo>";
+
+ for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) {
+ request += " <VerifyTransformsInfoProfileID>" +
+ verifyTransformsInfoProfileID[i] +
+ "</VerifyTransformsInfoProfileID>";
+ // Profile ID für create (auslesen aus IDCOnfig VerifyAuthBlock ODER per String übergeben....)
+
+ }
+
+ request += " </ReferenceInfo>"
+ + " </SignatureManifestCheckParams>"
+ // Testweise ReturnReferenceInputData = False
+ +" <ReturnHashInputData/>"
+ + " <TrustProfileID>"
+ + trustProfileID
+ + "</TrustProfileID>"
+ + "</VerifyXMLSignatureRequest>";
+
+ try {
+ // Build a DOM-Tree of the obove String
+ InputStream s = new ByteArrayInputStream(request.getBytes("UTF-8"));
+ reqElem = DOMUtils.parseXmlValidating(s);
+ //Insert the SAML-Assertion-Object
+ String CONTENT_XPATH =
+ "//"
+ + MOA
+ + "VerifyXMLSignatureRequest/"
+ + MOA
+ + "VerifySignatureInfo/"
+ + MOA
+ + "VerifySignatureEnvironment/"
+ + MOA
+ + "XMLContent";
+
+ Element insertTo =
+ (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH);
+ insertTo.appendChild(
+ insertTo.getOwnerDocument().importNode(csr.getSamlAssertion(), true));
+
+ }
+ catch (Throwable t) {
+ throw new ParseException(
+ "builder.00",
+ new Object[] { "VerifyXMLSignatureRequest" },
+ t);
+ }
+
+ return reqElem;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
new file mode 100644
index 000000000..ba4a9e367
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -0,0 +1,220 @@
+package at.gv.egovernment.moa.id.auth.data;
+
+import java.util.Date;
+
+
+/**
+ * Session data to be stored between <code>AuthenticationServer</code> API calls.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AuthenticationSession {
+ /**
+ * session ID
+ */
+ private String sessionID;
+ /**
+ * "Gesch&auml;ftsbereich" the online application belongs to
+ */
+ private String target;
+ /**
+ * public online application URL requested
+ */
+ private String oaURLRequested;
+ /**
+ * public online application URL prefix
+ */
+ private String oaPublicURLPrefix;
+ /**
+ * URL of MOA ID authentication component
+ */
+ private String authURL;
+ /**
+ * HTML template URL
+ */
+ private String templateURL;
+ /**
+ * identity link read from smartcard
+ */
+ private IdentityLink identityLink;
+ /**
+ * authentication block to be signed by the user
+ */
+ private String authBlock;
+ /**
+ * timestamp logging when authentication session has been created
+ */
+ private Date timestampStart;
+ /**
+ * timestamp logging when identity link has been received
+ */
+ private Date timestampIdentityLink;
+
+ /**
+ * Constructor for AuthenticationSession.
+ *
+ * @param id Session ID
+ */
+ public AuthenticationSession(String id) {
+ sessionID = id;
+ setTimestampStart();
+ }
+
+ /**
+ * Returns the identityLink.
+ * @return IdentityLink
+ */
+ public IdentityLink getIdentityLink() {
+ return identityLink;
+ }
+
+ /**
+ * Returns the sessionID.
+ * @return String
+ */
+ public String getSessionID() {
+ return sessionID;
+ }
+
+ /**
+ * Sets the identityLink.
+ * @param identityLink The identityLink to set
+ */
+ public void setIdentityLink(IdentityLink identityLink) {
+ this.identityLink = identityLink;
+ }
+
+ /**
+ * Sets the sessionID.
+ * @param sessionID The sessionID to set
+ */
+ public void setSessionID(String sessionId) {
+ this.sessionID = sessionId;
+ }
+
+ /**
+ * Returns the oaURLRequested.
+ * @return String
+ */
+ public String getOAURLRequested() {
+ return oaURLRequested;
+ }
+
+ /**
+ * Returns the oaURLRequested.
+ * @return String
+ */
+ public String getPublicOAURLPrefix() {
+ return oaPublicURLPrefix;
+ }
+
+ /**
+ * Returns the target.
+ * @return String
+ */
+ public String getTarget() {
+ return target;
+ }
+
+ /**
+ * Sets the oaURLRequested.
+ * @param oaURLRequested The oaURLRequested to set
+ */
+ public void setOAURLRequested(String url) {
+ this.oaURLRequested = url;
+ }
+
+ /**
+ * Sets the oaPublicURLPrefix
+ * @param url The oaPublicURLPrefix to set
+ */
+ public void setPublicOAURLPrefix(String url) {
+ this.oaPublicURLPrefix = url;
+ }
+
+ /**
+ * Sets the target.
+ * @param target The target to set
+ */
+ public void setTarget(String target) {
+ this.target = target;
+ }
+
+ /**
+ * Returns the authURL.
+ * @return String
+ */
+ public String getAuthURL() {
+ return authURL;
+ }
+
+ /**
+ * Sets the authURL.
+ * @param authURL The authURL to set
+ */
+ public void setAuthURL(String authURL) {
+ this.authURL = authURL;
+ }
+
+ /**
+ * Returns the authBlock.
+ * @return String
+ */
+ public String getAuthBlock() {
+ return authBlock;
+ }
+
+ /**
+ * Sets the authBlock.
+ * @param authBlock The authBlock to set
+ */
+ public void setAuthBlock(String authBlock) {
+ this.authBlock = authBlock;
+ }
+
+ /**
+ * Returns the timestampIdentityLink.
+ * @return Date
+ */
+ public Date getTimestampIdentityLink() {
+ return timestampIdentityLink;
+ }
+
+ /**
+ * Returns the timestampStart.
+ * @return Date
+ */
+ public Date getTimestampStart() {
+ return timestampStart;
+ }
+
+ /**
+ * Sets the current date as timestampIdentityLink.
+ */
+ public void setTimestampIdentityLink() {
+ timestampIdentityLink = new Date();
+ }
+
+ /**
+ * Sets the current date as timestampStart.
+ */
+ public void setTimestampStart() {
+ timestampStart = new Date();
+ }
+
+ /**
+ * @return template URL
+ */
+ public String getTemplateURL() {
+ return templateURL;
+ }
+
+ /**
+ * @param string the template URL
+ */
+ public void setTemplateURL(String string) {
+ templateURL = string;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java
new file mode 100644
index 000000000..81945f644
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java
@@ -0,0 +1,71 @@
+package at.gv.egovernment.moa.id.auth.data;
+
+import org.w3c.dom.Element;
+
+/**
+ * This bean saves all information of the CreateXMLSignature-Response:
+ * a {@link SAMLAttribute} array, the SamlAssertion-Element and the
+ * saml NameIdentifier
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ *
+ */
+public class CreateXMLSignatureResponse {
+ /** the samlNameIdentifier */
+private String samlNameIdentifier;
+ /** an array of saml-attributes */
+private SAMLAttribute[] samlAttributes;
+ /**
+ * the original saml:Assertion-Element
+ */
+ private Element samlAssertion;
+/**
+ * Returns the samlAssertion.
+ * @return Element
+ */
+public Element getSamlAssertion() {
+ return samlAssertion;
+}
+
+/**
+ * Returns the samlAttribute.
+ * @return SAMLAttribute[]
+ */
+public SAMLAttribute[] getSamlAttributes() {
+ return samlAttributes;
+}
+
+/**
+ * Returns the samlNameIdentifier.
+ * @return String
+ */
+public String getSamlNameIdentifier() {
+ return samlNameIdentifier;
+}
+
+/**
+ * Sets the samlAssertion.
+ * @param samlAssertion The samlAssertion to set
+ */
+public void setSamlAssertion(Element samlAssertion) {
+ this.samlAssertion = samlAssertion;
+}
+
+/**
+ * Sets the samlAttribute.
+ * @param samlAttribute The samlAttribute to set
+ */
+public void setSamlAttributes(SAMLAttribute[] samlAttributes) {
+ this.samlAttributes = samlAttributes;
+}
+
+/**
+ * Sets the samlNameIdentifier.
+ * @param samlNameIdentifier The samlNameIdentifier to set
+ */
+public void setSamlNameIdentifier(String samlNameIdentifier) {
+ this.samlNameIdentifier = samlNameIdentifier;
+}
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
new file mode 100644
index 000000000..e2ad2625a
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
@@ -0,0 +1,189 @@
+package at.gv.egovernment.moa.id.auth.data;
+
+import java.security.PublicKey;
+
+import org.w3c.dom.Element;
+
+
+/**
+ * Data contained in an identity link issued by BMI, relevant to the MOA ID component.
+ * <br><code>"IdentityLink"</code> is the translation of <code>"Personenbindung"</code>.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class IdentityLink {
+ /**
+ * <code>"identificationValue"</code> is the translation of <code>"ZMR-Zahl"</code>.
+ */
+ private String identificationValue;
+ /**
+ * first name
+ */
+ private String givenName;
+ /**
+ * family name
+ */
+ private String familyName;
+ /**
+ * date of birth
+ */
+ private String dateOfBirth;
+ /**
+ * the original saml:Assertion-Element
+ */
+ private Element samlAssertion;
+ /**
+ * Element /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person
+ */
+ private Element prPerson;
+ /**
+ * we need for each dsig:Reference Element all
+ * transformation elements
+ */
+ private Element[] dsigReferenceTransforms;
+
+
+ /**
+ * we need all public keys stored in
+ * the identity link
+ */
+ private PublicKey[] publicKey;
+
+ /**
+ * Constructor for IdentityLink
+ */
+ public IdentityLink() {
+ }
+
+ /**
+ * Returns the dateOfBirth.
+ * @return Calendar
+ */
+ public String getDateOfBirth() {
+ return dateOfBirth;
+ }
+
+ /**
+ * Returns the familyName.
+ * @return String
+ */
+ public String getFamilyName() {
+ return familyName;
+ }
+
+ /**
+ * Returns the givenName.
+ * @return String
+ */
+ public String getGivenName() {
+ return givenName;
+ }
+
+ /**
+ * Returns the identificationValue.
+ * <code>"identificationValue"</code> is the translation of <code>"ZMR-Zahl"</code>.
+ * @return String
+ */
+ public String getIdentificationValue() {
+ return identificationValue;
+ }
+
+ /**
+ * Sets the dateOfBirth.
+ * @param dateOfBirth The dateOfBirth to set
+ */
+ public void setDateOfBirth(String dateOfBirth) {
+ this.dateOfBirth = dateOfBirth;
+ }
+
+ /**
+ * Sets the familyName.
+ * @param familyName The familyName to set
+ */
+ public void setFamilyName(String familyName) {
+ this.familyName = familyName;
+ }
+
+ /**
+ * Sets the givenName.
+ * @param givenName The givenName to set
+ */
+ public void setGivenName(String givenName) {
+ this.givenName = givenName;
+ }
+
+ /**
+ * Sets the identificationValue.
+ * <code>"identificationValue"</code> is the translation of <code>"ZMR-Zahl"</code>.
+ * @param identificationValue The identificationValue to set
+ */
+ public void setIdentificationValue(String identificationValue) {
+ this.identificationValue = identificationValue;
+ }
+
+ /**
+ * Returns the samlAssertion.
+ * @return Element
+ */
+ public Element getSamlAssertion() {
+ return samlAssertion;
+ }
+
+ /**
+ * Sets the samlAssertion.
+ * @param samlAssertion The samlAssertion to set
+ */
+ public void setSamlAssertion(Element samlAssertion) {
+ this.samlAssertion = samlAssertion;
+ }
+
+ /**
+ * Returns the dsigReferenceTransforms.
+ * @return Element[]
+ */
+ public Element[] getDsigReferenceTransforms() {
+ return dsigReferenceTransforms;
+ }
+
+ /**
+ * Sets the dsigReferenceTransforms.
+ * @param dsigReferenceTransforms The dsigReferenceTransforms to set
+ */
+ public void setDsigReferenceTransforms(Element[] dsigReferenceTransforms) {
+ this.dsigReferenceTransforms = dsigReferenceTransforms;
+ }
+
+ /**
+ * Returns the publicKey.
+ * @return PublicKey[]
+ */
+ public PublicKey[] getPublicKey() {
+ return publicKey;
+ }
+
+ /**
+ * Sets the publicKey.
+ * @param publicKey The publicKey to set
+ */
+ public void setPublicKey(PublicKey[] publicKey) {
+ this.publicKey = publicKey;
+ }
+
+ /**
+ * Returns the prPerson.
+ * @return Element
+ */
+ public Element getPrPerson() {
+ return prPerson;
+ }
+
+ /**
+ * Sets the prPerson.
+ * @param prPerson The prPerson to set
+ */
+ public void setPrPerson(Element prPerson) {
+ this.prPerson = prPerson;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java
new file mode 100644
index 000000000..c787b2a81
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java
@@ -0,0 +1,78 @@
+package at.gv.egovernment.moa.id.auth.data;
+
+/**
+ * This bean saves all data of a single SAMLAttribute:
+ * the name, value and namespace
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ *
+ */
+public class SAMLAttribute {
+/** the name to be stored */
+private String name;
+/** the namespace to be stored */
+private String namespace;
+/** the value to be stored */
+private String value;
+
+ /**
+ * Constructor for SAMLAttribute.
+ */
+ public SAMLAttribute(String name, String namespace, String value) {
+
+ this.name = name;
+ this.namespace = namespace;
+ this.value = value;
+
+ }
+
+/**
+ * Returns the name.
+ * @return String
+ */
+public String getName() {
+ return name;
+}
+
+/**
+ * Returns the namespace.
+ * @return String
+ */
+public String getNamespace() {
+ return namespace;
+}
+
+/**
+ * Returns the value.
+ * @return String
+ */
+public String getValue() {
+ return value;
+}
+
+/**
+ * Sets the name.
+ * @param name The name to set
+ */
+public void setName(String name) {
+ this.name = name;
+}
+
+/**
+ * Sets the namespace.
+ * @param namespace The namespace to set
+ */
+public void setNamespace(String namespace) {
+ this.namespace = namespace;
+}
+
+/**
+ * Sets the value.
+ * @param value The value to set
+ */
+public void setValue(String value) {
+ this.value = value;
+}
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
new file mode 100644
index 000000000..8233d1478
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
@@ -0,0 +1,177 @@
+package at.gv.egovernment.moa.id.auth.data;
+
+import iaik.x509.X509Certificate;
+
+/**
+ * This bean saves all information of the MOA-SP-Answer
+ * after the verification of any signature
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ *
+ */
+public class VerifyXMLSignatureResponse {
+ /** The xmlDsigSubjectName to be stored */
+ private String xmlDsigSubjectName;
+ /** The signatureCheckCode to be stored */
+ private int signatureCheckCode;
+ /** The xmlDSIGManifestCheckCode to be stored */
+ private int xmlDSIGManifestCheckCode;
+ /** The xmlDSIGManigest to be stored */
+ private boolean xmlDSIGManigest;
+ /** The certificateCheckCode to be stored */
+ private int certificateCheckCode;
+ /** The publicAuthority to be stored */
+ private boolean publicAuthority;
+ /** The publicAuthorityCode to be stored */
+ private String publicAuthorityCode;
+ /** The qualifiedCertificate to be stored */
+ private boolean qualifiedCertificate;
+ /** The x509certificate to be stored */
+ private X509Certificate x509certificate;
+
+ /**
+ * Returns the certificateCheckCode.
+ * @return int
+ */
+ public int getCertificateCheckCode() {
+ return certificateCheckCode;
+ }
+
+ /**
+ * Returns the signatureCheckCode.
+ * @return int
+ */
+ public int getSignatureCheckCode() {
+ return signatureCheckCode;
+ }
+
+ /**
+ * Returns the xmlDSIGManifestCheckCode.
+ * @return int
+ */
+ public int getXmlDSIGManifestCheckCode() {
+ return xmlDSIGManifestCheckCode;
+ }
+
+ /**
+ * Returns the xmlDsigSubjectName.
+ * @return String
+ */
+ public String getXmlDsigSubjectName() {
+ return xmlDsigSubjectName;
+ }
+
+ /**
+ * Sets the certificateCheckCode.
+ * @param certificateCheckCode The certificateCheckCode to set
+ */
+ public void setCertificateCheckCode(int certificateCheckCode) {
+ this.certificateCheckCode = certificateCheckCode;
+ }
+
+ /**
+ * Sets the signatureCheckCode.
+ * @param signatureCheckCode The signatureCheckCode to set
+ */
+ public void setSignatureCheckCode(int signatureCheckCode) {
+ this.signatureCheckCode = signatureCheckCode;
+ }
+
+ /**
+ * Sets the xmlDSIGManifestCheckCode.
+ * @param xmlDSIGManifestCheckCode The xmlDSIGManifestCheckCode to set
+ */
+ public void setXmlDSIGManifestCheckCode(int xmlDSIGManifestCheckCode) {
+ this.xmlDSIGManifestCheckCode = xmlDSIGManifestCheckCode;
+ }
+
+ /**
+ * Sets the xmlDsigSubjectName.
+ * @param xmlDsigSubjectName The xmlDsigSubjectName to set
+ */
+ public void setXmlDsigSubjectName(String xmlDsigSubjectName) {
+ this.xmlDsigSubjectName = xmlDsigSubjectName;
+ }
+
+ /**
+ * Returns the publicAuthorityCode.
+ * @return int
+ */
+ public String getPublicAuthorityCode() {
+ return publicAuthorityCode;
+ }
+
+ /**
+ * Sets the publicAuthorityCode.
+ * @param publicAuthorityCode The publicAuthorityCode to set
+ */
+ public void setPublicAuthorityCode(String publicAuthorityCode) {
+ this.publicAuthorityCode = publicAuthorityCode;
+ }
+
+ /**
+ * Returns the qualifiedCertificate.
+ * @return boolean
+ */
+ public boolean isQualifiedCertificate() {
+ return qualifiedCertificate;
+ }
+
+ /**
+ * Returns the x509certificate.
+ * @return X509Certificate
+ */
+ public X509Certificate getX509certificate() {
+ return x509certificate;
+ }
+
+ /**
+ * Sets the qualifiedCertificate.
+ * @param qualifiedCertificate The qualifiedCertificate to set
+ */
+ public void setQualifiedCertificate(boolean qualifiedCertificate) {
+ this.qualifiedCertificate = qualifiedCertificate;
+ }
+
+ /**
+ * Sets the x509certificate.
+ * @param x509certificate The x509certificate to set
+ */
+ public void setX509certificate(X509Certificate x509certificate) {
+ this.x509certificate = x509certificate;
+ }
+
+ /**
+ * Returns the xmlDSIGManigest.
+ * @return boolean
+ */
+ public boolean isXmlDSIGManigest() {
+ return xmlDSIGManigest;
+ }
+
+ /**
+ * Sets the xmlDSIGManigest.
+ * @param xmlDSIGManigest The xmlDSIGManigest to set
+ */
+ public void setXmlDSIGManigest(boolean xmlDSIGManigest) {
+ this.xmlDSIGManigest = xmlDSIGManigest;
+ }
+
+ /**
+ * Returns the publicAuthority.
+ * @return boolean
+ */
+ public boolean isPublicAuthority() {
+ return publicAuthority;
+ }
+
+ /**
+ * Sets the publicAuthority.
+ * @param publicAuthority The publicAuthority to set
+ */
+ public void setPublicAuthority(boolean publicAuthority) {
+ this.publicAuthority = publicAuthority;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id.server/src/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
new file mode 100644
index 000000000..8faa69260
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
@@ -0,0 +1,91 @@
+package at.gv.egovernment.moa.id.auth.invoke;
+
+import java.util.Vector;
+
+import javax.xml.namespace.QName;
+import javax.xml.rpc.Call;
+import javax.xml.rpc.Service;
+import javax.xml.rpc.ServiceFactory;
+
+import org.apache.axis.message.SOAPBodyElement;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.ServiceException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.api.SignatureVerificationService;
+import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser;
+import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+
+/**
+ * Invoker of the <code>SignatureVerification</code> web service of MOA-SPSS.<br>
+ * Either invokes the web service, or calls the corresponding API, depending on configuration data.
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class SignatureVerificationInvoker {
+ /** This QName Object identifies the SignatureVerification endpoint of the web service */
+ private static final QName SERVICE_QNAME = new QName("SignatureVerification");
+
+ /**
+ * Method verifyXMLSignature.
+ * @param request to be sent
+ * @return Element with the answer
+ * @throws ServiceException if an error occurs
+ */
+ public Element verifyXMLSignature(Element request) throws ServiceException {
+ return doCall(SERVICE_QNAME, request);
+ }
+
+ /**
+ * Method doCall.
+ * @param serviceName the name of the service
+ * @param request the request to be sent
+ * @return Element the answer
+ * @throws ServiceException if an error occurs
+ */
+ protected Element doCall(QName serviceName, Element request) throws ServiceException {
+ ConnectionParameter authConnParam = null;
+ try {
+ Service service = ServiceFactory.newInstance().createService(serviceName);
+ Call call = service.createCall();
+ SOAPBodyElement body = new SOAPBodyElement(request);
+ SOAPBodyElement[] params = new SOAPBodyElement[] { body };
+ Vector responses;
+ SOAPBodyElement response;
+
+ String endPoint;
+ AuthConfigurationProvider authConfigProvider = AuthConfigurationProvider.getInstance();
+ authConnParam = authConfigProvider.getMoaSpConnectionParameter();
+
+ //If the ConnectionParameter do NOT exist, we try to get the api to work....
+ if (authConnParam != null) {
+ endPoint = authConnParam.getUrl();
+ call.setTargetEndpointAddress(endPoint);
+ responses = (Vector) call.invoke(serviceName, params);
+ response = (SOAPBodyElement) responses.get(0);
+ return response.getAsDOM();
+ }
+ else {
+ SignatureVerificationService svs = SignatureVerificationService.getInstance();
+ VerifyXMLSignatureRequest vsrequest = new VerifyXMLSignatureRequestParser().parse(request);
+ VerifyXMLSignatureResponse vsresponse = svs.verifyXMLSignature(vsrequest);
+
+ Document result = new VerifyXMLSignatureResponseBuilder().build(vsresponse);
+ Logger.setHierarchy("moa.id.auth");
+ return result.getDocumentElement();
+ }
+ }
+ catch (Exception ex) {
+ if (authConnParam != null)
+ throw new ServiceException("service.00", new Object[] { ex.toString()}, ex);
+ else
+ throw new ServiceException("service.03", new Object[] { ex.toString()}, ex);
+ }
+ }
+} \ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
new file mode 100644
index 000000000..1079a48de
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
@@ -0,0 +1,140 @@
+package at.gv.egovernment.moa.id.auth.parser;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.traversal.NodeIterator;
+
+import at.gv.egovernment.moa.id.*;
+import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * Parses an <code>&lt;InfoboxReadResponse&gt;</code> returned from
+ * the security layer
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+
+public class CreateXMLSignatureResponseParser {
+ //
+ // XPath namespace prefix shortcuts
+ //
+ /** Xpath prefix for reaching SecurityLayer 1.0 Namespaces */
+ private static final String SL10 = Constants.SL10_PREFIX + ":";
+ /** Xpath prefix for reaching SecurityLayer 1.1 Namespaces */
+ private static final String SL11 = Constants.SL11_PREFIX + ":";
+ /** Xpath prefix for reaching SAML Namespaces */
+ private static final String SAML = Constants.SAML_PREFIX + ":";
+ /** Xpath prefix for reaching XML-DSIG Namespaces */
+ private static final String DSIG = Constants.DSIG_PREFIX + ":";
+ /** Xpath expression to the root element */
+ private static final String ROOT = "/" + SL11 + "CreateXMLSignatureResponse/";
+ /** Xpath expression to the SAML:Assertion element */
+ private static final String SAML_ASSERTION_XPATH = ROOT + SAML + "Assertion";
+ /** Xpath expression to the SAML:NameIdentifier element */
+ private static final String SAML_SUBJECT_NAME_IDENTIFIER_XPATH = SAML_ASSERTION_XPATH + "/" + SAML + "AttributeStatement/" + SAML + "Subject/" + SAML + "NameIdentifier";
+ /** Xpath expression to the AttributeStatement element */
+ private static final String SAML_ATTRIBUTE_XPATH = SAML_ASSERTION_XPATH + "/" + SAML + "AttributeStatement/" + SAML + "Attribute";
+ /** Xpath expression to the AttributeValue element */
+ private static final String SAML_ATTRIBUTE_VALUE_XPATH = SAML + "AttributeValue";
+
+ /** This is the root element of the XML-Document provided by the Security Layer Card */
+ private Element sigResponse;
+
+ /**
+ * Constructor for CreateXMLSignatureResponseParser.
+ * A DOM-representation of the incoming String will be created
+ * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as String
+ * @throws AuthenticationException if any authentication error occurs
+ * @throws ParseException if an element cannot be parsed
+ */
+ public CreateXMLSignatureResponseParser(String xmlResponse) throws AuthenticationException, ParseException {
+ ErrorResponseParser erp = new ErrorResponseParser(xmlResponse);
+ if (erp.getErrorCode() != null) {
+ throw new AuthenticationException("auth.08", new Object[] { erp.getErrorCode(), erp.getErrorInfo()});
+ }
+
+ try {
+
+ InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8"));
+ sigResponse = DOMUtils.parseXmlValidating(s);
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", new Object[] { t.toString()}, t);
+ }
+ }
+
+ /**
+ * Constructor for CreateXMLSignatureResponseParser.
+ * A DOM-representation of the incoming Inputstream will be created
+ * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as InputStream
+ * @throws AuthenticationException if any Authentication error occurs
+ * @throws ParseException if an element cannot be parsed
+ */
+ public CreateXMLSignatureResponseParser(InputStream is) throws AuthenticationException, ParseException {
+
+ ErrorResponseParser erp = new ErrorResponseParser(is);
+ if (erp.getErrorCode() != null) {
+ throw new AuthenticationException("auth.08", new Object[] { erp.getErrorCode(), erp.getErrorInfo()});
+ }
+
+ try {
+
+ sigResponse = DOMUtils.parseXmlValidating(is);
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", new Object[] { t.toString()}, t);
+ }
+ }
+
+ /**
+ * Constructor for CreateXMLSignatureResponseParser.
+ * The incoming Element will be used for further operations
+ * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as InputStream
+ */
+ public CreateXMLSignatureResponseParser(Element xmlResponse) {
+ sigResponse = xmlResponse;
+
+ }
+
+ /**
+ * Parses the identity link from <code>&lt;InfoboxReadResponse&gt;</code>
+ * @return Identity link
+ * @throws ParseException
+ */
+
+ public CreateXMLSignatureResponse parseResponse() throws ParseException {
+ CreateXMLSignatureResponse cResp;
+ try {
+
+ cResp = new CreateXMLSignatureResponse();
+ cResp.setSamlNameIdentifier(XPathUtils.getElementValue(sigResponse, SAML_SUBJECT_NAME_IDENTIFIER_XPATH, null));
+ cResp.setSamlAssertion((Element) XPathUtils.selectSingleNode(sigResponse, SAML_ASSERTION_XPATH));
+ NodeIterator attrIter = XPathUtils.selectNodeIterator(sigResponse, SAML_ATTRIBUTE_XPATH);
+ Element samlAttr;
+ List samlAttributes = new ArrayList();
+ while ((samlAttr = (Element) attrIter.nextNode()) != null) {
+ String attrName = XPathUtils.getAttributeValue(samlAttr, "@AttributeName", "");
+ String attrNamespace = XPathUtils.getAttributeValue(samlAttr, "@AttributeNamespace", "");
+ String attrValue = XPathUtils.getElementValue(samlAttr, SAML_ATTRIBUTE_VALUE_XPATH, "");
+ samlAttributes.add(new SAMLAttribute(attrName, attrNamespace, attrValue));
+ }
+ SAMLAttribute[] result = new SAMLAttribute[samlAttributes.size()];
+ samlAttributes.toArray(result);
+ cResp.setSamlAttributes(result);
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", new Object[] { t.toString()}, t);
+ }
+ return cResp;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/ECDSAKeyValueConverter.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/ECDSAKeyValueConverter.java
new file mode 100644
index 000000000..c28cfac76
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/parser/ECDSAKeyValueConverter.java
@@ -0,0 +1,350 @@
+package at.gv.egovernment.moa.id.auth.parser;
+
+import iaik.security.ecc.ecdsa.ECDSAParameter;
+import iaik.security.ecc.ecdsa.ECPublicKey;
+import iaik.security.ecc.math.ecgroup.ECGroupFactory;
+import iaik.security.ecc.math.ecgroup.ECPoint;
+import iaik.security.ecc.math.ecgroup.EllipticCurve;
+import iaik.security.ecc.math.ecgroup.ProjectiveCoordinate;
+import iaik.security.ecc.math.field.Field;
+import iaik.security.ecc.math.field.FieldElement;
+import iaik.security.ecc.math.field.FieldFactory;
+import iaik.security.ecc.math.field.Value;
+import iaik.security.ecc.parameter.ECCParameterFactory;
+import iaik.security.ecc.spec.ECCParameterSpec;
+import java.math.BigInteger;
+import java.security.PublicKey;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Vector;
+import java.net.URL;
+import org.w3c.dom.Attr;
+import org.w3c.dom.Element;
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * @author Stefan Knirsch
+ * @version $Id$
+ *
+ */
+public class ECDSAKeyValueConverter
+{
+ /** Namespaces */
+ public static final String NAMESPACE_XSI = "http://www.w3.org/2001/XMLSchema-instance";
+
+ /**
+ * Method element2ECDSAPublicKey.
+ * @param keyValueElem a DomElement containing an ECDSA Public Key
+ * @return PublicKey a java.security.publicKey - object
+ * @throws Exception on any error
+ */
+
+ public static PublicKey element2ECDSAPublicKey(Element keyValueElem) throws Exception
+ {
+ String ecdsaNS = Constants.ECDSA_NS_URI;
+ // Domain parameters
+ Element domainParams = getChildElement(keyValueElem, ecdsaNS, "DomainParameters", 1);
+ if (domainParams == null) throw new Exception("Domain parameters must not be implicit.");
+ Element namedCurve = getChildElement(domainParams, ecdsaNS, "NamedCurve", 1);
+ ECCParameterSpec eccParameterSpec;
+ if (namedCurve != null)
+ {
+ URL curveNameURN = new URL(namedCurve.getAttributeNS(null, "URN"));
+ ECCParameterFactory eccParamFactory = ECCParameterFactory.getInstance();
+ eccParameterSpec = eccParamFactory.getParameterByOID(curveNameURN.getPath().substring(4));
+ }
+ else
+ {
+ Element excplicitParams = getChildElement(domainParams, ecdsaNS, "ExplicitParams", 1);
+ Element fieldParams = getChildElement(excplicitParams, ecdsaNS, "FieldParams", 1);
+ Element curveParams = getChildElement(excplicitParams, ecdsaNS, "CurveParams", 1);
+ Element basePointParams = getChildElement(excplicitParams, ecdsaNS, "BasePointParams", 1);
+
+ // Field parameters
+ String fieldParamsTypeStr = fieldParams.getAttributeNS(NAMESPACE_XSI, "type");
+ String ecdsaNSPrefix = getECDSANSPrefix(fieldParams);
+ BigInteger p = null;
+ int fieldParamsType = 0;
+ final int FIELD_TYPE_PRIME = 1;
+ final int FIELD_TYPE_TNB = 2;
+ final int FIELD_TYPE_PNB = 3;
+ int m = -1, k = -1, k1 = -1, k2 = -1, k3 = -1;
+ if (fieldParamsTypeStr.equals(ecdsaNSPrefix + ":PrimeFieldParamsType"))
+ {
+ fieldParamsType = FIELD_TYPE_PRIME;
+ String pStr = getChildElementText(fieldParams, ecdsaNS, "P", 1);
+ p = new BigInteger(pStr, 10);
+ }
+ else if (fieldParamsTypeStr.equals(ecdsaNSPrefix + ":TnBFieldParamsType"))
+ {
+ fieldParamsType = FIELD_TYPE_TNB;
+ String mStr = getChildElementText(fieldParams, ecdsaNS, "M", 1);
+ m = Integer.parseInt(mStr);
+ String kStr = getChildElementText(fieldParams, ecdsaNS, "K", 1);
+ k = Integer.parseInt(kStr);
+ }
+ else if (fieldParamsTypeStr.equals(ecdsaNSPrefix + ":PnBFieldParamsType"))
+ {
+ fieldParamsType = FIELD_TYPE_PNB;
+ String mStr = getChildElementText(fieldParams, ecdsaNS, "M", 1);
+ m = Integer.parseInt(mStr);
+ String k1Str = getChildElementText(fieldParams, ecdsaNS, "K1", 1);
+ k1 = Integer.parseInt(k1Str);
+ String k2Str = getChildElementText(fieldParams, ecdsaNS, "K2", 1);
+ k2 = Integer.parseInt(k2Str);
+ String k3Str = getChildElementText(fieldParams, ecdsaNS, "K3", 1);
+ k3 = Integer.parseInt(k3Str);
+ }
+ else throw new Exception("Unknown field parameters.");
+
+ // Curve parameters
+ Element aElem = getChildElement(curveParams, ecdsaNS, "A", 1);
+ String aStr = aElem.getAttributeNS(null, "Value");
+ Element bElem = getChildElement(curveParams, ecdsaNS, "B", 1);
+ String bStr = bElem.getAttributeNS(null, "Value");
+ String seedStr = getChildElementText(curveParams, ecdsaNS, "Seed", 1);
+ BigInteger seed = (seedStr != null) ? new BigInteger(seedStr, 10) : null;
+
+ // Base point parameters
+ Element basePoint = getChildElement(basePointParams, ecdsaNS, "BasePoint", 1);
+ Element basePointXElem = getChildElement(basePoint, ecdsaNS, "X", 1);
+ String basePointXStr = basePointXElem.getAttributeNS(null, "Value");
+ Element basePointYElem = getChildElement(basePoint, ecdsaNS, "Y", 1);
+ String basePointYStr = basePointYElem.getAttributeNS(null, "Value");
+ String orderStr = getChildElementText(basePointParams, ecdsaNS, "Order", 1);
+ BigInteger order = new BigInteger(orderStr, 10);
+ String cofactorStr = getChildElementText(basePointParams, ecdsaNS, "Cofactor", 1);
+ BigInteger cofactor = (cofactorStr != null) ? new BigInteger(cofactorStr, 10) : null;
+
+ if (fieldParamsType == FIELD_TYPE_PRIME)
+ {
+ BigInteger a = new BigInteger(aStr, 10);
+ BigInteger b = new BigInteger(bStr, 10);
+ BigInteger basePointX = new BigInteger(basePointXStr, 10);
+ BigInteger basePointY = new BigInteger(basePointYStr, 10);
+ eccParameterSpec = new ECCParameterSpec(p, cofactor, order, seed, null, a, b, basePointX,
+ basePointY, null);
+ }
+ else
+ {
+ int[] irreducible = new int[m/32 + ((m % 32 != 0) ? 1 : 0)];
+ if (fieldParamsType == FIELD_TYPE_TNB)
+ {
+ irreducible[m/32] = 1 << m % 32;
+ irreducible[k/32] += 1 << k % 32;
+ irreducible[0] += 1;
+ }
+ else
+ {
+ irreducible[m/32] = 1 << m % 32;
+ irreducible[k3/32] += 1 << k3 % 32;
+ irreducible[k2/32] += 1 << k2 % 32;
+ irreducible[k1/32] += 1 << k1 % 32;
+ irreducible[0] += 1;
+ }
+ eccParameterSpec = new ECCParameterSpec(irreducible, cofactor, order, octetString2IntArray(aStr),
+ octetString2IntArray(bStr), octetString2IntArray(basePointXStr),
+ octetString2IntArray(basePointYStr), null);
+ }
+ }
+
+ // Public key
+ Element publicKeyElem = getChildElement(keyValueElem, ecdsaNS, "PublicKey", 1);
+ Element publicKeyXElem = getChildElement(publicKeyElem, ecdsaNS, "X", 1);
+ String publicKeyXStr = publicKeyXElem.getAttributeNS(null, "Value");
+ Element publicKeyYElem = getChildElement(publicKeyElem, ecdsaNS, "Y", 1);
+ String publicKeyYStr = publicKeyYElem.getAttributeNS(null, "Value");
+
+ ECDSAParameter ecdsaParams = new ECDSAParameter(eccParameterSpec, false);
+ ECGroupFactory ecGroupFactory = ECGroupFactory.getInstance();
+ EllipticCurve eCurve = ecGroupFactory.getCurveWithProjective(eccParameterSpec.getA(),
+ eccParameterSpec.getB(), eccParameterSpec.getR());
+ Field field = eCurve.getField();
+
+ // Detect type of public key field elements
+ String elementType = publicKeyXElem.getAttributeNS(NAMESPACE_XSI, "type");
+ String elementTypeLocalName = elementType.substring(elementType.indexOf(':') + 1);
+ int FIELD_TYPE_PRIME = 1, FIELD_TYPE_CHAR_TWO = 2;
+ int fieldElemType = ("PrimeFieldElemType".equals(elementTypeLocalName))
+ ? FIELD_TYPE_PRIME
+ : FIELD_TYPE_CHAR_TWO;
+
+ FieldElement publicKeyPointX, publicKeyPointY;
+ if (fieldElemType == FIELD_TYPE_PRIME)
+ {
+ Value xValue = FieldFactory.getInstance().getPrimeFieldValue(new BigInteger(publicKeyXStr, 10));
+ publicKeyPointX = field.newElement(xValue);
+ Value yValue = FieldFactory.getInstance().getPrimeFieldValue(new BigInteger(publicKeyYStr, 10));
+ publicKeyPointY = field.newElement(yValue);
+ }
+ else
+ {
+ publicKeyPointX = field.newElement(octetString2ByteArray(publicKeyXStr));
+ publicKeyPointY = field.newElement(octetString2ByteArray(publicKeyYStr));
+ }
+ ProjectiveCoordinate publicKeyPointCoordinate = new ProjectiveCoordinate(publicKeyPointX,
+ publicKeyPointY, field.getONEelement());
+ ECPoint publicKeyPoint = eCurve.newPoint(publicKeyPointCoordinate);
+ ECPublicKey publicKey = new ECPublicKey(ecdsaParams, publicKeyPoint);
+
+ return publicKey;
+ }
+
+ /**
+ * Method getECDSANSPrefix.
+ * @param element to get the prefix
+ * @return String the prefix
+ */
+ private static String getECDSANSPrefix(Element element)
+ {
+ // FIXXME: Review this function (GK, 11.06.2002) - should return a list of strings, since more than
+ // one NS prefix can be bound to the ECDSA namespace
+
+ HashMap inScopeNSAttrs = getInScopeNSAttrs(element);
+ Iterator inScopeNSAttrsIt = inScopeNSAttrs.keySet().iterator();
+ while (inScopeNSAttrsIt.hasNext())
+ {
+ Attr currentAttr = (Attr)inScopeNSAttrs.get(inScopeNSAttrsIt.next());
+ if (Constants.ECDSA_NS_URI.equals(currentAttr.getValue()))
+ {
+ return ("xmlns".equals(currentAttr.getNodeName())) ? "" : currentAttr.getNodeName().substring(6);
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Method octetString2IntArray.
+ * Converts an octet string representation into an int array as needed for the IAIK ECC library
+ * @param octetString rightmost byte is least significant byte
+ * @return int[] rightmost byte is LEAST significant byte
+ */
+ private static int[] octetString2IntArray(String octetString)
+ {
+ int byteCount = octetString.length()/2;
+ int[] intArray = new int[byteCount/4 + ((byteCount % 4 != 0) ? 1 : 0)];
+ for (int i = 0; i < byteCount; i++)
+ {
+ int oSStartPos = octetString.length() - (i + 1) * 2;
+ int currentByte = Integer.parseInt(octetString.substring(oSStartPos, oSStartPos + 2), 16);
+ intArray[i/4] += (currentByte & 0xFF) << ((i % 4) * 8);
+ }
+ return intArray;
+ }
+
+ /**
+ * Converts an octet string representation into a byte array as needed for the IAIK ECC library
+ * @param octetString rightmost byte is least significant byte
+ * @return byte[] rightmost byte is MOST significant byte
+ */
+ private static byte[] octetString2ByteArray(String octetString)
+ {
+ int byteCount = octetString.length()/2;
+ byte[] byteArray = new byte[byteCount];
+ for (int i = 0; i < byteCount; i++)
+ {
+ int oSStartPos = octetString.length() - (i + 1) * 2;
+ byteArray[byteCount - i - 1] = (byte) Integer.parseInt(octetString.substring(
+ oSStartPos, oSStartPos + 2), 16);
+ }
+ return byteArray;
+ }
+
+ /**
+ * Method evenStringLength.
+ * @param hexString
+ * @return String
+ */
+
+ private static String evenStringLength(String hexString)
+ {
+ return (hexString.length() % 2 != 0) ? "0" + hexString : hexString;
+ }
+
+ /**
+ * Method getChildElement.
+ * @param parent
+ * @param namespace
+ * @param localName
+ * @param instance
+ * @return Element
+ */
+
+ private static Element getChildElement(Element parent, String namespace, String localName,
+ int instance)
+ {
+ NodeList namedElements = parent.getElementsByTagNameNS(namespace, localName);
+ if (namedElements.getLength() < instance) return null;
+ return (Element)namedElements.item(instance - 1);
+ }
+
+ /**
+ * Method getChildElementText.
+ * @param parent Element
+ * @param namespace String
+ * @param localName String
+ * @param instance int
+ * @return String
+ */
+
+ private static String getChildElementText(Element parent, String namespace, String localName,
+ int instance)
+ {
+ Element child = getChildElement(parent, namespace, localName, instance);
+ if (child == null) return null;
+ NodeList childNodes = child.getChildNodes();
+ int nodeCount = 0;
+ while (nodeCount < childNodes.getLength())
+ {
+ Node currentNode = childNodes.item(nodeCount);
+ if (currentNode.getNodeType() == Node.TEXT_NODE) return currentNode.getNodeValue();
+ nodeCount++;
+ }
+ return null;
+ }
+
+ /**
+ * Method getInScopeNSAttrs.
+ * @param element element
+ * @return HashMap
+ */
+ public static HashMap getInScopeNSAttrs(Element element)
+ {
+ // Get all ancestors of element
+ Vector ancestors = new Vector();
+ ancestors.add(element);
+ Node currentAncestor = element;
+ while ((currentAncestor = currentAncestor.getParentNode()) != null &&
+ currentAncestor.getNodeType() == Node.ELEMENT_NODE)
+ {
+ ancestors.add(currentAncestor);
+ }
+
+ // Scan all ancestors for NS attributes
+ HashMap inScopeNSAttrs = new HashMap();
+ for (int i = ancestors.size() - 1; i >= 0; i--)
+ {
+ Element currentAncestorElem = (Element)ancestors.get(i);
+ NamedNodeMap attrs = currentAncestorElem.getAttributes();
+ for (int j = 0; j < attrs.getLength(); j++)
+ {
+ Attr currentAttr = (Attr)attrs.item(j);
+ String currentAttrName = currentAttr.getNodeName();
+ if ("xmlns".equals(currentAttrName) || currentAttrName.startsWith("xmlns:"))
+ {
+ inScopeNSAttrs.put(currentAttrName, currentAttr);
+ }
+ }
+ }
+
+ // Check if default NS attribute is in list; if value is empty remove it from list
+ Attr defaultNSAttr = (Attr)inScopeNSAttrs.get("xmlns");
+ if (defaultNSAttr != null && "".equals(defaultNSAttr.getValue())) inScopeNSAttrs.remove("xmlns");
+
+ return inScopeNSAttrs;
+ }
+} \ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java
new file mode 100644
index 000000000..4fbc58977
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java
@@ -0,0 +1,89 @@
+package at.gv.egovernment.moa.id.auth.parser;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * Parses an <code>&lt;InfoboxReadResponse&gt;</code>.
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+
+public class ErrorResponseParser {
+ //
+ // XPath namespace prefix shortcuts
+ //
+ /** Xpath prefix for reaching SecurityLayer 1.0 Namespaces */
+ private static final String SL10 = Constants.SL10_PREFIX + ":";
+ /** Xpath expression to the root element */
+ private static final String ROOT = "/" + SL10 + "ErrorResponse/";
+ /** Xpath expression to the ErrorCode element */
+ private static final String ERROR_CODE_XPATH =
+ ROOT + SL10 + "ErrorCode";
+ /** Xpath expression to the Info element */
+ private static final String ERROR_INFO_XPATH =
+ ROOT + SL10 + "Info";
+
+
+ /** This is the root element of the XML-Document provided by the Security Layer Card */
+ private Element errorElement;
+
+ /**
+ * Constructor for InfoboxReadResponseParser.
+ * A DOM-representation of the incoming String will be created
+ * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as String
+ * @throws ParseException on any error
+ */
+ public ErrorResponseParser(String xmlResponse) throws ParseException {
+ try {
+ InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8"));
+ errorElement = DOMUtils.parseXmlValidating(s);
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", new Object[] { t.toString()}, t);
+ }
+ }
+
+ /**
+ * Constructor for InfoboxReadResponseParser.
+ * A DOM-representation of the incoming Inputstream will be created
+ * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as InputStream
+ * @throws ParseException on any error
+ */
+ public ErrorResponseParser(InputStream xmlResponse) throws ParseException {
+ try {
+ errorElement = DOMUtils.parseXmlValidating(xmlResponse);
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", new Object[] { t.toString() }, t);
+ }
+ }
+
+ /**
+ * Method getErrorCode. returns the error code
+ * @return String
+ */
+ public String getErrorCode() {
+
+ return XPathUtils.getElementValue(errorElement,ERROR_CODE_XPATH,null);
+ }
+
+ /**
+ * Method getErrorInfo: returns the information about the error
+ * @return String
+ */
+ public String getErrorInfo() {
+
+ return XPathUtils.getElementValue(errorElement,ERROR_INFO_XPATH,null);
+ }
+
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
new file mode 100644
index 000000000..f9ef54884
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
@@ -0,0 +1,266 @@
+package at.gv.egovernment.moa.id.auth.parser;
+
+import java.security.interfaces.RSAPublicKey;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigInteger;
+import java.security.PublicKey;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.traversal.NodeIterator;
+
+import at.gv.egovernment.moa.id.*;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * Parses an identity link <code>&lt;saml:Assertion&gt;</code>
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class IdentityLinkAssertionParser {
+
+ //
+ // XPath namespace prefix shortcuts
+ //
+
+ /** Xpath prefix for reaching PersonData Namespaces */
+ private static final String PDATA = Constants.PD_PREFIX + ":";
+ /** Xpath prefix for reaching SecurityLayer 1.0 Namespaces */
+ private static final String SL10 = Constants.SL10_PREFIX + ":";
+ /** Xpath prefix for reaching SAML Namespaces */
+ private static final String SAML = Constants.SAML_PREFIX + ":";
+ /** Xpath prefix for reaching XML-DSIG Namespaces */
+ private static final String DSIG = Constants.DSIG_PREFIX + ":";
+ /** Xpath prefix for reaching ECDS Namespaces */
+ private static final String ECDSA = Constants.ECDSA_PREFIX + ":";
+ /** Xpath expression to the root element */
+ private static final String ROOT = "/" + SAML + "Assertion/";
+ /** Xpath expression to the SAMLSubjectConfirmationData element */
+ private static final String SAML_SUBJECT_CONFIRMATION_DATA_XPATH =
+ ROOT
+ + SAML
+ + "AttributeStatement/"
+ + SAML
+ + "Subject/"
+ + SAML
+ + "SubjectConfirmation/"
+ + SAML
+ + "SubjectConfirmationData";
+ /** Xpath expression to the PersonData element */
+ private static final String PERSON_XPATH =
+ SAML_SUBJECT_CONFIRMATION_DATA_XPATH
+ + "/"
+ + PDATA
+ + "Person";
+ /** Xpath expression to the PersonData GivenName element */
+ private static final String PERSON_GIVEN_NAME_XPATH =
+ PERSON_XPATH
+ + "/"
+ + PDATA
+ + "Name/"
+ + PDATA
+ + "GivenName";
+ /** Xpath expression to the PersonData FamilyName element */
+ private static final String PERSON_FAMILY_NAME_XPATH =
+ PERSON_XPATH
+ + "/"
+ + PDATA
+ + "Name/"
+ + PDATA
+ + "FamilyName";
+ /** Xpath expression to the PersonData DateOfBirth element */
+ private static final String PERSON_DATE_OF_BIRTH_XPATH =
+ PERSON_XPATH
+ + "/"
+ + PDATA
+ + "DateOfBirth";
+ /** Xpath expression to the Identification element */
+ private static final String PERSON_IDENT_XPATH =
+ PERSON_XPATH
+ + "/"
+ + PDATA
+ + "Identification";
+
+ /** Xpath expression to the Identification Value element */
+ private static final String PERSON_IDENT_VALUE_XPATH =
+ PERSON_XPATH
+ + "/"
+ + PDATA
+ + "Identification/"
+ + PDATA
+ + "Value";
+ /** Xpath expression to the RSAKeyValue element */
+ private static final String RSA_KEY_VALUE_XPATH =
+ ROOT
+ + SAML
+ + "AttributeStatement/"
+ + SAML
+ + "Attribute/"
+ + SAML
+ + "AttributeValue/"
+ + DSIG
+ + "RSAKeyValue";
+ /** Xpath expression to the RSA Modulus element */
+ private static final String RSA_KEY_MODULUS_XPATH = DSIG + "Modulus";
+ /** Xpath expression to the RSA Exponent element */
+ private static final String RSA_KEY_EXPONENT_XPATH = DSIG + "Exponent";
+ /** Xpath expression to the DSIG X509Certificate element */
+ private static final String DSIG_CERTIFICATES_XPATH =
+ ROOT
+ + DSIG
+ + "Signature/"
+ + DSIG
+ + "KeyInfo/"
+ + DSIG
+ + "X509Data/"
+ + DSIG
+ + "X509Certificate";
+ /** Xpath expression to the DSIG Transforms element */
+ private static final String DSIG_REFERENCE_TRANSFORMATION_XPATH =
+ ROOT
+ + DSIG
+ + "Signature/"
+ + DSIG
+ + "SignedInfo/"
+ + DSIG
+ + "Reference/"
+ + DSIG
+ + "Transforms";
+
+ /**This is the root element of the XML-Document provided by the Security Layer Card*/
+ private Element assertionElem;
+
+ /**
+ * Constructor for <code>IdentityLinkAssertionParser</code>.
+ * A DOM-representation of the incoming String will be created
+ * @param xmlAssertion <code>&lt;saml:Assertion&gt;</code> as String
+ * @throws ParseException on any parsing error
+ */
+ public IdentityLinkAssertionParser(String xmlAssertion) throws ParseException {
+ try {
+ InputStream s = new ByteArrayInputStream(xmlAssertion.getBytes("UTF-8"));
+ assertionElem = DOMUtils.parseXmlValidating(s);
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", new Object[] { t.toString()}, t);
+ }
+ }
+
+ /**
+ * Constructor for <code>IdentityLinkAssertionParser</code>.
+ * A DOM-representation of the incoming Inputstream will be created
+ * @param xmlAssertion <code>&lt;saml:Assertion&gt;</code> as InputStream
+ * @throws ParseException on any parsing error
+ */
+ public IdentityLinkAssertionParser(InputStream xmlAssertion) throws Exception {
+ try {
+ assertionElem = DOMUtils.parseXmlValidating(xmlAssertion);
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", new Object[] { t.toString() }, t);
+ }
+ }
+
+ /**
+ * Parses the identity link from the <code>&lt;saml:Assertion&gt;</code>
+ * @return Identity link
+ * @throws ParseException on any parsing error
+ */
+
+ public IdentityLink parseIdentityLink() throws ParseException {
+ IdentityLink identityLink;
+ try {
+ identityLink = new IdentityLink();
+ //ÄNDERN: NUR der Identification-Teil
+ identityLink.setSamlAssertion(assertionElem);
+ identityLink.setPrPerson((Element)
+ XPathUtils.selectSingleNode(assertionElem, PERSON_XPATH));
+ identityLink.setIdentificationValue(
+ XPathUtils.getElementValue(assertionElem, PERSON_IDENT_VALUE_XPATH, ""));
+ identityLink.setGivenName(
+ XPathUtils.getElementValue(assertionElem, PERSON_GIVEN_NAME_XPATH, ""));
+ identityLink.setFamilyName(
+ XPathUtils.getElementValue(assertionElem, PERSON_FAMILY_NAME_XPATH, ""));
+ identityLink.setDateOfBirth(
+ XPathUtils.getElementValue(assertionElem, PERSON_DATE_OF_BIRTH_XPATH, ""));
+ NodeIterator dsigRefTransforms =
+ XPathUtils.selectNodeIterator(assertionElem, DSIG_REFERENCE_TRANSFORMATION_XPATH);
+ List transElems = new ArrayList();
+ Element transformsElem;
+ while ((transformsElem = (Element) dsigRefTransforms.nextNode()) != null) {
+ transElems.add(transformsElem);
+ }
+ Element[] result = new Element[transElems.size()];
+ transElems.toArray(result);
+ identityLink.setDsigReferenceTransforms(result);
+
+ identityLink.setPublicKey(getPublicKeys());
+
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", new Object[] { t.toString() }, t);
+ }
+
+ return identityLink;
+ }
+
+ /**
+ * Parses an array of Public Keys from the <code>&lt;InfoboxReadResponse&gt;</code>
+ * @return RSAPublicKey[]
+ * @throws IOException can occur when decoding the base64 values of the modulus and exponent
+ */
+ public PublicKey[] getPublicKeys() throws IOException{
+
+
+ List pubKeys = new ArrayList();
+ //Try to get RSA-Keys
+ NodeIterator rsaIter =
+ XPathUtils.selectNodeIterator(assertionElem, RSA_KEY_VALUE_XPATH);
+ Element rsaElem;
+ while ((rsaElem = (Element) rsaIter.nextNode()) != null) {
+ String modulus =
+ XPathUtils.getElementValue(rsaElem, RSA_KEY_MODULUS_XPATH, "");
+ String exponent =
+ XPathUtils.getElementValue(rsaElem, RSA_KEY_EXPONENT_XPATH, "");
+
+ RSAPublicKey resPub =
+ new iaik.security.rsa.RSAPublicKey(
+ new BigInteger(1, Base64Utils.decode(modulus, true)),
+ new BigInteger(1, Base64Utils.decode(exponent, true)));
+ pubKeys.add(resPub);}
+
+ PublicKey[] result = new PublicKey[pubKeys.size()];
+
+ pubKeys.toArray(result);
+ return result;
+
+ }
+ /**
+ * Parses a string array of decoded base64 certificates from
+ * the <code>&lt;InfoboxReadResponse&gt;</code> found in the dsig-signature
+ * @return String[] with raw-certificates from the dsig-signature keyinfo
+ * @throws Exception
+ */
+ public String[] getCertificates() throws Exception {
+ List certs = new ArrayList();
+ NodeIterator rsaIter =
+ XPathUtils.selectNodeIterator(assertionElem, DSIG_CERTIFICATES_XPATH);
+ Element certElem;
+ while ((certElem = (Element) rsaIter.nextNode()) != null) {
+ String content = DOMUtils.getText(certElem);
+ certs.add(new String(Base64Utils.decode(content, true)));
+ }
+ String[] result = new String[certs.size()];
+ certs.toArray(result);
+ return result;
+
+ }
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
new file mode 100644
index 000000000..c1146218e
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
@@ -0,0 +1,110 @@
+package at.gv.egovernment.moa.id.auth.parser;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * Parses an <code>&lt;InfoboxReadResponse&gt;</code>.
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+
+public class InfoboxReadResponseParser {
+ //
+ // XPath namespace prefix shortcuts
+ //
+ /** Xpath prefix for reaching SecurityLayer 1.0 Namespaces */
+ private static final String SL10 = Constants.SL10_PREFIX + ":";
+ /** Xpath prefix for reaching SAML Namespaces */
+ private static final String SAML = Constants.SAML_PREFIX + ":";
+ /** Xpath expression to the root element */
+ private static final String ROOT = "/" + SL10 + "InfoboxReadResponse/";
+ /** Xpath expression to the SAML:Assertion element */
+ private static final String SAML_ASSERTION_XPATH = ROOT + SL10 + "BinaryFileData/" + SL10 + "XMLContent/" + SAML + "Assertion";
+
+ /** This is the root element of the XML-Document provided by the Security Layer Card*/
+ private Element infoBoxElem;
+
+ /**
+ * Constructor for InfoboxReadResponseParser.
+ * A DOM-representation of the incoming String will be created
+ * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as String
+ * @throws ParseException on any parsing error
+ */
+ public InfoboxReadResponseParser(String xmlResponse) throws ParseException, AuthenticationException {
+
+ ErrorResponseParser erp = new ErrorResponseParser(xmlResponse);
+ if (erp.getErrorCode() != null) {
+ throw new AuthenticationException("auth.08", new Object[] { erp.getErrorCode(), erp.getErrorInfo()});
+ }
+
+ try {
+
+ InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8"));
+ infoBoxElem = DOMUtils.parseXmlValidating(s);
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", new Object[] { t.toString()}, t);
+ }
+ }
+
+ /**
+ * Constructor for InfoboxReadResponseParser.
+ * A DOM-representation of the incoming Inputstream will be created
+ * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as InputStream
+ * @throws ParseException on any parsing error
+ */
+ public InfoboxReadResponseParser(InputStream is) throws ParseException, AuthenticationException {
+
+ ErrorResponseParser erp = new ErrorResponseParser(is);
+ if (erp.getErrorCode() != null) {
+ throw new AuthenticationException("auth.08", new Object[] { erp.getErrorCode(), erp.getErrorInfo()});
+ }
+
+ try {
+
+ infoBoxElem = DOMUtils.parseXmlValidating(is);
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", new Object[] { t.toString()}, t);
+ }
+ }
+
+ /**
+ * Parses the embedded <code>&lt;saml:Assertion&gt;</code> element from <code>&lt;InfoboxReadResponse&gt;</code>
+ * @return <code>&lt;saml:Assertion&gt;</code> as String
+ * @throws ParseException on any parsing error
+ */
+ public String parseSAMLAssertion() throws ParseException {
+ try {
+ Element samlAssertion = (Element) XPathUtils.selectSingleNode(infoBoxElem, SAML_ASSERTION_XPATH);
+ return DOMUtils.serializeNode(samlAssertion);
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", new Object[] { t.toString()}, t);
+ }
+ }
+
+ /**
+ * Parses the identity link from the <code>&lt;saml:Assertion&gt;</code>
+ * @return Identity link
+ * @throws ParseException on any parsing error
+ */
+
+ public IdentityLink parseIdentityLink() throws ParseException {
+ String samlAssertionString = parseSAMLAssertion();
+ IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertionString);
+ return ilParser.parseIdentityLink();
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java
new file mode 100644
index 000000000..7c4c01abe
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java
@@ -0,0 +1,58 @@
+package at.gv.egovernment.moa.id.auth.parser;
+
+import java.io.IOException;
+
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.util.Base64Utils;
+
+/**
+ * Parser for a SAML artifact.
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SAMLArtifactParser {
+ /** byte array containing the SamlArtifact bytes */
+ private byte[] samlArtifactBytes;
+
+ /**
+ * Constructor
+ * @param samlArtifact as String
+ * @throws ParseException on any parsing error
+ */
+ public SAMLArtifactParser(String samlArtifact) throws ParseException {
+ try {
+ samlArtifactBytes = Base64Utils.decode(samlArtifact, false);
+ }
+ catch (IOException ex) {
+ throw new ParseException("parser.02", new Object[] {ex.toString()}, ex);
+ }
+ }
+ /**
+ * Parses the type code.
+ * @return type code
+ * @throws ParseException when SAML artifact is invalid
+ */
+ public byte[] parseTypeCode() throws ParseException {
+ try {
+ byte[] typeCode = new byte[] {samlArtifactBytes[0], samlArtifactBytes[1]};
+ return typeCode;
+ }
+ catch (Throwable ex) {
+ throw new ParseException("parser.02", new Object[] {ex.toString()}, ex);
+ }
+ }
+ /**
+ * Parses the assertion handle.
+ * @return assertion handle
+ * @throws ParseException when SAML artifact is invalid
+ */
+ public String parseAssertionHandle() throws ParseException {
+ try {
+ return new String(samlArtifactBytes, 22, 20);
+ }
+ catch (Throwable ex) {
+ throw new ParseException("parser.02", new Object[] {ex.toString()}, ex);
+ }
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
new file mode 100644
index 000000000..c74dc64e8
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
@@ -0,0 +1,159 @@
+package at.gv.egovernment.moa.id.auth.parser;
+
+import iaik.utils.Base64InputStream;
+import iaik.x509.X509Certificate;
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.*;
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * Parses a <code>&lt;VerifyXMLSignatureResponse&gt;</code> returned by
+ * MOA-SPSS.
+ * This class implements the Singleton pattern
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+
+
+public class VerifyXMLSignatureResponseParser {
+ //
+ // XPath namespace prefix shortcuts
+ //
+ /** Xpath prefix for reaching MOA Namespaces */
+ private static final String MOA = Constants.MOA_PREFIX + ":";
+ /** Xpath prefix for reaching DSIG Namespaces */
+ private static final String DSIG = Constants.DSIG_PREFIX + ":";
+ /** Xpath prefix for reaching SecurityLayer 1.1 Namespaces */
+ private static final String SL11 = Constants.SL11_PREFIX + ":";
+ /** Xpath expression to the root element */
+ private static final String ROOT = "/" + MOA + "VerifyXMLSignatureResponse/";
+
+ /** Xpath expression to the X509SubjectName element */
+ private static final String DSIG_SUBJECT_NAME_XPATH =
+ ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" +
+ DSIG + "X509SubjectName";
+ /** Xpath expression to the X509Certificate element */
+ private static final String DSIG_X509_CERTIFICATE_XPATH =
+ ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" +
+ DSIG + "X509Certificate";
+ /** Xpath expression to the PublicAuthority element */
+ private static final String PUBLIC_AUTHORITY_XPATH =
+ ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" +
+ MOA + "PublicAuthority";
+ /** Xpath expression to the PublicAuthorityCode element */
+ private static final String PUBLIC_AUTHORITY_CODE_XPATH =
+ PUBLIC_AUTHORITY_XPATH + "/" + MOA + "Code";
+ /** Xpath expression to the QualifiedCertificate element */
+ private static final String QUALIFIED_CERTIFICATE_XPATH =
+ ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" +
+ SL11 + "QualifiedCertificate";
+
+ /** Xpath expression to the SignatureCheckCode element */
+ private static final String SIGNATURE_CHECK_CODE_XPATH =
+ ROOT + MOA + "SignatureCheck/" + MOA + "Code";
+ /** Xpath expression to the XMLDSIGManifestCheckCode element */
+ private static final String XMLDSIG_MANIFEST_CHECK_CODE_XPATH =
+ ROOT + MOA + "XMLDSIGManifestCheck/" + MOA + "Code";
+ /** Xpath expression to the CertificateCheckCode element */
+ private static final String CERTIFICATE_CHECK_CODE_XPATH =
+ ROOT + MOA + "CertificateCheck/" + MOA + "Code";
+
+
+ /** This is the root element of the XML-Document provided by the Security Layer Card*/
+ private Element verifyXMLSignatureResponse;
+
+ /**
+ * Constructor for VerifyXMLSignatureResponseParser.
+ * A DOM-representation of the incoming String will be created
+ * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as String
+ * @throws ParseException on any parsing error
+ */
+ public VerifyXMLSignatureResponseParser(String xmlResponse) throws ParseException{
+ try {
+ InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8"));
+
+ verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(s);
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", null, t);
+ }
+ }
+
+ /**
+ * Constructor for VerifyXMLSignatureResponseParser.
+ * A DOM-representation of the incoming Inputstream will be created
+ * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as InputStream
+ * @throws Exception on any parsing error
+ */
+ public VerifyXMLSignatureResponseParser(InputStream xmlResponse) throws Exception
+ {
+ try {
+ verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(xmlResponse);
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", null, t);
+ }
+ }
+
+ /**
+ * Constructor for VerifyXMLSignatureResponseParser.
+ * The incoming Element will be used for further operations
+ * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as Element
+ */
+ public VerifyXMLSignatureResponseParser(Element xmlResponse)
+ {
+ verifyXMLSignatureResponse =xmlResponse;
+
+ }
+
+ /**
+ * Parse identity link from <code>&lt;InfoboxReadResponse&gt;</code>
+ * @return Identity link
+ * @throws ParseException on any parsing error
+ */
+
+ public VerifyXMLSignatureResponse parseData() throws ParseException {
+ VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse();
+
+ try {
+
+ respData.setXmlDsigSubjectName(XPathUtils.getElementValue(verifyXMLSignatureResponse,DSIG_SUBJECT_NAME_XPATH,""));
+ Element e = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,QUALIFIED_CERTIFICATE_XPATH);
+ respData.setQualifiedCertificate(e!=null);
+
+ Base64InputStream in = new Base64InputStream(new ByteArrayInputStream(XPathUtils.getElementValue(
+ verifyXMLSignatureResponse,DSIG_X509_CERTIFICATE_XPATH,"").getBytes("UTF-8")),true);
+
+ respData.setX509certificate(new X509Certificate(in));
+
+ Element publicAuthority = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_CODE_XPATH);
+ respData.setPublicAuthority(publicAuthority != null);
+ respData.setPublicAuthorityCode(XPathUtils.getElementValue(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_CODE_XPATH,""));
+ respData.setSignatureCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_CHECK_CODE_XPATH,"")).intValue());
+
+ String xmlDsigCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,XMLDSIG_MANIFEST_CHECK_CODE_XPATH,null);
+ if (xmlDsigCheckCode!=null)
+ {
+ respData.setXmlDSIGManigest(true);
+ respData.setXmlDSIGManifestCheckCode(new Integer(xmlDsigCheckCode).intValue());
+ }
+ else
+ respData.setXmlDSIGManigest(false);
+ respData.setCertificateCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,CERTIFICATE_CHECK_CODE_XPATH,"")).intValue());
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", null, t);
+ }
+ return respData;
+ }
+
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
new file mode 100644
index 000000000..3a1cab4be
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -0,0 +1,117 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.URLDecoder;
+
+/**
+ * Base class for MOA-ID Auth Servlets, providing standard error handling
+ * and constant names.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
+
+
+ /**
+ * Handles an error. <br>
+ * <ul>
+ * <li>Logs the error</li>
+ * <li>Places error message and exception thrown into the request
+ * as request attributes (to be used by <code>"/errorpage.jsp"</code>)</li>
+ * <li>Sets HTTP status 500 (internal server error)</li>
+ * </ul>
+ *
+ * @param errorMessage error message
+ * @param exceptionThrown exception thrown
+ * @param req servlet request
+ * @param resp servlet response
+ */
+ protected void handleError(
+ String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) {
+
+ if (exceptionThrown != null)
+ Logger.error(errorMessage, exceptionThrown);
+ else
+ Logger.error(errorMessage);
+ req.setAttribute("ErrorMessage", errorMessage);
+ req.setAttribute("ExceptionThrown", exceptionThrown);
+ resp.setStatus(500);
+ }
+ /**
+ * Handles a <code>WrongParametersException</code>.
+ * @param req servlet request
+ * @param resp servlet response
+ */
+ protected void handleWrongParameters(WrongParametersException ex, HttpServletRequest req, HttpServletResponse resp) {
+ Logger.error(ex.toString());
+ req.setAttribute("WrongParameters", "true");
+ resp.setStatus(500);
+ }
+
+ /**
+ * Logs all servlet parameters for debugging purposes.
+ */
+ protected void logParameters(HttpServletRequest req) {
+ for (Enumeration enum = req.getParameterNames(); enum.hasMoreElements(); ) {
+ String parname = (String)enum.nextElement();
+ Logger.debug("Parameter " + parname + req.getParameter(parname));
+ }
+ }
+ /**
+ * Parses the request input stream for parameters,
+ * assuming parameters are encoded UTF-8.
+ * @param req servlet request
+ * @return mapping parameter name -> value
+ */
+ protected Map getParameters(HttpServletRequest req) throws IOException {
+ Map parameters = new HashMap();
+ InputStream in = req.getInputStream();
+ String paramName;
+ String paramValueURLEncoded;
+ do {
+ paramName = new String(readBytesUpTo(in, '='));
+ if (paramName.length() > 0) {
+ paramValueURLEncoded = readBytesUpTo(in, '&');
+ String paramValue = URLDecoder.decode(paramValueURLEncoded, "UTF-8");
+ parameters.put(paramName, paramValue);
+ }
+ }
+ while (paramName.length() > 0);
+ in.close();
+
+ return parameters;
+ }
+ /**
+ * Reads bytes up to a delimiter, consuming the delimiter.
+ * @param in input stream
+ * @param delimiter delimiter character
+ * @return String constructed from the read bytes
+ * @throws IOException
+ */
+ protected String readBytesUpTo(InputStream in, char delimiter) throws IOException {
+ ByteArrayOutputStream bout = new ByteArrayOutputStream();
+ boolean done = false;
+ int b;
+ while (! done && (b = in.read()) >= 0) {
+ if (b == delimiter)
+ done = true;
+ else
+ bout.write(b);
+ }
+ return bout.toString();
+ }
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
new file mode 100644
index 000000000..554819f73
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
@@ -0,0 +1,74 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Servlet requested for updating the MOA-ID Auth configuration from configuration file
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class ConfigurationServlet extends HttpServlet {
+ /** Constant for the DTD-Doc type */
+ private static final String DOC_TYPE =
+ "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\n";
+
+ /**
+ * Handle a HTTP GET request, used to indicated that the MOA
+ * configuration needs to be updated (reloaded).
+ *
+ * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+ */
+ public void doGet(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
+
+ MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance();
+ PrintWriter out;
+
+ response.setContentType("text/html");
+ out = response.getWriter();
+ out.println(DOC_TYPE);
+ out.println("<head><title>MOA configuration update</title></head>");
+ out.println("<body bgcolor=\"#FFFFFF\">");
+ try {
+ MOAIDAuthInitializer.initialized=false;
+ MOAIDAuthInitializer.initialize();
+ String message = msg.getMessage("config.00", null);
+ Logger.info(message);
+ out.println("<p><b>");
+ out.println(message);
+ out.println("</b></p>");
+ } catch (Throwable t) {
+ String errorMessage = msg.getMessage("config.04", null);
+ Logger.error(errorMessage, t);
+ out.println("<p><b>");
+ out.println(errorMessage);
+ out.println("</b></p>");
+ }
+ out.println("</body>");
+
+ out.flush();
+ out.close();
+ }
+
+ /**
+ * Do the same as <code>doGet</code>.
+ *
+ * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+ */
+ public void doPost(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
+ doGet(request, response);
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java
new file mode 100644
index 000000000..c41b514c8
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java
@@ -0,0 +1,135 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.util.Calendar;
+
+import org.apache.axis.AxisFault;
+import org.w3c.dom.Element;
+
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.DateTimeUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * Web service for picking up authentication data created in the MOA-ID Auth component.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ * @see at.gv.egovernment.moa.id.auth.AuthenticationServer#getAuthenticationData
+ */
+public class GetAuthenticationDataService implements Constants {
+
+ /**
+ * Constructor for GetAuthenticationDataService.
+ */
+ public GetAuthenticationDataService() {
+ super();
+ }
+
+ /**
+ * Takes a <code>lt;samlp:Request&gt;</code> containing a
+ * <code>SAML artifact</code> and returns the corresponding
+ * authentication data <code>lt;saml:Assertion&gt;</code>
+ * (obtained from the <code>AuthenticationServer</code>),
+ * enclosed in a <code>lt;samlp:Response&gt;</code>.
+ * <br/>Bad requests are mapped into various <code>lt;samlp:StatusCode&gt;</code>s,
+ * possibly containing enclosed sub-<code>lt;samlp:StatusCode&gt;</code>s.
+ * The status codes are defined in the SAML specification.
+ *
+ * @param requests request elements of type <code>lt;samlp:Request&gt;</code>;
+ * only 1 request element is allowed
+ * @return response element of type <code>lt;samlp:Response&gt;</code>,
+ * packed into an <code>Element[]</code>
+ * @throws AxisFault thrown when an error occurs in assembling the
+ * <code>lt;samlp:Response&gt;</code>
+ */
+ public Element[] Request(Element[] requests)
+ throws AxisFault {
+
+ Element request = requests[0];
+ Element[] responses = new Element[1];
+ String requestID = "";
+ String statusCode = "";
+ String subStatusCode = null;
+ String statusMessageCode = null;
+ String statusMessage = null;
+ String samlAssertion = "";
+ if (requests.length > 1) {
+ // more than 1 request given as parameter
+ statusCode = "samlp:Requester";
+ subStatusCode = "samlp:TooManyResponses";
+ statusMessageCode = "1201";
+ }
+ else {
+ try {
+ DOMUtils.validateElement(request, ALL_SCHEMA_LOCATIONS, null);
+ NodeList samlArtifactList = XPathUtils.selectNodeList(request, "samlp:AssertionArtifact");
+ if (samlArtifactList.getLength() == 0) {
+ // no SAML artifact given in request
+ statusCode = "samlp:Requester";
+ statusMessageCode = "1202";
+ }
+ else if (samlArtifactList.getLength() > 1) {
+ // too many SAML artifacts given in request
+ statusCode = "samlp:Requester";
+ subStatusCode = "samlp:TooManyResponses";
+ statusMessageCode = "1203";
+ }
+ else {
+ Element samlArtifactElem = (Element)samlArtifactList.item(0);
+ requestID = samlArtifactElem.getAttribute("RequestID");
+ String samlArtifact = DOMUtils.getText(samlArtifactElem);
+ try {
+ AuthenticationData authData = AuthenticationServer.getInstance().
+ getAuthenticationData(samlArtifact);
+ // success
+ samlAssertion = authData.getSamlAssertion();
+ statusCode = "samlp:Success";
+ statusMessageCode = "1200";
+ }
+ catch (AuthenticationException ex) {
+ // no authentication data for given SAML artifact
+ statusCode = "samlp:Requester";
+ subStatusCode = "samlp:ResourceNotRecognized";
+ statusMessage = ex.toString();
+ }
+ }
+ }
+ catch (Throwable t) {
+ // invalid request format
+ statusCode = "samlp:Requester";
+ statusMessageCode = "1204";
+ }
+ }
+ try {
+ String responseID = Random.nextRandom();
+ String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
+ if (statusMessage == null)
+ statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null);
+ responses[0] = new SAMLResponseBuilder().build(
+ responseID, requestID, issueInstant, statusCode, subStatusCode, statusMessage, samlAssertion);
+ }
+ catch (MOAIDException e) {
+ AxisFault fault = AxisFault.makeFault(e);
+ fault.setFaultDetail(new Element[] { e.toErrorResponse()});
+ throw fault;
+ }
+ catch (Throwable t) {
+ MOAIDException e = new MOAIDException("1299", null, t);
+ AxisFault fault = AxisFault.makeFault(e);
+ fault.setFaultDetail(new Element[] { e.toErrorResponse()});
+ throw fault;
+ }
+ return responses;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
new file mode 100644
index 000000000..50ca21c69
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
@@ -0,0 +1,95 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Servlet requested for selecting a BKU.
+ * <br>In case of {@link AuthConfigurationProvider#getBKUSelectionType}==HTMLComplete,
+ * the browser is redirected to the configured "BKU-Auswahl-URL".
+ * <br>In case of {@link AuthConfigurationProvider#getBKUSelectionType}==HTMLSelect,
+ * the list of available BKU's is fetched from a BKU-Auswahl server, and presented
+ * to the user in an HTML form.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SelectBKUServlet extends AuthServlet {
+
+ /**
+ * Calls the web application initializer.
+ *
+ * @see javax.servlet.Servlet#init(ServletConfig)
+ */
+ public void init(ServletConfig servletConfig) throws ServletException {
+ try {
+ MOAIDAuthInitializer.initialize();
+ Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
+ }
+ catch (Exception ex) {
+ Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
+ throw new ServletException(ex);
+ }
+ }
+
+ /**
+ * Responds with an HTML form which requests the user to choose a BKU.
+ */
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("GET SelectBKU");
+ String authURL =
+ req.getScheme() + "://" +
+ req.getServerName() + ":" +
+ req.getServerPort() +
+ req.getContextPath() + "/";
+ String target = req.getParameter(PARAM_TARGET);
+ String oaURL = req.getParameter(PARAM_OA);
+ String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE);
+ String templateURL = req.getParameter(PARAM_TEMPLATE);
+ resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES);
+ resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA);
+ resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE);
+
+ try {
+ String returnValue = AuthenticationServer.getInstance().selectBKU(
+ authURL, target, oaURL, bkuSelectionTemplateURL, templateURL);
+ String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType();
+ if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) {
+ // bkuSelectionType==HTMLComplete
+ String redirectURL = returnValue;
+ resp.sendRedirect(redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+ }
+ else {
+ // bkuSelectionType==HTMLSelect
+ String htmlForm = returnValue;
+ resp.setContentType("text/html");
+ PrintWriter out = new PrintWriter(resp.getOutputStream());
+ out.print(htmlForm);
+ out.flush();
+ Logger.debug("Finished GET SelectBKU");
+ }
+ }
+ catch (WrongParametersException ex) {
+ handleWrongParameters(ex, req, resp);
+ }
+ catch (Throwable ex) {
+ handleError(null, ex, req, resp);
+ }
+ }
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
new file mode 100644
index 000000000..2ea43935b
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
@@ -0,0 +1,102 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Servlet requested for starting a MOA ID authentication session.
+ * Utilizes the {@link AuthenticationServer}.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ * @see AuthenticationServer#startAuthentication
+ */
+public class StartAuthenticationServlet extends AuthServlet {
+
+ /**
+ * Responds with an HTML form which upon submit requests the identity link
+ * from the security layer implementation.
+ * <br>
+ * Response:
+ * <ul>
+ * <li>Content type: <code>"text/html"</code></li>
+ * <li>Content: see return value of {@link AuthenticationServer#startAuthentication}</li>
+ * <li>Error status: <code>500</code>
+ * </ul>
+ * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("GET StartAuthentication");
+ String authURL =
+ req.getScheme() + "://" +
+ req.getServerName() + ":" +
+ req.getServerPort() +
+ req.getContextPath() + "/";
+ String target = req.getParameter(PARAM_TARGET);
+ String oaURL = req.getParameter(PARAM_OA);
+ String bkuURL = req.getParameter(PARAM_BKU);
+ String templateURL = req.getParameter(PARAM_TEMPLATE);
+ String sessionID = req.getParameter(PARAM_SESSIONID);
+ resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES);
+ resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA);
+ resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE);
+ try {
+ String getIdentityLinkForm =
+ AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID);
+ resp.setContentType("text/html");
+ PrintWriter out = new PrintWriter(resp.getOutputStream());
+ out.print(getIdentityLinkForm);
+ out.flush();
+ Logger.debug("Finished GET StartAuthentication");
+ }
+ catch (WrongParametersException ex) {
+ handleWrongParameters(ex, req, resp);
+ }
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+ }
+ }
+
+
+ /**
+ * @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ doGet(req, resp);
+ }
+
+
+ /**
+ * Calls the web application initializer.
+ *
+ * @see javax.servlet.Servlet#init(ServletConfig)
+ */
+ public void init(ServletConfig servletConfig) throws ServletException {
+ try {
+ MOAIDAuthInitializer.initialize();
+ Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
+ }
+ catch (Exception ex) {
+ Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
+ throw new ServletException(ex);
+ }
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
new file mode 100644
index 000000000..8d16f73dd
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -0,0 +1,110 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.net.URLEncoder;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Servlet requested for verifying the signed authentication block
+ * provided by the security layer implementation.
+ * Utilizes the {@link AuthenticationServer}.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class VerifyAuthenticationBlockServlet extends AuthServlet {
+
+
+ /**
+ * Constructor for VerifyAuthenticationBlockServlet.
+ */
+ public VerifyAuthenticationBlockServlet() {
+ super();
+ }
+
+ /**
+ * GET requested by security layer implementation to verify
+ * that data URL resource is available.
+ * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("GET VerifyAuthenticationBlock");
+ }
+
+ /**
+ * Verifies the signed authentication block and redirects the browser
+ * to the online application requested, adding a parameter needed for
+ * retrieving the authentication data.
+ * <br>
+ * Request parameters:
+ * <ul>
+ * <li>MOASessionID: ID of associated authentication session</li>
+ * <li>XMLResponse: <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+ * </ul>
+ * Response:
+ * <ul>
+ * <li>Status: <code>302</code></li>
+ * <li>Header <code>"Location"</code>: URL of the online application requested, with
+ * parameters <code>"Target"</code> and <code>"SAMLArtifact"</code> added</li>
+ * <li>Error status: <code>500</code>
+ * </ul>
+ * @see AuthenticationServer#verifyAuthenticationBlock
+ * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("POST VerifyAuthenticationBlock");
+ Map parameters = getParameters(req);
+ String sessionID = req.getParameter(PARAM_SESSIONID);
+ String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
+ // debug output
+ AuthenticationServer.debugOutputXMLFile("CreateXMLSignatureResponse.xml", createXMLSignatureResponse);
+ try {
+ AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+ String samlArtifactBase64 =
+ AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
+ String redirectURL = session.getOAURLRequested();
+ redirectURL = addURLParameter(redirectURL, PARAM_TARGET, session.getTarget());
+ redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64));
+ redirectURL = resp.encodeRedirectURL(redirectURL);
+ resp.setStatus(302);
+ resp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+ }
+ catch (WrongParametersException ex) {
+ handleWrongParameters(ex, req, resp);
+ }
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+ }
+
+ }
+ /**
+ * Adds a parameter to a URL.
+ * @param url the URL
+ * @param paramname parameter name
+ * @param paramvalue parameter value
+ * @return the URL with parameter added
+ */
+ private static String addURLParameter(String url, String paramname, String paramvalue) {
+ String param = paramname + "=" + paramvalue;
+ if (url.indexOf("?") < 0)
+ return url + "?" + param;
+ else
+ return url + "&" + param;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
new file mode 100644
index 000000000..d3a28c7d4
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -0,0 +1,97 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Servlet requested for verifying the identity link
+ * provided by the security layer implementation.
+ * Utilizes the {@link AuthenticationServer}.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class VerifyIdentityLinkServlet extends AuthServlet {
+
+ /**
+ * Constructor for VerifyIdentityLinkServlet.
+ */
+ public VerifyIdentityLinkServlet() {
+ super();
+ }
+
+ /**
+ * GET requested by security layer implementation to verify
+ * that data URL resource is available.
+ * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("GET VerifyIdentityLink");
+ }
+
+ /**
+ * Verifies the identity link and responds with a new
+ * <code>CreateXMLSignatureRequest</code>.
+ * <br>
+ * Request parameters:
+ * <ul>
+ * <li>MOASessionID: ID of associated authentication session</li>
+ * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
+ * </ul>
+ * Response:
+ * <ul>
+ * <li>Content type: <code>"text/xml"</code></li>
+ * <li>Content: see return value of {@link AuthenticationServer#verifyIdentityLink}</li>
+ * <li>Error status: <code>500</code>
+ * </ul>
+ * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("POST VerifyIdentityLink");
+ Map parameters = getParameters(req);
+ String sessionID = req.getParameter(PARAM_SESSIONID);
+ String infoboxReadResponse = (String)parameters.get(PARAM_XMLRESPONSE);
+ // debug output
+ AuthenticationServer.debugOutputXMLFile("InfoboxReadResponse.xml", infoboxReadResponse);
+ try {
+ String createXMLSignatureRequest =
+ AuthenticationServer.getInstance().verifyIdentityLink(sessionID, infoboxReadResponse);
+ AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+ resp.setStatus(307);
+ String dataURL = new DataURLBuilder().buildDataURL(
+ session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
+ resp.addHeader("Location", dataURL);
+ resp.setContentType("text/xml");
+ // debug output
+ AuthenticationServer.debugOutputXMLFile("CreateXMLSignatureRequest.xml", createXMLSignatureRequest);
+ OutputStream out = resp.getOutputStream();
+ out.write(createXMLSignatureRequest.getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ Logger.debug("Finished POST VerifyIdentityLink");
+ }
+ catch (WrongParametersException ex) {
+ handleWrongParameters(ex, req, resp);
+ }
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+ }
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
new file mode 100644
index 000000000..e596e79a4
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -0,0 +1,106 @@
+package at.gv.egovernment.moa.id.auth.validator;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ *
+ * This class is used to validate an {@link CreateXMLSignatureResponse}
+ * returned by the security layer.
+ * This class implements the Singleton pattern.
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class CreateXMLSignatureResponseValidator {
+
+ /** Xpath prefix for reaching SecurityLayer 1.0 Namespaces */
+ private static final String SAML = Constants.SAML_PREFIX + ":";
+ /** Xpath prefix for reaching XML-DSIG Namespaces */
+ private static final String DSIG = Constants.DSIG_PREFIX + ":";
+ /** Xpath expression to the SAML:Assertion element */
+ private static final String ROOT = SAML + "Assertion";
+ /** Xpath expression to the SAML:NameIdentifier element */
+ private static final String SAML_SUBJECT_NAME_IDENTIFIER_XPATH =
+ SAML + "AttributeStatement/" + SAML + "Subject/" +
+ SAML + "NameIdentifier";
+ /** Xpath expression to the SAML:Attribute element */
+ private static final String SAML_ATTRIBUTE_XPATH =
+ ROOT + "/" + SAML + "AttributeStatement/" + SAML + "Attribute";
+ /** Xpath expression to the SAML:AttributeValue element */
+ private static final String SAML_ATTRIBUTE_VALUE_XPATH =
+ SAML + "AttributeValue";
+
+
+ /** Singleton instance. <code>null</code>, if none has been created. */
+ private static CreateXMLSignatureResponseValidator instance;
+
+ /**
+ * Constructor for a singleton CreateXMLSignatureResponseValidator.
+ * @return an instance of CreateXMLSignatureResponseValidator
+ * @throws ValidateException if no instance can be created
+ */
+ public static synchronized CreateXMLSignatureResponseValidator getInstance()
+ throws ValidateException {
+ if (instance == null) {
+ instance = new CreateXMLSignatureResponseValidator();
+ }
+ return instance;
+ }
+
+
+ /**
+ * The Method validate is used for validating an explicit {@link CreateXMLSignatureResponse}
+ * @param createXMLSignatureResponse
+ * @param gbTarget
+ * @param oaURL
+ * @throws ValidateException
+ */
+ public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, String gbTarget, String oaURL)
+ throws ValidateException {
+
+ // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier
+
+ XPathUtils.selectNodeList(createXMLSignatureResponse.getSamlAssertion(),SAML_SUBJECT_NAME_IDENTIFIER_XPATH);
+
+ SAMLAttribute[] samlattributes = createXMLSignatureResponse.getSamlAttributes();
+ boolean foundOA = false;
+ boolean foundGB = false;
+ for (int i = 0; i < samlattributes.length; i++)
+ {
+ if (samlattributes[i].getName().equals("Geschäftsbereich"))
+ if (samlattributes[i].getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#"))
+
+ {
+ foundGB = true;
+ if (!gbTarget.equals(samlattributes[i].getValue()))
+ {
+ throw new ValidateException("validator.13", null);
+ }
+ }
+ else throw new ValidateException("validator.12", null);
+ if (samlattributes[i].getName().equals("OA"))
+ if (samlattributes[i].getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#"))
+ {
+ foundOA = true;
+ if (!oaURL.equals(samlattributes[i].getValue())) // CHECKS für die AttributeVALUES fehlen noch
+ {
+ throw new ValidateException("validator.16", new Object[] {":gefunden wurde '" + oaURL + "', erwartet wurde '" + samlattributes[i].getValue()});
+ }
+
+ }
+ else throw new ValidateException("validator.15", null);
+ }
+ if (!foundOA) throw new ValidateException("validator.14", null);
+ if (!foundGB) throw new ValidateException("validator.11", null);
+
+ //Check if dsig:Signature exists
+ Element dsigSignature = (Element) XPathUtils.selectSingleNode(createXMLSignatureResponse.getSamlAssertion(),DSIG + "Signature");
+ if (dsigSignature==null) throw new ValidateException("validator.05", null);
+
+
+ }
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
new file mode 100644
index 000000000..42e3e946f
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
@@ -0,0 +1,156 @@
+package at.gv.egovernment.moa.id.auth.validator;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ *
+ * This class is used to validate an {@link IdentityLink}
+ * returned by the security layer
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class IdentityLinkValidator implements Constants {
+
+ //
+ // XPath namespace prefix shortcuts
+ //
+ /** Xpath prefix for reaching PersonData Namespaces */
+ private static final String PDATA = PD_PREFIX + ":";
+ /** Xpath prefix for reaching SAML Namespaces */
+ private static final String SAML = SAML_PREFIX + ":";
+ /** Xpath prefix for reaching XML-DSIG Namespaces */
+ private static final String DSIG = DSIG_PREFIX + ":";
+ /** Xpath prefix for reaching ECDSA Namespaces */
+ private static final String ECDSA = ECDSA_PREFIX + ":";
+ /** Xpath expression to the root element */
+ private static final String ROOT = "/" + SAML + "Assertion/";
+ /** Xpath expression to the SAML:SubjectConfirmationData element */
+ private static final String SAML_SUBJECT_CONFIRMATION_DATA_XPATH =
+ ROOT
+ + SAML
+ + "AttributeStatement/"
+ + SAML
+ + "Subject/"
+ + SAML
+ + "SubjectConfirmation/"
+ + SAML
+ + "SubjectConfirmationData";
+/** Xpath expression to the PersonData:Person element */
+ private static final String PERSON_XPATH =
+ SAML_SUBJECT_CONFIRMATION_DATA_XPATH + "/" + PDATA + "Person";
+ /** Xpath expression to the SAML:Attribute element */
+ private static final String ATTRIBUTE_XPATH =
+ ROOT + SAML + "AttributeStatement/" + SAML + "Attribute";
+ /** Xpath expression to the SAML:AttributeName attribute */
+ private static final String ATTRIBUTE_NAME_XPATH =
+ ROOT + SAML + "AttributeStatement/" + SAML + "Attribute/@AttributeName";
+ /** Xpath expression to the SAML:AttributeNamespace attribute */
+ private static final String ATTRIBUTE_NAMESPACE_XPATH =
+ ROOT
+ + SAML
+ + "AttributeStatement/"
+ + SAML
+ + "Attribute/@AttributeNamespace";
+ /** Xpath expression to the SAML:AttributeValue element */
+ private static final String ATTRIBUTE_VALUE_XPATH =
+ ROOT
+ + SAML
+ + "AttributeStatement/"
+ + SAML
+ + "Attribute/"
+ + SAML
+ + "AttributeValue";
+
+ /** Singleton instance. <code>null</code>, if none has been created. */
+ private static IdentityLinkValidator instance;
+
+ /**
+ * Constructor for a singleton IdentityLinkValidator.
+ * @return a new IdentityLinkValidator instance
+ * @throws ValidateException if no instance can be created
+ */
+ public static synchronized IdentityLinkValidator getInstance()
+ throws ValidateException {
+ if (instance == null) {
+ instance = new IdentityLinkValidator();
+ }
+ return instance;
+ }
+
+ /**
+ * Method validate. Validates the {@link IdentityLink}
+ * @param identityLink The identityLink to validate
+ * @throws ValidateException on any validation error
+ */
+ public void validate(IdentityLink identityLink) throws ValidateException {
+
+ //Search the SAML:ASSERTION Object (A2.054)
+ if (identityLink.getSamlAssertion() == null)
+ throw new ValidateException("validator.00", null);
+
+ // Check how many saml:Assertion/saml:AttributeStatement/
+ // saml:Subject/ saml:SubjectConfirmation/
+ // saml:SubjectConfirmationData/pr:Person of type
+ // PhysicalPersonType exist (A2.056)
+ NodeList nl =
+ XPathUtils.selectNodeList(identityLink.getSamlAssertion(), PERSON_XPATH);
+ // If we have just one Person-Element we don't need to check the attributes
+ int counterPhysicalPersonType = 0;
+ if (nl.getLength() > 1)
+ for (int i = 0; i < nl.getLength(); i++) {
+ String xsiType =
+ ((Element) nl.item(i))
+ .getAttributeNodeNS(
+ "http://www.w3.org/2001/XMLSchema-instance",
+ "type")
+ .getNodeValue();
+ // We have to check if xsiType contains "PhysicalPersonType"
+ // An equal-check will fail because of the Namespace-prefix of the attribute value
+ if (xsiType.indexOf("PhysicalPersonType") > -1)
+ counterPhysicalPersonType++;
+ }
+ if (counterPhysicalPersonType > 1)
+ throw new ValidateException("validator.01", null);
+
+ //Check the SAML:ATTRIBUTES
+ nl = XPathUtils.selectNodeList(identityLink.getSamlAssertion(), ATTRIBUTE_XPATH);
+ for (int i = 0; i < nl.getLength(); i++) {
+ String attributeName =
+ XPathUtils.getAttributeValue(
+ (Element) nl.item(i),
+ "@AttributeName",
+ null);
+ String attributeNS =
+ XPathUtils.getAttributeValue(
+ (Element) nl.item(i),
+ "@AttributeNamespace",
+ null);
+ if (attributeName.equals("CitizenPublicKey")) {
+ if (attributeNS.equals("http://www.buergerkarte.at/namespaces/personenbindung/20020506#")) {
+ Element attributeValue =
+ (Element) XPathUtils.selectSingleNode((Element) nl.item(i),SAML + "AttributeValue/" + DSIG + "RSAKeyValue");
+ if (attributeValue==null)
+ attributeValue =
+ (Element) XPathUtils.selectSingleNode((Element)nl.item(i), SAML + "AttributeValue/" + ECDSA + "ECDSAKeyValue");
+ if (attributeValue == null)
+ throw new ValidateException("validator.02", null);
+ }
+ else
+ throw new ValidateException("validator.03", null);
+ }
+ else
+ throw new ValidateException("validator.04", null);
+ }
+
+ //Check if dsig:Signature exists
+ Element dsigSignature = (Element) XPathUtils.selectSingleNode(identityLink.getSamlAssertion(),ROOT + DSIG + "Signature");
+ if (dsigSignature==null) throw new ValidateException("validator.05", null);
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/ValidateException.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/ValidateException.java
new file mode 100644
index 000000000..a6685fca8
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/validator/ValidateException.java
@@ -0,0 +1,35 @@
+package at.gv.egovernment.moa.id.auth.validator;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+/**
+ * Exception thrown while validating an incoming XML structure
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class ValidateException extends MOAIDException {
+
+ /**
+ * Constructor for ValidateException.
+ * @param messageId
+ * @param parameters
+ */
+ public ValidateException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ /**
+ * Constructor for ValidateException.
+ * @param messageId
+ * @param parameters
+ * @param wrapped
+ */
+ public ValidateException(
+ String messageId,
+ Object[] parameters,
+ Throwable wrapped) {
+ super(messageId, parameters, wrapped);
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
new file mode 100644
index 000000000..a238d28cb
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -0,0 +1,124 @@
+package at.gv.egovernment.moa.id.auth.validator;
+
+import java.security.PublicKey;
+import java.security.interfaces.RSAPublicKey;
+
+import iaik.asn1.structures.Name;
+import iaik.utils.RFC2253NameParserException;
+import iaik.x509.X509Certificate;
+
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+
+/**
+ * This class is used to validate an {@link VerifyXMLSignatureResponse}
+ * returned by MOA-SPSS
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class VerifyXMLSignatureResponseValidator {
+
+ /** Identification string for checking identity link */
+ public static final String CHECK_IDENTITY_LINK = "IdentityLink";
+ /** Identification string for checking authentication block */
+ public static final String CHECK_AUTH_BLOCK = "AuthBlock";
+
+ /** Singleton instance. <code>null</code>, if none has been created. */
+ private static VerifyXMLSignatureResponseValidator instance;
+
+ /**
+ * Constructor for a singleton VerifyXMLSignatureResponseValidator.
+ */
+ public static synchronized VerifyXMLSignatureResponseValidator getInstance()
+ throws ValidateException {
+ if (instance == null) {
+ instance = new VerifyXMLSignatureResponseValidator();
+ }
+ return instance;
+ }
+
+ /**
+ * Validates a {@link VerifyXMLSignatureResponse} returned by MOA-SPSS.
+ *
+ * @param verifyXMLSignatureResponse the <code>&lt;VerifyXMLSignatureResponse&gt;</code>
+ * @param identityLinkSignersSubjectDNNames subject names configured
+ * @param whatToCheck is used to identify whether the identityLink or the Auth-Block is validated
+ * @throws ValidateException on any validation error
+ */
+ public void validate(
+ VerifyXMLSignatureResponse verifyXMLSignatureResponse,
+ String[] identityLinkSignersSubjectDNNames, String whatToCheck)
+ throws ValidateException {
+
+ if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0)
+ throw new ValidateException("validator.06", null);
+ if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0)
+ if (whatToCheck.equals(CHECK_IDENTITY_LINK))
+ throw new ValidateException("validator.07", null);
+ else
+ throw new ValidateException("validator.19", null);
+ if (verifyXMLSignatureResponse.isXmlDSIGManigest())
+ if (verifyXMLSignatureResponse.getXmlDSIGManifestCheckCode() != 0)
+ throw new ValidateException("validator.08", null);
+ //Check whether the returned X509 SubjectName is in the MOA-ID configuration or not
+ if (identityLinkSignersSubjectDNNames != null) {
+ String subjectDN = "";
+ X509Certificate x509Cert = verifyXMLSignatureResponse.getX509certificate();
+ try {
+ subjectDN = ((Name) x509Cert.getSubjectDN()).getRFC2253String();
+ }
+ catch (RFC2253NameParserException e) {
+ throw new ValidateException("validator.17", null);
+ }
+ boolean found = false;
+ for (int i = 0; i < identityLinkSignersSubjectDNNames.length; i++) {
+ if (identityLinkSignersSubjectDNNames[i].equals(subjectDN))
+ found = true;
+ }
+ if (!found)
+ throw new ValidateException(
+ "validator.18",
+ new Object[] { subjectDN });
+ }
+ }
+
+ /**
+ * Method validateCertificate.
+ * @param vsr is the VerifyXMLSignatureResponse
+ * @param idl
+ * @throws ValidateException
+ */
+ public void validateCertificate(
+ VerifyXMLSignatureResponse verifyXMLSignatureResponse,
+ IdentityLink idl)
+ throws ValidateException {
+
+ X509Certificate x509Response = verifyXMLSignatureResponse.getX509certificate();
+ PublicKey[] pubKeysIdentityLink = (PublicKey[]) idl.getPublicKey();
+
+ RSAPublicKey pubKeyResponse = (RSAPublicKey) x509Response.getPublicKey();
+
+ boolean found = false;
+ for (int i = 0; i < pubKeysIdentityLink.length; i++) {
+ if (idl.getPublicKey()[i]
+ instanceof java.security.interfaces.RSAPublicKey) {
+ /* for (int j = 0;
+ j < idl.getPublicKey()[i].getClass().getInterfaces().length;
+ j++) {
+ if (idl.getPublicKey()[i].getClass().getInterfaces()[j].getName()
+ .equals("java.security.interfaces.RSAPublicKey")) {*/
+ RSAPublicKey rsakey = (RSAPublicKey) pubKeysIdentityLink[i];
+ if (rsakey.getModulus().equals(pubKeyResponse.getModulus())
+ && rsakey.getPublicExponent().equals(
+ pubKeyResponse.getPublicExponent()))
+ found = true;
+ }
+
+ }
+
+ if (!found)
+ throw new ValidateException("validator.09", null);
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
new file mode 100644
index 000000000..f91222ac3
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
@@ -0,0 +1,678 @@
+package at.gv.egovernment.moa.id.config;
+
+import iaik.pki.pathvalidation.ChainingModes;
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
+
+import java.io.ByteArrayInputStream;
+import java.math.BigInteger;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.w3c.dom.Attr;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+import org.w3c.dom.traversal.NodeIterator;
+
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
+import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
+import at.gv.egovernment.moa.id.data.IssuerAndSerial;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * A class that builds configuration data from a DOM based representation.
+ *
+ * @author Patrick Peck
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class ConfigurationBuilder {
+
+ //
+ // XPath namespace prefix shortcuts
+ //
+ /** an XPATH-Expression */
+ private static final String CONF = Constants.MOA_ID_CONFIG_PREFIX + ":";
+ /** an XPATH-Expression */
+ private static final String DSIG = Constants.DSIG_PREFIX + ":";
+
+ //
+ // chaining mode constants appearing in the configuration file
+ //
+ /** an XPATH-Expression */
+ private static final String CM_CHAINING = "chaining";
+ /** an XPATH-Expression */
+ private static final String CM_PKIX = "pkix";
+ /** an XPATH-Expression */
+ private static final String DEFAULT_ENCODING = "UTF-8";
+
+ /**
+ * Default online application configuration file name
+ * (used when <code>/OnlineApplication/ProxyComponent@configFileURL</code> is <code>null</code>).
+ */
+ public static final String DEFAULT_OA_CONFIG_FILENAME = "MOAConfig.xml";
+
+ //
+ // XPath expressions to select certain parts of the configuration
+ //
+ /** an XPATH-Expression */
+ private static final String ROOT = "/" + CONF + "MOA-IDConfiguration/";
+ /** an XPATH-Expression */
+ private static final String ROOTOA = "/" + CONF + "Configuration/";
+ /** an XPATH-Expression */
+ private static final String AUTH_BKU_XPATH =
+ ROOT + CONF + "AuthComponent/" + CONF + "BKUSelection";
+ /** an XPATH-Expression */
+ private static final String AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH =
+ ROOT + CONF + "AuthComponent/" + CONF + "SecurityLayer/" + CONF + "TransformsInfo/@filename";
+ /** an XPATH-Expression */
+ private static final String AUTH_MOA_SP_XPATH =
+ ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP";
+ /** an XPATH-Expression */
+ private static final String AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH =
+ ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyIdentityLink/" + CONF + "TrustProfileID";
+ /** an XPATH-Expression */
+ private static final String AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH =
+ ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "TrustProfileID";
+ /** an XPATH-Expression */
+ private static final String AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH =
+ ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "VerifyTransformsInfoProfileID";
+
+ /** an XPATH-Expression */
+ private static final String AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH =
+ ROOT + CONF + "AuthComponent/" + CONF + "IdentityLinkSigners/" + CONF + "X509SubjectName";
+ /** an XPATH-Expression */
+ private static final String PROXY_AUTH_XPATH =
+ ROOT + CONF + "ProxyComponent/" + CONF + "AuthComponent";
+
+ /** an XPATH-Expression */
+ private static final String OA_XPATH = ROOT + CONF + "OnlineApplication";
+ /** an XPATH-Expression */
+ private static final String OA_LOGIN_XPATH = ROOT + CONF + "OnlineApplication/@loginURL";
+ /** an XPATH-Expression */
+ private static final String OA_AUTH_COMPONENT_XPATH = CONF + "AuthComponent";
+ /** an XPATH-Expression */
+ private static final String OA_PROXY_COMPONENT_XPATH = CONF + "ProxyComponent";
+ /** an XPATH-Expression */
+ private static final String OA_PROXY_COMPONENT_ABSOLUTE_XPATH = ROOT + CONF + "OnlineApplication/" + CONF + "ProxyComponent";
+ /** an XPATH-Expression */
+ private static final String OA_PROXY_URL_XPATH = CONF + "ProxyComponent/@configFileURL";
+ /** an XPATH-Expression */
+ private static final String OA_PROXY_SESSION_TIMEOUT_XPATH = CONF + "ProxyComponent/@sessionTimeOut";
+ /** an XPATH-Expression */
+ private static final String OA_PROXY_LOGIN_PARA_XPATH = CONF + "ProxyComponent/@loginParameterResolverImpl";
+ /** an XPATH-Expression */
+ private static final String OA_PROXY_CONNECTION_BUILDER_XPATH = CONF + "ProxyComponent/@connectionBuilderImpl";
+ /** an XPATH-Expression */
+ private static final String CONNECTION_PARAMETER_URL_XPATH =
+ CONF + "ConnectionParameter/@URL";
+ /** an XPATH-Expression */
+ private static final String CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH =
+ CONF + "ConnectionParameter/" + CONF + "AcceptedServerCertificates";
+ /** an XPATH-Expression */
+ private static final String CONNECTION_PARAMETERN_KEYSTORE_XPATH =
+ CONF + "ConnectionParameter/" + CONF + "ClientKeyStore";
+ /** an XPATH-Expression */
+ private static final String CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH =
+ CONNECTION_PARAMETERN_KEYSTORE_XPATH + "/@password";
+ /** an XPATH-Expression */
+ private static final String GENERIC_CONFIGURATION_XPATH =
+ ROOT + CONF + "GenericConfiguration";
+ /** an XPATH-Expression */
+ private static final String OACONF_LOGIN_TYPE_XPATH =
+ ROOTOA + CONF + "LoginType";
+ /** an XPATH-Expression */
+ private static final String OACONF_PARAM_AUTH_PARAMETER_XPATH =
+ ROOTOA + CONF + "ParamAuth/" + CONF + "Parameter";
+ /** an XPATH-Expression */
+ private static final String OACONF_USER_ID_XPATH =
+ ROOTOA + CONF + "BasicAuth/" + CONF + "UserID";
+ /** an XPATH-Expression */
+ private static final String OACONF_PASSWORD_XPATH =
+ ROOTOA + CONF + "BasicAuth/" + CONF + "Password";
+ /** an XPATH-Expression */
+ private static final String OACONF_HEADER_AUTH_HEADER_XPATH =
+ ROOTOA + CONF + "HeaderAuth/" + CONF + "Header";
+ /** an XPATH-Expression */
+ private static final String CHAINING_MODES_XPATH =
+ ROOT + CONF + "ChainingModes";
+ /** an XPATH-Expression */
+ private static final String CHAINING_MODES_DEFAULT_XPATH =
+ CHAINING_MODES_XPATH + "/@systemDefaultMode";
+ /** an XPATH-Expression */
+ private static final String TRUST_ANCHOR_XPATH =
+ ROOT + CONF + "ChainingModes/" + CONF + "TrustAnchor";
+ /** an XPATH-Expression */
+ private static final String ISSUER_XPATH = DSIG + "X509IssuerName";
+ /** an XPATH-Expression */
+ private static final String SERIAL_XPATH = DSIG + "X509SerialNumber";
+ /** an XPATH-Expression */
+ private static final String TRUSTED_CA_CERTIFICATES_XPATH =
+ ROOT + CONF + "TrustedCACertificates";
+
+ /** The root element of the MOA-ID configuration */
+ private Element configElem;
+
+ /**
+ * Creates a new <code>MOAConfigurationProvider</code>.
+ *
+ * @param configElem The root element of the MOA-ID configuration.
+ */
+ public ConfigurationBuilder(Element configElem) {
+ this.configElem = configElem;
+ }
+
+ /**
+ * Returns the root element of the MOA-ID configuration.
+ *
+ * @return The root element of the MOA-ID configuration.
+ */
+ public Element getConfigElem() {
+ return configElem;
+ }
+
+ /**
+ * Build a ConnectionParameter object containing all information
+ * of the moa-sp element in the authentication component
+ * @return ConnectionParameter of the authentication component moa-sp element
+ */
+ public ConnectionParameter buildAuthBKUConnectionParameter() {
+
+ Element authBKU = (Element) XPathUtils.selectSingleNode(getConfigElem(), AUTH_BKU_XPATH);
+ if (authBKU==null) return null;
+ return buildConnectionParameter(authBKU);
+ }
+
+ /**
+ * Method buildAuthBKUSelectionType.
+ *
+ * Build a string with the configuration value of BKUSelectionAlternative
+ *
+ * @return String
+ */
+ public String buildAuthBKUSelectionType() {
+
+ Element authBKU = (Element) XPathUtils.selectSingleNode(getConfigElem(), AUTH_BKU_XPATH);
+ if (authBKU==null) return null;
+ return (authBKU).getAttribute("BKUSelectionAlternative");
+ }
+
+ /**
+ * Build a string array with all filenames leading
+ * to the Transforms Information for the Security Layer
+ * @return String[] of filenames to the Security Layer Transforms Information
+ */
+ public String[] buildTransformsInfoFileNames() {
+
+ List transformsInfoFileNames = new ArrayList();
+ NodeIterator tiIter =
+ XPathUtils.selectNodeIterator(
+ getConfigElem(),
+ AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH);
+ Attr tiElem;
+
+ while ((tiElem = (Attr) tiIter.nextNode()) != null) {
+
+ String tiFileName = tiElem.getNodeValue();
+ transformsInfoFileNames.add(tiFileName);
+ }
+ String[] result = new String[transformsInfoFileNames.size()];
+ transformsInfoFileNames.toArray(result);
+
+ return result;
+ }
+
+ /**
+ * Build a ConnectionParameter bean containing all information
+ * of the authentication component moa-sp element
+ * @return ConnectionParameter of the authentication component moa-sp element
+ */
+ public ConnectionParameter buildMoaSpConnectionParameter() {
+
+ Element connectionParameter = (Element) XPathUtils.selectSingleNode(getConfigElem(), AUTH_MOA_SP_XPATH);
+ if (connectionParameter==null) return null;
+ return buildConnectionParameter(connectionParameter);
+ }
+
+ /**
+ * Return a string with a url-reference to the VerifyIdentityLink trust
+ * profile id within the moa-sp part of the authentication component
+ * @return String with a url-reference to the VerifyIdentityLink trust profile ID
+ */
+ public String getMoaSpIdentityLinkTrustProfileID() {
+ return XPathUtils.getElementValue(
+ getConfigElem(),
+ AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH,
+ "");
+ }
+ /**
+ * Return a string representation of an URL pointing to trusted CA Certificates
+ * @return String representation of an URL pointing to trusted CA Certificates
+ */
+ public String getTrustedCACertificates() {
+ return XPathUtils.getElementValue(
+ getConfigElem(),
+ TRUSTED_CA_CERTIFICATES_XPATH,null);
+ }
+
+ /**
+ * Return a string with a url-reference to the VerifyAuthBlock trust
+ * profile id within the moa-sp part of the authentication component
+ * @return String with a url-reference to the VerifyAuthBlock trust profile ID
+ */
+ public String getMoaSpAuthBlockTrustProfileID() {
+ return XPathUtils.getElementValue(
+ getConfigElem(),
+ AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH,
+ "");
+ }
+ /**
+ * Build a string array with references to all verify transform info
+ * IDs within the moa-sp part of the authentication component
+ * @return A string array containing all urls to the
+ * verify transform info IDs
+ */
+ public String[] buildMoaSpAuthBlockVerifyTransformsInfoIDs() {
+
+ List verifyTransformsInfoIDs = new ArrayList();
+ NodeIterator vtIter =
+ XPathUtils.selectNodeIterator(
+ getConfigElem(),
+ AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH);
+ Element vtElem;
+
+ while ((vtElem = (Element) vtIter.nextNode()) != null) {
+
+ String vtInfoIDs = DOMUtils.getText(vtElem);
+ verifyTransformsInfoIDs.add(vtInfoIDs);
+ }
+ String[] result = new String[verifyTransformsInfoIDs.size()];
+ verifyTransformsInfoIDs.toArray(result);
+
+ return result;
+ }
+
+ /**
+ * Return a string array containing all X509 Subject Names
+ * of the Identity Link Signers
+ * @return String with a url-reference to the VerifyAuthBlock trust profile ID
+ */
+ public String[] getIdentityLink_X509SubjectNames() {
+
+ List x509SubjectNameList = new ArrayList();
+ NodeIterator x509Iter =
+ XPathUtils.selectNodeIterator(
+ getConfigElem(),
+ AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH);
+ Element x509Elem;
+
+ while ((x509Elem = (Element) x509Iter.nextNode()) != null) {
+
+ String vtInfoIDs = DOMUtils.getText(x509Elem);
+ x509SubjectNameList.add(vtInfoIDs);
+ }
+ String[] result = new String[x509SubjectNameList.size()];
+ x509SubjectNameList.toArray(result);
+
+ return result;
+ }
+
+ /**
+ * Build an array of the OnlineApplication Parameters containing information
+ * about the authentication component
+ * @return An OAProxyParameter array containing beans
+ * with all relevant information for the authentication component of the online
+ * application
+ */
+ public OAAuthParameter[] buildOnlineApplicationAuthParameters() {
+
+ List OA_set = new ArrayList();
+ NodeList OAIter = XPathUtils.selectNodeList(getConfigElem(), OA_XPATH);
+
+ for (int i = 0; i < OAIter.getLength(); i++) {
+ Element oAElem = (Element) OAIter.item(i);
+ Element authComponent =
+ (Element) XPathUtils.selectSingleNode(oAElem, OA_AUTH_COMPONENT_XPATH);
+
+ OAAuthParameter oap = new OAAuthParameter();
+ oap.setPublicURLPrefix(oAElem.getAttribute("publicURLPrefix"));
+ //Check if there is an Auth-Block to read from configuration
+ if (authComponent!=null)
+ {
+ oap.setProvideZMRZahl(BoolUtils.valueOf(authComponent.getAttribute("provideZMRZahl")));
+ oap.setProvideAuthBlock(BoolUtils.valueOf(authComponent.getAttribute("provideAUTHBlock")));
+ oap.setProvideIdentityLink(BoolUtils.valueOf(authComponent.getAttribute("provideIdentityLink")));
+ }
+ OA_set.add(oap);
+ }
+ OAAuthParameter[] result =
+ new OAAuthParameter[OA_set.size()];
+ OA_set.toArray(result);
+
+ return result;
+
+ }
+
+ /**
+ * Build a bean containing all information about the ProxyComponent
+ * @return The ConnectionParameter for the Proxy Component
+ */
+ public ConnectionParameter buildAuthComponentConnectionParameter()
+ {
+
+ Element connectionParameter = (Element) XPathUtils.selectSingleNode(getConfigElem(), PROXY_AUTH_XPATH);
+ if (connectionParameter==null) return null;
+ return buildConnectionParameter(connectionParameter);
+
+ }
+ /**
+ * Method buildConnectionParameter: internal Method for creating a
+ * ConnectionParameter object with all data found in the incoming element
+ * @param root: this Element contains the ConnectionParameter
+ * @return ConnectionParameter
+ */
+ protected ConnectionParameter buildConnectionParameter(Element root)
+ {
+ ConnectionParameter result = new ConnectionParameter();
+ result.setAcceptedServerCertificates(
+ XPathUtils.getElementValue(root,CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH,null));
+ result.setUrl(
+ XPathUtils.getAttributeValue(root, CONNECTION_PARAMETER_URL_XPATH, ""));
+ result.setClientKeyStore(
+ XPathUtils.getElementValue(root,CONNECTION_PARAMETERN_KEYSTORE_XPATH,null));
+ result.setClientKeyStorePassword(
+ XPathUtils.getAttributeValue(root,CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH,""));
+
+ if ((result.getAcceptedServerCertificates()==null)
+ && (result.getUrl()=="")
+ && (result.getClientKeyStore()==null)
+ && (result.getClientKeyStorePassword()==""))
+ return null;
+
+ return result;
+ }
+
+ /**
+ * Build an array of OnlineApplication Parameter Beans containing information
+ * about the proxy component
+ * @return An OAProxyParameter array containing beans
+ * with all relevant information for the proxy component of the online
+ * application
+ */
+ public OAProxyParameter[] buildOnlineApplicationProxyParameters() throws ConfigurationException{
+
+ List oA_list = new ArrayList();
+ NodeList OAIter = XPathUtils.selectNodeList(getConfigElem(), OA_XPATH);
+
+ for (int i = 0; i < OAIter.getLength(); i++) {
+ Element oAElem = (Element) OAIter.item(i);
+ OAProxyParameter oap = new OAProxyParameter();
+
+ oap.setPublicURLPrefix(oAElem.getAttribute("publicURLPrefix"));
+ Element proxyComponentElem = (Element) XPathUtils.selectSingleNode(oAElem,OA_PROXY_COMPONENT_XPATH);
+ if (proxyComponentElem != null) {
+ oap.setConfigFileURL(XPathUtils.getAttributeValue(oAElem, OA_PROXY_URL_XPATH, null));
+ // default session time out: 3600 sec = 1 h
+ oap.setSessionTimeOut(new Integer(XPathUtils.getAttributeValue(oAElem,OA_PROXY_SESSION_TIMEOUT_XPATH,"3600")).intValue());
+ oap.setLoginParameterResolverImpl(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_XPATH, null));
+ oap.setConnectionBuilderImpl(XPathUtils.getAttributeValue(oAElem,OA_PROXY_CONNECTION_BUILDER_XPATH, null));
+
+ ConnectionParameter conPara = buildConnectionParameter(proxyComponentElem);
+ oap.setConnectionParameter(conPara);
+
+ OAConfiguration oaConf = buildOAConfiguration(getOAConfigElement(oap));
+ oap.setOaConfiguration(oaConf);
+
+ oA_list.add(oap);
+ }
+ }
+ OAProxyParameter[] result =
+ new OAProxyParameter[oA_list.size()];
+ oA_list.toArray(result);
+
+ return result;
+
+ }
+
+ /**
+ * Build the mapping of generic configuration properties.
+ *
+ * @return a {@link Map} of generic configuration properties (a name to value
+ * mapping) from the configuration.
+ */
+ public Map buildGenericConfiguration() {
+
+ Map genericConfiguration = new HashMap();
+ NodeIterator gcIter =
+ XPathUtils.selectNodeIterator(
+ getConfigElem(),
+ GENERIC_CONFIGURATION_XPATH);
+ Element gcElem;
+
+ while ((gcElem = (Element) gcIter.nextNode()) != null) {
+ String gcName = gcElem.getAttribute("name");
+ String gcValue = gcElem.getAttribute("value");
+
+ genericConfiguration.put(gcName, gcValue);
+ }
+
+ return genericConfiguration;
+ }
+ /**
+ * Method buildOAConfiguration.
+ *
+ * Build an {@link OAConfiguration} Object from the given configuration DOM element
+ *
+ * @param root
+ * @return OAConfiguration
+ * @throws ConfigurationException
+ */
+ public OAConfiguration buildOAConfiguration(Element root) throws ConfigurationException{
+
+ OAConfiguration oaConfiguration = new OAConfiguration();
+
+ //The LoginType hast to be "stateless" or "stateful" to be valid
+ oaConfiguration.setLoginType(
+ XPathUtils.getElementValue(root, OACONF_LOGIN_TYPE_XPATH, null));
+
+ //Try to build the Parameter Auth Parameters
+ NodeIterator paramAuthIter =
+ XPathUtils.selectNodeIterator(
+ root,
+ OACONF_PARAM_AUTH_PARAMETER_XPATH);
+ Element paramAuthElem;
+ HashMap paramAuthMap = new HashMap();
+ while ((paramAuthElem = (Element) paramAuthIter.nextNode()) != null) {
+ String name = XPathUtils.getAttributeValue(paramAuthElem, "@Name", null);
+ String value = XPathUtils.getAttributeValue(paramAuthElem, "@Value", null);
+ if (paramAuthMap.containsKey(name))
+ throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"});
+ paramAuthMap.put(name, value);
+ }
+ oaConfiguration.setParamAuthMapping(paramAuthMap);
+ // Try to build the BasicAuthParameters
+ oaConfiguration.setBasicAuthUserIDMapping(
+ XPathUtils.getElementValue(root, OACONF_USER_ID_XPATH, null));
+ oaConfiguration.setBasicAuthPasswordMapping(
+ XPathUtils.getElementValue(root, OACONF_PASSWORD_XPATH, null));
+
+ //Try to build the Parameter Auth Parameters
+ NodeIterator headerAuthIter = XPathUtils.selectNodeIterator(root,OACONF_HEADER_AUTH_HEADER_XPATH);
+
+ Element headerAuthElem;
+ HashMap headerAuthMap = new HashMap();
+ while ((headerAuthElem = (Element) headerAuthIter.nextNode()) != null) {
+ String name =
+ XPathUtils.getAttributeValue(headerAuthElem, "@Name", null);
+ String value =
+ XPathUtils.getAttributeValue(headerAuthElem, "@Value", null);
+ // Contains Key (Neue Config-Exception: doppelte werte)
+ if (headerAuthMap.containsKey(name))
+ throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"});
+ headerAuthMap.put(name, value);
+ }
+ oaConfiguration.setHeaderAuthMapping(headerAuthMap);
+
+ if (paramAuthMap.size() == 0) {
+ if (oaConfiguration.getBasicAuthUserIDMapping() == null) {
+ oaConfiguration.setAuthType(OAConfiguration.HEADER_AUTH);
+ }
+ else
+ oaConfiguration.setAuthType(OAConfiguration.BASIC_AUTH);
+ }
+ else
+ oaConfiguration.setAuthType(OAConfiguration.PARAM_AUTH);
+
+ return oaConfiguration;
+ }
+
+ /**
+ * Reads the configuration file of the online application, and creates a DOM tree from it.
+ * If <code>/OnlineApplication/ProxyComponent@configFileURL</code> is not given,
+ * uses default configuration file location.
+ *
+ * @param oap configuration data of online application, meant for use by MOA-ID-PROXY
+ * @return Element DOM tree root element
+ * @throws ConfigurationException on any exception thrown
+ */
+ private Element getOAConfigElement(OAProxyParameter oap) throws ConfigurationException
+ {
+ try {
+ String configFileURL = oap.getConfigFileURL();
+ if (configFileURL == null) {
+ // use default config file URL, when config file URL is not given
+ configFileURL = oap.getConnectionParameter().getUrl();
+ if (configFileURL.charAt(configFileURL.length() - 1) != '/')
+ configFileURL += "/";
+ configFileURL += DEFAULT_OA_CONFIG_FILENAME;
+ }
+ Logger.info("Loading MOA-OA configuration " + configFileURL);
+ Element configElem = DOMUtils.parseXmlValidating(
+ new ByteArrayInputStream(FileUtils.readURL(configFileURL)));
+ return configElem;
+ }
+ catch (Throwable t) {
+ throw new ConfigurationException("config.03", new Object[] {"OAConfiguration"} , t);
+ }
+ }
+
+ /**
+ * Returns the default chaining mode from the configuration.
+ *
+ * @return The default chaining mode.
+ */
+ public String getDefaultChainingMode() {
+ String defaultChaining =
+ XPathUtils.getAttributeValue(
+ getConfigElem(),
+ CHAINING_MODES_DEFAULT_XPATH,
+ CM_CHAINING);
+
+ return translateChainingMode(defaultChaining);
+
+ }
+ /**
+ * Build the chaining modes for all configured trust anchors.
+ *
+ * @return The mapping from trust anchors to chaining modes.
+ */
+ public Map buildChainingModes() {
+ Map chainingModes = new HashMap();
+ NodeIterator trustIter =
+ XPathUtils.selectNodeIterator(getConfigElem(), TRUST_ANCHOR_XPATH);
+ Element trustAnchorElem;
+
+ while ((trustAnchorElem = (Element) trustIter.nextNode()) != null) {
+ IssuerAndSerial issuerAndSerial = buildIssuerAndSerial(trustAnchorElem);
+ String mode = trustAnchorElem.getAttribute("mode");
+
+ if (issuerAndSerial != null) {
+ chainingModes.put(issuerAndSerial, translateChainingMode(mode));
+ }
+ }
+
+ return chainingModes;
+ }
+
+ /**
+ * Build an <code>IssuerAndSerial</code> from the DOM representation.
+ *
+ * @param root The root element (being of type <code>dsig:
+ * X509IssuerSerialType</code>.
+ * @return The issuer and serial number contained in the <code>root</code>
+ * element or <code>null</code> if could not be built for any reason.
+ */
+ private IssuerAndSerial buildIssuerAndSerial(Element root) {
+ String issuer = XPathUtils.getElementValue(root, ISSUER_XPATH, null);
+ String serial = XPathUtils.getElementValue(root, SERIAL_XPATH, null);
+
+ if (issuer != null && serial != null) {
+ try {
+ RFC2253NameParser nameParser = new RFC2253NameParser(issuer);
+ Principal issuerDN = nameParser.parse();
+
+ return new IssuerAndSerial(issuerDN, new BigInteger(serial));
+ } catch (RFC2253NameParserException e) {
+ warn("config.09", new Object[] { issuer, serial }, e);
+ return null;
+ } catch (NumberFormatException e) {
+ warn("config.09", new Object[] { issuer, serial }, e);
+ return null;
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Translate the chaining mode from the configuration file to one used in the
+ * IAIK MOA API.
+ *
+ * @param chainingMode The chaining mode from the configuration.
+ * @return The chaining mode as provided by the <code>ChainingModes</code>
+ * interface.
+ * @see iaik.pki.pathvalidation.ChainingModes
+ */
+ private String translateChainingMode(String chainingMode) {
+ if (chainingMode.equals(CM_CHAINING)) {
+ return ChainingModes.CHAIN_MODE;
+ } else if (chainingMode.equals(CM_PKIX)) {
+ return ChainingModes.PKIX_MODE;
+ } else {
+ return ChainingModes.CHAIN_MODE;
+ }
+ }
+
+ /**
+ * Method warn.
+ * @param messageId to identify a country-specific message
+ * @param parameters for the logger
+ */
+ //
+ // various utility methods
+ //
+
+ private static void warn(String messageId, Object[] parameters) {
+ Logger.warn(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters));
+ }
+
+ /**
+ * Method warn.
+ * @param messageId to identify a country-specific message
+ * @param args for the logger
+ * @param t as throwabl
+ */
+ private static void warn(String messageId, Object[] args, Throwable t) {
+ Logger.warn(MOAIDMessageProvider.getInstance().getMessage(messageId, args), t);
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationException.java b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationException.java
new file mode 100644
index 000000000..2ebec0398
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationException.java
@@ -0,0 +1,31 @@
+package at.gv.egovernment.moa.id.config;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+/**
+ * Exception signalling an error in the configuration.
+ *
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ConfigurationException extends MOAIDException {
+
+ /**
+ * Create a <code>MOAConfigurationException</code>.
+ */
+ public ConfigurationException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ /**
+ * Create a <code>MOAConfigurationException</code>.
+ */
+ public ConfigurationException(
+ String messageId,
+ Object[] parameters,
+ Throwable wrapped) {
+
+ super(messageId, parameters, wrapped);
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
new file mode 100644
index 000000000..5d523ba62
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
@@ -0,0 +1,105 @@
+package at.gv.egovernment.moa.id.config;
+
+import java.math.BigInteger;
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.data.IssuerAndSerial;
+
+/**
+ * Base class for <code>AuthConfigurationProvider</code> and <code>ProxyConfigurationProvider</code>,
+ * providing functions common to both of them.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class ConfigurationProvider {
+
+ /**
+ * Constructor
+ */
+ public ConfigurationProvider() {
+ super();
+ }
+
+ /**
+ * The name of the system property which contains the file name of the
+ * configuration file.
+ */
+ public static final String CONFIG_PROPERTY_NAME =
+ "moa.id.configuration";
+
+ /**
+ * The name of the generic configuration property giving the certstore directory path.
+ */
+ public static final String DIRECTORY_CERTSTORE_PARAMETER_PROPERTY =
+ "DirectoryCertStoreParameters.RootDir";
+
+ /**
+ * A <code>Map</code> which contains generic configuration information. Maps a
+ * configuration name (a <code>String</code>) to a configuration value (also a
+ * <code>String</code>).
+ */
+ protected Map genericConfiguration;
+
+ /** The default chaining mode. */
+ protected String defaultChainingMode;
+
+ /**
+ * A <code>Map</code> which contains the <code>IssuerAndSerial</code> to
+ * chaining mode (a <code>String</code>) mapping.
+ */
+ protected Map chainingModes;
+
+ /**
+ * the URL for the trusted CA Certificates
+ */
+ protected String trustedCACertificates;
+
+ /**
+ * Returns the mapping of generic configuration properties.
+ *
+ * @return The mapping of generic configuration properties (a name to value
+ * mapping) from the configuration.
+ */
+ public Map getGenericConfiguration() {
+ return genericConfiguration;
+ }
+
+ /**
+ * Returns the value of a parameter from the generic configuration section.
+ *
+ * @return the parameter value; <code>null</code> if no such parameter
+ */
+ public String getGenericConfigurationParameter(String parameter) {
+ if (! genericConfiguration.containsKey(parameter))
+ return null;
+ return (String)genericConfiguration.get(parameter);
+ }
+
+ /**
+ * Return the chaining mode for a given trust anchor.
+ *
+ * @param trustAnchor The trust anchor for which the chaining mode should be
+ * returned.
+ * @return The chaining mode for the given trust anchor. If the trust anchor
+ * has not been configured separately, the system default will be returned.
+ */
+ public String getChainingMode(X509Certificate trustAnchor) {
+ Principal issuer = trustAnchor.getIssuerDN();
+ BigInteger serial = trustAnchor.getSerialNumber();
+ IssuerAndSerial issuerAndSerial = new IssuerAndSerial(issuer, serial);
+
+ String mode = (String) chainingModes.get(issuerAndSerial);
+ return mode != null ? mode : defaultChainingMode;
+ }
+
+ /**
+ * Returns the trustedCACertificates.
+ * @return String
+ */
+ public String getTrustedCACertificates() {
+ return trustedCACertificates;
+ }
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id.server/src/at/gv/egovernment/moa/id/config/ConnectionParameter.java
new file mode 100644
index 000000000..30b09cfe0
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/config/ConnectionParameter.java
@@ -0,0 +1,106 @@
+package at.gv.egovernment.moa.id.config;
+
+/**
+ * This bean class is used to store data for various connectionParameter
+ * within the MOA-ID configuration
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class ConnectionParameter {
+
+ /**
+ * Server URL
+ */
+ private String url;
+ /**
+ * File URL for a directory containing PKCS#12 server SSL certificates.
+ * From these certificates, a X509 trust store will be assembled for use
+ * by a JSSE <code>TrustManager</code>.
+ * This field will only be used in case of an HTTPS URL.
+ */
+ private String acceptedServerCertificates;
+ /**
+ * File URL of a X509 key store containing the private key to be used
+ * for an HTTPS connection when the server requires client authentication.
+ * This field will only be used in case of an HTTPS URL.
+ */
+ private String clientKeyStore;
+ /**
+ * Password protecting the client key store.
+ */
+ private String clientKeyStorePassword;
+
+ /**
+ * Checks whether the URL scheme is <code>"https"</code>.
+ * @return true in case of an URL starting with <code>"https"</code>
+ */
+ public boolean isHTTPSURL() {
+ return getUrl().indexOf("https") == 0;
+ }
+
+ /**
+ * Returns the url.
+ * @return String
+ */
+ public String getUrl() {
+ return url;
+ }
+
+ /**
+ * Returns the acceptedServerCertificates.
+ * @return String
+ */
+ public String getAcceptedServerCertificates() {
+ return acceptedServerCertificates;
+ }
+
+ /**
+ * Sets the acceptedServerCertificates.
+ * @param acceptedServerCertificates The acceptedServerCertificates to set
+ */
+ public void setAcceptedServerCertificates(String acceptedServerCertificates) {
+ this.acceptedServerCertificates = acceptedServerCertificates;
+ }
+
+ /**
+ * Sets the url.
+ * @param url The url to set
+ */
+ public void setUrl(String url) {
+ this.url = url;
+ }
+
+ /**
+ * Returns the clientKeyStore.
+ * @return String
+ */
+ public String getClientKeyStore() {
+ return clientKeyStore;
+ }
+
+ /**
+ * Returns the clientKeyStorePassword.
+ * @return String
+ */
+ public String getClientKeyStorePassword() {
+ return clientKeyStorePassword;
+ }
+
+ /**
+ * Sets the clientKeyStore.
+ * @param clientKeyStore The clientKeyStore to set
+ */
+ public void setClientKeyStore(String clientKeyStore) {
+ this.clientKeyStore = clientKeyStore;
+ }
+
+ /**
+ * Sets the clientKeyStorePassword.
+ * @param clientKeyStorePassword The clientKeyStorePassword to set
+ */
+ public void setClientKeyStorePassword(String clientKeyStorePassword) {
+ this.clientKeyStorePassword = clientKeyStorePassword;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
new file mode 100644
index 000000000..e3c869d53
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -0,0 +1,341 @@
+package at.gv.egovernment.moa.id.config.auth;
+
+import java.io.BufferedInputStream;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.config.ConfigurationBuilder;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.FileUtils;
+
+/**
+ * A class providing access to the Auth Part of the MOA-ID configuration data.
+ *
+ * <p>Configuration data is read from an XML file, whose location is given by
+ * the <code>moa.id.configuration</code> system property.</p>
+ * <p>This class implements the Singleton pattern. The <code>reload()</code>
+ * method can be used to update the configuration data. Therefore, it is not
+ * guaranteed that consecutive calls to <code>getInstance()</code> will return
+ * the same <code>AuthConfigurationProvider</code> all the time. During the
+ * processing of a web service request, the current
+ * <code>TransactionContext</code> should be used to obtain the
+ * <code>AuthConfigurationProvider</code> local to that request.</p>
+ *
+ * @author Patrick Peck
+ * @author Stefan Knirsch
+ *
+ * @version $Id$
+ */
+public class AuthConfigurationProvider extends ConfigurationProvider {
+
+ /** DEFAULT_ENCODING is "UTF-8" */
+ private static final String DEFAULT_ENCODING="UTF-8";
+ /**
+ * The name of the generic configuration property giving the authentication session time out.
+ */
+ public static final String AUTH_SESSION_TIMEOUT_PROPERTY =
+ "AuthenticationSession.TimeOut";
+ /**
+ * The name of the generic configuration property giving the authentication data time out.
+ */
+ public static final String AUTH_DATA_TIMEOUT_PROPERTY =
+ "AuthenticationData.TimeOut";
+
+ /**
+ * BKUSelectionType HTMLComplete, according to schema type <code>BKUSelectionType</code>
+ */
+ public static final String BKU_SELECTION_TYPE_HTMLCOMPLETE =
+ "HTMLComplete";
+
+ /**
+ * BKUSelectionType HTMLSelect, according to schema type <code>BKUSelectionType</code>
+ */
+ public static final String BKU_SELECTION_TYPE_HTMLSELECT =
+ "HTMLSelect";
+
+ /** Singleton instance. <code>null</code>, if none has been created. */
+ private static AuthConfigurationProvider instance;
+
+ //
+ // configuration data
+ //
+
+ /**
+ * configuration files containing transformations for rendering in the
+ * secure viewer of the security layer implementation;
+ * multiple files can be given for different mime types
+ */
+ private String[] transformsInfoFileNames;
+ /**
+ * transformations for rendering in the secure viewer of the security layer implementation,
+ * read from {@link transformsInfoFileNames};
+ * multiple transformation can be given for different mime types
+ */
+ private String[] transformsInfos;
+ /**
+ * parameters for connection to MOA SP component
+ */
+ private ConnectionParameter moaSpConnectionParameter;
+ /**
+ * trust profile ID to be used for verifying the identity link signature via MOA ID SP
+ */
+ private String moaSpIdentityLinkTrustProfileID;
+ /**
+ * trust profile ID to be used for verifying the AUTH block signature via MOA ID SP
+ */
+ private String moaSpAuthBlockTrustProfileID;
+ /**
+ * transformations to be used for verifying the AUTH block signature via MOA ID SP
+ */
+ private String[] moaSpAuthBlockVerifyTransformsInfoIDs;
+ /**
+ * X509 SubjectNames which will be trusted
+ */
+ private String[] identityLinkX509SubjectNames;
+
+ /**
+ * configuration parameters for online applications
+ */
+ private OAAuthParameter[] onlineApplicationAuthParameters;
+ /**
+ * the Selection Type of the bku Selection Element
+ */
+ private String bKUSelectionType;
+ /**
+ * is the bku Selection Element present?
+ */
+ private boolean bKUSelectable;
+ /**
+ * the bku Selection Connection Parameters
+ */
+ private ConnectionParameter bKUConnectionParameter;
+ /**
+ * Return the single instance of configuration data.
+ *
+ * @return AuthConfigurationProvider The current configuration data.
+ * @throws ConfigurationException
+ */
+ public static synchronized AuthConfigurationProvider getInstance()
+ throws ConfigurationException {
+
+ if (instance == null) {
+ reload();
+ }
+ return instance;
+ }
+
+ /**
+ * Reload the configuration data and set it if successful.
+ *
+ * @return AuthConfigurationProvider The loaded configuration data.
+ * @throws ConfigurationException Failure to load the configuration data.
+ */
+ public static synchronized AuthConfigurationProvider reload()
+ throws ConfigurationException {
+ String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
+ if (fileName == null) {
+ throw new ConfigurationException("config.01", null);
+ }
+ Logger.info("Loading MOA-ID-AUTH configuration " + fileName);
+
+ instance = new AuthConfigurationProvider(fileName);
+ return instance;
+ }
+
+ /**
+ * Constructor for AuthConfigurationProvider.
+ * @param fileName
+ * @throws ConfigurationException
+ */
+ public AuthConfigurationProvider(String fileName)
+ throws ConfigurationException {
+
+ load(fileName);
+ }
+
+ /**
+ * Load the configuration data from XML file with the given name and build
+ * the internal data structures representing the MOA ID configuration.
+ *
+ * @param fileName The name of the XML file to load.
+ * @throws ConfigurationException The MOA configuration could not be
+ * read/built.
+ */
+ private void load(String fileName) throws ConfigurationException {
+ InputStream stream = null;
+ Element configElem;
+ ConfigurationBuilder builder;
+
+ try {
+ // load the main config file
+ stream = new BufferedInputStream(new FileInputStream(fileName));
+ configElem = DOMUtils.parseXmlValidating(stream);
+ } catch (Throwable t) {
+ throw new ConfigurationException("config.03", null, t);
+ }
+ finally {
+ try {
+ if (stream != null) {
+ stream.close();
+ }
+ } catch (IOException e) {
+ }
+ }
+ try {
+ // build the internal datastructures
+ builder = new ConfigurationBuilder(configElem);
+ bKUConnectionParameter = builder.buildAuthBKUConnectionParameter();
+ bKUSelectable = (bKUConnectionParameter!=null);
+ bKUSelectionType = builder.buildAuthBKUSelectionType();
+ genericConfiguration = builder.buildGenericConfiguration();
+ transformsInfoFileNames = builder.buildTransformsInfoFileNames();
+ loadTransformsInfos();
+ moaSpConnectionParameter = builder.buildMoaSpConnectionParameter();
+ moaSpIdentityLinkTrustProfileID = builder.getMoaSpIdentityLinkTrustProfileID();
+ moaSpAuthBlockTrustProfileID = builder.getMoaSpAuthBlockTrustProfileID();
+ moaSpAuthBlockVerifyTransformsInfoIDs = builder.buildMoaSpAuthBlockVerifyTransformsInfoIDs();
+ onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters();
+ identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames();
+ defaultChainingMode = builder.getDefaultChainingMode();
+ chainingModes = builder.buildChainingModes();
+ trustedCACertificates = builder.getTrustedCACertificates(); }
+ catch (Throwable t) {
+ throw new ConfigurationException("config.02", null, t);
+ }
+ }
+
+ /**
+ * Loads the <code>transformsInfos</code> from files.
+ * @throws Exception on any exception thrown
+ */
+ private void loadTransformsInfos() throws Exception {
+ transformsInfos = new String[transformsInfoFileNames.length];
+ for (int i = 0; i < transformsInfoFileNames.length; i++) {
+ String fileURL = transformsInfoFileNames[i];
+ String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING);
+ transformsInfos[i] = transformsInfo;
+ }
+ }
+ /**
+ * Return a string array with all filenames leading
+ * to the Transforms Information for the Security Layer
+ * @return String[] of filenames to the Security Layer Transforms Information
+ */
+ public String[] getTransformsInfoFileNames() {
+ return transformsInfoFileNames;
+ }
+
+ /**
+ * Build an array of the OnlineApplication Parameters containing information
+ * about the authentication component
+ * @return An OAProxyParameter array containing beans
+ * with all relevant information for theauthentication component of the online
+ * application
+ */
+ public OAAuthParameter[] getOnlineApplicationParameters() {
+ return onlineApplicationAuthParameters;
+ }
+
+ /**
+ * Provides configuration information regarding the online application behind
+ * the given URL, relevant to the MOA-ID Auth component.
+ *
+ * @param oaURL URL requested for an online application
+ * @return an <code>OAAuthParameter</code>, or <code>null</code>
+ * if none is applicable
+ */
+ public OAAuthParameter getOnlineApplicationParameter(String oaURL) {
+ OAAuthParameter[] oaParams = getOnlineApplicationParameters();
+ for (int i = 0; i < oaParams.length; i++) {
+ OAAuthParameter oaParam = oaParams[i];
+ if (oaURL.indexOf(oaParam.getPublicURLPrefix()) == 0)
+ return oaParam;
+ }
+ return null;
+ }
+
+ /**
+ * Return a string with a url-reference to the VerifyAuthBlock trust
+ * profile id within the moa-sp part of the authentication component
+ *
+ * @return String with a url-reference to the VerifyAuthBlock trust profile ID
+ */
+ public String getMoaSpAuthBlockTrustProfileID() {
+ return moaSpAuthBlockTrustProfileID;
+ }
+
+ /**
+ * Return a string array with references to all verify transform info
+ * IDs within the moa-sp part of the authentication component
+ * @return A string array containing all urls to the
+ * verify transform info IDs
+ */
+ public String[] getMoaSpAuthBlockVerifyTransformsInfoIDs() {
+ return moaSpAuthBlockVerifyTransformsInfoIDs;
+ }
+
+ /**
+ * Return a ConnectionParameter bean containing all information
+ * of the authentication component moa-sp element
+ * @return ConnectionParameter of the authentication component moa-sp element
+ */
+ public ConnectionParameter getMoaSpConnectionParameter() {
+ return moaSpConnectionParameter;
+ }
+
+ /**
+ * Return a string with a url-reference to the VerifyIdentityLink trust
+ * profile id within the moa-sp part of the authentication component
+ * @return String with a url-reference to the VerifyIdentityLink trust profile ID
+ */
+ public String getMoaSpIdentityLinkTrustProfileID() {
+ return moaSpIdentityLinkTrustProfileID;
+ }
+ /**
+ * Returns the transformsInfos.
+ * @return String[]
+ */
+ public String[] getTransformsInfos() {
+ return transformsInfos;
+ }
+
+ /**
+ * Returns the identityLinkX509SubjectNames.
+ * @return String[]
+ */
+ public String[] getIdentityLinkX509SubjectNames() {
+ return identityLinkX509SubjectNames;
+ }
+
+ /**
+ * Returns the bKUConnectionParameter.
+ * @return ConnectionParameter
+ */
+ public ConnectionParameter getBKUConnectionParameter() {
+ return bKUConnectionParameter;
+ }
+
+ /**
+ * Returns the bKUSelectable.
+ * @return boolean
+ */
+ public boolean isBKUSelectable() {
+ return bKUSelectable;
+ }
+
+ /**
+ * Returns the bKUSelectionType.
+ * @return String
+ */
+ public String getBKUSelectionType() {
+ return bKUSelectionType;
+ }
+
+} \ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
new file mode 100644
index 000000000..9ee1ec606
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -0,0 +1,93 @@
+package at.gv.egovernment.moa.id.config.auth;
+
+/**
+ * Configuration parameters belonging to an online application,
+ * to use with the MOA ID Auth component.
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class OAAuthParameter {
+
+ /**
+ * public URL prefix of the online application
+ */
+ private String publicURLPrefix;
+ /**
+ * determines whether "ZMR-Zahl" is to be included in the authentication data
+ */
+ private boolean provideZMRZahl;
+ /**
+ * determines whether AUTH block is to be included in the authentication data
+ */
+ private boolean provideAuthBlock;
+ /**
+ * determines whether identity link is to be included in the authentication data
+ */
+ private boolean provideIdentityLink;
+
+ /**
+ * Returns the provideAuthBlock.
+ * @return String
+ */
+ public boolean getProvideAuthBlock() {
+ return provideAuthBlock;
+ }
+
+ /**
+ * Returns the provideIdentityLink.
+ * @return String
+ */
+ public boolean getProvideIdentityLink() {
+ return provideIdentityLink;
+ }
+
+ /**
+ * Returns the provideZMRZahl.
+ * @return String
+ */
+ public boolean getProvideZMRZahl() {
+ return provideZMRZahl;
+ }
+
+ /**
+ * Returns the publicURLPrefix.
+ * @return String
+ */
+ public String getPublicURLPrefix() {
+ return publicURLPrefix;
+ }
+
+ /**
+ * Sets the provideAuthBlock.
+ * @param provideAuthBlock The provideAuthBlock to set
+ */
+ public void setProvideAuthBlock(boolean provideAuthBlock) {
+ this.provideAuthBlock = provideAuthBlock;
+ }
+
+ /**
+ * Sets the provideIdentityLink.
+ * @param provideIdentityLink The provideIdentityLink to set
+ */
+ public void setProvideIdentityLink(boolean provideIdentityLink) {
+ this.provideIdentityLink = provideIdentityLink;
+ }
+
+ /**
+ * Sets the provideZMRZahl.
+ * @param provideZMRZahl The provideZMRZahl to set
+ */
+ public void setProvideZMRZahl(boolean provideZMRZahl) {
+ this.provideZMRZahl = provideZMRZahl;
+ }
+
+ /**
+ * Sets the publicURLPrefix.
+ * @param publicURLPrefix The publicURLPrefix to set
+ */
+ public void setPublicURLPrefix(String publicURLPrefix) {
+ this.publicURLPrefix = publicURLPrefix;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java b/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java
new file mode 100644
index 000000000..c9a13fee5
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java
@@ -0,0 +1,145 @@
+package at.gv.egovernment.moa.id.config.proxy;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * Holds configuration data concerning an online application for use by the MOA-ID Proxy component.
+ * These include the login type (stateful or stateless), the HTTP authentication type,
+ * and information needed to add authentication parameters or headers for a URL connection
+ * to the remote online application.
+ * @see <code>MOAIDConfiguration-1.1.xsd</code>, element <code>Configuration</code>
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class OAConfiguration {
+
+ /** Constant for an login method */
+ public static final String LOGINTYPE_STATEFUL = "stateful";
+ /** Constant for an login method */
+ public static final String LOGINTYPE_STATELESS = "stateless";
+
+ /** Constant for an auth method */
+ public static final String BASIC_AUTH = "basic";
+ /** Constant for an auth method */
+ public static final String HEADER_AUTH = "header";
+ /** Constant for an auth method */
+ public static final String PARAM_AUTH = "param";
+
+ /** login type: stateful or stateless */
+ String loginType;
+ /** authentication type: basic, header, or param */
+ String authType;
+ /**
+ * mapping of parameter names to AuthenticationData field names
+ * in case of authentication type <code>"header-auth"</code>
+ */
+ Map paramAuthMapping;
+ /**
+ * mapping of parameter names to AuthenticationData field names
+ * in case of authentication type <code>"param-auth"</code>
+ */
+ Map headerAuthMapping;
+ /** mapping for user ID to be used in case of authentication type <code>"basic-auth"</code> */
+ String basicAuthUserIDMapping;
+ /** mapping for password to be used in case of authentication type <code>"basic-auth"</code> */
+ String basicAuthPasswordMapping;
+
+ /**
+ * Returns the basicAuthPasswordMapping.
+ * @return String
+ */
+ public String getBasicAuthPasswordMapping() {
+ return basicAuthPasswordMapping;
+ }
+
+ /**
+ * Returns the basicAuthUserIDMapping.
+ * @return String
+ */
+ public String getBasicAuthUserIDMapping() {
+ return basicAuthUserIDMapping;
+ }
+
+ /**
+ * Returns the headerAuthMapping.
+ * @return HashMap
+ */
+ public Map getHeaderAuthMapping() {
+ return headerAuthMapping;
+ }
+
+ /**
+ * Returns the loginType.
+ * @return String
+ */
+ public String getLoginType() {
+ return loginType;
+ }
+
+ /**
+ * Returns the paramAuthMapping.
+ * @return HashMap
+ */
+ public Map getParamAuthMapping() {
+ return paramAuthMapping;
+ }
+
+ /**
+ * Sets the basicAuthPasswordMapping.
+ * @param basicAuthPasswordMapping The basicAuthPasswordMapping to set
+ */
+ public void setBasicAuthPasswordMapping(String basicAuthPassword) {
+ this.basicAuthPasswordMapping = basicAuthPassword;
+ }
+
+ /**
+ * Sets the basicAuthUserIDMapping.
+ * @param basicAuthUserIDMapping The basicAuthUserIDMapping to set
+ */
+ public void setBasicAuthUserIDMapping(String basicAuthUserID) {
+ this.basicAuthUserIDMapping = basicAuthUserID;
+ }
+
+ /**
+ * Sets the headerAuthMapping.
+ * @param headerAuthMapping The headerAuthMapping to set
+ */
+ public void setHeaderAuthMapping(HashMap headerAuth) {
+ this.headerAuthMapping = headerAuth;
+ }
+
+ /**
+ * Sets the loginType.
+ * @param loginType The loginType to set
+ */
+ public void setLoginType(String loginType) {
+ this.loginType = loginType;
+ }
+
+ /**
+ * Sets the paramAuthMapping.
+ * @param paramAuthMapping The paramAuthMapping to set
+ */
+ public void setParamAuthMapping(HashMap paramAuth) {
+ this.paramAuthMapping = paramAuth;
+ }
+
+ /**
+ * Returns the authType.
+ * @return String
+ */
+ public String getAuthType() {
+ return authType;
+ }
+
+ /**
+ * Sets the authType.
+ * @param authType The authType to set
+ */
+ public void setAuthType(String authLoginType) {
+ this.authType = authLoginType;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java b/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
new file mode 100644
index 000000000..f08c60736
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
@@ -0,0 +1,160 @@
+package at.gv.egovernment.moa.id.config.proxy;
+
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+
+/**
+ * Configuration parameters belonging to an online application,
+ * to use with the MOA ID Proxy component.
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class OAProxyParameter {
+
+ /**
+ * public URL prefix of the online application
+ */
+ private String publicURLPrefix;
+ /**
+ * URL of online application configuration file;
+ * defaults to relative URL <code>/moaconfig.xml</code>
+ */
+ private String configFileURL;
+ /**
+ * implementation of {@link at.gv.egovernment.moa.id.proxy.LoginParameterResolver} interface
+ * to be used for authenticating the online application;
+ * defaults to {@link at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver}
+ */
+ private String loginParameterResolverImpl;
+ /**
+ * implementation of {@link at.gv.egovernment.moa.id.proxy.ConnectionBuilder} interface
+ * to be used for connecting to the online application;
+ * defaults to {@link at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder}
+ */
+ private String connectionBuilderImpl;
+ /**
+ * session time out to be used in case of a stateless online application
+ */
+ private int sessionTimeOut;
+ /**
+ * parameters regarding the connection from the proxy to the online application
+ */
+ private ConnectionParameter connectionParameter;
+ /**
+ * parameters for logging into the online application
+ */
+ private OAConfiguration oaConfiguration;
+
+ /**
+ * Returns the configFileURL.
+ * @return String
+ */
+ public String getConfigFileURL() {
+ return configFileURL;
+ }
+
+ /**
+ * Returns the sessionTimeOut.
+ * @return int
+ */
+ public int getSessionTimeOut() {
+ return sessionTimeOut;
+ }
+
+ /**
+ * Returns the connectionParameter.
+ * @return ConnectionParameter
+ */
+ public ConnectionParameter getConnectionParameter() {
+ return connectionParameter;
+ }
+
+ /**
+ * Sets the configFileURL.
+ * @param configFileURL The configFileURL to set
+ */
+ public void setConfigFileURL(String oaProxyConfigFileURL) {
+ this.configFileURL = oaProxyConfigFileURL;
+ }
+
+ /**
+ * Sets the sessionTimeOut.
+ * @param sessionTimeOut The sessionTimeOut to set
+ */
+ public void setSessionTimeOut(int oaProxySessionTimeOut) {
+ this.sessionTimeOut = oaProxySessionTimeOut;
+ }
+
+ /**
+ * Sets the connectionParameter.
+ * @param connectionParameter The connectionParameter to set
+ */
+ public void setConnectionParameter(ConnectionParameter proxyConnectionParameter) {
+ this.connectionParameter = proxyConnectionParameter;
+ }
+
+ /**
+ * Returns the publicURLPrefix.
+ * @return String
+ */
+ public String getPublicURLPrefix() {
+ return publicURLPrefix;
+ }
+
+ /**
+ * Sets the publicURLPrefix.
+ * @param publicURLPrefix The publicURLPrefix to set
+ */
+ public void setPublicURLPrefix(String url) {
+ this.publicURLPrefix = url;
+ }
+
+ /**
+ * Returns the connectionBuilderImpl.
+ * @return String
+ */
+ public String getConnectionBuilderImpl() {
+ return connectionBuilderImpl;
+ }
+
+ /**
+ * Returns the loginParameterResolverImpl.
+ * @return String
+ */
+ public String getLoginParameterResolverImpl() {
+ return loginParameterResolverImpl;
+ }
+
+ /**
+ * Sets the connectionBuilderImpl.
+ * @param connectionBuilderImpl The connectionBuilderImpl to set
+ */
+ public void setConnectionBuilderImpl(String connectionBuilderImp) {
+ this.connectionBuilderImpl = connectionBuilderImp;
+ }
+
+ /**
+ * Sets the loginParameterResolverImpl.
+ * @param loginParameterResolverImpl The loginParameterResolverImpl to set
+ */
+ public void setLoginParameterResolverImpl(String loginParameterResolverImpl) {
+ this.loginParameterResolverImpl = loginParameterResolverImpl;
+ }
+
+ /**
+ * Returns the oaConfiguration.
+ * @return OAConfiguration
+ */
+ public OAConfiguration getOaConfiguration() {
+ return oaConfiguration;
+ }
+
+ /**
+ * Sets the oaConfiguration.
+ * @param oaConfiguration The oaConfiguration to set
+ */
+ public void setOaConfiguration(OAConfiguration oaConfiguration) {
+ this.oaConfiguration = oaConfiguration;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
new file mode 100644
index 000000000..897d14da9
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
@@ -0,0 +1,170 @@
+package at.gv.egovernment.moa.id.config.proxy;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.config.ConfigurationBuilder;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+/**
+ * A class providing access to the Proxy Part of the MOA-ID configuration data.
+ *
+ * <p>Configuration data is read from an XML file, whose location is given by
+ * the <code>moa.id.configuration</code> system property.</p>
+ * <p>This class implements the Singleton pattern. The <code>reload()</code>
+ * method can be used to update the configuration data. Therefore, it is not
+ * guaranteed that consecutive calls to <code>getInstance()</code> will return
+ * the same <code>ProxyConfigurationProvider</code> all the time. During the
+ * processing of a web service request, the current
+ * <code>TransactionContext</code> should be used to obtain the
+ * <code>ProxyConfigurationProvider</code> local to that request.</p>
+ *
+ * @author Stefan Knirsch
+ */
+public class ProxyConfigurationProvider extends ConfigurationProvider {
+
+ /** Singleton instance. <code>null</code>, if none has been created. */
+ private static ProxyConfigurationProvider instance;
+
+ //
+ // configuration data
+ //
+ /**
+ * connection parameters for connection to MOA ID Auth component
+ */
+ private ConnectionParameter authComponentConnectionParameter;
+ /**
+ * configuration parameters for online applications
+ */
+ private OAProxyParameter[] onlineApplicationProxyParameter;
+
+ /**
+ * Return the single instance of configuration data.
+ *
+ * @return ProxyConfigurationProvider The current configuration data.
+ * @throws ConfigurationException
+ */
+ public static synchronized ProxyConfigurationProvider getInstance()
+ throws ConfigurationException {
+
+ if (instance == null) {
+ reload();
+ }
+ return instance;
+ }
+
+ /**
+ * Reload the configuration data and set it if successful.
+ *
+ * @return ProxyConfigurationProvider The loaded configuration data.
+ * @throws ConfigurationException Failure to load the configuration data.
+ */
+ public static synchronized ProxyConfigurationProvider reload()
+ throws ConfigurationException {
+ String fileName = System.getProperty(CONFIG_PROPERTY_NAME);
+ if (fileName == null) {
+ throw new ConfigurationException("config.01", null);
+ }
+ Logger.info("Loading MOA-ID-PROXY configuration " + fileName);
+
+ instance = new ProxyConfigurationProvider(fileName);
+ return instance;
+ }
+
+ /**
+ * Constructor for ProxyConfigurationProvider.
+ */
+ public ProxyConfigurationProvider(String fileName)
+ throws ConfigurationException {
+
+ load(fileName);
+ }
+
+ /**
+ * Load the configuration data from XML file with the given name and build
+ * the internal data structures representing the MOA configuration.
+ *
+ * @param fileName The name of the XML file to load.
+ * @throws ConfigurationException The MOA configuration could not be
+ * read/built.
+ */
+ private void load(String fileName) throws ConfigurationException {
+ FileInputStream stream = null;
+ Element configElem;
+ ConfigurationBuilder builder;
+
+ try {
+ // load the main config file
+ stream = new FileInputStream(fileName);
+ configElem = DOMUtils.parseXmlValidating(stream);
+ }
+ catch (Throwable t) {
+ throw new ConfigurationException("config.03", null, t);
+ }
+ finally {
+ try {
+ if (stream != null) {
+ stream.close();
+ }
+ }
+ catch (IOException e) {
+ }
+ }
+ try {
+ // build the internal datastructures
+ builder = new ConfigurationBuilder(configElem);
+ authComponentConnectionParameter = builder.buildAuthComponentConnectionParameter();
+ onlineApplicationProxyParameter = builder.buildOnlineApplicationProxyParameters();
+ genericConfiguration = builder.buildGenericConfiguration();
+ defaultChainingMode = builder.getDefaultChainingMode();
+ chainingModes = builder.buildChainingModes();
+ trustedCACertificates = builder.getTrustedCACertificates();
+ }
+ catch (Throwable t) {
+ throw new ConfigurationException("config.02", null, t);
+ }
+ }
+
+ /**
+ * Return a bean containing all information about the ProxyComponent
+ * @return The ConnectionParameter for the Proxy Component
+ */
+ public ConnectionParameter getAuthComponentConnectionParameter() {
+ return authComponentConnectionParameter;
+ }
+
+ /**
+ * Build an array of OnlineApplication Parameter Beans containing all
+ * information about the proxy component of the online application
+ * @return An OAProxyParameter array containing beans
+ * with all relevant information for the proxy component of the online
+ * application
+ */
+ public OAProxyParameter[] getOnlineApplicationParameters() {
+ return onlineApplicationProxyParameter;
+ }
+ /**
+ * Provides configuration information regarding the online application behind
+ * the given URL, relevant to the MOA-ID Proxy component.
+ *
+ * @param oaURL URL requested for an online application
+ * @return an <code>OAProxyParameter</code>, or <code>null</code>
+ * if none is applicable
+ */
+ public OAProxyParameter getOnlineApplicationParameter(String oaURL) {
+ OAProxyParameter[] oaParams = getOnlineApplicationParameters();
+ for (int i = 0; i < oaParams.length; i++) {
+ OAProxyParameter oaParam = oaParams[i];
+ if (oaURL.startsWith(oaParam.getPublicURLPrefix()))
+ return oaParam;
+ }
+ return null;
+ }
+
+} \ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java
new file mode 100644
index 000000000..aac1dc422
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -0,0 +1,314 @@
+package at.gv.egovernment.moa.id.data;
+
+import java.util.Date;
+
+/**
+ * Encapsulates authentication data contained in a <code>&lt;saml:Assertion&gt;</code>.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+
+public class AuthenticationData {
+ /**
+ * major version number of the SAML assertion
+ */
+ private int majorVersion;
+ /**
+ * minor version number of the SAML assertion
+ */
+ private int minorVersion;
+ /**
+ * identifier for this assertion
+ */
+ private String assertionID;
+ /**
+ * URL of the MOA-ID Auth component issueing this assertion
+ */
+ private String issuer;
+ /**
+ * time instant of issue of this assertion
+ */
+ private String issueInstant;
+ /**
+ * user identification (ZMR-Zahl); <code>null</code>,
+ * if the authentication module is configured not to return this data
+ */
+ private String identificationValue;
+ /**
+ * application specific user identifier (VPK)
+ */
+ private String vpk;
+ /**
+ * given name of the user
+ */
+ private String givenName;
+ /**
+ * family name of the user
+ */
+ private String familyName;
+ /**
+ * date of birth of the user
+ */
+ private String dateOfBirth;
+ /**
+ * says whether the certificate is a qualified certificate or not
+ */
+ private boolean qualifiedCertificate;
+ /**
+ * says whether the certificate is a public authority or not
+ */
+ private boolean publicAuthority;
+ /**
+ * public authority code (Beh&ouml;rdenkennzeichen - BKZ)
+ */
+ private String publicAuthorityCode;
+ /**
+ * the corresponding <code>lt;saml:Assertion&gt;</code>
+ */
+ private String samlAssertion;
+ /**
+ * creation timestamp
+ */
+ Date timestamp;
+
+ /**
+ * Constructor for AuthenticationData.
+ */
+ public AuthenticationData() {
+ timestamp = new Date();
+ }
+
+ /**
+ * Returns the minorVersion.
+ * @return int
+ */
+ public int getMinorVersion() {
+ return minorVersion;
+ }
+
+ /**
+ * Returns the publicAuthority.
+ * @return boolean
+ */
+ public boolean isPublicAuthority() {
+ return publicAuthority;
+ }
+
+ /**
+ * Returns the publicAuthorityCode.
+ * @return String
+ */
+ public String getPublicAuthorityCode() {
+ return publicAuthorityCode;
+ }
+
+ /**
+ * Returns the qualifiedCertificate.
+ * @return boolean
+ */
+ public boolean isQualifiedCertificate() {
+ return qualifiedCertificate;
+ }
+
+ /**
+ * Returns the vpk.
+ * @return String
+ */
+ public String getVPK() {
+ return vpk;
+ }
+
+ /**
+ * Sets the minorVersion.
+ * @param minorVersion The minorVersion to set
+ */
+ public void setMinorVersion(int minorVersion) {
+ this.minorVersion = minorVersion;
+ }
+
+ /**
+ * Sets the publicAuthority.
+ * @param publicAuthority The publicAuthority to set
+ */
+ public void setPublicAuthority(boolean publicAuthority) {
+ this.publicAuthority = publicAuthority;
+ }
+
+ /**
+ * Sets the publicAuthorityCode.
+ * @param publicAuthorityCode The publicAuthorityCode to set
+ */
+ public void setPublicAuthorityCode(String publicAuthorityIdentification) {
+ this.publicAuthorityCode = publicAuthorityIdentification;
+ }
+
+ /**
+ * Sets the qualifiedCertificate.
+ * @param qualifiedCertificate The qualifiedCertificate to set
+ */
+ public void setQualifiedCertificate(boolean qualifiedCertificate) {
+ this.qualifiedCertificate = qualifiedCertificate;
+ }
+
+ /**
+ * Sets the vpk.
+ * @param vpk The vpk to set
+ */
+ public void setVPK(String vpk) {
+ this.vpk = vpk;
+ }
+
+ /**
+ * Returns the assertionID.
+ * @return String
+ */
+ public String getAssertionID() {
+ return assertionID;
+ }
+
+ /**
+ * Returns the dateOfBirth.
+ * @return String
+ */
+ public String getDateOfBirth() {
+ return dateOfBirth;
+ }
+
+ /**
+ * Returns the familyName.
+ * @return String
+ */
+ public String getFamilyName() {
+ return familyName;
+ }
+
+ /**
+ * Returns the givenName.
+ * @return String
+ */
+ public String getGivenName() {
+ return givenName;
+ }
+
+ /**
+ * Returns the identificationValue.
+ * @return String
+ */
+ public String getIdentificationValue() {
+ return identificationValue;
+ }
+
+ /**
+ * Returns the issueInstant.
+ * @return String
+ */
+ public String getIssueInstant() {
+ return issueInstant;
+ }
+
+ /**
+ * Returns the issuer.
+ * @return String
+ */
+ public String getIssuer() {
+ return issuer;
+ }
+
+ /**
+ * Returns the majorVersion.
+ * @return int
+ */
+ public int getMajorVersion() {
+ return majorVersion;
+ }
+
+ /**
+ * Sets the assertionID.
+ * @param assertionID The assertionID to set
+ */
+ public void setAssertionID(String assertionID) {
+ this.assertionID = assertionID;
+ }
+
+ /**
+ * Sets the dateOfBirth.
+ * @param dateOfBirth The dateOfBirth to set
+ */
+ public void setDateOfBirth(String dateOfBirth) {
+ this.dateOfBirth = dateOfBirth;
+ }
+
+ /**
+ * Sets the familyName.
+ * @param familyName The familyName to set
+ */
+ public void setFamilyName(String gamilyName) {
+ this.familyName = gamilyName;
+ }
+
+ /**
+ * Sets the givenName.
+ * @param givenName The givenName to set
+ */
+ public void setGivenName(String givenName) {
+ this.givenName = givenName;
+ }
+
+ /**
+ * Sets the identificationValue.
+ * @param identificationValue The identificationValue to set
+ */
+ public void setIdentificationValue(String identificationValue) {
+ this.identificationValue = identificationValue;
+ }
+
+ /**
+ * Sets the issueInstant.
+ * @param issueInstant The issueInstant to set
+ */
+ public void setIssueInstant(String issueInstant) {
+ this.issueInstant = issueInstant;
+ }
+
+ /**
+ * Sets the issuer.
+ * @param issuer The issuer to set
+ */
+ public void setIssuer(String issuer) {
+ this.issuer = issuer;
+ }
+
+ /**
+ * Sets the majorVersion.
+ * @param majorVersion The majorVersion to set
+ */
+ public void setMajorVersion(int majorVersion) {
+ this.majorVersion = majorVersion;
+ }
+
+ /**
+ * Returns the samlAssertion.
+ * @return String
+ */
+ public String getSamlAssertion() {
+ return samlAssertion;
+ }
+
+ /**
+ * Sets the samlAssertion.
+ * @param samlAssertion The samlAssertion to set
+ */
+ public void setSamlAssertion(String samlAssertion) {
+ this.samlAssertion = samlAssertion;
+ }
+
+ /**
+ * Returns the timestamp.
+ * @return Date
+ */
+ public Date getTimestamp() {
+ return timestamp;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/data/Cookie.java b/id.server/src/at/gv/egovernment/moa/id/data/Cookie.java
new file mode 100644
index 000000000..5729e54c3
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/data/Cookie.java
@@ -0,0 +1,119 @@
+package at.gv.egovernment.moa.id.data;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.StringTokenizer;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * The Cookie-class provides methods to save and return cookies for
+ * each single session
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ *
+ */
+public class Cookie {
+ /** A HahsMap containing all our cookies */
+ HashMap cookies = new HashMap();
+ /** A HashMap to temporarely store 'Set-Cookie' values from the OnlineApplication
+ * to send them back to the client/browser as soon as possible */
+ HashMap cookies401 = new HashMap();
+
+ /**
+ * Adds a Cookie from a response with response-code 401 to the cookie-pool
+ * for sending it back to the browser / client
+ * @param String: the complete 'Set-Cookie' - String
+ */
+ public void add401(String cookieString)
+ {
+ cookies401.put(getKey(cookieString),cookieString);
+ }
+
+ /**
+ * Get the HashMap containing all cookies to be sent to the browser / client
+ * @return HashMap with all cookies
+ */
+ public HashMap get401()
+ {
+ return cookies401;
+ }
+
+ /**
+ * Clear the 401 cookie-pool
+ */
+ public void clear401()
+ {
+ cookies401.clear();
+ }
+
+ /**
+ * Set a cookie that comes from the Online-Application
+ * and save it in our "normal" cookie-pool
+ * @param String the complete "Set-Cookie" - String from the Online-Application
+ */
+ public void setCookie(String value) {
+ cookies.put(getKey(value), getValue(value));
+ }
+
+ /**
+ * Method saveOldCookies.
+ * @param String the complete "Set-Cookie" - String from the Online-Application
+ */
+ public void saveOldCookies(String value) {
+ StringTokenizer st = new StringTokenizer(value,";");
+ while (st.hasMoreTokens())
+ {
+ // We have to trim because the Tokenizer returns cookies including spaces at the beginning
+ StringTokenizer st2 = new StringTokenizer(st.nextToken().trim(),"=");
+ String cookieKey = st2.nextToken().trim();
+ if (st2.hasMoreTokens())
+ {
+ String cookieValue = st2.nextToken().trim();
+ if (!cookies.containsKey(cookieKey))
+ cookies.put(cookieKey , cookieValue);
+ }
+ }
+ Logger.debug("Found these cookies: " + getCookies());
+ }
+
+ /**
+ * Get a String containing all cookies saved in that session seperated by '; '
+ * to be sent back to the Online-Application
+ * @return String containing all cookies saved in that session seperated by '; '
+ */
+ public String getCookies() {
+ String result = "";
+ if (cookies.size()==0)
+ return null;
+ Iterator i = cookies.keySet().iterator();
+ while (i.hasNext()) {
+ String key = (String) i.next();
+ result += key + "=" + (String)cookies.get(key) + "; ";
+ }
+ return result.substring(0, result.length() - 2);
+ }
+
+ /**
+ * Returns the key of a key-value-pair of a cookie
+ * getKey("CookieA=1234") returns CookieA
+ * @param String the complete "Set-cookie" String containing a key-value-pair of a cookie
+ * @return String the key of a key-value-pair of a cookie
+ */
+ private String getKey(String input) {
+ return input.substring(0, input.indexOf("="));
+ }
+
+ /**
+ * Returns the value of a key-value-pair of a cookie
+ * getKey("CookieA=1234") returns 1234
+ * @param String the complete "Set-cookie" String containing a key-value-pair of a cookie
+ * @return String the value of a key-value-pair of a cookie
+ */
+ private String getValue(String input) {
+ if (input.indexOf(";") == -1)
+ return input.substring(input.indexOf("=") + 1, input.getBytes().length);
+ return input.substring(input.indexOf("=") + 1, input.indexOf(";"));
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/data/CookieManager.java b/id.server/src/at/gv/egovernment/moa/id/data/CookieManager.java
new file mode 100644
index 000000000..98f84c429
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/data/CookieManager.java
@@ -0,0 +1,114 @@
+package at.gv.egovernment.moa.id.data;
+
+import java.util.HashMap;
+
+/**
+ * The CookieManager is a singleton to manage a Cookie-Object for
+ * each session
+ * @author Stefan Knirsch
+ * @version $Id$
+ *
+ */
+public class CookieManager {
+ /** the singleton instance of the CookieManager */
+ private static CookieManager instance;
+ /** a HashMap to bind a Cookie-object to every single session*/
+ private static HashMap cookies = new HashMap();
+
+ /**
+ * Create a singleton of the CookieManager
+ * @return CookieManager
+ */
+ public static CookieManager getInstance()
+ {
+ if(instance==null) instance=new CookieManager();
+ return instance;
+ }
+
+ /**
+ * Save a cookie to a specified session-id
+ * @param String id the session id
+ * @param String cookie_string - the complete 'Set-Cookie' String from the OnlineApplication
+ */
+ public void saveCookie(String id,String cookie_string)
+ {
+ getCookieWithID(id).setCookie(cookie_string);
+ }
+
+ /**
+ * Method saveOldCookies.
+ * @param id
+ * @param cookie_string
+ */
+ public void saveOldCookies(String id,String cookie_string)
+ {
+ getCookieWithID(id).saveOldCookies(cookie_string);
+ }
+
+ /**
+ * Get a Cookie-Object for a specified session-id
+ * @param String id the session id
+ * @return Cookie object containing all saved cookies for this session
+ */
+ public Cookie getCookieWithID(String id)
+ {
+ Cookie c = null;
+ if(cookies.containsKey(id))
+ c = (Cookie)cookies.get(id);
+ else
+ {
+ c = new Cookie();
+ cookies.put(id,c);
+ }
+ return c;
+ }
+
+
+ /**
+ * Get a String containing all cookies of a specified session-id
+ * saved in that session seperated by '; ' to be sent back to
+ * the Online-Application
+ * @param id the session-id
+ * @return String containing all cookies saved in that session seperated by '; '
+ */
+ public String getCookie(String id)
+ {
+ Cookie result = (Cookie)cookies.get((String)id);
+ if (result==null)
+ return null;
+ return result.getCookies();
+
+ }
+
+ /**
+ * Adds a Cookie for a special session from a response with
+ * response-code 401 to the cookie-pool for sending it back
+ * to the browser / client
+ * @param id the session-id
+ * @param String: the complete 'Set-Cookie' - String
+ */
+ public void add401(String id,String value)
+ {
+ getCookieWithID(id).add401(value);
+ }
+
+ /**
+ * Clear the 401 cookie-pool of a session
+ * @param id the session-id
+ */
+ public void clear401(String id)
+ {
+ getCookieWithID(id).clear401();
+ }
+
+ /**
+ * Get the HashMap containing all cookies of a session to be sent to the browser / client
+ * @param id the session-id
+ * @return HashMap with all cookies
+ */
+ public HashMap get401(String id)
+ {
+ return getCookieWithID(id).get401();
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/data/IssuerAndSerial.java b/id.server/src/at/gv/egovernment/moa/id/data/IssuerAndSerial.java
new file mode 100644
index 000000000..a47dd8b29
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/data/IssuerAndSerial.java
@@ -0,0 +1,111 @@
+package at.gv.egovernment.moa.id.data;
+
+import java.math.BigInteger;
+import java.security.Principal;
+
+import iaik.asn1.structures.Name;
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
+
+/**
+ * A class containing the issuer and serial number of a certificate, which can
+ * be used to uniquely identify the certificate.
+ *
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class IssuerAndSerial {
+ /** store the issuer as String*/
+ private String issuerDN;
+ /** store the serial as BigInteger*/
+ private BigInteger serial;
+
+ /**
+ * Create an <code>IssuerAndSerial</code> object.
+ *
+ * The name of the issuer is converted to RFC2253. If it cannot be parsed, the
+ * DN contained in the <code>issuer</code> is set.
+ *
+ * @param issuer The isser of a certificate.
+ * @param serial The serial number of the certificate.
+ */
+ public IssuerAndSerial(Principal issuer, BigInteger serial) {
+ RFC2253NameParser parser = new RFC2253NameParser(issuer.getName());
+
+ try {
+ this.issuerDN = ((Name) parser.parse()).getRFC2253String();
+ } catch (RFC2253NameParserException e) {
+ this.issuerDN = issuer.getName();
+ }
+ this.serial = serial;
+ }
+
+ /**
+ * Create an <code>IssuerAndSerial</code> object.
+ *
+ * @param issuerDN The issuer distinguished name. Should be an RFC2253 name.
+ * @param serial The serial number of the certificate.
+ */
+ public IssuerAndSerial(String issuerDN, BigInteger serial) {
+ this.issuerDN = issuerDN;
+ this.serial = serial;
+ }
+
+ /**
+ * Return the issuer DN in RFC2253 format.
+ *
+ * @return The issuer part of this object.
+ */
+ public String getIssuerDN() {
+ return issuerDN;
+ }
+
+ /**
+ * Return the serial number.
+ *
+ * @return The serial number of this object.
+ */
+ public BigInteger getSerial() {
+ return serial;
+ }
+
+ /**
+ * Compare this <code>IssuerAndSerial</code> to another object.
+ *
+ * @return <code>true</code>, if <code>other</code> is an
+ * <code>IssuerAndSerial</code> object and the <code>issuer</code> and
+ * <code>serial</code> fields are both equal. <code>false</code> otherwise.
+ * @see java.lang.Object#equals(java.lang.Object)
+ */
+ public boolean equals(Object other) {
+ if (other instanceof IssuerAndSerial) {
+ IssuerAndSerial ias = (IssuerAndSerial) other;
+ return getIssuerDN().equals(ias.getIssuerDN())
+ && getSerial().equals(ias.getSerial());
+ }
+ return false;
+ }
+
+ /**
+ * Return the hash code of this <code>IssuerAndSerial</code>.
+ *
+ * @return The hash code of this <code>IssuerAndSerial</code>.
+ * @see java.lang.Object#hashCode()
+ */
+ public int hashCode() {
+ return issuerDN.hashCode() ^ serial.hashCode();
+ }
+
+ /**
+ * Return a <code>String</code> representation of this
+ * <code>IssuerAndSerial</code> object.
+ *
+ * @return The <code>String</code> representation.
+ * @see java.lang.Object#toString()
+ */
+ public String toString() {
+ return ("(IssuerAndSerial - Issuer<" + getIssuerDN())
+ + ("> Serial<" + serial.toString() + ">)");
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/data/SAMLStatus.java b/id.server/src/at/gv/egovernment/moa/id/data/SAMLStatus.java
new file mode 100644
index 000000000..ed61827b6
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/data/SAMLStatus.java
@@ -0,0 +1,59 @@
+package at.gv.egovernment.moa.id.data;
+
+/**
+ * Data contained in a <code>&lt;samlp:Status&gt;</code>
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SAMLStatus {
+
+ /** main status code */
+ private String statusCode;
+ /** sub status code */
+ private String subStatusCode;
+ /** status message */
+ private String statusMessage;
+
+ /**
+ * @return status code
+ */
+ public String getStatusCode() {
+ return statusCode;
+ }
+
+ /**
+ * @return status message
+ */
+ public String getStatusMessage() {
+ return statusMessage;
+ }
+
+ /**
+ * @return enclosed sub-status code
+ */
+ public String getSubStatusCode() {
+ return subStatusCode;
+ }
+
+ /**
+ * @param string the status code
+ */
+ public void setStatusCode(String string) {
+ statusCode = string;
+ }
+
+ /**
+ * @param string the status message
+ */
+ public void setStatusMessage(String string) {
+ statusMessage = string;
+ }
+
+ /**
+ * @param string the enclosed sub-status code
+ */
+ public void setSubStatusCode(String string) {
+ subStatusCode = string;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
new file mode 100644
index 000000000..421286876
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
@@ -0,0 +1,91 @@
+package at.gv.egovernment.moa.id.iaik.config;
+
+import java.io.File;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
+import iaik.pki.store.certstore.CertStoreConfiguration;
+import iaik.pki.store.certstore.CertStoreParameters;
+import iaik.pki.store.certstore.CertStoreTypes;
+import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters;
+
+/**
+ * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class CertStoreConfigurationImpl extends ObservableImpl
+ implements CertStoreConfiguration, DirectoryCertStoreParameters {
+ /** identifies the rootDirectory */
+ private String rootDirectory;
+ /** Array for storing all CertStoreParameters */
+ private CertStoreParameters[] parameters;
+
+ /**
+ * Create a new <code>CertStoreConfigurationImpl</code>.
+ *
+ * @param conf The MOA configuration from which the configuration data is
+ * @throws ConfigurationException an any config-error
+ * being read.
+ */
+ public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException {
+ String paramName = ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY;
+ String rootDirParam = conf.getGenericConfigurationParameter(paramName);
+ if (rootDirParam == null)
+ throw new ConfigurationException(
+ "config.08", new Object[] {paramName});
+ File f = new File(rootDirParam);
+ if (f.isDirectory())
+ rootDirectory = f.getAbsolutePath();
+ else
+ throw new ConfigurationException(
+ "config.05", new Object[] {paramName});
+
+ parameters = new CertStoreParameters[] { this };
+ }
+
+ /**
+ * @see iaik.pki.store.certstore.CertStoreConfiguration#getParameters()
+ */
+ public CertStoreParameters[] getParameters() {
+ return parameters;
+ }
+
+ /**
+ * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getRootDirectory()
+ */
+ public String getRootDirectory() {
+ return rootDirectory;
+ }
+
+ /**
+ * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew()
+ */
+ public boolean createNew() {
+ return false;
+ }
+
+ /**
+ * @see iaik.pki.store.certstore.CertStoreParameters#getId()
+ */
+ public String getId() {
+ return "MOA ID Directory CertStore";
+ }
+
+ /**
+ * @see iaik.pki.store.certstore.CertStoreParameters#isReadOnly()
+ */
+ public boolean isReadOnly() {
+ return false;
+ }
+
+ /**
+ * @return <code>CertStoreTypes.DIRECTORY</code>
+ * @see iaik.pki.store.certstore.CertStoreParameters#getType()
+ */
+ public String getType() {
+ return CertStoreTypes.DIRECTORY;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java
new file mode 100644
index 000000000..3cd02a2b5
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java
@@ -0,0 +1,51 @@
+package at.gv.egovernment.moa.id.iaik.config;
+
+import iaik.logging.LogConfigurationException;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.util.Properties;
+
+/**
+ * Implementation of interface <needed to initialize an IAIK JSSE <code>TrustManager</code>
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class LoggerConfigImpl implements iaik.logging.LoggerConfig {
+
+ /** logging properties **/
+ private Properties loggingProperties;
+
+ /**
+ * Constructor
+ */
+ public LoggerConfigImpl(String propertyFileURL) throws IOException {
+ InputStream in = new URL(propertyFileURL).openStream();
+ loggingProperties = new Properties();
+ loggingProperties.load(in);
+ in.close();
+ }
+
+ /**
+ * @see iaik.logging.LoggerConfig#getFactory()
+ */
+ public String getFactory() {
+ return "iaik.logging.impl.Log4jFactory";
+ }
+
+ /**
+ * @see iaik.logging.LoggerConfig#getProperties()
+ */
+ public Properties getProperties() throws LogConfigurationException {
+ return loggingProperties;
+ }
+
+ /**
+ * @see iaik.logging.LoggerConfig#getNodeId()
+ */
+ public String getNodeId() {
+ return "iaik";
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java
new file mode 100644
index 000000000..8d09e2bc9
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java
@@ -0,0 +1,65 @@
+package at.gv.egovernment.moa.id.iaik.config;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import iaik.pki.PKIConfiguration;
+import iaik.pki.pathvalidation.ValidationConfiguration;
+import iaik.pki.revocation.RevocationConfiguration;
+import iaik.pki.store.certstore.CertStoreConfiguration;
+import iaik.pki.store.revocation.archive.ArchiveConfiguration;
+
+/**
+ * Implementation of interface <code>PKIConfiguration</code> needed to
+ * initialize an IAIK JSSE <code>TrustManager</code>
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class PKIConfigurationImpl implements PKIConfiguration {
+ /** The configuration for the CertStore */
+ private CertStoreConfiguration certStoreConfiguration;
+ /** The configuration for the RevocationChecks */
+ private RevocationConfiguration revocationConfiguration;
+ /** The configuration for the Validation */
+ private ValidationConfiguration validationConfiguration;
+
+ /**
+ * Constructor
+ * @param conf the Configuration for the PKIConfig
+ * @throws ConfigurationException for any config error
+ */
+ public PKIConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException {
+ certStoreConfiguration = new CertStoreConfigurationImpl(conf);
+ revocationConfiguration = new RevocationConfigurationImpl();
+ validationConfiguration = new ValidationConfigurationImpl(conf);
+ }
+
+ /**
+ * @see iaik.pki.PKIConfiguration#getCertStoreConfiguration()
+ */
+ public CertStoreConfiguration getCertStoreConfiguration() {
+ return certStoreConfiguration;
+ }
+
+ /**
+ * @see iaik.pki.PKIConfiguration#getRevocationConfiguration()
+ */
+ public RevocationConfiguration getRevocationConfiguration() {
+ return revocationConfiguration;
+ }
+
+ /**
+ * @see iaik.pki.PKIConfiguration#getArchiveConfiguration()
+ */
+ public ArchiveConfiguration getArchiveConfiguration() {
+ return null;
+ }
+
+ /**
+ * @see iaik.pki.PKIConfiguration#getValidationConfiguration()
+ */
+ public ValidationConfiguration getValidationConfiguration() {
+ return validationConfiguration;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java
new file mode 100644
index 000000000..c583babdc
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java
@@ -0,0 +1,35 @@
+package at.gv.egovernment.moa.id.iaik.config;
+
+import iaik.pki.revocation.RevocationConfiguration;
+
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.Date;
+import java.util.Set;
+
+import at.gv.egovernment.moa.id.iaik.servertools.observer.*;
+
+/**
+ * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class RevocationConfigurationImpl extends ObservableImpl implements RevocationConfiguration {
+
+ /**
+ * @see iaik.pki.revocation.RevocationConfiguration#getAlternativeDistributionPoints(java.security.cert.X509Certificate, java.util.Date)
+ */
+ public Set getAlternativeDistributionPoints(
+ X509Certificate arg0,
+ Date arg1) {
+ return Collections.EMPTY_SET;
+ }
+
+ /**
+ * @see iaik.pki.revocation.RevocationConfiguration#archiveRevocationInfo(java.lang.String, java.lang.String)
+ */
+ public boolean archiveRevocationInfo(String arg0, String arg1) {
+ return false;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java
new file mode 100644
index 000000000..c500e2e8e
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java
@@ -0,0 +1,51 @@
+package at.gv.egovernment.moa.id.iaik.config;
+
+import iaik.pki.pathvalidation.ValidationConfiguration;
+
+import java.security.cert.X509Certificate;
+import java.security.spec.AlgorithmParameterSpec;
+
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
+
+/**
+ * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class ValidationConfigurationImpl extends ObservableImpl
+ implements ValidationConfiguration {
+ /** The ConfigurationProvider for the validation*/
+ private ConfigurationProvider conf;
+
+ /**
+ * Constructor
+ * @param conf with the configuration
+ */
+ public ValidationConfigurationImpl(ConfigurationProvider conf) {
+ this.conf = conf;
+ }
+
+ /**
+ * @see iaik.pki.pathvalidation.ValidationConfiguration#getChainingMode(java.security.cert.X509Certificate)
+ */
+ public String getChainingMode(X509Certificate trustAnchor) {
+ String chainingMode = conf.getChainingMode(trustAnchor);
+ return chainingMode;
+ }
+
+ /**
+ * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsSpec(java.security.cert.X509Certificate)
+ */
+ public AlgorithmParameterSpec getPublicKeyParamsAsSpec(X509Certificate arg0) {
+ return null;
+ }
+
+ /**
+ * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsCert(java.security.cert.X509Certificate)
+ */
+ public X509Certificate getPublicKeyParamsAsCert(X509Certificate arg0) {
+ return null;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java
new file mode 100644
index 000000000..882a9c255
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java
@@ -0,0 +1,159 @@
+package at.gv.egovernment.moa.id.iaik.pki;
+
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.Set;
+
+import iaik.pki.PKIProfile;
+import iaik.pki.pathvalidation.ValidationProfile;
+import iaik.pki.revocation.RevocationProfile;
+import iaik.pki.revocation.RevocationSourceTypes;
+import iaik.pki.store.truststore.TrustStoreProfile;
+import iaik.pki.store.truststore.TrustStoreTypes;
+
+import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
+
+/**
+ * Implementation of the <code>PKIProfile</code> interface and subinterfaces
+ * providing information needed for certificate path validation.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class PKIProfileImpl extends ObservableImpl
+ implements PKIProfile, RevocationProfile, TrustStoreProfile, ValidationProfile {
+
+ /**
+ * URI to the truststore
+ */
+ private String trustStoreURI;
+
+ /**
+ * Create a new <code>PKIProfileImpl</code>.
+ *
+ * @param trustStoreURI trust store URI
+ */
+ public PKIProfileImpl(String trustStoreURI) {
+ this.trustStoreURI = trustStoreURI;
+ }
+
+ /**
+ * @see iaik.pki.PKIProfile#autoAddCertificates()
+ */
+ public boolean autoAddCertificates() {
+ return true;
+ }
+
+ /**
+ * @see iaik.pki.PKIProfile#getRevocationProfile()
+ */
+ public RevocationProfile getRevocationProfile() {
+ return this;
+ }
+
+ /**
+ * @see iaik.pki.PKIProfile#getTrustStoreProfile()
+ */
+ public TrustStoreProfile getTrustStoreProfile() {
+ return this;
+ }
+
+ /**
+ * @see iaik.pki.PKIProfile#getValidationProfile()
+ */
+ public ValidationProfile getValidationProfile() {
+ return this;
+ }
+
+ /**
+ * @see iaik.pki.PKIProfile#useAuthorityInfoAccess()
+ */
+ public boolean useAuthorityInfoAccess() {
+ return true;
+ }
+
+ /**
+ * @see iaik.pki.revocation.RevocationProfile#getMaxRevocationAge(java.lang.String)
+ */
+ public long getMaxRevocationAge(String arg0) {
+ return 0;
+ }
+
+ /**
+ * @see iaik.pki.revocation.RevocationProfile#getOCSPRequestHashAlgorithm()
+ */
+ public String getOCSPRequestHashAlgorithm() {
+ return null;
+ }
+
+ /**
+ * @see iaik.pki.revocation.RevocationProfile#getPreferredServiceOrder(java.security.cert.X509Certificate)
+ */
+ public String[] getPreferredServiceOrder(X509Certificate arg0) {
+ return new String[] {RevocationSourceTypes.CRL};
+ }
+
+ /**
+ * @see iaik.pki.store.truststore.TrustStoreProfile#getType()
+ */
+ public String getType() {
+ return TrustStoreTypes.DIRECTORY;
+ }
+
+ /**
+ * @see iaik.pki.store.truststore.TrustStoreProfile#getURI()
+ */
+ public String getURI() {
+ return trustStoreURI;
+ }
+
+ /**
+ * @see iaik.pki.pathvalidation.ValidationProfile#getInitialAnyPolicyInhibit()
+ */
+ public boolean getInitialAnyPolicyInhibit() {
+ return false;
+ }
+
+ /**
+ * @see iaik.pki.pathvalidation.ValidationProfile#getInitialExplicitPolicy()
+ */
+ public boolean getInitialExplicitPolicy() {
+ return false;
+ }
+
+ /**
+ * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicyMappingInhibit()
+ */
+ public boolean getInitialPolicyMappingInhibit() {
+ return false;
+ }
+
+ /**
+ * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicySet()
+ */
+ public Set getInitialPolicySet() {
+ return Collections.EMPTY_SET;
+ }
+
+ /**
+ * @see iaik.pki.pathvalidation.ValidationProfile#getNameConstraintsProcessing()
+ */
+ public boolean getNameConstraintsProcessing() {
+ return false;
+ }
+
+ /**
+ * @see iaik.pki.pathvalidation.ValidationProfile#getPolicyProcessing()
+ */
+ public boolean getPolicyProcessing() {
+ return false;
+ }
+
+ /**
+ * @see iaik.pki.pathvalidation.ValidationProfile#getRevocationChecking()
+ */
+ public boolean getRevocationChecking() {
+ return true;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java b/id.server/src/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java
new file mode 100644
index 000000000..9da006d35
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java
@@ -0,0 +1,119 @@
+package at.gv.egovernment.moa.id.iaik.pki.jsse;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
+
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.logging.LoggingContext;
+import at.gv.egovernment.moa.logging.LoggingContextManager;
+
+import iaik.pki.jsse.IAIKX509TrustManager;
+
+/**
+ * <code>TrustManager</code> implementation featuring CRL checking (inherited from
+ * <code>IAIKX509TrustManager</code>), plus server-end-SSL-certificate checking.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class MOAIDTrustManager extends IAIKX509TrustManager {
+
+ /** an x509Certificate array containing all accepted server certificates*/
+ private X509Certificate[] acceptedServerCertificates;
+
+ /**
+ * Constructor
+ * @param acceptedServerCertificateStoreURL the url leading to the acceptedServer cert store
+ * @throws GeneralSecurityException occurs on security errors
+ * @throws IOException occurs on IO errors
+ */
+ public MOAIDTrustManager(String acceptedServerCertificateStoreURL)
+ throws IOException, GeneralSecurityException {
+
+ if (acceptedServerCertificateStoreURL != null)
+ buildAcceptedServerCertificates(acceptedServerCertificateStoreURL);
+ else
+ acceptedServerCertificates = null;
+ }
+
+
+ /**
+ * Initializes the LoggingContextManager logging context.
+ * Fixes a bug occuring in the case MOA-SP is called by API.
+ * In this case, IAIKX509TrustManager uses the LogginConfig of MOA-SP.
+ * This method must be called before a MOAIDTrustManager is constructed,
+ * from every thread.
+ */
+ public static void initializeLoggingContext() {
+ if (LoggingContextManager.getInstance().getLoggingContext() == null)
+ LoggingContextManager.getInstance().setLoggingContext(
+ new LoggingContext(Thread.currentThread().getName()));
+ }
+
+
+ /**
+ * Builds an Array of accepted server certificates from an URL,
+ * and stores it in <code>acceptedServerCertificates</code>.
+ * @param acceptedServerCertificateStoreURL file URL pointing to the directory
+ * containing accepted server X509 certificates
+ * @throws GeneralSecurityException on security errors
+ * @throws IOException on any IO errors
+ */
+ private void buildAcceptedServerCertificates(String acceptedServerCertificateStoreURL)
+ throws IOException, GeneralSecurityException {
+
+ List certList = new ArrayList();
+ URL storeURL = new URL(acceptedServerCertificateStoreURL);
+ File storeDir = new File(storeURL.getFile());
+ // list certificate files in directory
+ File[] certFiles = storeDir.listFiles();
+ for (int i = 0; i < certFiles.length; i++) {
+ // for each: create an X509Certificate and store it in list
+ File certFile = certFiles[i];
+ FileInputStream fis = new FileInputStream(certFile.getPath());
+ CertificateFactory certFact = CertificateFactory.getInstance("X.509");
+ X509Certificate cert = (X509Certificate)certFact.generateCertificate(fis);
+ fis.close();
+ certList.add(cert);
+ }
+ // store acceptedServerCertificates
+ acceptedServerCertificates = (X509Certificate[]) certList.toArray(new X509Certificate[0]);
+ }
+
+ /**
+ * Does additional server-end-SSL-certificate checking.
+ * @see com.sun.net.ssl.X509TrustManager#isServerTrusted(java.security.cert.X509Certificate[])
+ */
+ public boolean isServerTrusted(X509Certificate[] certChain) {
+ boolean trusted = super.isServerTrusted(certChain);
+ if (! trusted || acceptedServerCertificates == null)
+ return trusted;
+ else {
+ // check server-end-SSL-certificate with acceptedServerCertificates
+ X509Certificate serverCert = certChain[0];
+ for (int i = 0; i < acceptedServerCertificates.length; i++) {
+ X509Certificate acceptedServerCert = acceptedServerCertificates[i];
+ if (serverCert.equals(acceptedServerCert))
+ return true;
+ }
+ Logger.warn(MOAIDMessageProvider.getInstance().getMessage("ssl.01", null));
+ return false;
+ }
+ }
+ /**
+ * In rare cases, this method is being called although it should not be.
+ * @see com.sun.net.ssl.X509TrustManager#isClientTrusted(X509Certificate[])
+ */
+ public boolean isClientTrusted(java.security.cert.X509Certificate arg0[])
+ {
+ return true;
+ }
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java
new file mode 100644
index 000000000..6f6949ad6
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java
@@ -0,0 +1,46 @@
+package at.gv.egovernment.moa.id.iaik.servertools.observer;
+
+import iaik.servertools.observer.NotificationData;
+import iaik.servertools.observer.Observable;
+import iaik.servertools.observer.Observer;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+
+/**
+ * Implementation of interface <needed to initialize an IAIK JSSE <code>TrustManager</code>
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class ObservableImpl implements Observable {
+ /** a List for all observers */
+ private List observers = new ArrayList();
+
+ /**
+ * @see iaik.servertools.observer.Observable#addObserver(iaik.servertools.observer.Observable)
+ */
+ public void addObserver(Observer observer) {
+ observers.add(observer);
+ }
+
+ /**
+ * @see iaik.servertools.observer.Observable#removeObserver(iaik.servertools.observer.Observable)
+ */
+ public boolean removeObserver(Observer observer) {
+ return observers.remove(observer);
+ }
+
+ /**
+ * @see iaik.servertools.observer.Observable#notify(iaik.servertools.observer.NotificationData)
+ */
+ public void notify(NotificationData data) {
+ Iterator iter = observers.iterator();
+ for (iter = observers.iterator(); iter.hasNext();) {
+ Observer observer = (Observer) iter.next();
+ observer.notify(data);
+ }
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java
new file mode 100644
index 000000000..8039b67a6
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java
@@ -0,0 +1,54 @@
+package at.gv.egovernment.moa.id.proxy;
+
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.util.Map;
+
+import javax.net.ssl.SSLSocketFactory;
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * Builder for {@link java.net.URLConnection} objects used to forward requests
+ * to the remote online application.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+
+public interface ConnectionBuilder {
+
+ /**
+ * Builds an HttpURLConnection to a {@link java.net.URL} which is derived
+ * from an {@link HttpServletRequest} URL, by substitution of a
+ * public URL prefix for the real URL prefix.<br>
+ * The HttpURLConnection has been created by {@link java.net.URL#openConnection}, but
+ * it has not yet been connected to by {@link java.net.URLConnection#connect}.<br>
+ * The field settings of the HttpURLConnection are:
+ * <ul>
+ * <li><code>allowUserInteraction = false</code></li>
+ * <li><code>doInput = true</code></li>
+ * <li><code>doOutput = true</code></li>
+ * <li><code>requestMethod = request.getMethod()</code></li>
+ * <li><code>useCaches = false</code></li>
+ * </ul>
+ *
+ * @param request the incoming request which shall be forwarded
+ * @param publicURLPrefix the public URL prefix to be substituted by the real URL prefix
+ * @param realURLPrefix the URL prefix to substitute the public URL prefix
+ * @param sslSocketFactory factory to be used for creating an SSL socket in case
+ * of a URL for scheme <code>"https:"</code>;
+ * <br>if <code>null</code>, the default SSL socket factory would be used
+ * @param parameters parameters to be forwarded
+ * @return a URLConnection created by {@link java.net.URL#openConnection}, connecting to
+ * the requested URL with <code>publicURLPrefix</code> substituted by <code>realURLPrefix</code>
+ * @throws IOException if an I/O exception occurs during opening the connection
+ * @see java.net.URL#openConnection()
+ * @see com.sun.net.ssl.HttpsURLConnection#getDefaultSSLSocketFactory()
+ */
+ public HttpURLConnection buildConnection(
+ HttpServletRequest request,
+ String publicURLPrefix,
+ String realURLPrefix,
+ SSLSocketFactory sslSocketFactory,
+ Map parameters) throws IOException;
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java b/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java
new file mode 100644
index 000000000..7a6c3e575
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java
@@ -0,0 +1,68 @@
+package at.gv.egovernment.moa.id.proxy;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
+import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
+
+/**
+ * Factory delivering a {@link ConnectionBuilder} implementation for
+ * an online application, initialized from configuration data.
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class ConnectionBuilderFactory {
+
+ /** default connection builder to be used for online application
+ * where no special implementation of the <code>ConnectionBuilder</code>
+ * interface is configured
+ */
+ private static ConnectionBuilder defaultConnectionBuilder;
+ /** mapping from online application public URL prefix to an implementation
+ * of the <code>ConnectionBuilder</code> interface to be used;
+ * if no mapping is given for an online application, the
+ * <code>DefaultConnectionBuilder</code> will be used */
+ private static Map connectionBuilderMap;
+
+ /**
+ * Initializes the <code>ConnectionBuilder</code> map from the configuration data.
+ * @throws ConfigurationException when the configuration cannot be read,
+ * or when a class name configured cannot be instantiated
+ */
+ public static void initialize() throws ConfigurationException {
+ defaultConnectionBuilder = new DefaultConnectionBuilder();
+ connectionBuilderMap = new HashMap();
+ ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance();
+ for (int i = 0; i < proxyConf.getOnlineApplicationParameters().length; i++) {
+ OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameters()[i];
+ String publicURLPrefix = oaParam.getPublicURLPrefix();
+ String className = oaParam.getConnectionBuilderImpl();
+ if (className != null) {
+ try {
+ ConnectionBuilder cb = (ConnectionBuilder)Class.forName(className).newInstance();
+ connectionBuilderMap.put(publicURLPrefix, cb);
+ }
+ catch (Throwable ex) {
+ throw new ConfigurationException("config.07", new Object[] {publicURLPrefix}, ex);
+ }
+ }
+ }
+ }
+
+ /**
+ * Gets the <code>ConnectionBuilder</code> implementation to be used for the given
+ * online application.
+ * @param publicURLPrefix public URL prefix of the online application
+ * @return <code>ConnectionBuilder</code> implementation
+ */
+ public static ConnectionBuilder getConnectionBuilder(String publicURLPrefix) {
+ ConnectionBuilder cb = (ConnectionBuilder) connectionBuilderMap.get(publicURLPrefix);
+ if (cb == null)
+ return defaultConnectionBuilder;
+ else
+ return cb;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
new file mode 100644
index 000000000..48e21f673
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
@@ -0,0 +1,119 @@
+package at.gv.egovernment.moa.id.proxy;
+
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.URL;
+import java.util.Iterator;
+import java.util.Map;
+
+import javax.net.ssl.SSLSocketFactory;
+import javax.servlet.http.HttpServletRequest;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.BoolUtils;
+
+import com.sun.net.ssl.HostnameVerifier;
+import com.sun.net.ssl.HttpsURLConnection;
+
+/**
+ * Defaultimplementierung von <code>ConnectionBuilder</code>.
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class DefaultConnectionBuilder implements ConnectionBuilder {
+
+ /** a boolean to disable the HostnameVerification (default = false)*/
+ private static boolean disableHostnameVerification = false;
+
+ /**
+ * Constructor for DefaultConnectionBuilder.
+ * @throws ConfigurationException on any config error
+ */
+ public DefaultConnectionBuilder() throws ConfigurationException {
+ disableHostnameVerification = BoolUtils.valueOf(
+ ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
+ "ProxyComponent.DisableHostnameVerification"));
+ if (disableHostnameVerification)
+ Logger.warn("ProxyComponent.DisableHostnameVerification: " + disableHostnameVerification);
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.proxy.ConnectionBuilder#buildConnection
+ */
+ public HttpURLConnection buildConnection(
+ HttpServletRequest req,
+ String publicURLPrefix,
+ String realURLPrefix,
+ SSLSocketFactory sslSocketFactory,
+ Map parameters)
+ throws IOException {
+
+ String requestedURL = req.getRequestURL().toString();
+ // check whether requested URL starts with publicURLPrefix
+ if (! requestedURL.startsWith(publicURLPrefix))
+ throw new IOException(MOAIDMessageProvider.getInstance().getMessage(
+ "proxy.01", new Object[] {requestedURL, publicURLPrefix}));
+ // in case of GET request, append query string to requested URL;
+ // otherwise, HttpURLConnection would perform a POST request
+ if ("get".equalsIgnoreCase(req.getMethod()) && ! parameters.isEmpty()) {
+ requestedURL = appendQueryString(requestedURL, parameters);
+ }
+ // build real URL in online application
+ String realURLString = realURLPrefix + requestedURL.substring(publicURLPrefix.length());
+ URL url = new URL(realURLString);
+ Logger.debug("OA Request: " + req.getMethod() + " " + url.toString());
+
+ HttpURLConnection conn = (HttpURLConnection)url.openConnection();
+ conn.setRequestMethod(req.getMethod());
+ conn.setDoInput(true);
+ conn.setDoOutput(true);
+ //conn.setUseCaches(false);
+ conn.setAllowUserInteraction(true);
+ conn.setInstanceFollowRedirects(false);
+ if (conn instanceof HttpsURLConnection && sslSocketFactory != null) {
+ HttpsURLConnection httpsConn = (HttpsURLConnection) conn;
+ httpsConn.setSSLSocketFactory(sslSocketFactory);
+ if (disableHostnameVerification)
+ httpsConn.setHostnameVerifier(new HostnameNonVerifier());
+ }
+ return conn;
+ }
+ /**
+ * @param requestedURL
+ * @param parameters
+ * @return
+ */
+ private String appendQueryString(String requestedURL, Map parameters) {
+ String newURL = requestedURL;
+ for (Iterator iter = parameters.keySet().iterator(); iter.hasNext();) {
+ String paramName = (String)iter.next();
+ String paramValue = (String)parameters.get(paramName);
+ String paramString = paramName + "=" + paramValue;
+ if (newURL.indexOf("?") < 0)
+ newURL = newURL + "?" + paramString;
+ else
+ newURL = newURL + "&" + paramString;
+ }
+ return newURL;
+ }
+
+ /**
+ * @author Stefan Knirsch
+ * @version $Id$
+ * A private class to change the standard HostName verifier to disable the
+ * Hostname Verification Check
+ */
+ private class HostnameNonVerifier implements HostnameVerifier {
+
+ /**
+ * @see com.sun.net.ssl.HostnameVerifier#verify(String, String)
+ */
+ public boolean verify(String arg0, String arg1) {
+ return true;
+ }
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
new file mode 100644
index 000000000..db3c452bc
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
@@ -0,0 +1,118 @@
+package at.gv.egovernment.moa.id.proxy;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.util.Base64Utils;
+
+/**
+ * Implementation of interface <code>LoginParameterResolver</code>
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class DefaultLoginParameterResolver implements LoginParameterResolver {
+
+ /**
+ * Constructor
+ */
+ public DefaultLoginParameterResolver() {
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationHeaders(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.auth.data.AuthenticationData, java.lang.String)
+ */
+ public Map getAuthenticationHeaders(
+ OAConfiguration oaConf,
+ AuthenticationData authData,
+ String clientIPAddress) {
+
+ Map result = new HashMap();
+
+ if (oaConf.getAuthType().equals(OAConfiguration.BASIC_AUTH)) {
+ String useridPredicate = oaConf.getBasicAuthUserIDMapping();
+ String userid = resolveValue(useridPredicate, authData, clientIPAddress);
+ String passwordPredicate = oaConf.getBasicAuthPasswordMapping();
+ String password = resolveValue(passwordPredicate, authData, clientIPAddress);
+
+ try {
+ String userIDPassword = userid + ":" + password;
+ String credentials = Base64Utils.encode(userIDPassword.getBytes());
+ result.put("Authorization", "Basic " + credentials);
+ }
+ catch (IOException ignore) {
+ }
+ }
+ else if (oaConf.getAuthType().equals(OAConfiguration.HEADER_AUTH)) {
+ for (Iterator iter = oaConf.getHeaderAuthMapping().keySet().iterator(); iter.hasNext();) {
+ String key = (String) iter.next();
+ String predicate = (String) oaConf.getHeaderAuthMapping().get(key);
+ String resolvedValue = resolveValue(predicate, authData, clientIPAddress);
+ result.put(key, resolvedValue);
+ }
+ }
+
+ return result;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationParameters(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.auth.data.AuthenticationData, java.lang.String)
+ */
+ public Map getAuthenticationParameters(
+ OAConfiguration oaConf,
+ AuthenticationData authData,
+ String clientIPAddress) {
+
+ Map result = new HashMap();
+
+ if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) {
+ for (Iterator iter = oaConf.getParamAuthMapping().keySet().iterator(); iter.hasNext();) {
+ String key = (String) iter.next();
+ String predicate = (String) oaConf.getParamAuthMapping().get(key);
+ String resolvedValue = resolveValue(predicate, authData, clientIPAddress);
+ result.put(key, resolvedValue);
+ }
+ }
+
+ return result;
+ }
+
+ /**
+ * Resolves a login header or parameter value.
+ * @param predicate header or parameter predicate name from online application configuration
+ * @param authData authentication data for current login
+ * @param clientIPAddress client IP address
+ * @return header or parameter value resolved; <code>null</code> if unknown name is given
+ */
+ private static String resolveValue(String predicate, AuthenticationData authData, String clientIPAddress) {
+ if (predicate.equals(MOAGivenName))
+ return authData.getGivenName();
+ else if (predicate.equals(MOAFamilyName))
+ return authData.getFamilyName();
+ else if (predicate.equals(MOADateOfBirth))
+ return authData.getDateOfBirth();
+ else if (predicate.equals(MOAVPK))
+ return authData.getVPK();
+ else if (predicate.equals(MOAPublicAuthority))
+ if (authData.isPublicAuthority())
+ return "true";
+ else
+ return "false";
+ else if (predicate.equals(MOABKZ))
+ return authData.getPublicAuthorityCode();
+ else if (predicate.equals(MOAQualifiedCertificate))
+ if (authData.isQualifiedCertificate())
+ return "true";
+ else
+ return "false";
+ else if (predicate.equals(MOAZMRZahl))
+ return authData.getIdentificationValue();
+ else if (predicate.equals(MOAIPAddress))
+ return clientIPAddress;
+ else return null;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
new file mode 100644
index 000000000..497176a96
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
@@ -0,0 +1,72 @@
+package at.gv.egovernment.moa.id.proxy;
+
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+
+/**
+ * Determines authentication parameters and headers to be added to a {@link java.net.URLConnection}
+ * to the remote online application.
+ * Utilizes {@link OAConfiguration} and {@link AuthenticationData}.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public interface LoginParameterResolver {
+
+ /** Constants used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code>,
+ * naming predicates used by the <code>LoginParameterResolver</code>. */
+ public static final String MOAGivenName = "MOAGivenName";
+ /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOAFamilyName = "MOAFamilyName";
+ /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOADateOfBirth = "MOADateOfBirth";
+ /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOAVPK = "MOAVPK";
+ /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOAPublicAuthority = "MOAPublicAuthority";
+ /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOABKZ = "MOABKZ";
+ /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOAQualifiedCertificate = "MOAQualifiedCertificate";
+ /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOAZMRZahl = "MOAZMRZahl";
+ /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOAIPAddress = "MOAIPAddress";
+
+ /**
+ * Returns authentication headers to be added to a URLConnection.
+ *
+ * @param oaConf configuration data
+ * @param authData authentication data
+ * @param clientIPAddress client IP address
+ * @return A map, the keys being header names and values being corresponding header values.
+ * <br>In case of authentication type <code>"basic-auth"</code>, header fields
+ * <code>username</code> and <code>password</code>.
+ * <br>In case of authentication type <code>"header-auth"</code>, header fields
+ * derived from parameter mapping and authentication data provided.
+ * <br>Otherwise, an empty map.
+ */
+ public Map getAuthenticationHeaders (
+ OAConfiguration oaConf,
+ AuthenticationData authData,
+ String clientIPAddress);
+
+ /**
+ * Returns request parameters to be added to a URLConnection.
+ *
+ * @param oaConf configuration data
+ * @param authData authentication data
+ * @param clientIPAddress client IP address
+ * @return A map, the keys being parameter names and values being corresponding parameter values.
+ * <br>In case of authentication type <code>"param-auth"</code>, parameters
+ * derived from parameter mapping and authentication data provided.
+ * <br>Otherwise, an empty map.
+ */
+ public Map getAuthenticationParameters (
+ OAConfiguration oaConf,
+ AuthenticationData authData,
+ String clientIPAddress);
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java
new file mode 100644
index 000000000..2ab245923
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java
@@ -0,0 +1,68 @@
+package at.gv.egovernment.moa.id.proxy;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
+import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
+
+/**
+ * Factory delivering a {@link LoginParameterResolver} implementation for
+ * an online application, initialized from configuration data.
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class LoginParameterResolverFactory {
+
+ /** default login parameter resolver to be used for online application
+ * where no special implementation of the <code>LoginParameterResolver</code>
+ * interface is configured
+ */
+ private static LoginParameterResolver defaultLoginParameterResolver;
+ /** mapping from online application public URL prefix to an implementation
+ * of the <code>LoginParameterResolver</code> interface to be used;
+ * if no mapping is given for an online application, the
+ * <code>DefaultLoginParameterResolver</code> will be used */
+ private static Map loginParameterResolverMap;
+
+ /**
+ * Initializes the <code>LoginParameterResolver</code> map from the configuration data.
+ * @throws ConfigurationException when the configuration cannot be read,
+ * or when a class name configured cannot be instantiated
+ */
+ public static void initialize() throws ConfigurationException {
+ defaultLoginParameterResolver = new DefaultLoginParameterResolver();
+ loginParameterResolverMap = new HashMap();
+ ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance();
+ for (int i = 0; i < proxyConf.getOnlineApplicationParameters().length; i++) {
+ OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameters()[i];
+ String publicURLPrefix = oaParam.getPublicURLPrefix();
+ String className = oaParam.getLoginParameterResolverImpl();
+ if (className != null) {
+ try {
+ LoginParameterResolver lpr = (LoginParameterResolver)Class.forName(className).newInstance();
+ loginParameterResolverMap.put(publicURLPrefix, lpr);
+ }
+ catch (Throwable ex) {
+ throw new ConfigurationException("config.07", new Object[] {publicURLPrefix}, ex);
+ }
+ }
+ }
+ }
+
+ /**
+ * Gets the <code>LoginParameterResolver</code> implementation to be used for the given
+ * online application.
+ * @param publicURLPrefix public URL prefix of the online application
+ * @return <code>LoginParameterResolver</code> implementation
+ */
+ public static LoginParameterResolver getLoginParameterResolver(String publicURLPrefix) {
+ LoginParameterResolver lpr = (LoginParameterResolver) loginParameterResolverMap.get(publicURLPrefix);
+ if (lpr == null)
+ return defaultLoginParameterResolver;
+ else
+ return lpr;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java b/id.server/src/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java
new file mode 100644
index 000000000..da5d36678
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java
@@ -0,0 +1,91 @@
+package at.gv.egovernment.moa.id.proxy;
+
+import iaik.pki.PKIException;
+import iaik.pki.jsse.IAIKX509TrustManager;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+
+import javax.net.ssl.SSLSocketFactory;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
+import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
+import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl;
+import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Web application initializer
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class MOAIDProxyInitializer {
+
+ /**
+ * Initializes the web application components which need initialization:
+ * logging, JSSE, MOA-ID Auth configuration, Axis, session cleaner.
+ */
+ public static void initialize()
+ throws ConfigurationException, IOException, GeneralSecurityException, PKIException {
+
+ Logger.setHierarchy("moa.id.proxy");
+
+ // Restricts TLS cipher suites
+ System.setProperty("https.cipherSuites", "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA");
+
+ // load some jsse classes so that the integrity of the jars can be verified
+ // before the iaik jce is installed as the security provider
+ // this workaround is only needed when sun jsse is used in conjunction with
+ // iaik-jce (on jdk1.3)
+ ClassLoader cl = MOAIDProxyInitializer.class.getClassLoader();
+ try {
+ cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar
+ }
+ catch (ClassNotFoundException e) {
+ Logger.warn(MOAIDMessageProvider.getInstance().getMessage("init.01", null), e);
+ }
+
+ // Initializes the SSLSocketFactory store
+ SSLUtils.initialize();
+
+ // Initializes IAIKX509TrustManager logging
+ String log4jConfigURL = System.getProperty("log4j.configuration");
+ if (log4jConfigURL != null) {
+ IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL));
+ }
+
+ // Loads the configuration
+ ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.reload();
+
+ // Initializes the Axis secure socket factory for use in calling the MOA-Auth web service,
+ // using configuration data
+ ConnectionParameter connParamAuth = proxyConf.getAuthComponentConnectionParameter();
+ if (connParamAuth.isHTTPSURL()) {
+ SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth);
+ AxisSecureSocketFactory.initialize(ssf);
+ }
+
+ // Initializes the Axis secure socket factories for use in calling the online applications,
+ // using configuration data
+ OAProxyParameter[] oaParams = proxyConf.getOnlineApplicationParameters();
+ for (int i = 0; i < oaParams.length; i++) {
+ OAProxyParameter oaParam = oaParams[i];
+ ConnectionParameter oaConnParam = oaParam.getConnectionParameter();
+ if (oaConnParam.isHTTPSURL())
+ SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
+ }
+
+ // Initializes the ConnectionBuilderFactory from configuration data
+ ConnectionBuilderFactory.initialize();
+
+ // Initializes the LoginParameterResolverFactory from configuration data
+ LoginParameterResolverFactory.initialize();
+
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/WebmailLoginParameterResolver.class b/id.server/src/at/gv/egovernment/moa/id/proxy/WebmailLoginParameterResolver.class
new file mode 100644
index 000000000..49200265a
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/WebmailLoginParameterResolver.class
Binary files differ
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java
new file mode 100644
index 000000000..e0e1fde4a
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java
@@ -0,0 +1,55 @@
+package at.gv.egovernment.moa.id.proxy.builder;
+
+import java.text.MessageFormat;
+import java.util.Calendar;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.DateTimeUtils;
+
+/**
+ * Builder for the <code>&lt;samlp:Request&gt;</code> used for querying
+ * the authentication data <code>&lt;saml:Assertion&gt;</code>.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SAMLRequestBuilder implements Constants {
+ /** samlp-Request template */
+ private static final String REQUEST =
+ "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" RequestID=\"{0}\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"{1}\">" +
+ "<samlp:AssertionArtifact>{2}</samlp:AssertionArtifact>" +
+ "</samlp:Request>";
+
+ /**
+ * Constructor for SAMLRequestBuilder.
+ */
+ public SAMLRequestBuilder() {
+ super();
+ }
+
+ /**
+ * Builds the <code>&lt;samlp:Request&gt;</code>.
+ * @param requestID request ID
+ * @param samlArtifactBase64 SAML artifact, encoded BASE64
+ * @return the DOM element
+ */
+ public Element build(String requestID, String samlArtifactBase64) throws BuildException {
+ try {
+ String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
+ String request = MessageFormat.format(REQUEST, new Object[] {requestID, issueInstant, samlArtifactBase64});
+ Element requestElem = DOMUtils.parseDocument(request, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+ return requestElem;
+ }
+ catch (Throwable ex) {
+ throw new BuildException(
+ "builder.00",
+ new Object[] {"samlp:Request", ex.toString()},
+ ex);
+ }
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java b/id.server/src/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
new file mode 100644
index 000000000..4e9a72111
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
@@ -0,0 +1,143 @@
+package at.gv.egovernment.moa.id.proxy.invoke;
+
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.util.Vector;
+
+import javax.xml.namespace.QName;
+import javax.xml.rpc.Call;
+import javax.xml.rpc.Service;
+import javax.xml.rpc.ServiceFactory;
+
+import org.apache.axis.message.SOAPBodyElement;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.ServiceException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.SAMLStatus;
+import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder;
+import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser;
+import at.gv.egovernment.moa.id.proxy.servlet.ProxyException;
+import at.gv.egovernment.moa.id.util.Random;
+
+/**
+ * Invoker of
+ * <ul>
+ * <li>either the GetAuthenticationData web service of MOA-ID Auth</li>
+ * <li>or the API call {@link at.gv.egovernment.moa.id.auth.AuthenticationServer#getAuthenticationData},</li>
+ * </ul>
+ * depending of the configuration.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class GetAuthenticationDataInvoker {
+ /** Create a new QName object for the webservice endpoint */
+ private static final QName SERVICE_QNAME = new QName("GetAuthenticationData");
+
+ /** invoked object for API call of MOA-ID Auth */
+ private static Object apiServer = null;
+ /** invoked method for API call of MOA-ID Auth */
+ private static Method apiMethod = null;
+
+ /**
+ * Invokes the service passing domain model objects.
+ * @param samlArtifact SAML artifact
+ * @return AuthenticationData object
+ * @throws ServiceException on any exception thrown
+ */
+ /**
+ * Get authentication data from the MOA-ID Auth component,
+ * either via API call or via web service call.
+ * @param samlArtifact SAML artifact to be used as a parameter
+ * @return AuthenticationData
+ */
+ public AuthenticationData getAuthenticationData(String samlArtifact)
+ throws ConfigurationException, ProxyException, BuildException, ServiceException, ParseException, AuthenticationException {
+
+ ConnectionParameter authConnParam =
+ ProxyConfigurationProvider.getInstance().getAuthComponentConnectionParameter();
+ if (authConnParam == null) {
+ try {
+ if (apiServer == null) {
+ Class serverClass = Class.forName("at.gv.egovernment.moa.id.auth.AuthenticationServer");
+ Method getInstanceMethod = serverClass.getMethod("getInstance", null);
+ apiServer = getInstanceMethod.invoke(null, null);
+ apiMethod = serverClass.getMethod(
+ "getAuthenticationData", new Class[] {String.class});
+ }
+ AuthenticationData authData = (AuthenticationData)apiMethod.invoke(apiServer, new Object[] {samlArtifact});
+ return authData;
+ }
+ catch (InvocationTargetException ex) {
+ Throwable targetEx = ex.getTargetException();
+ if (targetEx instanceof AuthenticationException)
+ throw (AuthenticationException) targetEx;
+ else
+ throw new ProxyException("proxy.09", new Object[] {targetEx.toString()});
+ }
+ catch (Throwable ex) {
+ throw new ProxyException("proxy.09", new Object[] {ex.toString()});
+ }
+ }
+ else {
+ Element samlpRequest = new SAMLRequestBuilder().build(Random.nextRandom(), samlArtifact);
+ Element samlpResponse = getAuthenticationData(samlpRequest);
+ SAMLResponseParser srp = new SAMLResponseParser(samlpResponse);
+ SAMLStatus status = srp.parseStatusCode();
+ if (! "samlp:Success".equals(status.getStatusCode())) {
+ // on error status throw exception
+ String code = status.getStatusCode();
+ if (status.getSubStatusCode() != null && status.getSubStatusCode().length() > 0)
+ code += "(" + status.getSubStatusCode() + ")";
+ throw new ServiceException("service.02", new Object[] {code, status.getStatusMessage()});
+ }
+ return srp.parseAuthenticationData();
+ }
+ }
+
+ /**
+ * Invokes the service passing DOM elements.
+ * @param request request DOM element
+ * @return response DOM element
+ * @throws ServiceException on any exception thrown
+ */
+ public Element getAuthenticationData(Element request) throws ServiceException {
+ try {
+ Service service = ServiceFactory.newInstance().createService(SERVICE_QNAME);
+ Call call = service.createCall();
+ SOAPBodyElement body =
+ new SOAPBodyElement(request);
+ SOAPBodyElement[] params = new SOAPBodyElement[] {body};
+ Vector responses;
+ SOAPBodyElement response;
+
+ String endPoint;
+ ConnectionParameter authConnParam =
+ ProxyConfigurationProvider.getInstance().getAuthComponentConnectionParameter();
+
+ //If the ConnectionParameter do NOT exist, we throw an exception ....
+ if (authConnParam!=null) {
+ endPoint = authConnParam.getUrl();
+ call.setTargetEndpointAddress(endPoint);
+ responses = (Vector) call.invoke(SERVICE_QNAME, params);
+ response = (SOAPBodyElement) responses.get(0);
+ return response.getAsDOM();
+ }
+ else
+ {
+ throw new ServiceException("service.01", null);
+ }
+ }
+ catch (Exception ex) {
+ throw new ServiceException("service.00", new Object[] {ex.toString()}, ex);
+ }
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
new file mode 100644
index 000000000..ce0743b3d
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
@@ -0,0 +1,145 @@
+package at.gv.egovernment.moa.id.proxy.parser;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * Parser for the <code>&lt;saml:Assertion&gt;</code> returned by the
+ * <code>GetAuthenticationData</code> web service.
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AuthenticationDataAssertionParser implements Constants {
+
+ /** Prefix for SAML-Xpath-expressions */
+ private static String SAML = SAML_PREFIX + ":";
+ /** Prefix for PersonData-Xpath-expressions */
+ private static String PR = PD_PREFIX + ":";
+ /** Prefix for Attribute MajorVersion in an Xpath-expression */
+ private static String MAJOR_VERSION_XPATH =
+ "@MajorVersion";
+ /** Prefix for Attribute MinorVersion in an Xpath-expression */
+ private static String MINOR_VERSION_XPATH =
+ "@MinorVersion";
+ /** Prefix for Attribute AssertionID in an Xpath-expression */
+ private static String ASSERTION_ID_XPATH =
+ "@AssertionID";
+ /** Prefix for Attribute Issuer in an Xpath-expression */
+ private static String ISSUER_XPATH =
+ "@Issuer";
+ /** Prefix for Attribute IssueInstant in an Xpath-expression */
+ private static String ISSUE_INSTANT_XPATH =
+ "@IssueInstant";
+ /** Prefix for Element AttributeStatement in an Xpath-expression */
+ private static String ATTRIBUTESTATEMENT_XPATH =
+ SAML + "AttributeStatement/";
+ /** Prefix for Element NameIdentifier in an Xpath-expression */
+ private static String VPK_XPATH =
+ ATTRIBUTESTATEMENT_XPATH +
+ SAML + "Subject/" +
+ SAML + "NameIdentifier";
+ /** Prefix for Element Person in an Xpath-expression */
+ private static String PERSONDATA_XPATH =
+ ATTRIBUTESTATEMENT_XPATH +
+ SAML + "Attribute[@AttributeName=\"PersonData\"]/" +
+ SAML + "AttributeValue/" +
+ PR + "Person/";
+ /** Prefix for Element Value in an Xpath-expression */
+ private static String ZMRZAHL_XPATH =
+ PERSONDATA_XPATH +
+ PR + "Identification/" +
+ PR + "Value";
+ /** Prefix for Element GivenName in an Xpath-expression */
+ private static String GIVEN_NAME_XPATH =
+ PERSONDATA_XPATH +
+ PR + "Name/" +
+ PR + "GivenName";
+ /** Prefix for Element FamilyName in an Xpath-expression */
+ private static String FAMILY_NAME_XPATH =
+ PERSONDATA_XPATH +
+ PR + "Name/" +
+ PR + "FamilyName";
+ /** Prefix for Element DateOfBirth in an Xpath-expression */
+ private static String DATE_OF_BIRTH_XPATH =
+ PERSONDATA_XPATH +
+ PR + "DateOfBirth";
+ /** Prefix for Element AttributeValue in an Xpath-expression */
+ private static String IS_QUALIFIED_CERT_XPATH =
+ ATTRIBUTESTATEMENT_XPATH +
+ SAML + "Attribute[@AttributeName=\"isQualifiedCertificate\"]/" +
+ SAML + "AttributeValue";
+ /** Prefix for Element AttributeValue in an Xpath-expression */
+ private static String PUBLIC_AUTHORITY_XPATH =
+ ATTRIBUTESTATEMENT_XPATH +
+ SAML + "Attribute[@AttributeName=\"isPublicAuthority\"]/" +
+ SAML + "AttributeValue";
+ /** Element samlAssertion represents the SAML:Assertion */
+ private Element samlAssertion;
+
+ /**
+ * Constructor
+ * @param samlAssertion samlpResponse the <code>&lt;samlp:Response&gt;</code> as a DOM element
+ */
+ public AuthenticationDataAssertionParser(Element samlAssertion) {
+ this.samlAssertion = samlAssertion;
+ }
+
+ /**
+ * Parses the <code>&lt;saml:Assertion&gt;</code>.
+ * @return <code>AuthenticationData</code> object
+ * @throws ParseException on any error
+ */
+ public AuthenticationData parseAuthenticationData()
+ throws ParseException {
+
+ try {
+ AuthenticationData authData = new AuthenticationData();
+ //ÄNDERN: NUR der Identification-Teil
+ authData.setSamlAssertion(DOMUtils.serializeNode(samlAssertion));
+ authData.setMajorVersion(new Integer(
+ XPathUtils.getAttributeValue(samlAssertion, MAJOR_VERSION_XPATH, "-1")).intValue());
+ authData.setMinorVersion(new Integer(
+ XPathUtils.getAttributeValue(samlAssertion, MINOR_VERSION_XPATH, "-1")).intValue());
+ authData.setAssertionID(
+ XPathUtils.getAttributeValue(samlAssertion, ASSERTION_ID_XPATH, ""));
+ authData.setIssuer(
+ XPathUtils.getAttributeValue(samlAssertion, ISSUER_XPATH, ""));
+ authData.setIssueInstant(
+ XPathUtils.getAttributeValue(samlAssertion, ISSUE_INSTANT_XPATH, ""));
+ authData.setVPK(
+ XPathUtils.getElementValue(samlAssertion, VPK_XPATH, ""));
+ authData.setIdentificationValue(
+ XPathUtils.getElementValue(samlAssertion, ZMRZAHL_XPATH, ""));
+ authData.setGivenName(
+ XPathUtils.getElementValue(samlAssertion, GIVEN_NAME_XPATH, ""));
+ authData.setFamilyName(
+ XPathUtils.getElementValue(samlAssertion, FAMILY_NAME_XPATH, ""));
+ authData.setDateOfBirth(
+ XPathUtils.getElementValue(samlAssertion, DATE_OF_BIRTH_XPATH, ""));
+ authData.setQualifiedCertificate(BoolUtils.valueOf(
+ XPathUtils.getElementValue(samlAssertion, IS_QUALIFIED_CERT_XPATH, "")));
+ String publicAuthority =
+ XPathUtils.getElementValue(samlAssertion, PUBLIC_AUTHORITY_XPATH, null);
+ if (publicAuthority == null) {
+ authData.setPublicAuthority(false);
+ authData.setPublicAuthorityCode("");
+ }
+ else {
+ authData.setPublicAuthority(true);
+ if (! publicAuthority.equalsIgnoreCase("true"))
+ authData.setPublicAuthorityCode(publicAuthority);
+ }
+ return authData;
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", new Object[] { t.toString() }, t);
+ }
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java b/id.server/src/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java
new file mode 100644
index 000000000..9f77578fd
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java
@@ -0,0 +1,100 @@
+package at.gv.egovernment.moa.id.proxy.parser;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.SAMLStatus;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * Parser for the <code>&lt;samlp:Response&gt;</code> returned by the
+ * <code>GetAuthenticationData</code> web service.
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SAMLResponseParser implements Constants {
+ /** Element containing the samlResponse */
+ private Element samlResponse;
+ /** Xpath prefix for reaching SAMLP Namespaces */
+ private static String SAMLP = SAMLP_PREFIX + ":";
+ /** Xpath prefix for reaching SAML Namespaces */
+ private static String SAML = SAML_PREFIX + ":";
+ /** Xpath prefix for reaching PersonData Namespaces */
+ private static String PR = PD_PREFIX + ":";
+ /** Xpath expression for reaching the SAMLP:Response element */
+ private static final String ROOT =
+ "/" + SAMLP + "Response/";
+ /** Xpath expression for reaching the SAMLP:Status element */
+ private static final String STATUS_XPATH =
+ ROOT +
+ SAMLP + "Status/";
+ /** Xpath expression for reaching the SAMLP:StatusCode_Value attribute */
+ private static final String STATUSCODE_XPATH =
+ STATUS_XPATH +
+ SAMLP + "StatusCode/@Value";
+ /** Xpath expression for reaching the SAMLP:SubStatusCode_Value attribute */
+ private static final String SUBSTATUSCODE_XPATH =
+ STATUS_XPATH +
+ SAMLP + "StatusCode/" +
+ SAMLP + "StatusCode/@Value";
+ /** Xpath expression for reaching the SAMLP:StatusMessage element */
+ private static final String STATUSMESSAGE_XPATH =
+ STATUS_XPATH +
+ SAMLP + "StatusMessage";
+ /** Xpath expression for reaching the SAML:Assertion element */
+ private static String ASSERTION_XPATH =
+ ROOT +
+ SAML + "Assertion";
+
+ /**
+ * Constructor
+ * @param samlResponse the <code>&lt;samlp:Response&gt;</code> as a DOM element
+ */
+ public SAMLResponseParser(Element samlResponse) {
+ this.samlResponse = samlResponse;
+ }
+
+ /**
+ * Parses the <code>&lt;samlp:StatusCode&gt;</code> from the <code>&lt;samlp:Response&gt;</code>.
+ * @return <code>AuthenticationData</code> object
+ * @throws ParseException on any parsing error
+ */
+ public SAMLStatus parseStatusCode()
+ throws ParseException {
+
+ SAMLStatus status = new SAMLStatus();
+ try {
+ status.setStatusCode(
+ XPathUtils.getAttributeValue(samlResponse, STATUSCODE_XPATH, ""));
+ status.setSubStatusCode(
+ XPathUtils.getAttributeValue(samlResponse, SUBSTATUSCODE_XPATH, ""));
+ status.setStatusMessage(
+ XPathUtils.getElementValue(samlResponse, STATUSMESSAGE_XPATH, ""));
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", new Object[] { t.toString() }, t);
+ }
+ return status;
+ }
+
+ /**
+ * Parses the <code>&lt;saml:Assertion&gt;</code> from the <code>&lt;samlp:Response&gt;</code>.
+ * @return <code>AuthenticationData</code> object
+ * @throws ParseException on any parsing error
+ */
+ public AuthenticationData parseAuthenticationData()
+ throws ParseException {
+
+ Element samlAssertion;
+ try {
+ samlAssertion = (Element)XPathUtils.selectSingleNode(samlResponse, ASSERTION_XPATH);
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", new Object[] { t.toString() }, t);
+ }
+ return new AuthenticationDataAssertionParser(samlAssertion).parseAuthenticationData();
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java
new file mode 100644
index 000000000..a00c48387
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java
@@ -0,0 +1,73 @@
+package at.gv.egovernment.moa.id.proxy.servlet;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Servlet requested for updating the MOA-ID Auth configuration from configuration file
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class ConfigurationServlet extends HttpServlet {
+ /** The standard String for DTD Doc-type */
+ private static final String DOC_TYPE =
+ "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\n";
+
+ /**
+ * Handle a HTTP GET request, used to indicated that the MOA
+ * configuration needs to be updated (reloaded).
+ *
+ * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+ */
+ public void doGet(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
+
+ MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance();
+ PrintWriter out;
+
+ response.setContentType("text/html");
+ out = response.getWriter();
+ out.println(DOC_TYPE);
+ out.println("<head><title>MOA configuration update</title></head>");
+ out.println("<body bgcolor=\"#FFFFFF\">");
+ try {
+ MOAIDProxyInitializer.initialize();
+ String message = msg.getMessage("config.00", null);
+ Logger.info(message);
+ out.println("<p><b>");
+ out.println(message);
+ out.println("</b></p>");
+ } catch (Throwable t) {
+ String errorMessage = msg.getMessage("config.04", null);
+ Logger.error(errorMessage, t);
+ out.println("<p><b>");
+ out.println(errorMessage);
+ out.println("</b></p>");
+ }
+ out.println("</body>");
+
+ out.flush();
+ out.close();
+ }
+
+ /**
+ * Do the same as <code>doGet</code>.
+ *
+ * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+ */
+ public void doPost(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
+ doGet(request, response);
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java
new file mode 100644
index 000000000..0080c010e
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java
@@ -0,0 +1,35 @@
+package at.gv.egovernment.moa.id.proxy.servlet;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+/**
+ * Exception thrown while proxying a request to the online application
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class ProxyException extends MOAIDException {
+
+ /**
+ * Constructor for ProxyException.
+ * @param messageId
+ * @param parameters
+ */
+ public ProxyException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ /**
+ * Constructor for ProxyException.
+ * @param messageId
+ * @param parameters
+ * @param wrapped
+ */
+ public ProxyException(
+ String messageId,
+ Object[] parameters,
+ Throwable wrapped) {
+ super(messageId, parameters, wrapped);
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
new file mode 100644
index 000000000..c52de2ba8
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
@@ -0,0 +1,531 @@
+package at.gv.egovernment.moa.id.proxy.servlet;
+
+import java.io.BufferedInputStream;
+import java.io.BufferedOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.net.HttpURLConnection;
+import java.net.URLEncoder;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+
+import javax.net.ssl.SSLSocketFactory;
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.ServiceException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
+import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
+import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.CookieManager;
+import at.gv.egovernment.moa.id.proxy.ConnectionBuilder;
+import at.gv.egovernment.moa.id.proxy.ConnectionBuilderFactory;
+import at.gv.egovernment.moa.id.proxy.LoginParameterResolver;
+import at.gv.egovernment.moa.id.proxy.LoginParameterResolverFactory;
+import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer;
+import at.gv.egovernment.moa.id.proxy.invoke.GetAuthenticationDataInvoker;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+
+/**
+ * Servlet requested for logging in at an online application,
+ * and then for proxying requests to the online application.
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class ProxyServlet extends HttpServlet {
+ /** Name of the Parameter for the Target */
+ private static final String PARAM_TARGET = "Target";
+ /** Name of the Parameter for the SAMLArtifact */
+ private static final String PARAM_SAMLARTIFACT = "SAMLArtifact";
+
+ /** Name of the Attribute for the PublicURLPrefix */
+ private static final String ATT_PUBLIC_URLPREFIX = "PublicURLPrefix";
+ /** Name of the Attribute for the RealURLPrefix */
+ private static final String ATT_REAL_URLPREFIX = "RealURLPrefix";
+ /** Name of the Attribute for the SSLSocketFactory */
+ private static final String ATT_SSL_SOCKET_FACTORY = "SSLSocketFactory";
+ /** Name of the Attribute for the LoginHeaders */
+ private static final String ATT_LOGIN_HEADERS = "LoginHeaders";
+ /** Name of the Attribute for the LoginParameters */
+ private static final String ATT_LOGIN_PARAMETERS = "LoginParameters";
+
+ /**
+ * @see javax.servlet.http.HttpServlet#service(HttpServletRequest, HttpServletResponse)
+ */
+ protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+
+ Logger.debug("getRequestURL:" + req.getRequestURL().toString());
+ try {
+ if (req.getParameter(PARAM_SAMLARTIFACT) != null && req.getParameter(PARAM_TARGET) != null)
+ login(req, resp);
+ else
+ tunnelRequest(req, resp);
+ }
+ catch (MOAIDException ex) {
+ handleError(resp, ex.toString(), ex);
+ }
+ catch (Throwable ex) {
+ handleError(resp, ex.toString(), ex);
+ }
+ }
+
+ /**
+ * Login to online application at first call of servlet for a user session.<br/>
+ * <ul>
+ * <li>Acquires authentication data from the MOA-ID Auth component.</li>
+ * <li>Reads configuration data for the online application.</li>
+ * <li>Resolves login parameters.</li>
+ * <li>Sets up an SSLSocketFactory in case of a secure connection to the online application.</li>
+ * <li>For a stateless online application, stores data in the HttpSession.</li>
+ * <li>Tunnels the request to the online application.</li>
+ * </ul>
+ * @param req
+ * @param resp
+ * @throws ConfigurationException when wrong configuration is encountered
+ * @throws ProxyException when wrong configuration is encountered
+ * @throws BuildException while building the request for MOA-ID Auth
+ * @throws ServiceException while invoking MOA-ID Auth
+ * @throws ParseException while parsing the response from MOA-ID Auth
+ */
+ private void login(HttpServletRequest req, HttpServletResponse resp) throws ConfigurationException, ProxyException, BuildException, ServiceException, ParseException, AuthenticationException {
+
+ String samlArtifact = req.getParameter(PARAM_SAMLARTIFACT);
+ Logger.debug("moa-id-proxy login " + PARAM_SAMLARTIFACT + ": " + samlArtifact);
+ // String target = req.getParameter(PARAM_TARGET); parameter given but not processed
+
+ // get authentication data from the MOA-ID Auth component
+ AuthenticationData authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact);
+
+ String urlRequested = req.getRequestURL().toString();
+
+ // read configuration data
+ ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance();
+ OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(urlRequested);
+ if (oaParam == null) {
+ throw new ProxyException("proxy.02", new Object[] { urlRequested });
+ }
+ String publicURLPrefix = oaParam.getPublicURLPrefix();
+ Logger.debug("OA: " + publicURLPrefix);
+ OAConfiguration oaConf = oaParam.getOaConfiguration();
+ ConnectionParameter oaConnParam = oaParam.getConnectionParameter();
+ String realURLPrefix = oaConnParam.getUrl();
+
+ // resolve login parameters to be forwarded to online application
+ LoginParameterResolver lpr = LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix);
+ String clientIPAddress = req.getRemoteAddr();
+ Map loginHeaders = null;
+ Map loginParameters = null;
+ if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH))
+ loginParameters = lpr.getAuthenticationParameters(oaConf, authData, clientIPAddress);
+ else
+ loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, clientIPAddress);
+
+ // setup SSLSocketFactory for communication with the online application
+ SSLSocketFactory ssf = null;
+ if (oaConnParam.isHTTPSURL()) {
+ try {
+ ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
+ }
+ catch (Throwable ex) {
+ throw new ProxyException("proxy.05", new Object[] { oaConnParam.getUrl(), ex.toString()}, ex);
+ }
+ }
+
+ try {
+ // for stateless online application, store data in HttpSession
+ String loginType = oaConf.getLoginType();
+ Logger.debug("Login type: " + loginType);
+ if (loginType.equals(OAConfiguration.LOGINTYPE_STATELESS)) {
+ HttpSession session = req.getSession();
+ int sessionTimeOut = oaParam.getSessionTimeOut();
+ if (sessionTimeOut == 0)
+ sessionTimeOut = 60 * 60; // default 1 h
+ session.setMaxInactiveInterval(sessionTimeOut);
+ session.setAttribute(ATT_PUBLIC_URLPREFIX, publicURLPrefix);
+ session.setAttribute(ATT_REAL_URLPREFIX, realURLPrefix);
+ session.setAttribute(ATT_SSL_SOCKET_FACTORY, ssf);
+ session.setAttribute(ATT_LOGIN_HEADERS, loginHeaders);
+ session.setAttribute(ATT_LOGIN_PARAMETERS, loginParameters);
+ Logger.debug("moa-id-proxy: HTTPSession angelegt");
+ }
+
+ // tunnel request to the online application
+ int respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf);
+ if (respcode == 401)
+ {
+ Logger.debug("Got 401, trying again");
+
+ respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf);
+ if (respcode == 401)
+ throw new ProxyException("proxy.12", new Object[] { realURLPrefix});
+ }
+ }
+ catch (ProxyException ex) {
+ throw new ProxyException("proxy.12", new Object[] { realURLPrefix});
+ }
+ catch (Throwable ex) {
+ throw new ProxyException("proxy.04", new Object[] { urlRequested, ex.toString()}, ex);
+ }
+ }
+
+ /**
+ * Tunnels a request to the stateless online application using data stored in the HTTP session.
+ * @param req HTTP request
+ * @param resp HTTP response
+ * @throws IOException if an I/O error occurs
+ */
+ private void tunnelRequest(HttpServletRequest req, HttpServletResponse resp) throws ProxyException, IOException {
+
+ Logger.debug("Tunnel request (stateless)");
+ HttpSession session = req.getSession(false);
+ if (session == null)
+ throw new ProxyException("proxy.07", null);
+ String publicURLPrefix = (String) session.getAttribute(ATT_PUBLIC_URLPREFIX);
+ String realURLPrefix = (String) session.getAttribute(ATT_REAL_URLPREFIX);
+ SSLSocketFactory ssf = (SSLSocketFactory) session.getAttribute(ATT_SSL_SOCKET_FACTORY);
+ Map loginHeaders = (Map) session.getAttribute(ATT_LOGIN_HEADERS);
+ Map loginParameters = (Map) session.getAttribute(ATT_LOGIN_PARAMETERS);
+ if (publicURLPrefix == null || realURLPrefix == null)
+ throw new ProxyException("proxy.08", new Object[] { req.getRequestURL().toString()});
+
+ int respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf);
+ if (respcode == 401)
+ {
+ Logger.debug("Got 401, trying again");
+ respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf);
+ if (respcode == 401)
+ throw new ProxyException("proxy.12", new Object[] { realURLPrefix});
+ }
+ }
+
+/**
+ * Tunnels a request to the online application using given URL mapping and SSLSocketFactory.
+ * This method returns the ResponseCode of the request to the online application.
+ * @param req HTTP request
+ * @param resp HTTP response
+ * @param loginHeaders header field/values to be inserted for purposes of authentication;
+ * may be <code>null</code>
+ * @param loginParameters parameter name/values to be inserted for purposes of authentication;
+ * may be <code>null</code>
+ * @param publicURLPrefix prefix of request URL to be substituted for the <code>realURLPrefix</code>
+ * @param realURLPrefix prefix of online application URL to substitute the <code>publicURLPrefix</code>
+ * @param ssf SSLSocketFactory to use
+ * @throws IOException if an I/O error occurs
+ */
+private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map loginHeaders, Map loginParameters, String publicURLPrefix, String realURLPrefix, SSLSocketFactory ssf)
+ throws IOException {
+
+ // collect headers from request
+ Map headers = new HashMap();
+ for (Enumeration enum = req.getHeaderNames(); enum.hasMoreElements();) {
+ String headerKey = (String) enum.nextElement();
+ //We ignore any Basic-Auth-Headers from the client
+ if (headerKey.equalsIgnoreCase("Authorization"))
+ { Logger.debug("Ignoring authorization-header from browser: " +req.getHeader(headerKey) );
+ }
+ else
+ headers.put(headerKey, req.getHeader(headerKey));
+ }
+ // collect login headers, possibly overwriting headers from request
+ if (loginHeaders != null) {
+ for (Iterator iter = loginHeaders.keySet().iterator(); iter.hasNext();) {
+ String headerKey = (String) iter.next();
+ headers.put(headerKey, loginHeaders.get(headerKey));
+ }
+ }
+ // collect parameters from request
+ Map parameters = new HashMap();
+ for (Enumeration enum = req.getParameterNames(); enum.hasMoreElements();) {
+ String paramName = (String) enum.nextElement();
+ parameters.put(paramName, req.getParameter(paramName));
+ }
+ // collect login parameters, possibly overwriting parameters from request
+ if (loginParameters != null) {
+ for (Iterator iter = loginParameters.keySet().iterator(); iter.hasNext();) {
+ String paramName = (String) iter.next();
+ parameters.put(paramName, loginParameters.get(paramName));
+ }
+ }
+
+ headers.remove("content-length");
+ parameters.remove(PARAM_SAMLARTIFACT);
+ parameters.remove(PARAM_TARGET);
+
+ ConnectionBuilder cb = ConnectionBuilderFactory.getConnectionBuilder(publicURLPrefix);
+ HttpURLConnection conn = cb.buildConnection(req, publicURLPrefix, realURLPrefix, ssf, parameters);
+
+ //Set Cookies...
+
+ String cookieString = CookieManager.getInstance().getCookie(req.getSession().getId());
+ if (cookieString!=null)
+ {
+ //If we get Cookies from Client, we put them throgh if they dont exist/conflict with the stored Cookies
+ for (Iterator iter = headers.keySet().iterator(); iter.hasNext();) {
+ String headerKey = (String) iter.next();
+ String headerValue = (String) headers.get(headerKey);
+ if (headerKey.equalsIgnoreCase("Cookie"))
+ CookieManager.getInstance().saveOldCookies(req.getSession().getId(), headerValue);
+ }
+ cookieString = CookieManager.getInstance().getCookie(req.getSession().getId());
+ headers.put("cookie", cookieString);
+ }
+
+ // set headers as request properties of URLConnection
+ for (Iterator iter = headers.keySet().iterator(); iter.hasNext();) {
+ String headerKey = (String) iter.next();
+ String headerValue = (String) headers.get(headerKey);
+ conn.setRequestProperty(headerKey, headerValue);
+ Logger.debug("Req header " + headerKey + ": " + headers.get(headerKey));
+ if (Logger.isDebugEnabled() && isBasicAuthenticationHeader(headerKey, headerValue)) {
+ String credentials = headerValue.substring(6);
+ String userIDPassword = new String(Base64Utils.decode(credentials, false));
+ Logger.debug(":UserID:Password: :" + userIDPassword + ":");
+ }
+ }
+ // Write out parameters into output stream of URLConnection.
+ // On GET request, do not send parameters in any case,
+ // otherwise HttpURLConnection would send a POST.
+ if (!"get".equalsIgnoreCase(req.getMethod()) && !parameters.isEmpty()) {
+ boolean firstParam = true;
+ StringWriter sb = new StringWriter();
+ for (Iterator iter = parameters.keySet().iterator(); iter.hasNext();) {
+ String paramname = (String) iter.next();
+ String value = URLEncoder.encode((String) parameters.get(paramname));
+ if (firstParam)
+ firstParam = false;
+ else
+ sb.write("&");
+ sb.write(paramname);
+ sb.write("=");
+ sb.write(value);
+ Logger.debug("Req param " + paramname + ": " + value);
+ }
+ PrintWriter reqOut = new PrintWriter(conn.getOutputStream());
+ reqOut.write(sb.toString());
+ reqOut.flush();
+ reqOut.close();
+ }
+ // connect
+ conn.connect();
+
+ // Read response status and content type.
+ // If the connection returns a 401 disconnect and return
+ // otherwise the attempt to read data from that connection
+ // will result in an error
+
+ if (conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED)
+ {
+ Logger.debug("Found 401... searching cookies");
+ String headerKey;
+
+ int i = 1;
+ CookieManager cm = CookieManager.getInstance();
+ while ((headerKey = conn.getHeaderFieldKey(i)) != null) {
+ String headerValue = conn.getHeaderField(i);
+ if (headerKey.equalsIgnoreCase("set-cookie"))
+ { cm.saveCookie(req.getSession().getId(), headerValue);
+ cm.add401(req.getSession().getId(),headerValue);
+ Logger.debug("Cookie " + headerValue);
+ Logger.debug("CookieSession " + req.getSession().getId());
+ }
+ i++;
+ }
+
+ conn.disconnect();
+ return conn.getResponseCode();
+ }
+ resp.setStatus(conn.getResponseCode());
+ resp.setContentType(conn.getContentType());
+
+ // Read response headers
+ // Omit response header "content-length" if response header "Transfer-encoding: chunked" is set.
+ // Otherwise, the connection will not be kept alive, resulting in subsequent missing requests.
+ // See JavaDoc of javax.servlet.http.HttpServlet:
+ // When using HTTP 1.1 chunked encoding (which means that the response has a Transfer-Encoding header), do not set the Content-Length header.
+ Map respHeaders = new HashMap();
+ boolean chunked = false;
+ String contentLengthKey = null;
+ String transferEncodingKey = null;
+ int i = 1;
+ String headerKey;
+ while ((headerKey = conn.getHeaderFieldKey(i)) != null) {
+ String headerValue = conn.getHeaderField(i);
+ respHeaders.put(headerKey, headerValue);
+ if (isTransferEncodingChunkedHeader(headerKey, headerValue)) {
+ chunked = true;
+ transferEncodingKey = headerKey;
+ }
+ CookieManager cm = CookieManager.getInstance();
+ if (headerKey.equalsIgnoreCase("set-cookie"))
+ { cm.saveCookie(req.getSession().getId(), headerValue);
+ Logger.debug("Cookie " + headerValue);
+ Logger.debug("CookieSession " + req.getSession().getId());
+ }
+ if ("content-length".equalsIgnoreCase(headerKey))
+ contentLengthKey = headerKey;
+ Logger.debug("Resp header " + headerKey + ": " + headerValue);
+ i++;
+ }
+ if (chunked && contentLengthKey != null) {
+ respHeaders.remove(transferEncodingKey);
+ Logger.debug("Resp header " + transferEncodingKey + " REMOVED");
+ }
+
+ //Get a Hash-Map of all 401-set-cookies
+ HashMap cookies401 = CookieManager.getInstance().get401(req.getSession().getId());
+
+ for (Iterator iter = respHeaders.keySet().iterator(); iter.hasNext();) {
+ headerKey = (String) iter.next();
+
+ if (headerKey.equalsIgnoreCase("Set-Cookie"))
+ {
+ String headerValue = (String) respHeaders.get(headerKey);
+ Logger.debug("Found 'Set-Cookie' in ResponseHeaders: " + headerValue);
+ if(!cookies401.containsKey(headerValue.substring(0, headerValue.indexOf("="))))
+ {
+ // If we dont already have a Set-Cookie-Value for THAT Cookie we create one...
+ CookieManager.getInstance().add401(req.getSession().getId(), headerValue);
+ }
+ }
+ }
+
+ //write out all Responseheaders != "set-cookie"
+ for (Iterator iter = respHeaders.keySet().iterator(); iter.hasNext();) {
+ headerKey = (String) iter.next();
+ if (!headerKey.equalsIgnoreCase("Set-Cookie"))
+ resp.addHeader(headerKey, (String) respHeaders.get(headerKey));
+ }
+
+ //write out all Responseheaders = "set-cookie"
+ cookies401 = CookieManager.getInstance().get401(req.getSession().getId());
+ Iterator cookie_i = cookies401.values().iterator();
+ while (cookie_i.hasNext()) {
+ String element = (String) cookie_i.next();
+ resp.addHeader("Set-Cookie", element);
+ }
+ //Delete all "Set-Cookie" - Values
+ CookieManager.getInstance().clear401(req.getSession().getId());
+
+ // read response stream
+ Logger.debug("Resp from " + conn.getURL().toString() + ": status " + conn.getResponseCode());
+ // Load content unless the server lets us know that the content is NOT MODIFIED...
+ if (conn.getResponseCode()!=HttpURLConnection.HTTP_NOT_MODIFIED)
+ {
+ BufferedInputStream respIn = new BufferedInputStream(conn.getInputStream());
+ Logger.debug("Got Inputstream");
+ BufferedOutputStream respOut = new BufferedOutputStream(resp.getOutputStream());
+ Logger.debug("Got Outputstream");
+ int ch;
+ while ((ch = respIn.read()) >= 0)
+ respOut.write(ch);
+ respOut.close();
+ respIn.close();
+ }
+ else
+ Logger.debug("Found 304 NOT MODIFIED...");
+ conn.disconnect();
+ Logger.debug("Request done");
+
+
+ return conn.getResponseCode();
+}
+/**
+ * Determines whether a HTTP header is a basic authentication header of the kind "Authorization: Basic ..."
+ *
+ * @param headerKey header name
+ * @param headerValue header value
+ * @return true for a basic authentication header
+ */
+private boolean isBasicAuthenticationHeader(String headerKey, String headerValue) {
+ if (!"authorization".equalsIgnoreCase(headerKey))
+ return false;
+ if (headerValue.length() < "basic".length())
+ return false;
+ String authenticationSchema = headerValue.substring(0, "basic".length());
+ return "basic".equalsIgnoreCase(authenticationSchema);
+}
+/**
+ * Determines whether a HTTP header is "Transfer-encoding" header with value containing "chunked"
+ *
+ * @param headerKey header name
+ * @param headerValue header value
+ * @return true for a "Transfer-encoding: chunked" header
+ */
+private boolean isTransferEncodingChunkedHeader(String headerKey, String headerValue) {
+ if (!"transfer-encoding".equalsIgnoreCase(headerKey))
+ return false;
+ return headerValue.indexOf("chunked") >= 0 || headerValue.indexOf("Chunked") >= 0 || headerValue.indexOf("CHUNKED") >= 0;
+}
+
+/**
+ * Calls the web application initializer.
+ *
+ * @see javax.servlet.Servlet#init(ServletConfig)
+ */
+public void init(ServletConfig servletConfig) throws ServletException {
+ try {
+ MOAIDProxyInitializer.initialize();
+ Logger.info(MOAIDMessageProvider.getInstance().getMessage("proxy.00", null));
+ }
+ catch (Exception ex) {
+ Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("proxy.06", null), ex);
+ throw new ServletException(ex);
+ }
+}
+/**
+ * Handles an error in proxying the request.
+ * <ul>
+ * <li>Logs the error.</li>
+ * <li>Outputs an HTML error page.</li>
+ * </ul>
+ * @param resp the HttpServletResponse
+ * @param errorMessage error message to be used
+ * @param ex the exception to be logged
+ */
+private void handleError(HttpServletResponse resp, String errorMessage, Throwable ex) {
+ Logger.error(errorMessage, ex);
+ String htmlCode =
+ "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">"
+ + "<html><head><title>"
+ + MOAIDMessageProvider.getInstance().getMessage("proxy.10", null)
+ + "</title></head><body>"
+ + "<h1>"
+ + MOAIDMessageProvider.getInstance().getMessage("proxy.10", null)
+ + "</h1>"
+ + "<p>"
+ + MOAIDMessageProvider.getInstance().getMessage("proxy.11", null)
+ + "</p>"
+ + "<p>"
+ + errorMessage
+ + "</p>"
+ + "</body></html>";
+ resp.setContentType("text/html");
+ try {
+ OutputStream respOut = resp.getOutputStream();
+ respOut.write(htmlCode.getBytes());
+ respOut.flush();
+ }
+ catch (IOException ioex) {
+ Logger.error("", ioex);
+ }
+}
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java b/id.server/src/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java
new file mode 100644
index 000000000..8967bdbba
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java
@@ -0,0 +1,213 @@
+package at.gv.egovernment.moa.id.util;
+
+import java.io.BufferedWriter;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.OutputStreamWriter;
+import java.io.PrintWriter;
+import java.net.Socket;
+import java.security.GeneralSecurityException;
+import java.util.Hashtable;
+
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+
+import org.apache.axis.components.net.BooleanHolder;
+import org.apache.axis.components.net.DefaultSocketFactory;
+import org.apache.axis.components.net.SecureSocketFactory;
+import org.apache.axis.components.net.TransportClientProperties;
+import org.apache.axis.components.net.TransportClientPropertiesFactory;
+import org.apache.axis.utils.Messages;
+import org.apache.axis.utils.XMLUtils;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Secure socket factory for Axis webs service clients of the MOA-ID component,
+ * which are the MOA-SP calls from MOA-ID Auth,
+ * and the MOA-ID Auth calls from MOA-ID Proxy.
+ * <br/>Use this initialization code:<br/>
+ * <code> // ConnectionParameter connParam = ... get from ConfigurationProvider
+ * AxisSecureSocketFactory.initialize(connParam);</code>
+ * <br/>See the Apache Axis documentation on how to configure this class
+ * as the default secure socket factory to be used by Axis.
+ * <br/>
+ * This code has been copied from <code>JSSESocketFactory</code>, the
+ * method <code>initialize()</code> has been added.
+ *
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AxisSecureSocketFactory
+ extends DefaultSocketFactory implements SecureSocketFactory {
+
+ /** Field sslFactory */
+ private static SSLSocketFactory sslFactory;
+
+ /**
+ * Constructor for AxisSecureSocketFactory.
+ * @param attributes ???
+ */
+ public AxisSecureSocketFactory(Hashtable attributes) {
+ super(attributes);
+ }
+ /**
+ * Initializes the factory by setting the connection parameters to be used for
+ * setting the secure socket factory, and by setting the system property
+ * <code>axis.socketSecureFactory</code>.
+ * @param connParam <code>ConnectionParameter</code> to derive the
+ * secure socket factory from
+ */
+ public static void initialize(SSLSocketFactory ssf)
+ throws IOException, GeneralSecurityException {
+
+ Logger.debug("Initialize AxisSecureSocketFactory");
+ sslFactory = ssf;
+ }
+
+ /**
+ * creates a secure socket
+ *
+ * @param host
+ * @param port
+ * @param otherHeaders
+ * @param useFullURL
+ *
+ * @return Socket
+ * @throws Exception
+ */
+ public Socket create(
+ String host,
+ int port,
+ StringBuffer otherHeaders,
+ BooleanHolder useFullURL)
+ throws Exception {
+ if (port == -1) {
+ port = 443;
+ }
+
+ TransportClientProperties tcp =
+ TransportClientPropertiesFactory.create("https");
+
+ boolean hostInNonProxyList =
+ isHostInNonProxyList(host, tcp.getNonProxyHosts());
+
+ Socket sslSocket = null;
+ if (tcp.getProxyHost().length() == 0 || hostInNonProxyList) {
+ // direct SSL connection
+ sslSocket = sslFactory.createSocket(host, port);
+ }
+ else {
+
+ // Default proxy port is 80, even for https
+ int tunnelPort =
+ (tcp.getProxyPort().length() != 0)
+ ? Integer.parseInt(tcp.getProxyPort())
+ : 80;
+ if (tunnelPort < 0)
+ tunnelPort = 80;
+
+ // Create the regular socket connection to the proxy
+ Socket tunnel = new Socket(tcp.getProxyHost(), tunnelPort);
+
+ // The tunnel handshake method (condensed and made reflexive)
+ OutputStream tunnelOutputStream = tunnel.getOutputStream();
+ PrintWriter out =
+ new PrintWriter(
+ new BufferedWriter(new OutputStreamWriter(tunnelOutputStream)));
+
+ // More secure version... engage later?
+ // PasswordAuthentication pa =
+ // Authenticator.requestPasswordAuthentication(
+ // InetAddress.getByName(tunnelHost),
+ // tunnelPort, "SOCK", "Proxy","HTTP");
+ // if(pa == null){
+ // printDebug("No Authenticator set.");
+ // }else{
+ // printDebug("Using Authenticator.");
+ // tunnelUser = pa.getUserName();
+ // tunnelPassword = new String(pa.getPassword());
+ // }
+ out.print(
+ "CONNECT "
+ + host
+ + ":"
+ + port
+ + " HTTP/1.0\r\n"
+ + "User-Agent: AxisClient");
+ if (tcp.getProxyUser().length() != 0
+ && tcp.getProxyPassword().length() != 0) {
+
+ // add basic authentication header for the proxy
+ String encodedPassword =
+ XMLUtils.base64encode(
+ (tcp.getProxyUser() + ":" + tcp.getProxyPassword()).getBytes());
+
+ out.print("\nProxy-Authorization: Basic " + encodedPassword);
+ }
+ out.print("\nContent-Length: 0");
+ out.print("\nPragma: no-cache");
+ out.print("\r\n\r\n");
+ out.flush();
+ InputStream tunnelInputStream = tunnel.getInputStream();
+
+ if (log.isDebugEnabled()) {
+ log.debug(
+ Messages.getMessage(
+ "isNull00",
+ "tunnelInputStream",
+ "" + (tunnelInputStream == null)));
+ }
+ String replyStr = "";
+
+ // Make sure to read all the response from the proxy to prevent SSL negotiation failure
+ // Response message terminated by two sequential newlines
+ int newlinesSeen = 0;
+ boolean headerDone = false; /* Done on first newline */
+
+ while (newlinesSeen < 2) {
+ int i = tunnelInputStream.read();
+
+ if (i < 0) {
+ throw new IOException("Unexpected EOF from proxy");
+ }
+ if (i == '\n') {
+ headerDone = true;
+ ++newlinesSeen;
+ }
+ else if (i != '\r') {
+ newlinesSeen = 0;
+ if (!headerDone) {
+ replyStr += String.valueOf((char) i);
+ }
+ }
+ }
+ if (!replyStr.startsWith("HTTP/1.0 200")
+ && !replyStr.startsWith("HTTP/1.1 200")) {
+ throw new IOException(
+ Messages.getMessage(
+ "cantTunnel00",
+ new String[] { tcp.getProxyHost(), "" + tunnelPort, replyStr }));
+ }
+
+ // End of condensed reflective tunnel handshake method
+ sslSocket = sslFactory.createSocket(tunnel, host, port, true);
+ if (log.isDebugEnabled()) {
+ log.debug(
+ Messages.getMessage(
+ "setupTunnel00",
+ tcp.getProxyHost(),
+ "" + tunnelPort));
+ }
+ }
+
+ ((SSLSocket) sslSocket).startHandshake();
+ if (log.isDebugEnabled()) {
+ log.debug(Messages.getMessage("createdSSL00"));
+ }
+ return sslSocket;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java b/id.server/src/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java
new file mode 100644
index 000000000..d31aa6ec1
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java
@@ -0,0 +1,58 @@
+package at.gv.egovernment.moa.id.util;
+
+import java.util.Locale;
+
+import at.gv.egovernment.moa.util.Messages;
+
+/**
+ * A singleton wrapper around a <code>Message</code> object, providing the messages used in MOA-ID.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class MOAIDMessageProvider {
+
+ /** DEFAULT_MESSAGE_RESOURCES are resources/properties/id_messages */
+ private static final String[] DEFAULT_MESSAGE_RESOURCES =
+ { "resources/properties/id_messages" };
+ /** DEFAULT_MESSAGE_LOCALES are "de", "AT" */
+ private static final Locale[] DEFAULT_MESSAGE_LOCALES =
+ new Locale[] { new Locale("de", "AT") };
+ /** The instance for our singleton */
+ private static MOAIDMessageProvider instance;
+ /** The Messages */
+ private Messages messages;
+
+ /**
+ * Returns the single instance of <code>MOAIDMessageProvider</code>.
+ *
+ * @return the single instance of <code>MOAIDMessageProvider</code>
+ */
+ public static MOAIDMessageProvider getInstance() {
+ if (instance == null)
+ instance = new MOAIDMessageProvider(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES);
+ return instance;
+ }
+
+ /**
+ * Create a <code>MOAIDMessageProvider</code>.
+ *
+ * @param resourceNames The names of the resources containing the messages.
+ * @param locales The corresponding locales.
+ */
+ protected MOAIDMessageProvider(String[] resourceNames, Locale[] locales) {
+ this.messages = new Messages(resourceNames, locales);
+ }
+
+ /**
+ * Get the message corresponding to a given message ID.
+ *
+ * @param messageId The ID of the message.
+ * @param parameters The parameters to fill in into the message arguments.
+ * @return The formatted message.
+ */
+ public String getMessage(String messageId, Object[] parameters) {
+ return messages.getMessage(messageId, parameters);
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/util/Random.java b/id.server/src/at/gv/egovernment/moa/id/util/Random.java
new file mode 100644
index 000000000..da75b4213
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/util/Random.java
@@ -0,0 +1,22 @@
+package at.gv.egovernment.moa.id.util;
+
+import java.util.Date;
+
+/**
+ * Random number generator used to generate ID's
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class Random {
+
+ /** random number generator used */
+ private static java.util.Random random = new java.util.Random(new Date().getTime());
+ /**
+ * Creates a new random number, to be used as an ID.
+ *
+ * @return random long as a String
+ */
+ public static String nextRandom() {
+ return "" + random.nextLong();
+ }
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java b/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java
new file mode 100644
index 000000000..f21b0880e
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -0,0 +1,156 @@
+package at.gv.egovernment.moa.id.util;
+
+import iaik.pki.PKIConfiguration;
+import iaik.pki.PKIException;
+import iaik.pki.PKIFactory;
+import iaik.pki.PKIProfile;
+import iaik.pki.jsse.IAIKX509TrustManager;
+
+import java.io.BufferedInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.Security;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.net.ssl.SSLSocketFactory;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.iaik.config.PKIConfigurationImpl;
+import at.gv.egovernment.moa.id.iaik.pki.PKIProfileImpl;
+import at.gv.egovernment.moa.id.iaik.pki.jsse.MOAIDTrustManager;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.StreamUtils;
+
+import com.sun.net.ssl.HttpsURLConnection;
+import com.sun.net.ssl.KeyManager;
+import com.sun.net.ssl.SSLContext;
+import com.sun.net.ssl.TrustManager;
+
+/**
+ * Utility for a obtaining a secure socket factory using <code>IAIKX509TrustManager</code>.
+ * This <code>TrustManager</code> implementation features CRL checking.<br/>
+ * <code>SSLUtils</code> caches secure socket factories for given <code>ConnectionParameter</code>s.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SSLUtils {
+
+ /** SSLSocketFactory store, mapping URL->SSLSocketFactory **/
+ private static Map sslSocketFactories = new HashMap();
+
+ /**
+ * Initializes the SSLSocketFactory store.
+ */
+ public static void initialize() {
+ sslSocketFactories = new HashMap();
+ Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+ System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
+ }
+
+ /**
+ * Creates an <code>SSLSocketFactory</code> which utilizes an
+ * <code>IAIKX509TrustManager</code> for the given trust store,
+ * and the given key store.
+ *
+ * @param conf configuration provider providing a generic properties pointing
+ * to trusted CA store and certificate store root
+ * @param connParam connection parameter containing the client key store settings
+ * to be used in case of client authentication;
+ * if <code>connParam.getClientKeyStore() == null</code>, client authentication
+ * is assumed to be disabled
+ * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code>
+ * @throws IOException thrown while reading key store file
+ * @throws GeneralSecurityException thrown while creating the socket factory
+ * @throws ConfigurationException on invalid configuration data
+ * @throws PKIException while initializing the <code>IAIKX509TrustManager</code>
+ */
+ public static SSLSocketFactory getSSLSocketFactory(
+ ConfigurationProvider conf,
+ ConnectionParameter connParam)
+ throws IOException, GeneralSecurityException, ConfigurationException, PKIException {
+
+ Logger.debug("Get SSLSocketFactory for " + connParam.getUrl());
+ // retrieve SSLSocketFactory if already created
+ SSLSocketFactory ssf = (SSLSocketFactory)sslSocketFactories.get(connParam.getUrl());
+ if (ssf != null)
+ return ssf;
+ // else create new SSLSocketFactory
+ String trustStoreURL = conf.getTrustedCACertificates();
+ if (trustStoreURL == null)
+ throw new ConfigurationException(
+ "config.08", new Object[] {"TrustedCACertificates"});
+ String acceptedServerCertURL = connParam.getAcceptedServerCertificates();
+ TrustManager[] tms = getTrustManagers(conf, trustStoreURL, acceptedServerCertURL);
+ KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers(
+ "pkcs12", connParam.getClientKeyStore(), connParam.getClientKeyStorePassword());
+ SSLContext ctx = SSLContext.getInstance("TLS");
+ ctx.init(kms, tms, null);
+ ssf = ctx.getSocketFactory();
+ // store SSLSocketFactory
+ sslSocketFactories.put(connParam.getUrl(), ssf);
+ return ssf;
+ }
+
+ /**
+ * Initializes an <code>IAIKX509TrustManager</code> for a given trust store,
+ * using configuration data.
+ *
+ * @param conf MOA-ID configuration provider
+ * @param trustStoreURL trust store URL
+ * @param acceptedServerCertURL file URL pointing to directory containing accepted server SSL certificates
+ * @return <code>TrustManager</code> array containing the <code>IAIKX509TrustManager</code>
+ * @throws ConfigurationException on invalid configuration data
+ * @throws IOException on data-reading problems
+ * @throws PKIException while initializing the <code>IAIKX509TrustManager</code>
+ */
+ public static TrustManager[] getTrustManagers(
+ ConfigurationProvider conf, String trustStoreURL, String acceptedServerCertURL)
+ throws ConfigurationException, PKIException, IOException, GeneralSecurityException {
+
+ PKIConfiguration cfg = null;
+ if (! PKIFactory.getInstance().isAlreadyConfigured())
+ cfg = new PKIConfigurationImpl(conf);
+ PKIProfile profile = new PKIProfileImpl(trustStoreURL);
+ // This call fixes a bug occuring when PKIConfiguration is
+ // initialized by the MOA-SP initialization code, in case
+ // MOA-SP is called by API
+ MOAIDTrustManager.initializeLoggingContext();
+ IAIKX509TrustManager tm = new MOAIDTrustManager(acceptedServerCertURL);
+ tm.init(cfg, profile);
+ return new TrustManager[] {tm};
+ }
+ /**
+ * Reads a file, given by URL, into a byte array,
+ * securing the connection by IAIKX509TrustManager.
+ * @param connParam containing URL and accepted server certificates
+ * @param conf ConfigurationProvider for reading
+ * @return file content
+ * @throws ConfigurationException on invalid configuration data
+ * @throws PKIException on invalid configuration data
+ * @throws IOException on data-reading problems
+ * @throws GeneralSecurityException on security issues
+ */
+ public static byte[] readHttpsURL(ConfigurationProvider conf, ConnectionParameter connParam)
+ throws ConfigurationException, PKIException, IOException, GeneralSecurityException {
+
+ URL url = new URL(connParam.getUrl());
+ HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
+ conn.setRequestMethod("GET");
+ conn.setDoInput(true);
+ SSLSocketFactory sslSocketFactory = getSSLSocketFactory(conf, connParam);
+ conn.setSSLSocketFactory(sslSocketFactory);
+ conn.connect();
+ InputStream in = new BufferedInputStream(conn.getInputStream());
+ byte[] content = StreamUtils.readStream(in);
+ in.close();
+ conn.disconnect();
+ return content;
+ }
+
+}
diff --git a/id.server/src/test/MOAIDTestCase.java b/id.server/src/test/MOAIDTestCase.java
new file mode 100644
index 000000000..725fa1386
--- /dev/null
+++ b/id.server/src/test/MOAIDTestCase.java
@@ -0,0 +1,203 @@
+package test;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+import javax.xml.transform.TransformerException;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.StreamUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+import iaik.ixsil.algorithms.Transform;
+import iaik.ixsil.algorithms.TransformImplExclusiveCanonicalXML;
+import iaik.ixsil.exceptions.AlgorithmException;
+import iaik.ixsil.exceptions.InitException;
+import iaik.ixsil.exceptions.URIException;
+import iaik.ixsil.init.IXSILInit;
+import iaik.ixsil.util.URI;
+import test.at.gv.egovernment.moa.MOATestCase;
+
+/*
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class MOAIDTestCase extends MOATestCase implements Constants {
+
+ public static final String XML_DECL =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>";
+ protected static final String nl = "\n";
+
+ public MOAIDTestCase(String name) {
+ super(name);
+ }
+
+ protected void initIxsil() throws InitException, URIException {
+ IXSILInit.init(new URI("init/properties/init.properties"));
+ // Switch on debug information
+ IXSILInit.setPrintDebugLog(true);
+ }
+ //STRING <==> STRING
+ protected void assertXmlEquals(String xml1, String xml2)
+ throws AlgorithmException, IOException, InitException, URIException{
+ initIxsil();
+ String canXml1 = canonicalTransform(xml1);
+ String canXml2 = canonicalTransform(xml2);
+ assertEquals(canXml1, canXml2); }
+ // ELEMENT <==> ELEMENT
+ protected void assertXmlEquals(Element xml1, Element xml2)
+ throws AlgorithmException, IOException, InitException , URIException, TransformerException{
+ initIxsil();
+ assertEquals(canonicalTransform(DOMUtils.serializeNode(xml1)),canonicalTransform(DOMUtils.serializeNode(xml2)));
+ }
+ // INPUTSTREAM <==> INPUTSTREAM
+ protected void assertXmlEquals(InputStream xml1, InputStream xml2)
+ throws AlgorithmException, IOException, InitException , URIException{
+ initIxsil();
+ assertEquals(canonicalTransform(xml1),canonicalTransform(xml2));
+ }
+ // ELEMENT <==> STRING
+ protected void assertXmlEquals(Element xml1, String xml2)
+ throws AlgorithmException, IOException, InitException , URIException, TransformerException {
+ initIxsil();
+ assertEquals(canonicalTransform(xml1),canonicalTransform(xml2));
+ }
+ // ELEMENT <==> INPUTSTREAM
+ protected void assertXmlEquals(Element xml1, InputStream xml2)
+ throws AlgorithmException, IOException, InitException , URIException, TransformerException{
+ initIxsil();
+ assertEquals(canonicalTransform(xml1),canonicalTransform(xml2));
+ }
+ // STRING <==> INPUTSTREAM
+ protected void assertXmlEquals(String xml1, InputStream xml2)
+ throws AlgorithmException, IOException, InitException , URIException{
+ initIxsil();
+ assertEquals(canonicalTransform(xml1),canonicalTransform(xml2));
+ }
+
+ /**
+ * Method canonicalTransform.
+ * @param input as STRING
+ * @return String
+ */
+ protected String canonicalTransform(String input)
+ throws AlgorithmException, IOException {
+
+ Transform tr = new TransformImplExclusiveCanonicalXML();
+ InputStream s = new ByteArrayInputStream(input.getBytes("UTF-8"));
+ tr.setInput(s, null);
+ ByteArrayInputStream transResult = (ByteArrayInputStream) tr.transform();
+ return killWhiteSpace(readString(transResult));
+ }
+ /**
+ * Method canonicalTransform.
+ * @param input as Element
+ * @return String
+ */
+ protected String canonicalTransform(Element input)
+ throws AlgorithmException, IOException {
+
+ Transform tr = new TransformImplExclusiveCanonicalXML();
+ tr.setInput(XPathUtils.selectNodeList(input, XPathUtils.ALL_NODES_XPATH), null);
+ ByteArrayInputStream transResult = (ByteArrayInputStream) tr.transform();
+
+ return killWhiteSpace(readString(transResult));
+ }
+
+ /**
+ * Method canonicalTransform.
+ * @param input as InputStream
+ * @return String
+ */
+ protected String canonicalTransform(InputStream input)
+ throws AlgorithmException, IOException {
+
+ Transform tr = new TransformImplExclusiveCanonicalXML(); tr.setInput(input, null);
+ ByteArrayInputStream transResult = (ByteArrayInputStream) tr.transform();
+
+ return killWhiteSpace(readString(transResult));
+ }
+
+ public static String killWhiteSpace(String input)
+ {
+ int start=0;
+ int ende;
+ String result;
+ String middle;
+ result = input;
+ do {
+ start = result.indexOf(">", start);
+ ende = result.indexOf("<", start);
+ middle = result.substring(start+1,ende).trim();
+ result = result.substring(0,start+1) +middle + result.substring(ende,result.length());
+ start++;
+ } while (result.indexOf("<", ende + 1)>0);
+
+ return result;
+ }
+
+ /**
+ * Method killExclusive.: The values startsWith and endsWith will be included into the answer.
+ * @param input
+ * @param startsWith
+ * @param endsWith
+ * @param newValue
+ * @return String
+ */
+ public static String killExclusive(String input, String startsWith, String endsWith, String newValue)
+ {
+ int start=0;
+ int ende;
+ String result;
+ result = input;
+ do {
+ start = result.indexOf(startsWith, start) + startsWith.length();
+ ende = result.indexOf(endsWith, start);
+ result = result.substring(0,start) + newValue + result.substring(ende,result.length());
+ start++;
+ } while (result.indexOf(startsWith, ende + 1)>0);
+
+ return result;
+ }
+
+ /**
+ * Method killInclusive. : The values startsWith and endsWith will NOT be included into the answer.
+ * @param input
+ * @param startsWith
+ * @param endsWith
+ * @param newValue
+ * @return String
+ */
+ public static String killInclusive(String input, String startsWith, String endsWith, String newValue)
+ {
+ int start=0;
+ int ende;
+ String result;
+ result = input;
+ do {
+ start = result.indexOf(startsWith, start) + startsWith.length();
+ ende = result.indexOf(endsWith, start);
+ result = result.substring(0,start - startsWith.length() ) + newValue + result.substring(ende + endsWith.length(),result.length());
+ start++;
+ } while (result.indexOf(startsWith, ende + 1)>0);
+
+ return result;
+ }
+
+ protected String readFile(String filename) throws IOException {
+ return readFile(filename, "UTF-8");
+ }
+ protected String readFile(String filename, String encoding) throws IOException {
+ return FileUtils.readFile(filename, encoding);
+ }
+ protected String readString(InputStream input) throws IOException
+ {
+ return StreamUtils.readStream(input, "UTF-8");
+ }
+
+}
diff --git a/id.server/src/test/abnahme/A/Test100StartAuthentication.java b/id.server/src/test/abnahme/A/Test100StartAuthentication.java
new file mode 100644
index 000000000..0d72691aa
--- /dev/null
+++ b/id.server/src/test/abnahme/A/Test100StartAuthentication.java
@@ -0,0 +1,171 @@
+package test.abnahme.A;
+
+import test.abnahme.AbnahmeTestCase;
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+
+/**
+ * @author Stefan Knirsch
+ * @version $Id$
+ *
+ */
+public class Test100StartAuthentication extends AbnahmeTestCase {
+
+ public Test100StartAuthentication(String name) {
+ super(name);
+ }
+
+ public void testA101() throws Exception {
+ try {
+ String htmlForm = server.startAuthentication("https://localhost:8443/auth", //authURL
+ "gb", //target
+ "http://localhost:9080/", //oaURL
+ "file:" + findXmldata("AuthTemplate.html"),
+ "http://localhost:3495/http-security-layer-request",
+ null);
+ htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");
+ //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));
+ assertEquals(readXmldata("htmlForm.html"),htmlForm);
+ System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA102() throws Exception {
+ try {
+ String htmlForm = server.startAuthentication("https://localhost:8443/auth", //authURL
+ "gb", //target
+ "http://localhost:9080/", //oaURL
+ null,
+ "http://localhost:3495/http-security-layer-request", null);
+ htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");
+ //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));
+ assertEquals(readXmldata("htmlForm.html"),htmlForm);
+
+ System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA103() throws Exception {
+ try {
+ String htmlForm = server.startAuthentication("https://localhost:8443/auth", //authURL
+ "gb", //target
+ "http://localhost:9080/", //oaURL
+ "file:" + findXmldata("AuthTemplate.html"),
+ null,
+ null);
+ htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");
+ //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));
+ assertEquals(readXmldata("htmlForm.html"),htmlForm);
+ System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA151() throws Exception {
+ try {
+ try {
+ server.startAuthentication(null, //authURL
+ "gb", //target
+ "http://localhost:9080/", //oaURL
+ null, null, null);
+ //assertEquals("",htmlForm);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+ }
+ catch (WrongParametersException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA152() throws Exception {
+ try {
+ try {
+ server.startAuthentication("http://localhost:8080/auth", //authURL
+ "gb", "http://localhost:9080/", //oaURL
+ null, null, null);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+ }
+ catch (AuthenticationException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA153() throws Exception {
+ try {
+ try {
+ server.startAuthentication("https://localhost:8443/auth", //authURL
+ "gb", "http://host_not_in_config/", //oaURL
+ null, null, null);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+ }
+ catch (AuthenticationException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA154() throws Exception {
+ try {
+ try {
+ server.startAuthentication("https://localhost:8443/auth", //authURL
+ "gb", null, //oaURL
+ null, null, null);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+ }
+ catch (WrongParametersException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA155() throws Exception {
+ try {
+ try {
+ server.startAuthentication("https://localhost:8443/auth", //authURL
+ null, "http://localhost:9080/", //oaURL
+ null, null, null);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+ }
+ catch (WrongParametersException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ //assertEquals("",htmlForm);
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+}
diff --git a/id.server/src/test/abnahme/A/Test200VerifyIdentityLink.java b/id.server/src/test/abnahme/A/Test200VerifyIdentityLink.java
new file mode 100644
index 000000000..ed4410521
--- /dev/null
+++ b/id.server/src/test/abnahme/A/Test200VerifyIdentityLink.java
@@ -0,0 +1,336 @@
+package test.abnahme.A;
+
+import org.w3c.dom.Element;
+import test.abnahme.AbnahmeTestCase;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
+import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.auth.validator.ValidateException;
+import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+
+/**
+ * @author Stefan Knirsch
+ * @version $Id$
+ *
+ */
+public class Test200VerifyIdentityLink extends AbnahmeTestCase {
+
+ public Test200VerifyIdentityLink(String name) {
+ super(name);
+ }
+
+ public void testA201() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+
+ String createXMLSignatureRequest = server.verifyIdentityLink(sessionID, infoboxReadResponse);
+
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse);
+ IdentityLink idl = irrp.parseIdentityLink();
+ Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID());
+ Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
+
+ VerifyXMLSignatureResponseParser respParser = new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse);
+ VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames(), VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK);
+
+ /*
+ * HINWEIS: clearSamlAssertion löscht aus einer beliebiegen String-Repräsentation einer XML-Struktur
+ * AUSSLIESSLICH die Attribute IssueInstand und die AssertionID heraus, von dem her ist diese
+ * Method hier verwendbar
+ */
+
+ assertXmlEquals(clearSamlAssertion(readXmldata("CreateXMLSignatureRequest.xml")), clearSamlAssertion(createXMLSignatureRequest));
+ System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+
+ }
+ public void testA251() throws Exception {
+ try {
+ startAuthentication();
+ String sessionID = "0";
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ try {
+ server.verifyIdentityLink(sessionID, infoboxReadResponse);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+ }
+ catch (AuthenticationException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA252() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+
+ server.setSecondsSessionTimeOut(-100);
+ server.cleanup();
+ server.setSecondsSessionTimeOut(1000);
+
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ try {
+ server.verifyIdentityLink(sessionID, infoboxReadResponse);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+ }
+ catch (AuthenticationException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA253() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ try {
+ server.verifyIdentityLink(sessionID, infoboxReadResponse);
+ server.verifyIdentityLink(sessionID, infoboxReadResponse);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+ }
+ catch (AuthenticationException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA254() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ try {
+ server.verifyIdentityLink(sessionID, infoboxReadResponse);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA255() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ try {
+ server.verifyIdentityLink(sessionID, infoboxReadResponse);
+ }
+ catch (ParseException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA256() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ try {
+ server.verifyIdentityLink(sessionID, infoboxReadResponse);
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA257() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ try {
+ server.verifyIdentityLink(sessionID, infoboxReadResponse);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA258() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ try {
+ server.verifyIdentityLink(sessionID, infoboxReadResponse);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA259() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ try {
+ server.verifyIdentityLink(sessionID, infoboxReadResponse);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA260() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ try {
+ server.verifyIdentityLink(sessionID, infoboxReadResponse);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA261() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+
+ try {
+ server.verifyIdentityLink(sessionID, infoboxReadResponse);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA262() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ new InfoboxReadResponseParser(infoboxReadResponse).parseIdentityLink();
+ // System.out.println(infoboxReadResponse);
+
+ try {
+ server.verifyIdentityLink(sessionID, infoboxReadResponse);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA263() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ server.verifyIdentityLink(sessionID, infoboxReadResponse);
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse);
+ IdentityLink idl = irrp.parseIdentityLink();
+ Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID());
+ Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
+
+ VerifyXMLSignatureResponseParser respParser = new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse);
+
+ // String createXMLSignatureRequest = server.verifyIdentityLink(sessionID, infoboxReadResponse);
+ // System.out.println(createXMLSignatureRequest);
+ // String createXMLSignatureResponse = readFile(TESTDATA_ROOT + "xmldata/standard/"+"CreateXMLSignatureResponse.xml");
+ // String samlArtifact = server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
+ try {
+ VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), new String[] { "CN=TEST,OU=TEST,O=TEST,C=AT" }, VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+}
diff --git a/id.server/src/test/abnahme/A/Test300VerifyAuthBlock.java b/id.server/src/test/abnahme/A/Test300VerifyAuthBlock.java
new file mode 100644
index 000000000..d9e69eba4
--- /dev/null
+++ b/id.server/src/test/abnahme/A/Test300VerifyAuthBlock.java
@@ -0,0 +1,597 @@
+package test.abnahme.A;
+
+import java.util.Calendar;
+
+import org.w3c.dom.Element;
+import test.abnahme.AbnahmeTestCase;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
+import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
+import at.gv.egovernment.moa.id.auth.builder.VPKBuilder;
+import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
+import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator;
+import at.gv.egovernment.moa.id.auth.validator.ValidateException;
+import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.DateTimeUtils;
+
+/**
+ * @author Stefan Knirsch
+ * @version $Id$
+ *
+ */
+
+public class Test300VerifyAuthBlock extends AbnahmeTestCase {
+
+ public Test300VerifyAuthBlock(String name) {
+ super(name);
+ }
+
+ public void testA301() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServer(sessionID);
+ //authDataWriter(authData,this.getName()+"new.xml");
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA302() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServer(sessionID);
+ //authDataWriter(authData,this.getName()+"new.xml");
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA303() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServer(sessionID);
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA304() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServer(sessionID);
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA305() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServer(sessionID);
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA306() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServer(sessionID);
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA307() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServer(sessionID);
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA308() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServer(sessionID);
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+
+ }
+
+ public void testA309() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServerWithoutValidateAuthBlock(sessionID);
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA310() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServerWithoutValidateAuthBlock(sessionID);
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA311() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServerWithoutValidateAuthBlock(sessionID);
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA351() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ server.verifyIdentityLink(sessionID, infoboxReadResponse);
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse);
+ IdentityLink idl = irrp.parseIdentityLink();
+ Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID());
+ Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
+ new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse);
+ //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames());
+ // System.out.println(createXMLSignatureRequest);
+ String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml");
+
+ // nicht existierende Session....
+ try {
+ server.verifyAuthenticationBlock("0", createXMLSignatureResponse);
+ fail();
+ }
+ catch (AuthenticationException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA352() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ server.verifyIdentityLink(sessionID, infoboxReadResponse);
+ server.setSecondsSessionTimeOut(-100);
+ server.cleanup();
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse);
+ IdentityLink idl = irrp.parseIdentityLink();
+ Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID());
+ Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
+ new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse);
+ //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames());
+ // System.out.println(createXMLSignatureRequest);
+ String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml");
+
+ // abgelaufene Session....
+ server.setSecondsSessionTimeOut(1000);
+ try {
+ server.verifyAuthenticationBlock("0", createXMLSignatureResponse);
+ fail();
+ }
+ catch (AuthenticationException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA353() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+
+ String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml");
+
+ // Session for VerifyIdentityLink-Aufruf
+ try {
+
+ server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
+ fail();
+ }
+ //NOCH SEHR UNSCHÖN..... (fliegt raus im AuthenticationServer, Methode buildAuthenticationData
+ // ( IdentityLink identityLink = session.getIdentityLink(); ==> liefert dann NULL...
+ catch (NullPointerException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA354() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ server.verifyIdentityLink(sessionID, infoboxReadResponse);
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse);
+ IdentityLink idl = irrp.parseIdentityLink();
+ Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID());
+ Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
+ new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse);
+ //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames());
+ // System.out.println(createXMLSignatureRequest);
+ String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml");
+
+ // nicht existierende Session....
+
+ server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
+ try {
+ server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
+ fail();
+ }
+ catch (AuthenticationException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA355() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ParseException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA356() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ParseException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA357() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA358() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA359() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA360() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA361() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA362() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA363() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA364() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ try {
+
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ /* public void testA365() throws Exception {
+ String sessionID = startAuthentication();
+ try {
+ // wegen sinnlosigkeit gestrichen
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage()+ "-----------------------");}
+ }*/
+
+ public void testA366() throws Exception {
+
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage()+ "-----------------------");}
+ }
+ public void testA367() throws Exception {
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage()+ "-----------------------");}
+ }
+
+
+ private AuthenticationData initServer(String sessionID) throws Exception {
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ server.verifyIdentityLink(sessionID, infoboxReadResponse);
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse);
+ IdentityLink idl = irrp.parseIdentityLink();
+ Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, "TrustProfile1");
+ Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
+ new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse);
+ //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames());
+ // System.out.println(createXMLSignatureRequest);
+ String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml");
+ // CreateXMLSignatureResponseValidator.getInstance().validate(new CreateXMLSignatureResponseParser(createXMLSignatureResponse).parseResponse(),"gb","https://localhost:9443/");
+ String samlArtifact = server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
+ AuthenticationData authData = server.getAuthenticationData(samlArtifact);
+ return authData;
+ }
+
+ private AuthenticationData initServerWithoutValidateAuthBlock(String sessionID) throws Exception {
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ server.verifyIdentityLink(sessionID, infoboxReadResponse);
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse);
+ IdentityLink idl = irrp.parseIdentityLink();
+ Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, "TrustProfile1");
+ Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
+ new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse);
+ //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames());
+ // System.out.println(createXMLSignatureRequest);
+ String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml");
+ // CreateXMLSignatureResponseValidator.getInstance().validate(new CreateXMLSignatureResponseParser(createXMLSignatureResponse).parseResponse(),"gb","https://localhost:9443/");
+
+ AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+ // parses <CreateXMLSignatureResponse>
+ CreateXMLSignatureResponse csresp =
+ new CreateXMLSignatureResponseParser(createXMLSignatureResponse).parseResponse();
+ // validates <CreateXMLSignatureResponse>
+ new CreateXMLSignatureResponseValidator().validate(csresp, session.getTarget(), session.getPublicOAURLPrefix());
+ // builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call
+ String[] vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs();
+ String tpid = authConf.getMoaSpAuthBlockTrustProfileID();
+ Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid);
+ // invokes the call
+ Element domVsresp = new SignatureVerificationInvoker().verifyXMLSignature(domVsreq);
+ // parses the <VerifyXMLSignatureResponse>
+ VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(domVsresp).parseData();
+ // validates the <VerifyXMLSignatureResponse>
+ VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp, null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK);
+ // compares the public keys from the identityLink with the AuthBlock
+
+ // builds authentication data and stores it together with a SAML artifact
+ AuthenticationData authData = buildAuthenticationData(session, vsresp);
+ return authData;
+ }
+ private AuthenticationData buildAuthenticationData(
+ AuthenticationSession session,
+ VerifyXMLSignatureResponse verifyXMLSigResp)
+ throws ConfigurationException, BuildException {
+
+ IdentityLink identityLink = session.getIdentityLink();
+ AuthenticationData authData = new AuthenticationData();
+ authData.setMajorVersion(1);
+ authData.setMinorVersion(0);
+ authData.setAssertionID(Random.nextRandom());
+ authData.setIssuer(session.getAuthURL());
+ authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance()));
+ String vpkBase64 = new VPKBuilder().buildVPK(
+ identityLink.getIdentificationValue(), identityLink.getDateOfBirth(), session.getTarget());
+ authData.setVPK(vpkBase64);
+ authData.setGivenName(identityLink.getGivenName());
+ authData.setFamilyName(identityLink.getFamilyName());
+ authData.setDateOfBirth(identityLink.getDateOfBirth());
+ authData.setQualifiedCertificate(verifyXMLSigResp.isQualifiedCertificate());
+ authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority());
+ authData.setPublicAuthorityCode(verifyXMLSigResp.getPublicAuthorityCode());
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+ session.getPublicOAURLPrefix());
+ String prPerson = new PersonDataBuilder().build(
+ identityLink, oaParam.getProvideZMRZahl());
+
+ try {
+ String ilAssertion =
+ oaParam.getProvideIdentityLink() ? DOMUtils.serializeNode(identityLink.getSamlAssertion()) : "";
+ String authBlock = oaParam.getProvideAuthBlock() ? session.getAuthBlock() : "";
+ String samlAssertion = new AuthenticationDataAssertionBuilder().build(
+ authData, prPerson, authBlock, ilAssertion);
+ authData.setSamlAssertion(samlAssertion);
+ return authData;
+ }
+ catch (Throwable ex) {
+ throw new BuildException(
+ "builder.00",
+ new Object[] { "AuthenticationData", ex.getMessage() },
+ ex);
+ }
+ }
+}
diff --git a/id.server/src/test/abnahme/A/Test400GetAuthenticationData.java b/id.server/src/test/abnahme/A/Test400GetAuthenticationData.java
new file mode 100644
index 000000000..b05e2b92c
--- /dev/null
+++ b/id.server/src/test/abnahme/A/Test400GetAuthenticationData.java
@@ -0,0 +1,129 @@
+package test.abnahme.A;
+
+import org.w3c.dom.Element;
+import test.abnahme.AbnahmeTestCase;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
+import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+
+/**
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+
+public class Test400GetAuthenticationData extends AbnahmeTestCase {
+
+ private String samlArtifact;
+
+ public Test400GetAuthenticationData(String name) {
+ super(name);
+ }
+
+ protected void setUp() throws Exception {
+ super.setUp();
+ String sessionID = startAuthentication();
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ server.verifyIdentityLink(sessionID, infoboxReadResponse);
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse);
+ IdentityLink idl = irrp.parseIdentityLink();
+ Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID());
+ Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
+ new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse);
+ //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames());
+ // System.out.println(createXMLSignatureRequest);
+ String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml");
+ CreateXMLSignatureResponseValidator.getInstance().validate(new CreateXMLSignatureResponseParser(createXMLSignatureResponse).parseResponse(), "gb", "https://localhost:9443/");
+ samlArtifact = server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
+ }
+
+ public void testA401() throws Exception {
+ try {
+
+ AuthenticationData authData = server.getAuthenticationData(samlArtifact);
+// authDataWriter(authData,"NEWA401");
+ assertXmlEquals(clearSamlAssertion(authData.getSamlAssertion()), readXmldata("AuthenticationData.xml"));
+ System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA451() throws Exception {
+ try {
+ try {
+ AuthenticationData authData = server.getAuthenticationData("AAGu1JFbyGKqJ+3NAonwMu5bNyUc7kooeMK6bxeXBbnK6NL0DfuVJsGi");
+ authDataWriter(authData, "A45");
+ if (authData != null)
+ fail();
+ }
+ catch (AuthenticationException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA452() throws Exception {
+ try {
+ server.getAuthenticationData(samlArtifact);
+ try {
+ server.getAuthenticationData(samlArtifact);
+ fail();
+ }
+ catch (AuthenticationException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA453() throws Exception {
+ try {
+ server.setSecondsAuthDataTimeOut(-1000);
+ server.cleanup();
+ try {
+ server.getAuthenticationData(samlArtifact);
+ fail();
+ }
+ catch (AuthenticationException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA454() throws Exception {
+ try {
+ try {
+ server.getAuthenticationData("blabla123");
+ fail();
+ }
+ catch (AuthenticationException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+}
diff --git a/id.server/src/test/abnahme/A/Test500StartAuthenticationServlet.java b/id.server/src/test/abnahme/A/Test500StartAuthenticationServlet.java
new file mode 100644
index 000000000..f4f37a871
--- /dev/null
+++ b/id.server/src/test/abnahme/A/Test500StartAuthenticationServlet.java
@@ -0,0 +1,305 @@
+package test.abnahme.A;
+
+import java.io.OutputStream;
+import java.net.URL;
+import java.security.Security;
+
+import javax.net.ssl.SSLSocketFactory;
+
+import test.abnahme.AbnahmeTestCase;
+
+import at.gv.egovernment.moa.util.StreamUtils;
+import at.gv.egovernment.moa.util.URLEncoder;
+
+import com.sun.net.ssl.HostnameVerifier;
+import com.sun.net.ssl.HttpsURLConnection;
+
+/**
+ * @author Stefan Knirsch
+ * @version $Id$
+ *
+ */
+public class Test500StartAuthenticationServlet extends AbnahmeTestCase {
+
+ private String testdataRoot = TESTDATA_ROOT + "xmldata/standard/";
+ SSLSocketFactory ssf;
+ public Test500StartAuthenticationServlet(String name) {
+ super(name);
+ }
+ protected void setUp() throws Exception {
+ super.setUp();
+ Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+ System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
+ System.setProperty("javax.net.ssl.trustStore", "C:/Programme/ApacheGroup/abnahme/server.keystore");
+ System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
+ }
+
+ public void testA501() throws Exception {
+ //NUR einmal für alle folgenden Testfälle
+ //----------------------------------------
+
+ //----------------------------------------
+
+ try {
+ String targetURL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/");
+ HttpsURLConnection conn = giveConnection(targetURL, "GET");
+ conn.connect();
+ int resultCode = conn.getResponseCode();
+ String contentType = conn.getHeaderField("Content-Type");
+ if (resultCode != 200)
+ fail("Wrong HTTP-Code");
+ if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/html"))
+ fail("Wrong contentType: expected text/html and was " + conn.getHeaderField("Content-Type"));
+ conn.disconnect();
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA502() throws Exception {
+ try {
+ String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/");
+ HttpsURLConnection conn = giveConnection(URL, "GET");
+ conn.connect();
+ int resultCode = conn.getResponseCode();
+ String contentType = conn.getHeaderField("Content-Type");
+ if (resultCode != 200)
+ fail("Wrong HTTP-Code: expected '200' and was '" + resultCode + "'");
+ if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/html"))
+ fail("Wrong contentType: expected text/html and was " + conn.getHeaderField("Content-Type"));
+ String result = new String(StreamUtils.readStream(conn.getInputStream()));
+
+ conn.disconnect();
+
+ URL = parseDataURL(result);
+ conn = giveConnection(URL, "POST");
+ conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
+
+ String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml");
+ System.out.println("File gelesen, Daten in Outputstream einpflegen");
+ OutputStream out = conn.getOutputStream();
+ out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes("UTF-8"));
+ out.flush();
+ out.close();
+
+ System.out.println("Verbinden zu " + URL);
+ conn.connect();
+ resultCode = conn.getResponseCode();
+ System.out.println("resultCode :" + resultCode);
+ String redirectLoc = conn.getHeaderField("Location");
+ System.out.println("redirectLoc :" + redirectLoc);
+ // Austausch von VerifyIdentityLink in der POST-URL durch VerifyAuthBlock... rest MUSS gleich sein!
+ if (!killInclusive(URL, "VerifyI", "Link", "VerifyAuthBlock").equals(redirectLoc))
+ fail("Wrong Redirect-Location: expected " + URL + " and was " + conn.getHeaderField("Location"));
+ if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/xml"))
+ fail("Wrong contentType: expected text/xml and was " + conn.getHeaderField("Content-Type"));
+ conn.disconnect();
+ System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA503() throws Exception {
+ try {
+ String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/");
+ HttpsURLConnection conn = giveConnection(URL, "GET");
+ conn.connect();
+
+ assertEquals(200,conn.getResponseCode());
+ if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/html"))
+ fail("Wrong contentType: expected text/html and was " + conn.getHeaderField("Content-Type"));
+ String result = new String(StreamUtils.readStream(conn.getInputStream()));
+ URL = parseDataURL(result);
+
+ conn.disconnect();
+ conn = giveConnection(URL, "POST");
+ conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
+ String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml");
+ OutputStream out = conn.getOutputStream();
+ out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes());
+ out.flush();
+ out.close();
+ conn.connect();
+ String redirectLoc = conn.getHeaderField("Location");
+ // Austausch von VerifyIdentityLink in der POST-URL durch VerifyAuthBlock... rest MUSS gleich sein!
+ if (!killInclusive(URL, "VerifyI", "Link", "VerifyAuthBlock").equals(redirectLoc))
+ fail("Wrong Redirect-Location: expected " + URL + " and was " + conn.getHeaderField("Location"));
+ if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/xml"))
+ fail("Wrong contentType: expected text/xml and was " + conn.getHeaderField("Content-Type"));
+ conn.disconnect();
+
+ conn = giveConnection(redirectLoc, "POST");
+ System.out.println("Redirect Location: " + redirectLoc);
+ String createXMLSignatureResponse = URLEncoder.encode(readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8");
+ out = conn.getOutputStream();
+ out.write(("XMLResponse=" +createXMLSignatureResponse).getBytes());
+ out.flush();
+ out.close();
+
+ System.out.println("Sending Data to " + redirectLoc);
+ conn.connect();
+
+ redirectLoc = conn.getHeaderField("Location");
+ System.out.println("redirectLoc: " + redirectLoc);
+ /* RandomAccessFile raf = new RandomAccessFile("C://503.xml", "rw");
+ raf.write(StreamUtils.readStream(conn.getInputStream()));
+ raf.close();*/
+ conn.disconnect();
+ assertEquals(302, conn.getResponseCode());
+ assertTrue(redirectLoc.startsWith("https://localhost:9443/?Target=gb&SAMLArtifact="));
+ System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------");
+
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA551() throws Exception {
+ try {
+ String targetURL = getURL("https://localhost:8443/moa-id-auth/", "gb", "");
+ HttpsURLConnection conn = giveConnection(targetURL, "GET");
+ conn.connect();
+ String result = new String(StreamUtils.readStream(conn.getInputStream()));
+ assertTrue(result.indexOf("Die Angabe der Parameter ist unvollst&auml;ndig") >= 0);
+ conn.disconnect();
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: Die Angabe der Parameter ist unvollständig.\n-----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA552() throws Exception {
+ try {
+ String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/");
+ HttpsURLConnection conn = giveConnection(URL, "GET");
+ conn.connect();
+ int resultCode = conn.getResponseCode();
+ assertEquals(200, resultCode);
+ if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/html"))
+ fail("Wrong contentType: expected text/html and was " + conn.getHeaderField("Content-Type"));
+ conn.disconnect();
+ URL = "https://localhost:8443/moa-id-auth/" + "VerifyIdentityLink?MOASessionID=0000";
+ conn = giveConnection(URL, "POST");
+ conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
+
+ String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml");
+ OutputStream out = conn.getOutputStream();
+ out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes());
+ out.flush();
+ out.close();
+
+ conn.connect();
+ String result = new String(StreamUtils.readStream(conn.getInputStream()));
+ assertTrue(result.indexOf("MOASessionID ist unbekannt") >= 0);
+ System.out.println("Fehler in testA552 erfolgreich abgefangen: MOASessionID ist unbekannt");
+ conn.disconnect();
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA553() throws Exception {
+ try {
+ String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/");
+ HttpsURLConnection conn = giveConnection(URL, "GET");
+ conn.connect();
+ int resultCode = conn.getResponseCode();
+ assertEquals(200,resultCode);
+ if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/html"))
+ fail("Wrong contentType: expected text/html and was " + conn.getHeaderField("Content-Type"));
+ String result = new String(StreamUtils.readStream(conn.getInputStream()));
+ String MOASessionID = parseSessionIDFromForm(result);
+ URL = parseDataURL(result);
+ conn.disconnect();
+
+ conn = giveConnection(URL, "POST");
+ conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
+
+ String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml");
+ OutputStream out = conn.getOutputStream();
+ out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes());
+ out.flush();
+ out.close();
+ conn.connect();
+ result = new String(StreamUtils.readStream(conn.getInputStream()));
+ String redirectLoc = conn.getHeaderField("Location");
+ // Austausch von VerifyIdentityLink in der POST-URL durch VerifyAuthBlock... rest MUSS gleich sein!
+ if (!killInclusive(URL, "VerifyI", "Link", "VerifyAuthBlock").equals(redirectLoc))
+ fail("Wrong Redirect-Location: expected " + URL + " and was " + conn.getHeaderField("Location"));
+ if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/xml"))
+ fail("Wrong contentType: expected text/xml and was " + conn.getHeaderField("Content-Type"));
+ conn.disconnect();
+ conn = giveConnection(redirectLoc + "XXX", "POST");
+ System.out.println("Redirect Location: " + redirectLoc + "XXX");
+ String createXMLSignatureResponse = "XMLResponse=" + URLEncoder.encode(readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8");
+
+ out = conn.getOutputStream();
+ out.write(new String("MOASessionID=" + MOASessionID + "&").getBytes());
+ out.write(createXMLSignatureResponse.getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ System.out.println("Sending Data to " + redirectLoc);
+ conn.connect();
+ resultCode = conn.getResponseCode();
+
+ result = new String(StreamUtils.readStream(conn.getInputStream()));
+ conn.disconnect();
+ assertEquals(200, resultCode);
+ assertTrue(result.indexOf("MOASessionID ist unbekannt") >= 0);
+ System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ private String parseDataURL(String input) {
+ String ret = getSubString(input.substring(input.indexOf("DataURL"), input.length()), "value=\"", "\"");
+ return ret;
+ }
+
+ private String getSubString(String input, String startsWith, String endsWith) {
+ return input.substring(input.indexOf(startsWith) + startsWith.length(), input.indexOf(endsWith, input.indexOf(startsWith) + startsWith.length()));
+ }
+ private String getURL(String authURL, String target, String oaURL) {
+ return authURL + "StartAuthentication?Target=" + target + "&OA=" + oaURL;
+ }
+ private String parseSessionIDFromForm(String htmlForm) {
+ String parName = "MOASessionID=";
+ assertTrue("HTML Form enthält keine SessionID", htmlForm.indexOf(parName) >= 0);
+ int i1 = htmlForm.indexOf(parName) + parName.length();
+ int i2 = htmlForm.indexOf("\"", i1);
+ assertTrue("HTML Form enthält keine gültige SessionID", i2 > i1);
+ return htmlForm.substring(i1, i2);
+ }
+
+ private class HostnameVerifierHack implements HostnameVerifier {
+ public boolean verify(String arg0, String arg1) {
+ return true;
+ }
+ }
+ private HttpsURLConnection giveConnection(String targetURL, String requestMethod) throws Exception {
+ URL url = new URL(targetURL);
+ HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
+ conn.setRequestMethod(requestMethod);
+ conn.setDoInput(true);
+ conn.setDoOutput(true);
+ conn.setUseCaches(false);
+ conn.setAllowUserInteraction(false);
+ conn.setHostnameVerifier(new HostnameVerifierHack());
+ return conn;
+ }
+
+} \ No newline at end of file
diff --git a/id.server/src/test/abnahme/A/Test600GetAuthenticationDataService.java b/id.server/src/test/abnahme/A/Test600GetAuthenticationDataService.java
new file mode 100644
index 000000000..b44852346
--- /dev/null
+++ b/id.server/src/test/abnahme/A/Test600GetAuthenticationDataService.java
@@ -0,0 +1,281 @@
+package test.abnahme.A;
+
+import java.io.OutputStream;
+import java.net.URL;
+import java.security.Security;
+import java.util.Calendar;
+import java.util.Vector;
+
+import javax.xml.namespace.QName;
+import javax.xml.rpc.Call;
+import javax.xml.rpc.Service;
+import javax.xml.rpc.ServiceFactory;
+
+import org.apache.axis.message.SOAPBodyElement;
+import org.w3c.dom.Element;
+
+import com.sun.net.ssl.HostnameVerifier;
+import com.sun.net.ssl.HttpsURLConnection;
+
+import test.abnahme.AbnahmeTestCase;
+
+import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.DateTimeUtils;
+import at.gv.egovernment.moa.util.StreamUtils;
+import at.gv.egovernment.moa.util.URLDecoder;
+import at.gv.egovernment.moa.util.URLEncoder;
+
+/**
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+
+public class Test600GetAuthenticationDataService extends AbnahmeTestCase {
+
+ private String moaSessionID;
+ private String samlArtifact;
+ private static final QName SERVICE_QNAME = new QName("SignatureCreation");
+
+ public Test600GetAuthenticationDataService(String name) {
+ super(name);
+ }
+
+ protected void setUp() throws Exception {
+ super.setUp();
+ Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+ System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
+ System.setProperty("javax.net.ssl.trustStore", "C:/Programme/ApacheGroup/abnahme/server.keystore");
+ System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
+ }
+
+ public void testA601() throws Exception {
+ try {
+
+ // Anmelden
+ String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/");
+ HttpsURLConnection conn = giveConnection(URL, "GET");
+ conn.connect();
+ String result = new String(StreamUtils.readStream(conn.getInputStream()));
+ String MOASessionID = parseSessionIDFromForm(result);
+ conn.disconnect();
+
+ URL = parseDataURL(result);
+ // Verify Identity Link
+ conn = giveConnection(URL, "POST");
+ conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
+ String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml");
+ OutputStream out = conn.getOutputStream();
+ out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes());
+ out.flush();
+ out.close();
+ conn.connect();
+ String redirectLoc = conn.getHeaderField("Location");
+ conn.disconnect();
+ //Verify Auth Block
+ conn = giveConnection(redirectLoc, "POST");
+ String createXMLSignatureResponse = URLEncoder.encode(readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8");
+ out = conn.getOutputStream();
+ out.write(("MOASessionID=" + moaSessionID + "&XMLResponse=" + createXMLSignatureResponse).getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ conn.connect();
+ redirectLoc = conn.getHeaderField("Location");
+ samlArtifact = parseSamlArtifact(redirectLoc);
+ System.out.println("SamlArtifact: " + samlArtifact);
+ conn.disconnect();
+
+ assertTrue(redirectLoc.startsWith("https://localhost:9443/?Target=gb&SAMLArtifact="));
+
+ conn = null;
+
+ SAMLRequestBuilder srb = new SAMLRequestBuilder();
+
+ Element erg = doCall(srb.build(moaSessionID,URLDecoder.decode(samlArtifact, "UTF-8")));
+ result = DOMUtils.serializeNode(erg);
+ result = killInclusive(result,"IssueInstant=\"","\"","");
+ result = killInclusive(result,"AssertionID=\"","\"","");
+ result = killInclusive(result,"ResponseID=\"","\"","");
+
+// writeXmldata("GetAuthenticationDataWebServiceResponse.xml", result.getBytes("UTF-8"));
+
+ assertEquals(result,readXmldata("GetAuthenticationDataWebServiceResponse.xml"));
+
+ System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA651() throws Exception {
+ try {
+
+ // Anmelden
+ String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/");
+ HttpsURLConnection conn = giveConnection(URL, "GET");
+ conn.connect();
+ String result = new String(StreamUtils.readStream(conn.getInputStream()));
+ String MOASessionID = parseSessionIDFromForm(result);
+ conn.disconnect();
+
+ URL = parseDataURL(result);
+ // Verify Identity Link
+ conn = giveConnection(URL, "POST");
+ conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
+ String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml");
+ OutputStream out = conn.getOutputStream();
+ out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes());
+ out.flush();
+ out.close();
+ conn.connect();
+ String redirectLoc = conn.getHeaderField("Location");
+ conn.disconnect();
+ //Verify Auth Block
+ conn = giveConnection(redirectLoc, "POST");
+ String createXMLSignatureResponse = URLEncoder.encode(readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8");
+ out = conn.getOutputStream();
+ out.write(("MOASessionID=" + moaSessionID + "&XMLResponse=" + createXMLSignatureResponse).getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ conn.connect();
+ redirectLoc = conn.getHeaderField("Location");
+ samlArtifact = "AAGu1JFbyGKqJ+3NAonwMu5bNyUc7kooeMK6bxeXBbnK6NL0DfuVJsGi";
+ System.out.println("SamlArtifact: " + samlArtifact);
+ conn.disconnect();
+
+ assertTrue(redirectLoc.startsWith("https://localhost:9443/?Target=gb&SAMLArtifact="));
+
+ conn = null;
+
+ SAMLRequestBuilder srb = new SAMLRequestBuilder();
+ Element samlPRequest = srb.build(moaSessionID,samlArtifact);
+
+ assertTrue(DOMUtils.serializeNode(doCall(samlPRequest)).indexOf("unbekanntes SAML-Artifakt")!=-1);
+
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: Fehler beim Abholen der Anmeldedaten, unbekanntes SAML-Artifakt\n-----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA652() throws Exception {
+ try {
+
+ // Anmelden
+ String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/");
+ HttpsURLConnection conn = giveConnection(URL, "GET");
+ conn.connect();
+ String result = new String(StreamUtils.readStream(conn.getInputStream()));
+ String MOASessionID = parseSessionIDFromForm(result);
+ conn.disconnect();
+
+ URL = parseDataURL(result);
+ // Verify Identity Link
+ conn = giveConnection(URL, "POST");
+ conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
+ String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml");
+ OutputStream out = conn.getOutputStream();
+ out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes());
+ out.flush();
+ out.close();
+ conn.connect();
+ String redirectLoc = conn.getHeaderField("Location");
+ conn.disconnect();
+ //Verify Auth Block
+ conn = giveConnection(redirectLoc, "POST");
+ String createXMLSignatureResponse = URLEncoder.encode(readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8");
+ out = conn.getOutputStream();
+ out.write(("MOASessionID=" + moaSessionID + "&XMLResponse=" + createXMLSignatureResponse).getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ conn.connect();
+ redirectLoc = conn.getHeaderField("Location");
+ samlArtifact = parseSamlArtifact(redirectLoc);
+ System.out.println("SamlArtifact: " + samlArtifact);
+ conn.disconnect();
+
+ assertTrue(redirectLoc.startsWith("https://localhost:9443/?Target=gb&SAMLArtifact="));
+
+ conn = null;
+ String request =
+ "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" RequestID=\"" +
+ moaSessionID + "\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"" +
+ DateTimeUtils.buildDateTime(Calendar.getInstance())+"\">" +
+ "</samlp:Request>";
+
+ Element samlPRequest = DOMUtils.parseDocument(request, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+
+ assertTrue(DOMUtils.serializeNode(doCall(samlPRequest)).indexOf("Fehlerhaftes Requestformat")!=-1);
+// writeXmldata("GetAuthenticationDataWebServiceResponse.xml", result.getBytes("UTF-8"));
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: Fehlerhaftes Requestformat\n-----------------------"); }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ protected Element doCall(Element request)
+ throws Exception {
+ QName serviceName = new QName("GetAuthenticationData");
+ String endPoint = "http://localhost:8080/moa-id-auth/services/GetAuthenticationData";
+ Service service = ServiceFactory.newInstance().createService(serviceName);
+ Call call = service.createCall();
+ SOAPBodyElement body =
+ new SOAPBodyElement(request);
+ SOAPBodyElement[] params = new SOAPBodyElement[] {body};
+ Vector responses;
+ SOAPBodyElement response;
+
+ call.setTargetEndpointAddress(endPoint);
+ responses = (Vector) call.invoke(params);
+ response = (SOAPBodyElement) responses.get(0);
+
+ return response.getAsDOM();
+ }
+
+ private String parseDataURL(String input)
+ {
+ return getSubString(input.substring(input.indexOf("DataURL"),input.length()),"value=\"","\"");
+ }
+ private String parseSamlArtifact(String input)
+ {
+ return getSubString(input+"@@@","SAMLArtifact=","@@@");
+ }
+ private String getSubString(String input, String startsWith, String endsWith)
+ {
+ return input.substring(input.indexOf(startsWith)+startsWith.length(), input.indexOf(endsWith, input.indexOf(startsWith)+startsWith.length()));
+ }
+ private String getURL(String authURL, String target, String oaURL)
+ {
+ return authURL + "StartAuthentication?Target=" + target + "&OA=" + oaURL;
+ }
+ private String parseSessionIDFromForm(String htmlForm) {
+ String parName = "MOASessionID=";
+ assertTrue(
+ "HTML Form enthält keine SessionID",
+ htmlForm.indexOf(parName) >= 0);
+ int i1 = htmlForm.indexOf(parName) + parName.length();
+ int i2 = htmlForm.indexOf("\"", i1);
+ assertTrue("HTML Form enthält keine gültige SessionID", i2 > i1);
+ return htmlForm.substring(i1, i2);
+ }
+ private HttpsURLConnection giveConnection(String targetURL, String requestMethod) throws Exception {
+ HttpsURLConnection conn = (HttpsURLConnection) new URL(targetURL).openConnection();
+ conn.setRequestMethod(requestMethod);
+ conn.setDoInput(true);
+ conn.setDoOutput(true);
+ conn.setUseCaches(false);
+ conn.setAllowUserInteraction(false);
+ conn.setHostnameVerifier(new HostnameVerifierHack());
+ return conn;
+ }
+ private class HostnameVerifierHack implements HostnameVerifier {
+ public boolean verify(String arg0, String arg1) {
+ return true;
+ }
+ }
+}
diff --git a/id.server/src/test/abnahme/A/Test700SelectBKU.java b/id.server/src/test/abnahme/A/Test700SelectBKU.java
new file mode 100644
index 000000000..9cfa47033
--- /dev/null
+++ b/id.server/src/test/abnahme/A/Test700SelectBKU.java
@@ -0,0 +1,63 @@
+package test.abnahme.A;
+
+import test.abnahme.AbnahmeTestCase;
+
+/*
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class Test700SelectBKU extends AbnahmeTestCase {
+
+ public Test700SelectBKU(String name) {
+ super(name);
+ }
+
+ public void testA701() throws Exception {
+ try {
+ String form = server.selectBKU(
+ "https://localhost:8443/auth",
+ "gb",
+ "https://localhost:9443/",
+ "file:" + getTestCaseDirectory() + "BKUSelectionTemplate.html",
+ "file:" + getTestCaseDirectory() + "Template.html");
+ //writeXmldata("SelectBKUForm_out.html", form.getBytes());
+ assertEqualsIgnoreSessionID(readXmldata("SelectBKUForm.html"), form);
+ }
+ catch (Exception ex) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + ex.getLocalizedMessage());
+ throw ex;
+ }
+ }
+ public void testA702() throws Exception {
+ try {
+ String form = server.selectBKU(
+ "https://localhost:8443/auth",
+ "gb",
+ "https://localhost:9443/",
+ null,
+ null);
+ //writeXmldata("SelectBKUForm_out.html", form.getBytes());
+ assertEqualsIgnoreSessionID(readXmldata("SelectBKUForm.html"), form);
+ }
+ catch (Exception ex) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + ex.getLocalizedMessage());
+ throw ex;
+ }
+ }
+ public void testA703() throws Exception {
+ try {
+ String form = server.selectBKU(
+ "https://localhost:8443/auth",
+ "gb",
+ "https://localhost:9443/",
+ null,
+ null);
+ //writeXmldata("SelectBKUForm_out.html", form.getBytes());
+ assertEqualsIgnoreSessionID(readXmldata("SelectBKUForm.html"), form);
+ }
+ catch (Exception ex) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + ex.getLocalizedMessage());
+ throw ex;
+ }
+ }
+}
diff --git a/id.server/src/test/abnahme/AbnahmeTestCase.java b/id.server/src/test/abnahme/AbnahmeTestCase.java
new file mode 100644
index 000000000..e0e6fc183
--- /dev/null
+++ b/id.server/src/test/abnahme/AbnahmeTestCase.java
@@ -0,0 +1,163 @@
+package test.abnahme;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.RandomAccessFile;
+
+import test.MOAIDTestCase;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+
+/**
+ * Base class for MOA ID test cases.
+ *
+ * Provides some utility functions.
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class AbnahmeTestCase extends MOAIDTestCase {
+
+ protected static final String TESTDATA_ROOT = "data/abnahme-test/";
+ protected static final String TESTDATA_XMLDATA = "data/abnahme-test/xmldata/";
+ protected static final String AUTH_ENDPOINT = "http://localhost:8080/moa-id-auth/";
+ protected AuthenticationServer server;
+
+ /**
+ * Constructor for MOATestCase.
+ * @param arg0
+ */
+ public AbnahmeTestCase(String name) {
+ super(name);
+ }
+ /**
+ * Set up a transaction context with a test configuration.
+ */
+ protected void setUp() throws Exception {
+
+ System.out.print("--------S-T-A-R-T----V-O-N----");
+ System.out.print(getName().toUpperCase().substring(4,getName().length()));
+ System.out.print("-----------------------------\n");
+
+ // Set moa.spss.server.configuration property
+ System.setProperty("moa.spss.server.configuration",TESTDATA_ROOT + "conf/moa/ConfigurationTest.xml");
+
+ // Set moa.id.configuration property
+ String pathname = findXmldata("Configuration.xml");
+ System.setProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME, pathname);
+ System.out.println("Konfiguration " + pathname);
+ AuthConfigurationProvider.reload();
+
+ server = AuthenticationServer.getInstance();
+ }
+ /** Test case z.B. "A153" */
+ protected String getID() {
+ return getName().toUpperCase().substring(4,getName().length());
+ }
+ /** Test group z.B. "A100" */
+ protected String getTestGroup() {
+ return getID().substring(0, 2) + "00";
+ }
+ /** Test case data directory */
+ protected String getTestCaseDirectory() {
+ return getTestGroupDirectory() + getID() + "/";
+ }
+ /** Test group data directory */
+ protected String getTestGroupDirectory() {
+ return TESTDATA_XMLDATA + getTestGroup() + "/";
+ }
+ /** Finds a file in the xmldata directory */
+ protected String findXmldata(String filename) {
+ String pathname = getTestCaseDirectory() + filename;
+ if (! new File(pathname).exists()) {
+ pathname = getTestGroupDirectory() + filename;
+ if (! new File(pathname).exists()) {
+ pathname = TESTDATA_XMLDATA + filename;
+ }
+ }
+ return pathname;
+ }
+ /** Finds and reads a file in the xmldata directory */
+ protected String readXmldata(String filename) throws IOException {
+ String pathname = findXmldata(filename);
+ System.out.println("Read file " + pathname);
+ return readFile(pathname);
+ }
+ protected void writeXmldata(String filename, byte[] content) throws Exception {
+ String pathname = getTestCaseDirectory() + filename;
+ System.out.println("Write file " + pathname);
+ RandomAccessFile raf = new RandomAccessFile(pathname, "rw");
+ byte[] data = content;
+ raf.write(data);
+ raf.setLength(data.length);
+ raf.close();
+ }
+
+ /**
+ * Creates a session using standard parameters,
+ * and returns the session ID.
+ */
+ protected String startAuthentication() throws MOAIDException {
+ return startAuthentication("https://localhost:9443/");
+ }
+ /**
+ * Creates a session using standard parameters,
+ * and returns the session ID.
+ */
+ protected String startAuthentication(String oaURL) throws MOAIDException {
+ String htmlForm = AuthenticationServer.getInstance().startAuthentication(
+ "https://localhost:8443/auth",
+ "gb",
+ oaURL,
+ null,
+ null,
+ null);
+ String sessionID = parseSessionIDFromForm(htmlForm);
+ return sessionID;
+ }
+ private String parseSessionIDFromForm(String htmlForm) {
+ String parName = "MOASessionID=";
+ assertTrue(
+ "HTML Form enthält keine SessionID",
+ htmlForm.indexOf(parName) >= 0);
+ int i1 = htmlForm.indexOf(parName) + parName.length();
+ int i2 = i1;
+ while(i2 < htmlForm.length() &&
+ (htmlForm.charAt(i2) == '-' || (htmlForm.charAt(i2) >= '0' && htmlForm.charAt(i2) <= '9')))
+ i2++;
+ assertTrue("HTML Form enthält keine gültige SessionID", i2 > i1);
+ return htmlForm.substring(i1, i2);
+ }
+ protected String clearSessionID(String htmlForm) {
+ String sessionID = parseSessionIDFromForm(htmlForm);
+ int i1 = htmlForm.indexOf(sessionID);
+ int i2 = i1 + sessionID.length();
+ return htmlForm.substring(0, i1) + htmlForm.substring(i2);
+ }
+ protected void assertEqualsIgnoreSessionID(String s1, String s2) {
+ String ss1 = clearSessionID(s1);
+ String ss2 = clearSessionID(s2);
+ assertEquals(ss1, ss2);
+ }
+ protected void authDataWriter(AuthenticationData authData, String filename) throws Exception
+ {
+ writeXmldata("AuthenticationDataNEW.xml", clearSamlAssertion(authData.getSamlAssertion()).getBytes("UTF-8"));
+ }
+
+ /**
+ * clearSamlAssertion löscht aus einer beliebiegen String-Repräsentation einer XML-Struktur
+ * AUSSLIESSLICH die Attribute 'IssueInstant' und 'AssertionID' heraus.
+ * @param samlAssertion
+ * @return String
+ */
+ protected String clearSamlAssertion(String samlAssertion)
+ {
+ String result = killInclusive(samlAssertion,"IssueInstant='", "'","");
+ result = killInclusive(result,"AssertionID='", "'","");
+ return result;
+ }
+} \ No newline at end of file
diff --git a/id.server/src/test/abnahme/AllTests.java b/id.server/src/test/abnahme/AllTests.java
new file mode 100644
index 000000000..56a38be28
--- /dev/null
+++ b/id.server/src/test/abnahme/AllTests.java
@@ -0,0 +1,49 @@
+package test.abnahme;
+
+import junit.awtui.TestRunner;
+import junit.framework.*;
+
+import test.abnahme.A.Test100StartAuthentication;
+import test.abnahme.A.Test200VerifyIdentityLink;
+import test.abnahme.A.Test300VerifyAuthBlock;
+import test.abnahme.A.Test400GetAuthenticationData;
+import test.abnahme.A.Test500StartAuthenticationServlet;
+import test.abnahme.A.Test600GetAuthenticationDataService;
+import test.abnahme.A.Test700SelectBKU;
+import test.abnahme.C.Test100Konfiguration;
+import test.abnahme.P.Test100LoginParameterResolver;
+
+
+
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AllTests {
+
+ public static Test suite() {
+ TestSuite suite = new TestSuite();
+
+ suite.addTestSuite(Test100StartAuthentication.class);
+ suite.addTestSuite(Test200VerifyIdentityLink.class);
+ suite.addTestSuite(Test300VerifyAuthBlock.class);
+ suite.addTestSuite(Test400GetAuthenticationData.class);
+ suite.addTestSuite(Test500StartAuthenticationServlet.class);
+ suite.addTestSuite(Test600GetAuthenticationDataService.class);
+ suite.addTestSuite(Test700SelectBKU.class);
+
+ suite.addTestSuite(Test100LoginParameterResolver.class);
+
+ suite.addTestSuite(Test100Konfiguration.class);
+ return suite;
+ }
+
+ public static void main(String[] args) {
+ try {
+ TestRunner.run(AllTests.class);
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
diff --git a/id.server/src/test/abnahme/C/Test100Konfiguration.java b/id.server/src/test/abnahme/C/Test100Konfiguration.java
new file mode 100644
index 000000000..7da5a7449
--- /dev/null
+++ b/id.server/src/test/abnahme/C/Test100Konfiguration.java
@@ -0,0 +1,60 @@
+package test.abnahme.C;
+
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+
+import test.abnahme.AbnahmeTestCase;
+
+/**
+ * @author Stefan Knirsch
+ * @version $Id$
+ *
+ */
+
+public class Test100Konfiguration extends AbnahmeTestCase {
+
+ public Test100Konfiguration(String name) {
+ super(name);
+ }
+
+ public void testC001() throws Exception {
+ try {
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testC002() throws Exception {
+ try {
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testC003() throws Exception {
+ try {
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testC051() throws Exception {
+ try {
+ // Set moa.id.configuration property
+ String pathname = findXmldata("ConfigurationC051.xml");
+ System.setProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME, pathname);
+ System.out.println("Konfiguration " + pathname);
+ AuthConfigurationProvider.reload();
+ }
+ catch (Exception e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ // AuthConfigurationProvider.getInstance().getBKUConnectionParameter().getAcceptedServerCertificates()
+ }
+}
diff --git a/id.server/src/test/abnahme/P/Test100LoginParameterResolver.java b/id.server/src/test/abnahme/P/Test100LoginParameterResolver.java
new file mode 100644
index 000000000..8b7b2002f
--- /dev/null
+++ b/id.server/src/test/abnahme/P/Test100LoginParameterResolver.java
@@ -0,0 +1,146 @@
+package test.abnahme.P;
+import java.util.Map;
+
+import sun.misc.BASE64Decoder;
+import test.abnahme.AbnahmeTestCase;
+
+import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
+import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
+import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.proxy.LoginParameterResolver;
+import at.gv.egovernment.moa.id.proxy.LoginParameterResolverFactory;
+import at.gv.egovernment.moa.util.Base64Utils;
+
+/**
+ * @author Stefan Knirsch
+ * @version $Id$
+ *
+ */
+
+public class Test100LoginParameterResolver extends AbnahmeTestCase {
+
+ private static final String CLIENT_IP_ADDRESS = "56.246.75.11";
+ private OAConfiguration oaConf;
+ private LoginParameterResolver lpr;
+
+ public Test100LoginParameterResolver(String name) {
+ super(name);
+ }
+
+ private void setUp(String publicURLPrefix)
+ throws Exception {
+
+ // get configuration data
+ ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance();
+ OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(publicURLPrefix);
+ oaConf = oaParam.getOaConfiguration();
+ System.out.println("Parameterübergabe: " + oaConf.getAuthType());
+
+ // get login parameter resolver
+ LoginParameterResolverFactory.initialize();
+ lpr = LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix);
+ }
+ public void testP101() throws Exception {
+ try {
+ // read configuration and set up LoginParameterResolver
+ setUp("https://testP101:9443/");
+ if (! oaConf.getAuthType().equals(OAConfiguration.BASIC_AUTH))
+ fail();
+
+ // assemble authentication data
+ AuthenticationData authData = new AuthenticationData();
+ authData.setFamilyName("Huber");
+ authData.setGivenName("Hugo");
+
+ // resolve login headers
+ Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS);
+
+ // validate login headers
+ assertEquals(1, loginHeaders.keySet().size());
+ System.out.println("Header Authorization: " + loginHeaders.get("Authorization"));
+ System.out.println("Decoded UserID:Password " +
+ new String(new BASE64Decoder().decodeBuffer(((String)loginHeaders.get("Authorization")).substring(6))));
+ String userIDPassword = "Hugo:Huber";
+ String credentials = Base64Utils.encode(userIDPassword.getBytes());
+ assertEquals("Basic " + credentials, loginHeaders.get("Authorization"));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+
+ }
+ public void testP102() throws Exception {
+ try {
+ // read configuration and set up LoginParameterResolver
+ setUp("https://testP102:9443/");
+ if (! oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH))
+ fail();
+
+ // assemble authentication data
+ AuthenticationData authData = new AuthenticationData();
+ String DATE_OF_BIRTH = "1963-12-29";
+ String VPK = "kp6hOq6LRAkLtrqm6EvDm6bMwJw=";
+ authData.setDateOfBirth(DATE_OF_BIRTH);
+ authData.setVPK(VPK);
+
+ // resolve login parameters
+ Map loginParameters = lpr.getAuthenticationParameters(oaConf, authData, CLIENT_IP_ADDRESS);
+
+ // validate login headers
+ assertEquals(2, loginParameters.keySet().size());
+ System.out.println("Param1: " + loginParameters.get("Param1"));
+ System.out.println("Param2: " + loginParameters.get("Param2"));
+ assertEquals(DATE_OF_BIRTH, loginParameters.get("Param1"));
+ assertEquals(VPK, loginParameters.get("Param2"));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testP103() throws Exception {
+ try {
+ // read configuration and set up LoginParameterResolver
+ setUp("https://localhost:9443/");
+ if (! oaConf.getAuthType().equals(OAConfiguration.HEADER_AUTH))
+ fail();
+
+ // assemble authentication data
+ AuthenticationData authData = new AuthenticationData();
+ boolean PUBLIC_AUTH = true;
+ String BKZ = "FinanzamtWien23Leitstelle";
+ boolean QUAL_CERT = false;
+ String ZMR_ZAHL = "3456789012";
+ authData.setPublicAuthority(PUBLIC_AUTH);
+ authData.setPublicAuthorityCode(BKZ);
+ authData.setQualifiedCertificate(QUAL_CERT);
+ authData.setIdentificationValue(ZMR_ZAHL);
+
+ // resolve login headers
+ Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS);
+
+ // validate login headers
+ assertEquals(5, loginHeaders.keySet().size());
+ System.out.println("Header Param1: " + loginHeaders.get("Param1"));
+ System.out.println("Header Param2: " + loginHeaders.get("Param2"));
+ System.out.println("Header Param3: " + loginHeaders.get("Param3"));
+ System.out.println("Header Param4: " + loginHeaders.get("Param4"));
+ System.out.println("Header Param5: " + loginHeaders.get("Param5"));
+ assertEquals(String.valueOf(PUBLIC_AUTH), loginHeaders.get("Param1"));
+ assertEquals(BKZ, loginHeaders.get("Param2"));
+ assertEquals(String.valueOf(QUAL_CERT), loginHeaders.get("Param3"));
+ assertEquals(ZMR_ZAHL, loginHeaders.get("Param4"));
+ assertEquals(CLIENT_IP_ADDRESS, loginHeaders.get("Param5"));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+}
diff --git a/id.server/src/test/at/gv/egovernment/moa/id/AllTests.java b/id.server/src/test/at/gv/egovernment/moa/id/AllTests.java
new file mode 100644
index 000000000..69ed3d12b
--- /dev/null
+++ b/id.server/src/test/at/gv/egovernment/moa/id/AllTests.java
@@ -0,0 +1,41 @@
+package test.at.gv.egovernment.moa.id;
+
+import test.at.gv.egovernment.moa.id.auth.AuthenticationServerTest;
+import test.at.gv.egovernment.moa.id.auth.servlet.GetAuthenticationDataServiceTest;
+import test.at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationTest;
+import test.at.gv.egovernment.moa.id.config.auth.MOAIDAuthConfigurationProviderTest;
+import test.at.gv.egovernment.moa.id.config.proxy.MOAIDProxyConfigurationProviderTest;
+
+import junit.awtui.TestRunner;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AllTests {
+
+ public static Test suite() {
+ TestSuite suite = new TestSuite();
+
+ suite.addTestSuite(AuthenticationServerTest.class);
+ suite.addTest(test.at.gv.egovernment.moa.id.auth.builder.AllTests.suite());
+ suite.addTest(test.at.gv.egovernment.moa.id.auth.parser.AllTests.suite());
+ suite.addTestSuite(GetAuthenticationDataServiceTest.class);
+ suite.addTestSuite(SignatureVerificationTest.class);
+ suite.addTestSuite(MOAIDAuthConfigurationProviderTest.class);
+ suite.addTestSuite(MOAIDProxyConfigurationProviderTest.class);
+ suite.addTest(test.at.gv.egovernment.moa.id.proxy.AllTests.suite());
+
+ return suite;
+ }
+
+ public static void main(String[] args) {
+ try {
+ TestRunner.run(AllTests.class);
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
diff --git a/id.server/src/test/at/gv/egovernment/moa/id/UnitTestCase.java b/id.server/src/test/at/gv/egovernment/moa/id/UnitTestCase.java
new file mode 100644
index 000000000..8309a4f7e
--- /dev/null
+++ b/id.server/src/test/at/gv/egovernment/moa/id/UnitTestCase.java
@@ -0,0 +1,35 @@
+package test.at.gv.egovernment.moa.id;
+
+import test.MOAIDTestCase;
+
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+
+/**
+ * Base class for MOA ID test cases.
+ *
+ * Provides some utility functions.
+ *
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class UnitTestCase extends MOAIDTestCase {
+
+ protected static final String TESTDATA_ROOT = "data/test/";
+
+ /**
+ * Constructor for MOATestCase.
+ * @param arg0
+ */
+ public UnitTestCase(String name) {
+ super(name);
+ }
+ /**
+ * Set up a transaction context with a test configuration.
+ */
+ protected void setUp() throws Exception {
+ System.setProperty(
+ ConfigurationProvider.CONFIG_PROPERTY_NAME,
+ TESTDATA_ROOT + "conf/ConfigurationTest.xml");
+ }
+
+} \ No newline at end of file
diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java
new file mode 100644
index 000000000..753b2ef12
--- /dev/null
+++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java
@@ -0,0 +1,50 @@
+package test.at.gv.egovernment.moa.id.auth;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AuthenticationServerTest extends UnitTestCase {
+
+ public AuthenticationServerTest(String name) {
+ super(name);
+ }
+
+ public void testStandard() throws Exception {
+ doTest(
+ "standard",
+ "https://localhost:8443/auth",
+ "gb",
+ "https://localhost:9443/",
+ null,
+ null);
+ }
+ public void doTest(String testdataDirectory, String authURL, String target, String oaURL, String bkuURL, String templateURL) throws Exception {
+ String testdataRoot = TESTDATA_ROOT + "xmldata/" + testdataDirectory + "/";
+ AuthenticationServer server = AuthenticationServer.getInstance();
+ String htmlForm = server.startAuthentication(authURL, target, oaURL, templateURL, bkuURL, null);
+ String sessionID = parseSessionIDFromForm(htmlForm);
+ String infoboxReadResponse = readFile(TESTDATA_ROOT + "xmldata/testperson1/" + "InfoboxReadResponse.xml");
+ String createXMLSignatureRequest = server.verifyIdentityLink(sessionID, infoboxReadResponse);
+ String createXMLSignatureRequestShould = readFile(testdataRoot + "CreateXMLSignatureRequest.xml");
+ assertXmlEquals(createXMLSignatureRequestShould, createXMLSignatureRequest);
+ String createXMLSignatureResponse = readFile(testdataRoot + "CreateXMLSignatureResponse.xml");
+ String samlArtifact = server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
+ AuthenticationData authData = server.getAuthenticationData(samlArtifact);
+ String authDataShould = readFile(testdataRoot + "AuthenticationDataAssertion.xml");
+ assertXmlEquals(authDataShould, authData.getSamlAssertion());
+ }
+ private String parseSessionIDFromForm(String htmlForm) {
+ String parName = "MOASessionID=";
+ assertTrue("HTML Form enthält keine SessionID", htmlForm.indexOf(parName) >= 0);
+ int i1 = htmlForm.indexOf(parName) + parName.length();
+ int i2 = htmlForm.indexOf("\"", i1);
+ assertTrue("HTML Form enthält keine gültige SessionID", i2 > i1);
+ return htmlForm.substring(i1, i2);
+ }
+}
diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java
new file mode 100644
index 000000000..afaf4a199
--- /dev/null
+++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java
@@ -0,0 +1,55 @@
+package test.at.gv.egovernment.moa.id.auth;
+
+import java.io.ByteArrayInputStream;
+import java.security.KeyStore;
+import java.util.Enumeration;
+
+import iaik.pkcs.pkcs12.PKCS12;
+import iaik.security.provider.IAIK;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.KeyStoreUtils;
+
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class MOAIDAuthInitialiserTest extends UnitTestCase {
+
+ public MOAIDAuthInitialiserTest(String name) {
+ super(name);
+ }
+
+ public void testInit() throws Exception
+ {
+// System.setProperty(
+// ConfigurationProvider.CONFIG_PROPERTY_NAME,"C://Programme/ApacheGroup/abnahme/conf/moa-id/SampleMOAIDConfiguration.xml");
+// System.setProperty(
+// ConfigurationProvider.CONFIG_PROPERTY_NAME,"D://Daten/_Projects/moa_id_maengel/SampleMOAIDConfiguration.xml");
+ SSLUtils.initialize();
+
+ try {
+ KeyStore s = KeyStoreUtils.loadKeyStore("pkcs12","file:C:/Programme/ApacheGroup/abnahme/cert/keystore.p12","changeit");
+ System.out.println(s.getProvider().getClass().getName());
+ Enumeration enum = s.aliases();
+ while (enum.hasMoreElements()) {
+ String element = (String) enum.nextElement();
+ System.out.print(element+":");
+ System.out.println(s.getCertificate(element).getPublicKey().getAlgorithm());
+ System.out.println(s.getCertificate(element).getType());
+ }
+
+
+ System.out.println(s.getCertificate("pc41408").getPublicKey().getFormat());
+
+ }
+ catch (Exception e) {e.printStackTrace();};
+
+ }
+
+ }
diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/AllTests.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/AllTests.java
new file mode 100644
index 000000000..77dff29aa
--- /dev/null
+++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/AllTests.java
@@ -0,0 +1,33 @@
+package test.at.gv.egovernment.moa.id.auth.builder;
+
+import junit.awtui.TestRunner;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+/**
+ * @author patrick
+ * @version $Id$
+ */
+public class AllTests {
+
+ public static Test suite() {
+ TestSuite suite = new TestSuite();
+
+ suite.addTestSuite(AuthenticationBlockAssertionBuilderTest.class);
+ suite.addTestSuite(CreateXMLSignatureBuilderTest.class);
+ suite.addTestSuite(GetIdentityLinkFormBuilderTest.class);
+ suite.addTestSuite(InfoboxReadRequestBuilderTest.class);
+ suite.addTestSuite(PersonDataBuilderTest.class);
+ suite.addTestSuite(SAMLArtifactBuilderTest.class);
+
+ return suite;
+ }
+
+ public static void main(String[] args) {
+ try {
+ TestRunner.run(AllTests.class);
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilderTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilderTest.java
new file mode 100644
index 000000000..2717ee8c0
--- /dev/null
+++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilderTest.java
@@ -0,0 +1,46 @@
+package test.at.gv.egovernment.moa.id.auth.builder;
+
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AuthenticationBlockAssertionBuilderTest extends UnitTestCase {
+ private static final String nl = "\n";
+ private static final String ISSUER = "Hugo Mustermann";
+ private static final String ISSUE_INSTANT = "2003-03-15T22:50:21+01:00";
+ private static final String AUTH_URL = "https://auth.moa.gv.at/";
+ private static final String TARGET = "Grundbuch";
+ private static final String OA_URL = "https://grundbuch.gv.at/";
+
+ // wird auch von CreateXMLSignatureBuilderTest verwendet !
+ public static final String ASSERTION_SHOULD =
+"<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' MajorVersion='1' MinorVersion='0' AssertionID='any' Issuer='" + ISSUER + "' IssueInstant='" + ISSUE_INSTANT + "'>" + nl +
+" <saml:AttributeStatement>" + nl +
+" <saml:Subject>" + nl +
+" <saml:NameIdentifier>" + AUTH_URL + "</saml:NameIdentifier>" + nl +
+" </saml:Subject>" + nl +
+" <saml:Attribute AttributeName='Geschäftsbereich' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>" + nl +
+" <saml:AttributeValue>" + TARGET + "</saml:AttributeValue>" + nl +
+" </saml:Attribute>" + nl +
+" <saml:Attribute AttributeName='OA' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>" + nl +
+" <saml:AttributeValue>" + OA_URL + "</saml:AttributeValue>" + nl +
+" </saml:Attribute>" + nl +
+" </saml:AttributeStatement>" + nl +
+"</saml:Assertion>";
+
+ public AuthenticationBlockAssertionBuilderTest(String name) {
+ super(name);
+ }
+
+ public void testBuild() throws Exception {
+ AuthenticationBlockAssertionBuilder builder = new AuthenticationBlockAssertionBuilder();
+ String assertionBuilt = builder.build(ISSUER, ISSUE_INSTANT, AUTH_URL, TARGET, OA_URL);
+ assertionBuilt = XML_DECL + assertionBuilt;
+ String assertionShould = XML_DECL + ASSERTION_SHOULD;
+ assertXmlEquals(assertionShould, assertionBuilt);
+ }
+}
diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureBuilderTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureBuilderTest.java
new file mode 100644
index 000000000..13f86efee
--- /dev/null
+++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureBuilderTest.java
@@ -0,0 +1,58 @@
+package test.at.gv.egovernment.moa.id.auth.builder;
+
+import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder;
+
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class CreateXMLSignatureBuilderTest extends UnitTestCase {
+ private static final String nl = "\n";
+ public static final String TRANSFORMS_INFO =
+ " <sl10:TransformsInfo>" + nl +
+ " <dsig:Transforms>" + nl +
+ " <dsig:Transform Algorithm='http://www.w3.org/2000/09/xmldsig#enveloped-signature'/>" + nl +
+ " <dsig:Transform Algorithm='http://www.w3.org/TR/1999/REC-xslt-19991116'>" + nl +
+"<xsl:stylesheet version='1.0' xmlns:xsl='http://www.w3.org/1999/XSL/Transform' xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' >" + nl +
+"<xsl:template match='/'>" + nl +
+"<html>" + nl +
+"<body>" + nl +
+"</body>" + nl +
+"</html>" + nl +
+"</xsl:template>" + nl +
+"</xsl:stylesheet>" + nl +
+ " </dsig:Transform>" + nl +
+ " </dsig:Transforms>" + nl +
+ " <sl10:FinalDataMetaInfo>" + nl +
+ " <sl10:MimeType>text/html</sl10:MimeType>" + nl +
+ " </sl10:FinalDataMetaInfo>" + nl +
+ " </sl10:TransformsInfo>" + nl;
+ public static final String REQUEST_SHOULD =
+"<?xml version=\"1.0\" encoding=\"UTF-8\"?>" + nl +
+"<sl11:CreateXMLSignatureRequest xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:sl10=\"http://www.buergerkarte.at/namespaces/securitylayer/20020225#\" xmlns:sl11=\"http://www.buergerkarte.at/namespaces/securitylayer/20020831#\">" + nl +
+" <sl11:KeyboxIdentifier>SecureSignatureKeypair</sl11:KeyboxIdentifier>" + nl +
+" <sl11:DataObjectInfo Structure=\"detached\">" + nl +
+" <sl10:DataObject Reference=\"\"/>" + nl +
+TRANSFORMS_INFO +
+" </sl11:DataObjectInfo>" + nl +
+" <sl11:SignatureInfo>" + nl +
+" <sl11:SignatureEnvironment>" + nl +
+" <sl10:XMLContent>" + AuthenticationBlockAssertionBuilderTest.ASSERTION_SHOULD + "</sl10:XMLContent>" + nl +
+" </sl11:SignatureEnvironment>" + nl +
+" <sl11:SignatureLocation Index=\"2\">/saml:Assertion</sl11:SignatureLocation>" + nl +
+" </sl11:SignatureInfo>" + nl +
+"</sl11:CreateXMLSignatureRequest>";
+
+ public CreateXMLSignatureBuilderTest(String name) {
+ super(name);
+ }
+
+ public void testBuild() throws Exception {
+ String request = new CreateXMLSignatureRequestBuilder().build(
+ AuthenticationBlockAssertionBuilderTest.ASSERTION_SHOULD,
+ new String[] {TRANSFORMS_INFO});
+ assertXmlEquals(REQUEST_SHOULD, request);
+ }
+}
diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilderTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilderTest.java
new file mode 100644
index 000000000..9142a8e42
--- /dev/null
+++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilderTest.java
@@ -0,0 +1,73 @@
+package test.at.gv.egovernment.moa.id.auth.builder;
+
+import java.text.MessageFormat;
+
+import junit.framework.TestCase;
+
+import at.gv.egovernment.moa.id.auth.builder.CertInfoVerifyXMLSignatureRequestBuilder;
+import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder;
+import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder;
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class GetIdentityLinkFormBuilderTest extends TestCase {
+ private static String nl = "\n";
+ public static String FORM =
+ "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + nl +
+ "<html>" + nl +
+ "<head>" + nl +
+ "<title>Auslesen der Personenbindung</title>" + nl +
+ "</head>" + nl +
+ "<body>" + nl +
+ "<form name=\"GetIdentityLinkForm\"" + nl +
+ " action=\"{0}\"" + nl +
+ " method=\"post\">" + nl +
+ " <input type=\"hidden\" " + nl +
+ " name=\"XMLRequest\"" + nl +
+ " value=\"{1}\"/>" + nl +
+ " <input type=\"hidden\" " + nl +
+ " name=\"DataURL\"" + nl +
+ " value=\"{2}\"/>" + nl +
+ " <input type=\"submit\" value=\"Auslesen der Personenbindung\"/>" + nl +
+ "</form>" + nl +
+ "<form name=\"CertificateInfoForm\"" + nl +
+ " action=\"{0}\"" + nl +
+ " method=\"post\">" + nl +
+ " <input type=\"hidden\" " + nl +
+ " name=\"XMLRequest\"" + nl +
+ " value=\"{3}\"/>" + nl +
+ " <input type=\"hidden\" " + nl +
+ " name=\"DataURL\"" + nl +
+ " value=\"{4}\"/>" + nl +
+ " <input type=\"submit\" value=\"Information zu Wurzelzertifikaten\"/>" + nl +
+ "</form>" + nl +
+ "</body>" + nl +
+ "</html>";
+ public static String BKU =
+ "http://localhost:3495/http-security-layer-request";
+
+ public void testBuild() throws Exception {
+ String xmlRequest = new InfoboxReadRequestBuilder().build();
+ String dataURL = "https://1.2.3.4/auth/VerifyIdentityLink?MOASessionID=1234567";
+ String infoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build();
+ String infoDataURL = "https://1.2.3.4/auth/StartAuthentication?Target=gb&OA=https://oa.gv.at/";
+ String form = new GetIdentityLinkFormBuilder().build(null, null, xmlRequest, dataURL, infoRequest, infoDataURL);
+ String formShould = MessageFormat.format(
+ FORM, new Object[] { BKU, xmlRequest, dataURL, infoRequest, infoDataURL });
+ assertEquals(formShould, form);
+ }
+ public void testBuildCustomBKU() throws Exception {
+ String xmlRequest = new InfoboxReadRequestBuilder().build();
+ String dataURL = "https://1.2.3.4/auth/AuthServlet/StartAuthentication?MOASessionID=1234567";
+ String infoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build();
+ String infoDataURL = "https://1.2.3.4/auth/StartAuthentication?Target=gb&OA=https://oa.gv.at/";
+ String bkuURL = "http://bku.at/";
+ String form = new GetIdentityLinkFormBuilder().build(null, bkuURL, xmlRequest, dataURL, infoRequest, infoDataURL);
+ String formShould = MessageFormat.format(
+ FORM, new Object[] { bkuURL, xmlRequest, dataURL, infoRequest, infoDataURL });
+ assertEquals(formShould, form);
+ }
+
+}
diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java
new file mode 100644
index 000000000..b65fc9ecf
--- /dev/null
+++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java
@@ -0,0 +1,29 @@
+package test.at.gv.egovernment.moa.id.auth.builder;
+
+import org.w3c.dom.Document;
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class InfoboxReadRequestBuilderTest extends UnitTestCase implements Constants {
+
+ public InfoboxReadRequestBuilderTest(String name) {
+ super(name);
+ }
+
+ public void testBuild() throws Exception {
+ InfoboxReadRequestBuilder builder = new InfoboxReadRequestBuilder();
+ String xmlBuilt = builder.build();
+ Document docBuilt = DOMUtils.parseDocument(xmlBuilt, false, ALL_SCHEMA_LOCATIONS, null);
+ String xmlBuiltSerialized = DOMUtils.serializeNode(docBuilt);
+ // xmlShould was generated by Hot:Sign Tester
+ String xmlShould = "<?xml version='1.0' encoding='utf-8'?><sl10:InfoboxReadRequest xmlns:sl10='http://www.buergerkarte.at/namespaces/securitylayer/20020225#'><sl10:InfoboxIdentifier>IdentityLink</sl10:InfoboxIdentifier><sl10:BinaryFileParameters ContentIsXMLEntity='true'/></sl10:InfoboxReadRequest>";
+ assertXmlEquals(xmlShould, xmlBuiltSerialized);
+ }
+}
diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java
new file mode 100644
index 000000000..504679fd5
--- /dev/null
+++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java
@@ -0,0 +1,51 @@
+package test.at.gv.egovernment.moa.id.auth.builder;
+
+import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
+import at.gv.egovernment.moa.util.Constants;
+
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class PersonDataBuilderTest extends UnitTestCase implements Constants {
+
+ /**
+ * Constructor for PersonDataBuilderTest.
+ */
+ public PersonDataBuilderTest(String arg) {
+ super(arg);
+ }
+ public void testBuild() throws Exception {
+ String xmlInfoboxReadResponse = readFile("data/test/xmldata/testperson1/InfoboxReadResponse.xml");
+ IdentityLink il = new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink();
+ String xmlPersonData = new PersonDataBuilder().build(il, true);
+ String xmlPersonDataShould = "<pr:Person xsi:type=\"pr:PhysicalPersonType\"><pr:Identification><pr:Value>123456789012</pr:Value><pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type></pr:Identification><pr:Name><pr:GivenName>Hermann</pr:GivenName><pr:FamilyName primary=\"undefined\">Muster</pr:FamilyName></pr:Name><pr:DateOfBirth>1968-10-22</pr:DateOfBirth></pr:Person>";
+ assertPersonDataEquals(xmlPersonDataShould, xmlPersonData);
+ }
+ public void testBuildNoZMRZahl() throws Exception {
+ String xmlInfoboxReadResponse = readFile("data/test/xmldata/testperson1/InfoboxReadResponse.xml");
+ IdentityLink il = new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink();
+ String xmlPersonData = new PersonDataBuilder().build(il, false);
+ String xmlPersonDataShould = XML_DECL + "<pr:Person xsi:type=\"pr:PhysicalPersonType\"><pr:Name><pr:GivenName>Hermann</pr:GivenName><pr:FamilyName primary=\"undefined\">Muster</pr:FamilyName></pr:Name><pr:DateOfBirth>1968-10-22</pr:DateOfBirth></pr:Person>";
+ assertPersonDataEquals(xmlPersonDataShould, xmlPersonData);
+ }
+ private void assertPersonDataEquals(String s1, String s2) throws Exception {
+ String ss1 = insertPrNS(s1);
+ String ss2 = insertPrNS(s2);
+ assertXmlEquals(ss1, ss2);
+ }
+ private String insertPrNS(String xmlPersonData) {
+ int startNS = xmlPersonData.indexOf("Person") + "Person".length() + 1;
+ String s =
+ xmlPersonData.substring(0, startNS) +
+ "xmlns:pr=\"" + PD_NS_URI + "\" " +
+ "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" " +
+ xmlPersonData.substring(startNS);
+ return s;
+ }
+
+}
diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilderTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilderTest.java
new file mode 100644
index 000000000..3ec73ee4c
--- /dev/null
+++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilderTest.java
@@ -0,0 +1,52 @@
+package test.at.gv.egovernment.moa.id.auth.builder;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
+import at.gv.egovernment.moa.util.Base64Utils;
+
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SAMLArtifactBuilderTest extends UnitTestCase {
+
+ private static final String AUTH_URL = "https://moa.gv.at/auth/";
+ private static final String SESSION_ID_1 = "123456";
+ private static final String SESSION_ID_2 = "123457";
+ private static final String SESSION_ID_3 = "1234567";
+
+ private SAMLArtifactBuilder builder;
+ private byte[] artifact1;
+ private byte[] artifact2;
+ private byte[] artifact3;
+
+ public SAMLArtifactBuilderTest(String name) {
+ super(name);
+ }
+ protected void setUp() throws Exception {
+ builder = new SAMLArtifactBuilder();
+ artifact1 = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_1), false);
+ artifact2 = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_2), false);
+ artifact3 = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_3), false);
+ }
+
+ public void testBuildArtifactLength() throws BuildException {
+ assertEquals(42, artifact1.length);
+ assertEquals(42, artifact2.length);
+ assertEquals(42, artifact3.length);
+ }
+ public void testBuildSameArtifact() throws Exception {
+ byte[] artifact1Clone = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_1), false);
+ assertEquals(new String(artifact1), new String(artifact1Clone));
+ }
+ public void testBuildDifferentArtifacts() throws BuildException {
+ String msg = "SAML Artifacts should be different";
+ assertFalse(msg, new String(artifact1).equals(new String(artifact2)));
+ assertFalse(msg, new String(artifact1).equals(new String(artifact3)));
+ assertFalse(msg, new String(artifact3).equals(new String(artifact2)));
+ }
+
+
+}
diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilderTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilderTest.java
new file mode 100644
index 000000000..5b3bb5906
--- /dev/null
+++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilderTest.java
@@ -0,0 +1,93 @@
+package test.at.gv.egovernment.moa.id.auth.builder;
+
+import java.io.FileInputStream;
+import java.io.RandomAccessFile;
+
+import org.w3c.dom.Element;
+import test.at.gv.egovernment.moa.id.auth.invoke.MOASPSSTestCase;
+
+import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
+import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
+import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+
+
+
+/**
+ * Test case for the signature verification web service.
+ *
+ * This test requires a running SignatureVerification web service.
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class VerifyXMLSignatureRequestBuilderTest extends MOASPSSTestCase {
+
+
+ private SignatureVerificationInvoker caller;
+
+ public VerifyXMLSignatureRequestBuilderTest(String name) {
+ super(name);
+ }
+
+ public void setUp() {
+ System.setProperty(
+ ConfigurationProvider.CONFIG_PROPERTY_NAME,
+ "data/test/conf/ConfigurationTest.xml");
+ caller = new SignatureVerificationInvoker();
+ }
+
+ public void testVerifyXMLSignatureRequestBuilderIdentityLink() throws Exception {
+
+ RandomAccessFile infoBox = new RandomAccessFile(
+ "data/test/xmldata/testperson1/InfoboxReadResponse.xml","r");
+ byte[] b = new byte[(int) infoBox.length()];
+ infoBox.read(b);
+ infoBox.close();
+ String xmlInfoboxReadResponse = new String(b, "UTF-8");
+
+
+ RandomAccessFile vr = new RandomAccessFile(
+ "data/test/xmldata/standard/VerifyXMLSignatureRequestIdentityLink.xml","r");
+ b = new byte[(int) vr.length()];
+ vr.read(b);
+ vr.close();
+ String xmlResponse = new String(b, "UTF-8");
+
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(xmlInfoboxReadResponse);
+ IdentityLink idl = irrp.parseIdentityLink();
+ VerifyXMLSignatureRequestBuilder vsrb = new VerifyXMLSignatureRequestBuilder();
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+
+ Element requestBuild = vsrb.build(idl, authConf.getMoaSpIdentityLinkTrustProfileID());
+
+ assertXmlEquals(requestBuild, xmlResponse);
+
+ }
+
+ public void testVerifyXMLSignature2() throws Exception {
+
+ RandomAccessFile s = new RandomAccessFile("data/test/xmldata/standard/CreateXMLSignatureResponse.xml","r");
+ byte[] b = new byte[(int) s.length()];
+ s.read(b);
+ s.close();
+ String xmlCreateXMLSignatureResponse = new String(b, "UTF-8");
+
+ CreateXMLSignatureResponseParser cXMLsrp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse);
+ CreateXMLSignatureResponse csr = cXMLsrp.parseResponse();
+
+ VerifyXMLSignatureRequestBuilder vsrb = new VerifyXMLSignatureRequestBuilder();
+
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+
+ Element request = vsrb.build(csr, authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(), authConf.getMoaSpIdentityLinkTrustProfileID());
+
+ // check the result
+ assertXmlEquals(request, new FileInputStream("data/test/xmldata/standard/VerifyXMLSignatureRequestCreateXML.xml"));
+
+ }
+ }
diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/invoke/MOASPSSTestCase.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/invoke/MOASPSSTestCase.java
new file mode 100644
index 000000000..7ae6f70ef
--- /dev/null
+++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/invoke/MOASPSSTestCase.java
@@ -0,0 +1,38 @@
+package test.at.gv.egovernment.moa.id.auth.invoke;
+
+import java.security.Security;
+
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+/**
+ * Base class for end-to-end tests of MOA web-services.
+ *
+ * Initializes the test system and provides some properties.
+ *
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class MOASPSSTestCase extends UnitTestCase {
+
+ public MOASPSSTestCase(String name) {
+ super(name);
+ }
+
+
+ protected void setupSSL() {
+ System.setProperty("javax.net.debug", "all");
+ Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+ System.setProperty(
+ "java.protocol.handler.pkgs",
+ "com.sun.net.ssl.internal.www.protocol");
+ System.setProperty(
+ "javax.net.ssl.keyStore",
+ "data/test/security/client.keystore");
+ System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
+ System.setProperty(
+ "javax.net.ssl.trustStore",
+ "data/test/security/client.keystore");
+ System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
+ }
+
+}
diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationTest.java
new file mode 100644
index 000000000..e56dcde91
--- /dev/null
+++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationTest.java
@@ -0,0 +1,166 @@
+package test.at.gv.egovernment.moa.id.auth.invoke;
+
+import java.io.RandomAccessFile;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
+import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
+import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+
+
+/**
+ * Test case for the signature verification web service.
+ *
+ * This test requires a running SignatureVerification web service.
+ *
+ * @author Patrick Peck
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class SignatureVerificationTest extends MOASPSSTestCase {
+
+
+ private SignatureVerificationInvoker caller;
+
+ public SignatureVerificationTest(String name) {
+ super(name);
+ }
+
+ public void setUp() {
+System.setProperty(
+ ConfigurationProvider.CONFIG_PROPERTY_NAME,
+ "data/test/conf/ConfigurationTest.xml");
+ caller = new SignatureVerificationInvoker();
+ }
+
+/* public void testVerifyCMSSignature() throws Exception {
+ Element request =
+ parseXml("data/test/xml/VCSQ000.xml").getDocumentElement();
+ Element result;
+
+ // call the service
+ result = caller.verifyXMLSignature(request);
+
+ // check the result
+ assertEquals("VerifyCMSSignatureResponse", result.getTagName());
+ }*/
+
+ public void testVerifyXMLSignature1() throws Exception {
+
+ //Momentan zeigt die Konfiguration als Endpunkt aus localhost:8081 zum
+ //Protokollieren per TCPMon... der ECHT Endpunkt ist 10.16.46.108:8080
+ RandomAccessFile s =
+ new RandomAccessFile(
+ "data/test/xmldata/testperson1/InfoboxReadResponse.xml","r");
+ byte[] b = new byte[(int) s.length()];
+ s.read(b);
+ String xmlInfoboxReadResponse =new String(b,"UTF8");
+
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(xmlInfoboxReadResponse);
+ IdentityLink idl = irrp.parseIdentityLink();
+ VerifyXMLSignatureRequestBuilder vsrb = new VerifyXMLSignatureRequestBuilder();
+
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+
+ Element request = vsrb.build(idl, authConf.getMoaSpIdentityLinkTrustProfileID());
+ s =new RandomAccessFile("D://PatricksVerifyXMLSignatureRequestWithInfoboxReadResponse.xml","rw");
+ s.write(DOMUtils.serializeNode(request).getBytes("UTF-8"));
+ s.close();
+// Element request = DOMUtils.parseDocument(vsrb.build(xmlInfoboxReadResponse,"TrustProfile1"),false,null,null).getDocumentElement();
+// Element request = DOMUtils.parseDocument(xmlInfoboxReadResponse,false,null,null).getDocumentElement();
+// call the service
+ Element response = caller.verifyXMLSignature(request);
+ VerifyXMLSignatureResponseParser vParser = new VerifyXMLSignatureResponseParser(response);
+ VerifyXMLSignatureResponse vData = vParser.parseData();
+ VerifyXMLSignatureResponseValidator vValidate = VerifyXMLSignatureResponseValidator.getInstance();
+ vValidate.validate(vData, authConf.getIdentityLinkX509SubjectNames(), VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK);
+ vValidate.validateCertificate(vData,idl);
+
+ // check the result
+ assertXmlEquals(response, request);
+
+ }
+
+ public void testVerifyXMLSignature2() throws Exception {
+ // Prüft den 2. Aufruf mit dem CreateXMLSIgnatureResponse als Parameter
+ //Momentan zeigt die Konfiguration als Endpunkt aus localhost:8081 zum
+ //Protokollieren per TCPMon... der ECHT Endpunkt ist 10.16.46.108:8080
+ RandomAccessFile s =
+ new RandomAccessFile(
+ "data/test/xmldata/standard/CreateXMLSignatureResponse.xml","r");
+ byte[] b = new byte[(int) s.length()];
+ s.read(b);
+ String xmlCreateXMLSignatureResponse = new String(b, "UTF8");
+
+ CreateXMLSignatureResponseParser cXMLsrp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse);
+// CreateXMLSignatureResponseParser cXMLsrp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse);
+ CreateXMLSignatureResponse csr = cXMLsrp.parseResponse();
+
+ VerifyXMLSignatureRequestBuilder vsrb = new VerifyXMLSignatureRequestBuilder();
+
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+
+ Element request = vsrb.build(csr, authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(), authConf.getMoaSpIdentityLinkTrustProfileID());
+ // Element request = DOMUtils.parseDocument(vsrb.build(xmlInfoboxReadResponse,"TrustProfile1"),false,null,null).getDocumentElement();
+// Element request = DOMUtils.parseDocument(xmlInfoboxReadResponse,false,null,null).getDocumentElement();
+ Element result;
+/*s =new RandomAccessFile("D://PatricksVerifyXMLSignatureRequestWithAuthBlock.xml","rw");
+ s.write(DOMUtils.serializeNode(request).getBytes("UTF-8"));
+ s.close();*/
+ // call the service
+ result = caller.verifyXMLSignature(request);
+ // check the result
+ assertEquals("VerifyXMLSignatureResponse", result.getTagName());
+
+ }
+
+
+ public void testParseCreateXMLSignatureResponse() throws Exception {
+
+ //Später soll die Datei direkt vom Server geholt werden...
+
+ RandomAccessFile s =
+ new RandomAccessFile(
+ "data/test/xmldata/standard/CreateXMLSignatureResponse.xml",
+
+ "r");
+ byte[] b = new byte[(int) s.length()];
+ s.read(b);
+ String xmlCreateXMLSignatureResponse = new String(b, "UTF-8");
+
+ CreateXMLSignatureResponseParser cXMLsrp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse);
+ CreateXMLSignatureResponse csr = cXMLsrp.parseResponse();
+
+ }
+
+ public void testParseVerifyXMLSignatureResponse() throws Exception {
+
+ //Später soll die Datei direkt vom Server geholt werden...
+
+ RandomAccessFile s =
+ new RandomAccessFile(
+ "data/test/xmldata/standard/VerifyXMLSignaterResponse.xml",
+
+ "r");
+ byte[] b = new byte[(int) s.length()];
+ s.read(b);
+ String xmlVerifyXMLSignatureResponse = new String(b, "UTF-8");
+
+ VerifyXMLSignatureResponseParser vXMLsrp = new VerifyXMLSignatureResponseParser(xmlVerifyXMLSignatureResponse);
+ VerifyXMLSignatureResponse vsr = vXMLsrp.parseData();
+
+ }
+
+
+ }
diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/AllTests.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/AllTests.java
new file mode 100644
index 000000000..84f5110b0
--- /dev/null
+++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/AllTests.java
@@ -0,0 +1,29 @@
+package test.at.gv.egovernment.moa.id.auth.parser;
+
+import junit.awtui.TestRunner;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AllTests {
+
+ public static Test suite() {
+ TestSuite suite = new TestSuite();
+
+ suite.addTestSuite(IdentityLinkAssertionParserTest.class);
+ suite.addTestSuite(SAMLArtifactParserTest.class);
+
+ return suite;
+ }
+
+ public static void main(String[] args) {
+ try {
+ TestRunner.run(AllTests.class);
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java
new file mode 100644
index 000000000..77eb360bc
--- /dev/null
+++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java
@@ -0,0 +1,137 @@
+package test.at.gv.egovernment.moa.id.auth.parser;
+
+import iaik.security.rsa.RSAPublicKey;
+
+import java.io.FileOutputStream;
+import java.io.RandomAccessFile;
+import java.security.PublicKey;
+
+import org.w3c.dom.Document;
+
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.parser.ECDSAKeyValueConverter;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
+import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class IdentityLinkAssertionParserTest extends UnitTestCase {
+
+ IdentityLinkAssertionParser ilap;
+
+ public IdentityLinkAssertionParserTest(String name) {
+ super(name);
+ }
+
+ public void setUp() {
+ try {
+ RandomAccessFile s =
+ new RandomAccessFile(
+ "data/test/xmldata/testperson1/InfoboxReadResponse.xml",
+ "r");
+ byte[] b = new byte[(int) s.length()];
+ s.read(b);
+ String xmlInfoboxReadResponse = new String(b, "UTF-8");
+
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(xmlInfoboxReadResponse);
+ ilap = new IdentityLinkAssertionParser(irrp.parseSAMLAssertion());
+ }
+ catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ public void testParseIdentityLink() throws Exception {
+ IdentityLink idl = ilap.parseIdentityLink();
+ System.out.println(idl.getGivenName());
+ System.out.println(idl.getFamilyName());
+ System.out.println(idl.getDateOfBirth());
+ System.out.println(idl.getIdentificationValue());
+
+ VerifyXMLSignatureRequestBuilder vx = new VerifyXMLSignatureRequestBuilder();
+
+ // Element zurück bekommen: vx.build(idl.getSamlAssertion());
+
+ IdentityLinkValidator idVali = IdentityLinkValidator.getInstance();
+ idVali.validate(idl);
+
+ }
+
+ public void testParseIdentityLinkECC() throws Exception {
+ RandomAccessFile s =
+ new RandomAccessFile(
+ "data/test/xmldata/IL.ResponseToRequest.01.ECDSA.xml",
+ "r");
+ byte[] b = new byte[(int) s.length()];
+ s.read(b);
+ String xmlInfoboxReadResponse = new String(b);
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(xmlInfoboxReadResponse);
+ String SAML = irrp.parseSAMLAssertion();
+ ilap = new IdentityLinkAssertionParser(SAML);
+ IdentityLink idl = ilap.parseIdentityLink();
+ System.out.println(idl.getGivenName());
+ System.out.println(idl.getFamilyName());
+ System.out.println(idl.getDateOfBirth());
+ System.out.println(idl.getIdentificationValue());
+
+ VerifyXMLSignatureRequestBuilder vx = new VerifyXMLSignatureRequestBuilder();
+
+ // Element zurück bekommen: vx.build(idl.getSamlAssertion());
+
+ IdentityLinkValidator idVali = IdentityLinkValidator.getInstance();
+ idVali.validate(idl);
+
+ }
+
+ public void testRSAPublicKeys() throws Exception {
+ if (ilap.getPublicKeys()[0].getClass().getName().equals("iaik.security.rsa.RSAPublicKey"))
+ {
+
+ for (int i = 0; i < ilap.getPublicKeys().length; i++) {
+ RSAPublicKey result = (RSAPublicKey)ilap.getPublicKeys()[i];
+ System.out.println("RSA Public Key No" + i);
+ System.out.println("Modulus: " + result.getModulus());
+ System.out.println("Exponent: " + result.getPublicExponent());
+ }
+
+ }
+ }
+
+ public void testECDSAPublicKeys() throws Exception {
+
+ RandomAccessFile s =
+ new RandomAccessFile(
+ "data/test/xmldata/ECDSAKeyExample.xml",
+ "r");
+ byte[] b = new byte[(int) s.length()];
+ s.read(b);
+ String ecdsaKey = new String(b, "UTF-8");
+ Document e = DOMUtils.parseDocument(ecdsaKey,true,Constants.ALL_SCHEMA_LOCATIONS, null);
+ PublicKey p = ECDSAKeyValueConverter.element2ECDSAPublicKey(e.getDocumentElement());
+
+ }
+
+
+ public void testDsigCertificates() throws Exception {
+
+ String[] result = ilap.getCertificates();
+ for (int i = 0; i < result.length; i++) {
+
+ System.out.println("DSIG Certificate Length: " + result[i].length() + " No" + i + "\n" + result[i]);
+ FileOutputStream raf = new FileOutputStream("data/test/certs/cert" + i + ".cer");
+ raf.write(result[i].getBytes());
+ raf.flush();
+ raf.close();
+ }
+
+ }
+
+}
diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java
new file mode 100644
index 000000000..9a878be2c
--- /dev/null
+++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java
@@ -0,0 +1,67 @@
+package test.at.gv.egovernment.moa.id.auth.parser;
+
+import java.io.RandomAccessFile;
+
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class InfoboxReadResponseParserTest extends UnitTestCase {
+
+ IdentityLinkAssertionParser ilap;
+
+ public InfoboxReadResponseParserTest(String name) {
+ super(name);
+ }
+
+ public void setUp() {
+ }
+
+ public void testParseInfoboxReadResponse() throws Exception {
+ RandomAccessFile s =
+ new RandomAccessFile(
+ "data/test/xmldata/testperson1/InfoboxReadResponse.xml",
+ "r");
+ byte[] b = new byte[(int) s.length()];
+ s.read(b);
+ String xmlInfoboxReadResponse = new String(b, "UTF-8");
+
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(xmlInfoboxReadResponse);
+ ilap = new IdentityLinkAssertionParser(irrp.parseSAMLAssertion());
+
+ IdentityLink idl = ilap.parseIdentityLink();
+ System.out.println(idl.getGivenName());
+ System.out.println(idl.getFamilyName());
+ System.out.println(idl.getDateOfBirth());
+ System.out.println(idl.getIdentificationValue());
+
+ }
+
+ public void testParseInfoboxReadResponseError() throws Exception {
+ RandomAccessFile s =
+ new RandomAccessFile(
+ "data/test/xmldata/ErrorResponse.xml",
+ "r");
+ byte[] b = new byte[(int) s.length()];
+ s.read(b);
+ String xmlInfoboxReadResponse = new String(b, "UTF-8");
+
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(xmlInfoboxReadResponse);
+ ilap = new IdentityLinkAssertionParser(irrp.parseSAMLAssertion());
+
+ IdentityLink idl = ilap.parseIdentityLink();
+ System.out.println(idl.getGivenName());
+ System.out.println(idl.getFamilyName());
+ System.out.println(idl.getDateOfBirth());
+ System.out.println(idl.getIdentificationValue());
+
+ }
+
+
+}
diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java
new file mode 100644
index 000000000..992e799bd
--- /dev/null
+++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java
@@ -0,0 +1,55 @@
+package test.at.gv.egovernment.moa.id.auth.parser;
+
+import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
+import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
+import at.gv.egovernment.moa.id.util.Random;
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+/*
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SAMLArtifactParserTest extends UnitTestCase {
+
+ private static String URL1 = "http://moa.gv.at/auth";
+ private static String URL2 = "https://moa.gv.at/auth";
+
+ public SAMLArtifactParserTest(String name) {
+ super(name);
+ }
+
+ public void testParseTypeCode() throws Exception {
+ String sessionID = Random.nextRandom();
+ String samlArtifact = new SAMLArtifactBuilder().build(URL1, sessionID);
+ byte[] typeCode = new SAMLArtifactParser(samlArtifact).parseTypeCode();
+ assertEquals(typeCode[0], 0);
+ assertEquals(typeCode[1], 1);
+ }
+ public void testParseAssertionHandleSameSessionID() throws Exception {
+ // SAML artifacts for different authURL's but same sessionID MUST give same assertion handle
+ String sessionID = Random.nextRandom();
+ String samlArtifact1 = new SAMLArtifactBuilder().build(URL1, sessionID);
+ String samlArtifact2 = new SAMLArtifactBuilder().build(URL2, sessionID);
+ String assertionHandle1 = new SAMLArtifactParser(samlArtifact1).parseAssertionHandle();
+ String assertionHandle2 = new SAMLArtifactParser(samlArtifact2).parseAssertionHandle();
+ assertEquals(assertionHandle1, assertionHandle2);
+ }
+ public void testParseAssertionHandleSameURL() throws Exception {
+ // SAML artifacts for same authURL but different sessionID's MUST give different assertion handles
+ String sessionID1 = Random.nextRandom();
+ String sessionID2 = Random.nextRandom();
+ String samlArtifact1 = new SAMLArtifactBuilder().build(URL1, sessionID1);
+ String samlArtifact2 = new SAMLArtifactBuilder().build(URL1, sessionID2);
+ String assertionHandle1 = new SAMLArtifactParser(samlArtifact1).parseAssertionHandle();
+ String assertionHandle2 = new SAMLArtifactParser(samlArtifact2).parseAssertionHandle();
+ assertFalse(assertionHandle1.equals(assertionHandle2));
+ }
+ public void testParseAssertionHandleSameSAMLArtifact() throws Exception {
+ // SAML artifact parsed twice MUST give same assertion handle each time
+ String sessionID = Random.nextRandom();
+ String samlArtifact = new SAMLArtifactBuilder().build(URL1, sessionID);
+ String assertionHandle1 = new SAMLArtifactParser(samlArtifact).parseAssertionHandle();
+ String assertionHandle2 = new SAMLArtifactParser(samlArtifact).parseAssertionHandle();
+ assertEquals(assertionHandle1, assertionHandle2);
+ }
+}
diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataServiceTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataServiceTest.java
new file mode 100644
index 000000000..c78651fdb
--- /dev/null
+++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataServiceTest.java
@@ -0,0 +1,91 @@
+package test.at.gv.egovernment.moa.id.auth.servlet;
+
+import org.w3c.dom.Element;
+
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+import at.gv.egovernment.moa.id.auth.servlet.GetAuthenticationDataService;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * Test case instantiates GetAuthenticationDataService and calls the Request() method.
+ * It DOES NOT call the web service via Axis.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class GetAuthenticationDataServiceTest extends UnitTestCase implements Constants {
+
+ private GetAuthenticationDataService service;
+
+ public GetAuthenticationDataServiceTest(String arg0) {
+ super(arg0);
+ }
+ protected void setUp() throws Exception {
+ service = new GetAuthenticationDataService();
+ }
+
+ public void testService2Requests() throws Exception {
+ String requestString =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" +
+ "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"123456\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" +
+ "<saml:AssertionIDReference>123</saml:AssertionIDReference>" +
+ "</samlp:Request>";
+ Element request = DOMUtils.parseDocument(requestString, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+ Element response = service.Request(new Element[] {request, request})[0];
+ assertStatus(response, "samlp:Requester", "samlp:TooManyResponses");
+ }
+ public void testServiceNoSAMLArtifact() throws Exception {
+ String requestString =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" +
+ "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"123456\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" +
+ "<saml:AssertionIDReference>123</saml:AssertionIDReference>" +
+ "</samlp:Request>";
+ Element request = DOMUtils.parseDocument(requestString, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+ Element response = service.Request(new Element[] {request})[0];
+ assertStatus(response, "samlp:Requester", null);
+ }
+ public void testService2SAMLArtifacts() throws Exception {
+ String requestString =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" +
+ "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"123456\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" +
+ "<samlp:AssertionArtifact>123</samlp:AssertionArtifact>" +
+ "<samlp:AssertionArtifact>456</samlp:AssertionArtifact>" +
+ "</samlp:Request>";
+ Element request = DOMUtils.parseDocument(requestString, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+ Element response = service.Request(new Element[] {request})[0];
+ assertStatus(response, "samlp:Requester", "samlp:TooManyResponses");
+ }
+ public void testServiceWrongFormat() throws Exception {
+ String requestString =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" +
+ "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"123456\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" +
+ "</samlp:Request>";
+ Element request = DOMUtils.parseDocument(requestString, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+ Element response = service.Request(new Element[] {request})[0];
+ assertStatus(response, "samlp:Requester", null);
+ }
+ public void testServiceWrongSAMLArtifact() throws Exception {
+ String requestString =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" +
+ "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"123456\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" +
+ "<samlp:AssertionArtifact>WRONGARTIFACT</samlp:AssertionArtifact>" +
+ "</samlp:Request>";
+ Element request = DOMUtils.parseDocument(requestString, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+ Element response = service.Request(new Element[] {request})[0];
+ assertStatus(response, "samlp:Requester", "samlp:ResourceNotRecognized");
+ }
+ private void assertStatus(Element response, String statusCodeShould, String subStatusCodeShould) throws Exception {
+ Element statusCodeNode = (Element)XPathUtils.selectSingleNode(response, "//samlp:StatusCode");
+ String statusCode = statusCodeNode.getAttribute("Value");
+ Element subStatusCodeNode = (Element)XPathUtils.selectSingleNode(statusCodeNode, "//samlp:StatusCode/samlp:StatusCode");
+ String subStatusCode = subStatusCodeNode == null ? null : subStatusCodeNode.getAttribute("Value");
+ System.out.println(statusCode + subStatusCode);
+ assertEquals(statusCodeShould, statusCode);
+ assertEquals(subStatusCodeShould, subStatusCode);
+ }
+
+
+}
diff --git a/id.server/src/test/at/gv/egovernment/moa/id/config/auth/MOAIDAuthConfigurationProviderTest.java b/id.server/src/test/at/gv/egovernment/moa/id/config/auth/MOAIDAuthConfigurationProviderTest.java
new file mode 100644
index 000000000..7935c5179
--- /dev/null
+++ b/id.server/src/test/at/gv/egovernment/moa/id/config/auth/MOAIDAuthConfigurationProviderTest.java
@@ -0,0 +1,112 @@
+package test.at.gv.egovernment.moa.id.config.auth;
+
+import java.util.Map;
+
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+
+/**
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class MOAIDAuthConfigurationProviderTest extends UnitTestCase {
+ private AuthConfigurationProvider provider;
+
+ /**
+ * Constructor for MOAAuthConfigTest.
+ * @param name
+ */
+ public MOAIDAuthConfigurationProviderTest(String name) {
+ super(name);
+ }
+
+ protected void setUp() throws Exception {
+
+ provider =
+ new AuthConfigurationProvider(TESTDATA_ROOT + "conf/ConfigurationTest.xml");
+
+ }
+ public void testGetTransformsInfoFileNames() {
+ String[] transformsInfoFileNames;
+ transformsInfoFileNames = provider.getTransformsInfoFileNames();
+// for (int i = 0; i < transformsInfoFileNames.length; i++) {
+// System.out.println(
+// "getTransformsInfoFileNames: " + transformsInfoFileNames[i]);
+ assertEquals(transformsInfoFileNames[0],"http://StringsecLayerTranformsInfo1");
+ assertEquals(transformsInfoFileNames[1],"http://StringsecLayerTranformsInfo2");
+// }
+
+ }
+
+ public void testGetMOASPConnectionParameters() {
+ ConnectionParameter cp;
+ cp = provider.getMoaSpConnectionParameter();
+ assertEquals(cp.getUrl(),"MOA-SP-URL");
+ assertEquals(cp.getAcceptedServerCertificates(),"http://AcceptedServerCertificates");
+ assertEquals(cp.getClientKeyStorePassword(),"Keystore Pass");
+ assertEquals(cp.getClientKeyStore(),"URLtoClientKeystoreAUTH");
+/* System.out.println();
+ System.out.println("getMoaSpConnectionParameter :" + cp.getUrl());
+ System.out.println(
+ "getMoaSpConnectionParameter :" + cp.getAcceptedServerCertificates());
+ System.out.println(
+ "getMoaSpConnectionParameter :" + cp.getClientKeyStorePassword());
+ System.out.println(
+ "getMoaSpConnectionParameter :" + cp.getClientKeyStore());*/
+ }
+ public void testGetMoaSpIdentityLinkTrustProfileID() {
+
+ assertEquals(provider.getMoaSpIdentityLinkTrustProfileID(),"StringVerifyIdentiyLinkTrustID");
+
+ }
+ public void testGetMoaSpAuthBlockTrustProfileID() {
+ assertEquals(provider.getMoaSpAuthBlockTrustProfileID(),"StringVerifyAuthBlockTransformID");
+ }
+
+ public void testGetMoaSpAuthBlockVerifyTransformsInfoIDs() {
+ String[] result = provider.getMoaSpAuthBlockVerifyTransformsInfoIDs();
+ assertEquals(result[0],"StringVerifyTransformsInfoID1");
+ assertEquals(result[1],"StringVerifyTransformsInfoID2");
+
+ }
+
+ public void testGetOnlineApplicationAuthParameter() {
+ OAAuthParameter[] result = provider.getOnlineApplicationParameters();
+
+ assertEquals(result[0].getPublicURLPrefix(),"StringOALoginURL");
+ assertEquals(result[0].getProvideZMRZahl(),false);
+ assertEquals(result[0].getProvideAuthBlock(),false);
+ assertEquals(result[0].getProvideIdentityLink(),false);
+
+ assertEquals(result[1].getPublicURLPrefix(),"StringOALoginURL2");
+ assertEquals(result[1].getProvideZMRZahl(),true);
+ assertEquals(result[1].getProvideAuthBlock(),true);
+ assertEquals(result[1].getProvideIdentityLink(),true);
+
+
+/* for (int i = 0; i < result.length; i++) {
+ System.out.println();
+ System.out.println("getOnlineApplicationParameters Url: " + result[i].getUrl());
+ System.out.println("getOnlineApplicationParameters ProvideZMRZahl: " + result[i].getProvideZMRZahl());
+ System.out.println("getOnlineApplicationParameters ProvideAuthBlock: " + result[i].getProvideAuthBlock());
+ System.out.println("getOnlineApplicationParameters ProvideIdentityLink: " + result[i].getProvideIdentityLink());
+ }*/
+ }
+
+ public void testGetGenericConfiguration() {
+ Map result = provider.getGenericConfiguration();
+ assertEquals(result.containsKey("Generic Name 1"),true);
+ assertEquals(result.containsKey("Generic Name 2"),true);
+ assertEquals(result.get("Generic Name 1"),"Value1");
+ assertEquals(result.get("Generic Name 2"),"Value2");
+ /* for (Iterator iter = result.keySet().iterator(); iter.hasNext();) {
+ String element = (String) iter.next();
+ System.out.println("getGenericConfiguration Key:" + element);
+ System.out.println("getGenericConfiguration Value:" + result.get(element));
+ }*/
+ }
+
+}
diff --git a/id.server/src/test/at/gv/egovernment/moa/id/config/proxy/MOAIDProxyConfigurationProviderTest.java b/id.server/src/test/at/gv/egovernment/moa/id/config/proxy/MOAIDProxyConfigurationProviderTest.java
new file mode 100644
index 000000000..12eddf8c3
--- /dev/null
+++ b/id.server/src/test/at/gv/egovernment/moa/id/config/proxy/MOAIDProxyConfigurationProviderTest.java
@@ -0,0 +1,127 @@
+package test.at.gv.egovernment.moa.id.config.proxy;
+
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
+import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
+import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
+
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+
+
+/**
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class MOAIDProxyConfigurationProviderTest extends UnitTestCase {
+ private ProxyConfigurationProvider provider;
+
+ /**
+ * Constructor for MOAProxyConfigTest.
+ * @param name
+ */
+ public MOAIDProxyConfigurationProviderTest(String name) {
+ super(name);
+ }
+
+ protected void setUp() throws Exception {
+
+ provider =
+// new ProxyConfigurationProvider(TESTDATA_ROOT + "conf/ConfigurationTest.xml");
+ new ProxyConfigurationProvider("data/deploy/conf/moa-id/ConfigurationTest.xml");
+ }
+ public void testGetAuthComponentConnectionParameter()
+ {
+ ConnectionParameter cp;
+ cp = provider.getAuthComponentConnectionParameter();
+ assertEquals(cp.getUrl(),"AuthComponentURL");
+ assertEquals( cp.getAcceptedServerCertificates(),"http://www.altova.com");
+ assertEquals(cp.getClientKeyStorePassword(),"String");
+ assertEquals(cp.getClientKeyStore(),"http://www.altova.com");
+ /* System.out.println();
+ System.out.println("getProxyComponentConnectionParameter :" + cp.getUrl());
+ System.out.println(
+ "getProxyComponentConnectionParameter :" + cp.getAcceptedServerCertificates());
+ System.out.println(
+ "getProxyComponentConnectionParameter :" + cp.getClientKeyStorePassword());
+ System.out.println(
+ "getProxyComponentConnectionParameter :" + cp.getClientKeyStore());*/
+}
+
+ public void testGetOAProxyParameter() {
+ OAProxyParameter[] result = provider.getOnlineApplicationParameters();
+
+ assertEquals("http://localhost:9080/", result[0].getPublicURLPrefix());
+ assertEquals("file:data/test/conf/OAConfParamAuth.xml", result[0].getConfigFileURL());
+ assertEquals(10, result[0].getSessionTimeOut());
+ assertEquals("StringloginParameterResolverImpl1", result[0].getLoginParameterResolverImpl());
+ assertEquals("StringconnectionBuilderImpl1", result[0].getConnectionBuilderImpl());
+
+ assertEquals("ProxyComponentURL", result[0].getConnectionParameter().getUrl());
+ assertEquals("url:AcceptedServerCertificates", result[0].getConnectionParameter().getAcceptedServerCertificates());
+ assertEquals("URL:toClientKeystoreOA", result[0].getConnectionParameter().getClientKeyStore());
+ assertEquals("ClientKeystoreOAPAss", result[0].getConnectionParameter().getClientKeyStorePassword());
+
+ assertEquals("StringOALoginURL2", result[1].getPublicURLPrefix());
+ assertEquals("file:data/test/conf/OAConfHeaderAuth.xml", result[1].getConfigFileURL());
+ assertEquals(20, result[1].getSessionTimeOut());
+ assertEquals("StringloginParameterResolverImpl2",result[1].getLoginParameterResolverImpl());
+ assertEquals("StringconnectionBuilderImpl2", result[1].getConnectionBuilderImpl());
+
+ assertEquals("ProxyComponentURL2", result[1].getConnectionParameter().getUrl());
+ assertEquals("url:AcceptedServerCertificates2", result[1].getConnectionParameter().getAcceptedServerCertificates());
+ assertEquals("URL:toClientKeystoreOA2", result[1].getConnectionParameter().getClientKeyStore());
+ assertEquals("ClientKeystoreOAPAss2", result[1].getConnectionParameter().getClientKeyStorePassword());
+
+ assertEquals("StringOALoginURL3", result[2].getPublicURLPrefix());
+ assertEquals("file:data/test/conf/OAConfBasicAuth.xml", result[2].getConfigFileURL());
+ assertEquals(20, result[2].getSessionTimeOut());
+ assertEquals("StringloginParameterResolverImpl3",result[2].getLoginParameterResolverImpl());
+ assertEquals("StringconnectionBuilderImpl3", result[2].getConnectionBuilderImpl());
+
+ assertEquals("ProxyComponentURL3", result[2].getConnectionParameter().getUrl());
+ assertEquals("url:AcceptedServerCertificates3", result[2].getConnectionParameter().getAcceptedServerCertificates());
+ assertEquals("URL:toClientKeystoreOA3", result[2].getConnectionParameter().getClientKeyStore());
+ assertEquals("ClientKeystoreOAPAss3", result[2].getConnectionParameter().getClientKeyStorePassword());
+ }
+
+ public void testGetGenericConfiguration() {
+ Map result = provider.getGenericConfiguration();
+ assertEquals(true, result.containsKey("authenticationSessionTimeOut"));
+ assertEquals(true, result.containsKey("authenticationDataTimeOut"));
+ assertEquals("600", result.get("authenticationSessionTimeOut"));
+ assertEquals("120", result.get("authenticationDataTimeOut"));
+ }
+
+ public void testOAConfigurationProvider() throws Exception
+ {
+ OAProxyParameter[] result = provider.getOnlineApplicationParameters();
+ // für jeden Parameter müsste theoretisch bereits ein Provider instanziiert worden sein,
+ // aus diesem Grund braucht man NICHT mehr die File-URL anzugeben, PublicURLPrefix reicht
+
+ // sollte ParamAuth sein
+ OAConfiguration oac1 = result[0].getOaConfiguration();
+ assertEquals(OAConfiguration.PARAM_AUTH, oac1.getAuthType());
+ assertEquals("MOADateOfBirth", oac1.getParamAuthMapping().get("Param1"));
+ assertEquals("MOAVPK", oac1.getParamAuthMapping().get("Param2"));
+ // sollte HeaderAuth sein
+ OAConfiguration oac2 = result[1].getOaConfiguration();
+ assertEquals(OAConfiguration.HEADER_AUTH, oac2.getAuthType());
+ assertEquals("MOAPublicAuthority", oac2.getHeaderAuthMapping().get("Param1"));
+ assertEquals("MOABKZ", oac2.getHeaderAuthMapping().get("Param2"));
+ assertEquals("MOAQualifiedCertificate", oac2.getHeaderAuthMapping().get("Param3"));
+ assertEquals("MOAZMRZahl", oac2.getHeaderAuthMapping().get("Param4"));
+ assertEquals("MOAIPAddress", oac2.getHeaderAuthMapping().get("Param5"));
+
+ // sollte BasicAuth sein
+ OAConfiguration oac3 = result[2].getOaConfiguration();
+ assertEquals(OAConfiguration.BASIC_AUTH, oac3.getAuthType());
+ assertEquals("MOAGivenName", oac3.getBasicAuthUserIDMapping());
+ assertEquals("MOAFamilyName", oac3.getBasicAuthPasswordMapping());
+ //Fehlerfall:
+
+
+ }
+}
diff --git a/id.server/src/test/at/gv/egovernment/moa/id/proxy/AllTests.java b/id.server/src/test/at/gv/egovernment/moa/id/proxy/AllTests.java
new file mode 100644
index 000000000..2dd6cd35e
--- /dev/null
+++ b/id.server/src/test/at/gv/egovernment/moa/id/proxy/AllTests.java
@@ -0,0 +1,31 @@
+package test.at.gv.egovernment.moa.id.proxy;
+
+import test.at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilderTest;
+import test.at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParserTest;
+import junit.awtui.TestRunner;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AllTests {
+
+ public static Test suite() {
+ TestSuite suite = new TestSuite();
+
+ suite.addTestSuite(SAMLRequestBuilderTest.class);
+ suite.addTestSuite(SAMLResponseParserTest.class);
+
+ return suite;
+ }
+
+ public static void main(String[] args) {
+ try {
+ TestRunner.run(AllTests.class);
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
diff --git a/id.server/src/test/at/gv/egovernment/moa/id/proxy/builder/DOMTreeCompare.java b/id.server/src/test/at/gv/egovernment/moa/id/proxy/builder/DOMTreeCompare.java
new file mode 100644
index 000000000..aec14ce1c
--- /dev/null
+++ b/id.server/src/test/at/gv/egovernment/moa/id/proxy/builder/DOMTreeCompare.java
@@ -0,0 +1,462 @@
+package test.at.gv.egovernment.moa.id.proxy.builder;
+
+import java.io.PrintStream;
+import java.util.ArrayList;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.w3c.dom.Text;
+
+import at.gv.egovernment.moa.util.Base64Utils;
+
+/**
+ * @author Administrator
+ *
+ * To change this generated comment edit the template variable "typecomment":
+ * Window>Preferences>Java>Templates.
+ * To enable and disable the creation of type comments go to
+ * Window>Preferences>Java>Code Generation.
+ */
+public class DOMTreeCompare {
+
+ boolean debug = true;
+
+ private static PrintStream Log = null;
+
+ static
+ {
+ Log = System.out;
+ }
+
+ public boolean compareElements(Element root1, Element root2)
+ {
+ //Log.println("----- Compare Elements:"+root1.getNodeName()+" "+root2.getNodeName());
+ filterTree(root1);
+ filterTree(root2);
+ return compareNodes(root1,root2,0,"root/",false);
+ }
+
+ private boolean compareNodes(Node n1, Node n2, int level,String path,boolean attribute)
+ {
+ /*try {
+ Log.println(DOMUtils.serializeNode(n1));
+ }
+ catch(Exception e)
+ {
+ e.printStackTrace();
+ }*/
+ boolean equal = false;
+ //Log.println("----- Compare Node "+level+":"+n1+" "+n2);
+ //Log.println("----- Compare Node "+level+":"+n1.getNodeName()+" "+n2.getNodeName());
+ //Log.println("----- Checking:"+path+getPathString(n1));
+ NodeList nl1 = n1.getChildNodes();
+ NodeList nl2 = n2.getChildNodes();
+
+ int size1 = nl1.getLength();
+ int size2 = nl2.getLength();
+
+ if(debug)display_one(n1);
+ if(debug)display_one(n2);
+
+
+ if(debug)
+ if(n1.getNodeName().equals("Base64Content") && n2.getNodeName().equals("Base64Content"))
+ {
+ try {
+ Log.println("CONT:"+new String(Base64Utils.decode(strip(n1.getChildNodes().item(0).getNodeValue()),false)));
+ Log.println("CONT:"+new String(Base64Utils.decode(strip(n2.getChildNodes().item(0).getNodeValue()),false)));
+ }
+ catch(Exception e)
+ {
+ e.printStackTrace();
+ }
+ }
+
+ if(size1 != size2)
+ {
+ Log.println("----- Anzahl der Kinder nicht gleich:"+path+getPathString(n1)+":"+getPathString(n2));
+ return false;
+ }
+
+ equal = compareNodeExact(n1,n2,level,path+getPathString(n1)+"/");
+ if(!equal)
+ {
+ Log.println("----- Knoten sind nicht identisch:"+path+getPathString(n1));
+ return false;
+ }
+
+ if(n1.hasAttributes() || n2.hasAttributes())
+ {
+ equal = compareNodeAttriubtes(n1,n2,level+1,path+getPathString(n1)+"/(a)");
+ if(!equal)
+ {
+ Log.println("----- Attribute stimmen nicht überein:"+path+getPathString(n1));
+ return false;
+ }
+ }
+ if(size1==0)
+ {
+ return true;
+ }
+
+ for(int counter=0;counter<size1;counter++)
+ {
+ boolean found = false;
+ Node comp_n1 = nl1.item(counter);
+
+ //if(comp_n1==null) return false;
+
+ Node comp_n2 = null;
+ size2 = nl2.getLength();
+ for(int counter2=0;counter2<size2;counter2++)
+ {
+ comp_n2 = nl2.item(counter2);
+
+ /*equal = compareNodeExact(comp_n1,comp_n2,level+1);
+ if(equal) return false;*/
+ //Log.println("COMP_N1:"+comp_n1);
+ //Log.println("COMP_N2:"+comp_n2);
+ equal = compareNodes(comp_n1,comp_n2,level+1,path+getPathString(comp_n1)+"/",false);
+ if(equal)
+ {
+ n2.removeChild(comp_n2);
+ counter2=size2;
+ nl2 = n2.getChildNodes();
+ size2 = nl2.getLength();
+ }
+
+ }
+
+ if(!equal)
+ {
+ Log.println("----- Keine Übereinstimmung gefunden:"+path+getPathString(comp_n1));
+ return false;
+ }
+ }
+ return true;
+ }
+
+ private boolean compareNodeExact(Node n1,Node n2,int level,String path)
+ {
+ if(n1.getNodeType() == Node.TEXT_NODE)
+ {
+ Text textnode = (Text)n1;
+ /*Log.println("----- *****"+textnode.getNodeName());
+ Log.println("----- *****"+textnode.getParentNode().getNodeName());
+ Log.println("----- *****"+textnode.getNodeValue());*/
+ }
+
+ //Log.println("----- Checking:"+path);
+ String n1_name = n1.getNodeName();
+ String n2_name = n2.getNodeName();
+ /*Log.println("----- !!!!!"+n1.getNodeName());
+ Log.println("----- !!!!!"+n1.getNodeValue());
+ Log.println("----- !!!!!"+n1.getLocalName());
+ Log.println("----- !!!!!"+n1.getPrefix());
+ Log.println("----- !!!!!"+n1.getNextSibling());
+ Log.println("----- !!!!!"+n1.getPreviousSibling());*/
+
+ //Log.println("----- Compare Node "+level+":"+n1_name+" "+n2_name);
+ if(!((n1_name==null && n2_name==null) ||
+ (n1_name!=null && n2_name!=null && n1_name.equals(n2_name))))
+ {
+ Log.println("----- Name stimmt nicht überein:"+path);
+ return false;
+ }
+
+ //Log.println("----- Compare Node "+level+":"+n1.getNodeType()+" "+n2.getNodeType());
+ if(n1.getNodeType() != n2.getNodeType())
+ {
+ Log.println("----- Knotentyp stimmt nicht überein:"+path);
+ return false;
+ }
+
+ String n1_ns = n1.getPrefix();
+ String n2_ns = n2.getPrefix();
+ //Log.println("----- Compare Node "+level+":"+n1_ns+" "+n2_ns);
+ if(!((n1_ns==null && n2_ns==null) ||
+ (n1_ns!=null && n2_ns!=null && n1_ns.equals(n2_ns))))
+ {
+ Log.println("----- NameSpace stimmt nicht überein:"+path);
+ return false;
+ }
+
+ String n1_value = n1.getNodeValue();
+ String n2_value = n2.getNodeValue();
+
+ boolean special = false;
+ special = specialValues(n1_value,n2_value,path);
+ if(special) return true;
+
+ //Log.println("----- Compare Node "+level+":"+n1_value+" "+n2_value);
+ if(!((n1_value==null && n2_value==null) ||
+ (n1_value!=null && n2_value!=null && n1_value.equals(n2_value))))
+ {
+ Log.println("----- Wert stimmt nicht überein:"+path);
+ Log.println("----- Value1:\n"+n1_value);
+ Log.println("----- Value2:\n"+n2_value);
+ return false;
+ }
+
+
+ return true;
+ }
+
+ private boolean compareNodeAttriubtesWithoutSize(Node n1, Node n2, int level,String path)
+ {
+ return true;
+ }
+
+ private boolean compareNodeAttriubtes(Node n1, Node n2, int level,String path)
+ {
+ //Log.println("----- Compare NodeAttributes "+level+":"+n1.getNodeName()+" "+n2.getNodeName());
+ Element n1elem = (Element)n1;
+ Element n2elem = (Element)n2;
+
+ NamedNodeMap nnm1 = n1.getAttributes();
+ NamedNodeMap nnm2 = n2.getAttributes();
+
+ int size1 = 0;
+ int size2 = 0;
+
+ boolean specialattrs = specialAttributesSize(path);
+
+ if(!specialattrs)
+ {
+
+ if(nnm1==null && nnm2==null) return true;
+ if(nnm1==null || nnm2==null)
+ {
+ Log.println("----- Anzahl der Attribute nicht gleich:"+path+":"+getPathString(n1));
+ return false;
+ }
+ size1 = nnm1.getLength();
+ size2 = nnm2.getLength();
+
+ if(size1 != size2)
+ {
+ Log.println("----- Anzahl der Attribute nicht gleich:"+path+":"+getPathString(n1));
+ return false;
+ }
+
+ }
+ else
+ {
+ return compareNodeAttriubtesWithoutSize(n1,n2,level,path);
+ }
+
+ for(int counter=0;counter<size1;counter++)
+ {
+ Node attribute_node1 = nnm1.item(counter);
+ Node attribute_node2 = nnm2.item(counter);
+
+ String attr1_name = attribute_node1.getNodeName();
+ String attr2_name = attribute_node2.getNodeName();
+
+ String value1 = n1elem.getAttribute(attr1_name);
+ String value2 = n2elem.getAttribute(attr2_name);
+
+ boolean special = false;
+
+ special = specialAttributes(path,attr1_name,value1,attr2_name,value2);
+ if(special)
+ {
+ return special;
+ }
+
+ if(!value1.equals(value2))
+ {
+ Log.println("----- Keine Übereinstimmung gefunden:"+path+getPathString(n1));
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ private boolean checkNode(Node base,String name)
+ {
+ if(base.getNodeName().equals(name))
+ {
+ return true;
+ }
+
+ NodeList children = base.getChildNodes();
+ int size = children.getLength();
+ for(int counter=0;counter<size;counter++)
+ {
+ boolean found = checkNode(children.item(counter),name);
+ if(found) return true;
+ }
+ return false;
+ }
+
+ private void display_one(Node base)
+ {
+ int att_size=0;
+ if(base.getAttributes()!=null)
+ {
+ att_size=base.getAttributes().getLength();
+ }
+ if(base.getNodeName().equals("#text"))
+ Log.println(base.getNodeName()+base.getChildNodes().getLength()+":"+att_size+" ("+base.getNodeValue()+")");
+ else
+ Log.println(base.getNodeName()+base.getChildNodes().getLength()+":"+att_size);
+ }
+
+ private void display(Node base)
+ {
+ display(base,1);
+ }
+
+ private void display(Node base,int level)
+ {
+ String spacer = "";
+ for(int counter=0;counter<level;counter++)
+ {
+ spacer+=" ";
+ }
+
+ int att_size=0;
+ if(base.getAttributes()!=null)
+ {
+ att_size=base.getAttributes().getLength();
+ }
+ if(base.getNodeName().equals("#text"))
+ Log.println(spacer+base.getNodeName()+base.getChildNodes().getLength()+":"+att_size+" ("+base.getNodeValue()+")");
+ else
+ Log.println(spacer+base.getNodeName()+base.getChildNodes().getLength()+":"+att_size);
+
+ NodeList children = base.getChildNodes();
+ int size = children.getLength();
+ for(int counter=0;counter<size;counter++)
+ {
+ display(children.item(counter),level+1);
+ }
+ }
+
+ private void filterTree(Node base)
+ {
+ ArrayList removeList = new ArrayList();
+
+ NodeList children = base.getChildNodes();
+ int size = children.getLength();
+ for(int counter=0;counter<size;counter++)
+ {
+ Node child1 = children.item(counter);
+ if(child1.getNodeType() == Node.TEXT_NODE && child1.getNodeValue().trim().equals(""))
+ {
+ removeList.add(child1);
+ }
+ }
+
+ size = removeList.size();
+ for(int counter=0;counter<size;counter++)
+ {
+ base.removeChild((Node)removeList.get(counter));
+ }
+
+ children = base.getChildNodes();
+ size = children.getLength();
+ for(int counter=0;counter<size;counter++)
+ {
+ filterTree(children.item(counter));
+ }
+
+ }
+
+ private String getPathString(Node n)
+ {
+ if(n.getNodeType()==Node.TEXT_NODE)
+ {
+ return n.getParentNode().getNodeName()+"(text)";
+ }
+ else
+ {
+ return n.getNodeName();
+ }
+
+ }
+
+ public boolean specialAttributes(String path,String attr1_name,String value1,String attr2_name,String value2)
+ {
+ //if(value1.startsWith("reference-") && value2.startsWith("reference-")) return true;
+ //if(value1.startsWith("signature-") && value2.startsWith("signature-")) return true;
+
+ return false;
+ }
+
+ public boolean specialAttributesSize(String path)
+ {
+ //if(path.endsWith("/xsl:template/(a)")) return true;
+ return false;
+ }
+
+ public boolean specialValues(String value1,String value2,String path)
+ {
+
+ //Log.println(path);
+ /*if(ignoreSignatureValue)
+ {
+ if(path.endsWith("/dsig:SignatureValue(text)/"))
+ {
+ return true;
+ }
+ }
+ else
+ {
+ if(path.endsWith("/dsig:SignatureValue(text)/"))
+ {
+ String stripped_1 = strip(value1);
+ String stripped_2 = strip(value2);
+ return stripped_1.equals(stripped_2);
+ }
+ }*/
+
+ return false;
+ }
+
+ private String strip(String input)
+ {
+ String output = replaceStringAll(input," ","");
+ output = replaceStringAll(output,"\n","");
+ output = replaceStringAll(output,"\r","");
+ return output;
+ }
+
+ private static String replaceStringAll(
+ String input,
+ String oldPart,
+ String newPart)
+ {
+
+ String erg = null;
+
+ int pos = input.indexOf(oldPart);
+ if(pos==-1) return input;
+
+ while(true)
+ {
+
+ //First Part
+ pos = input.indexOf(oldPart);
+ if(pos==-1) break;
+ erg = input.substring(0, pos);
+
+ //Insert new Part
+ erg += newPart;
+
+ //insert REST
+ erg
+ += input.substring(
+ input.indexOf(oldPart) + oldPart.length(),
+ input.length());
+
+ input = erg;
+ }
+ return erg;
+ }
+
+}
diff --git a/id.server/src/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilderTest.java b/id.server/src/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilderTest.java
new file mode 100644
index 000000000..b6eda3c39
--- /dev/null
+++ b/id.server/src/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilderTest.java
@@ -0,0 +1,32 @@
+package test.at.gv.egovernment.moa.id.proxy.builder;
+
+import org.w3c.dom.Element;
+
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
+import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+/*
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SAMLRequestBuilderTest extends UnitTestCase {
+
+ public SAMLRequestBuilderTest(String arg0) {
+ super(arg0);
+ }
+
+ public void testBuild() throws Exception {
+ String requestID = "123";
+ String samlArtifact = new SAMLArtifactBuilder().build("https://moa.gv.at/auth/", "12345678901234567890");
+ String REQUEST_SHOULD = "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" RequestID=\"" +
+ requestID + "\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"IGNORE\">" +
+ "<samlp:AssertionArtifact>" + samlArtifact + "</samlp:AssertionArtifact>" +
+ "</samlp:Request>";
+ Element request = new SAMLRequestBuilder().build(requestID, samlArtifact);
+ Element requestShould = DOMUtils.parseDocument(REQUEST_SHOULD, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+ assertTrue(new SAMLRequestCompare().compareElements(requestShould, request));
+ }
+
+}
diff --git a/id.server/src/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestCompare.java b/id.server/src/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestCompare.java
new file mode 100644
index 000000000..5685129a1
--- /dev/null
+++ b/id.server/src/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestCompare.java
@@ -0,0 +1,19 @@
+package test.at.gv.egovernment.moa.id.proxy.builder;
+
+/*
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SAMLRequestCompare extends test.at.gv.egovernment.moa.id.proxy.builder.DOMTreeCompare {
+
+
+ /*
+ * @see at.gv.egovernment.moa.util.SAMLRequestCompare#specialAttributes(java.lang.String, java.lang.String)
+ */
+ public boolean specialAttributes(String path,String attr1_name,String value1,String attr2_name,String value2) {
+ if(attr1_name.equals("IssueInstant"))
+ return true;
+ return false;
+ }
+
+}
diff --git a/id.server/src/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java b/id.server/src/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java
new file mode 100644
index 000000000..39e7240d1
--- /dev/null
+++ b/id.server/src/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java
@@ -0,0 +1,180 @@
+package test.at.gv.egovernment.moa.id.proxy.parser;
+
+import org.w3c.dom.Element;
+
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.SAMLStatus;
+import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+/*
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SAMLResponseParserTest extends UnitTestCase {
+
+ public SAMLResponseParserTest(String arg0) {
+ super(arg0);
+ }
+
+ public void testParse() throws Exception {
+ String samlResponse =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+ "<samlp:Response xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\"" +
+ " ResponseID=\"\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-03-29T06:00:00+02:00\">" +
+ "<samlp:Status>" +
+ "<samlp:StatusCode Value=\"samlp:Success\"><samlp:StatusCode Value=\"samlp:Success\"></samlp:StatusCode></samlp:StatusCode>" +
+ "<samlp:StatusMessage>Ollas leiwand</samlp:StatusMessage>" +
+ "</samlp:Status>" +
+"<saml:Assertion xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:pr=\"http://reference.e-government.gv.at/namespace/persondata/20020228#\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" MajorVersion=\"1\" MinorVersion=\"0\" AssertionID=\"-4633313027464114584\" Issuer=\"http://localhost:8080/moa-id-auth/\" IssueInstant=\"2003-04-02T14:55:42+02:00\">" +
+ "<saml:AttributeStatement>" +
+ "<saml:Subject>" +
+ "<saml:NameIdentifier NameQualifier=\"http://reference.e-government.gv.at/names/vpk/20020221#\">MTk2OC0xMC0yMmdi</saml:NameIdentifier>" +
+ "<saml:SubjectConfirmation>" +
+ "<saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>" +
+ "<saml:SubjectConfirmationData>" +
+ "<saml:Assertion xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" MajorVersion=\"1\" MinorVersion=\"0\" AssertionID=\"any\" Issuer=\"Hermann Muster\" IssueInstant=\"2003-04-02T14:55:27+02:00\">" +
+ "<saml:AttributeStatement>" +
+ "<saml:Subject>" +
+ "<saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>" +
+ "</saml:Subject>" +
+ "<saml:Attribute AttributeName=\"Geschäftsbereich\" AttributeNamespace=\"http://reference.e-government.gv.at/namespace/moa/20020822#\">" +
+ "<saml:AttributeValue>gb</saml:AttributeValue>" +
+ "</saml:Attribute>" +
+ "<saml:Attribute AttributeName=\"OA\" AttributeNamespace=\"http://reference.e-government.gv.at/namespace/moa/20020822#\">" +
+ "<saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>" +
+ "</saml:Attribute>" +
+ "</saml:AttributeStatement>" +
+ "</saml:Assertion>" +
+ "<saml:Assertion AssertionID=\"zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474\" IssueInstant=\"2003-02-12T20:28:34.474\" Issuer=\"http://zmr.bmi.gv.at/zmra/names#Issuer\" MajorVersion=\"1\" MinorVersion=\"0\" xmlns:pr=\"http://reference.e-government.gv.at/namespace/persondata/20020228#\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">" +
+ "<saml:AttributeStatement>" +
+ "<saml:Subject>" +
+ "<saml:SubjectConfirmation>" +
+ "<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>" +
+ "<saml:SubjectConfirmationData>" +
+ "<pr:Person xsi:type=\"pr:PhysicalPersonType\">" +
+ "<pr:Identification>" +
+ "<pr:Value>123456789012</pr:Value>" +
+ "<pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>" +
+ "</pr:Identification>" +
+ "<pr:Name>" +
+ "<pr:GivenName>Hermann</pr:GivenName>" +
+ "<pr:FamilyName primary=\"undefined\">Muster</pr:FamilyName>" +
+ "</pr:Name>" +
+ "<pr:DateOfBirth>1968-10-22</pr:DateOfBirth>" +
+ "</pr:Person>" +
+ "</saml:SubjectConfirmationData>" +
+ "</saml:SubjectConfirmation>" +
+ "</saml:Subject>" +
+ "<saml:Attribute AttributeName=\"CitizenPublicKey\" AttributeNamespace=\"http://www.buergerkarte.at/namespaces/personenbindung/20020506#\">" +
+ "<saml:AttributeValue>" +
+ "<dsig:RSAKeyValue xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">" +
+ "<dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a f2daYYuO8dycQw3xg6U=</dsig:Modulus>" +
+ "<dsig:Exponent>AQAB</dsig:Exponent>" +
+ "</dsig:RSAKeyValue>" +
+ "</saml:AttributeValue>" +
+ "</saml:Attribute>" +
+ "<saml:Attribute AttributeName=\"CitizenPublicKey\" AttributeNamespace=\"http://www.buergerkarte.at/namespaces/personenbindung/20020506#\">" +
+ "<saml:AttributeValue>" +
+ "<dsig:RSAKeyValue xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">" +
+ "<dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn pIpdAwR9sw5xnIvTySc=</dsig:Modulus>" +
+ "<dsig:Exponent>AQAB</dsig:Exponent>" +
+ "</dsig:RSAKeyValue>" +
+ "</saml:AttributeValue>" +
+ "</saml:Attribute>" +
+ "</saml:AttributeStatement>" +
+ "<dsig:Signature xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">" +
+ "<dsig:SignedInfo>" +
+ "<dsig:CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\"/>" +
+ "<dsig:SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"/>" +
+ "<dsig:Reference URI=\"\">" +
+ "<dsig:Transforms>" +
+ "<dsig:Transform Algorithm=\"http://www.w3.org/TR/1999/REC-xpath-19991116\">" +
+ "<dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath>" +
+ "</dsig:Transform>" +
+ "<dsig:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/>" +
+ "</dsig:Transforms>" +
+ "<dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>" +
+ "<dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue>" +
+ "</dsig:Reference>" +
+ "<dsig:Reference Type=\"http://www.w3.org/2000/09/xmldsig#Manifest\" URI=\"\">" +
+ "<dsig:Transforms>" +
+ "<dsig:Transform Algorithm=\"http://www.w3.org/TR/1999/REC-xpath-19991116\">" +
+ "<dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath>" +
+ "</dsig:Transform>" +
+ "</dsig:Transforms>" +
+ "<dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>" +
+ "<dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue>" +
+ "</dsig:Reference>" +
+ "</dsig:SignedInfo>" +
+ "<dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz 5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP 3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue>" +
+ "<dsig:KeyInfo>" +
+ "<dsig:X509Data>" +
+ "<dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3 +UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0 lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2 fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0 Btxup/kgjGMnnS7C</dsig:X509Certificate>" +
+ "<dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia 2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv 7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate>" +
+ "<dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB /wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 kFfp23o/juVtJNw=</dsig:X509Certificate>" +
+ "</dsig:X509Data>" +
+ "</dsig:KeyInfo>" +
+ "<dsig:Object>" +
+ "<dsig:Manifest>" +
+ "<dsig:Reference URI=\"\">" +
+ "<dsig:Transforms>" +
+ "<dsig:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/>" +
+ "</dsig:Transforms>" +
+ "<dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>" +
+ "<dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue>" +
+ "</dsig:Reference>" +
+ "</dsig:Manifest>" +
+ "</dsig:Object>" +
+ "</dsig:Signature>" +
+ "</saml:Assertion>" +
+ "</saml:SubjectConfirmationData>" +
+ "</saml:SubjectConfirmation>" +
+ "</saml:Subject>" +
+ "<saml:Attribute AttributeName=\"PersonData\" AttributeNamespace=\"http://reference.e-government.gv.at/namespace/persondata/20020228#\">" +
+ "<saml:AttributeValue>" +
+ "<pr:Person xsi:type=\"pr:PhysicalPersonType\">" +
+ "<pr:Identification>" +
+ "<pr:Value>123456789012</pr:Value>" +
+ "<pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>" +
+ "</pr:Identification>" +
+ "<pr:Name>" +
+ "<pr:GivenName>Hermann</pr:GivenName>" +
+ "<pr:FamilyName primary=\"undefined\">Muster</pr:FamilyName>" +
+ "</pr:Name>" +
+ "<pr:DateOfBirth>1968-10-22</pr:DateOfBirth>" +
+ "</pr:Person>" +
+ "</saml:AttributeValue>" +
+ "</saml:Attribute>" +
+ "<saml:Attribute AttributeName=\"isQualifiedCertificate\" AttributeNamespace=\"http://reference.e-government.gv.at/namespace/moa/20020822#\">" +
+ "<saml:AttributeValue>true</saml:AttributeValue>" +
+ "</saml:Attribute>" +
+ "</saml:AttributeStatement>" +
+"</saml:Assertion>" +
+ "</samlp:Response>";
+
+ Element samlResponseElem =
+ DOMUtils.parseDocument(samlResponse, true, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+ SAMLResponseParser parser = new SAMLResponseParser(samlResponseElem);
+ SAMLStatus status = parser.parseStatusCode();
+ assertEquals("samlp:Success", status.getStatusCode());
+ assertEquals("samlp:Success", status.getSubStatusCode());
+ assertEquals("Ollas leiwand", status.getStatusMessage());
+ AuthenticationData authData = parser.parseAuthenticationData();
+ assertEquals(1, authData.getMajorVersion());
+ assertEquals(0, authData.getMinorVersion());
+ assertEquals("-4633313027464114584", authData.getAssertionID());
+ assertEquals("http://localhost:8080/moa-id-auth/", authData.getIssuer());
+ assertEquals("2003-04-02T14:55:42+02:00", authData.getIssueInstant());
+ assertEquals("123456789012", authData.getIdentificationValue());
+ assertEquals("MTk2OC0xMC0yMmdi", authData.getVPK());
+ assertEquals("Hermann", authData.getGivenName());
+ assertEquals("Muster", authData.getFamilyName());
+ assertEquals("1968-10-22", authData.getDateOfBirth());
+ assertTrue(authData.isQualifiedCertificate());
+ assertFalse(authData.isPublicAuthority());
+ }
+}
diff --git a/id.server/src/test/at/gv/egovernment/moa/id/util/SSLUtilsTest.java b/id.server/src/test/at/gv/egovernment/moa/id/util/SSLUtilsTest.java
new file mode 100644
index 000000000..351ca0bd5
--- /dev/null
+++ b/id.server/src/test/at/gv/egovernment/moa/id/util/SSLUtilsTest.java
@@ -0,0 +1,92 @@
+package test.at.gv.egovernment.moa.id.util;
+
+import iaik.pki.jsse.IAIKX509TrustManager;
+
+import java.net.URL;
+import java.security.Security;
+
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLSocketFactory;
+
+import com.sun.net.ssl.HttpsURLConnection;
+
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
+import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
+import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+/*
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SSLUtilsTest extends UnitTestCase {
+
+ public SSLUtilsTest(String name) {
+ super(name);
+ }
+
+ protected void setUp() throws Exception {
+ //System.setProperty("javax.net.debug", "all");
+ Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+ System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
+ IAIKX509TrustManager.initLog(new LoggerConfigImpl("file:" + TESTDATA_ROOT + "conf/log4j.properties"));
+ System.setProperty("https.cipherSuites", "SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5");
+ }
+
+ public void testVerisignOK() throws Exception {
+ doTestOA("conf/ConfigurationTest.xml", "http://verisign.moa.gv.at/", true, null);
+ }
+ public void testATrustOK() throws Exception {
+ doTestOA("conf/ConfigurationTest.xml", "http://a-trust.moa.gv.at/", true, null);
+ }
+ public void testBaltimoreOK() throws Exception {
+ doTestOA("conf/ConfigurationTest.xml", "http://baltimore.moa.gv.at/", true, null);
+ }
+ public void testCIOOK() throws Exception {
+ doTestOA("conf/ConfigurationTest.xml", "http://cio.moa.gv.at/", true, null);
+ }
+ public void testMOASPOK() throws Exception {
+ System.setProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME,
+ TESTDATA_ROOT + "conf/ConfigurationTest.xml");
+ ConnectionParameter connParam = AuthConfigurationProvider.getInstance().getMoaSpConnectionParameter();
+ doTest(connParam, true, null);
+ }
+ private void doTestOA(String configFile, String publicURLPrefix, boolean shouldOK, String exMessageFragment) throws Exception {
+ System.setProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME,
+ TESTDATA_ROOT + configFile);
+ ProxyConfigurationProvider proxyConf =
+ ProxyConfigurationProvider.getInstance();
+ OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(publicURLPrefix);
+ ConnectionParameter connParam = oaParam.getConnectionParameter();
+ doTest(connParam, shouldOK, exMessageFragment);
+ }
+ private void doTest(ConnectionParameter connParam, boolean shouldOK, String exMessageFragment) throws Exception {
+ SSLUtils.initialize();
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+ SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(authConf, connParam);
+ URL url = new URL(connParam.getUrl());
+ HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
+ conn.setRequestMethod("GET");
+ conn.setDoInput(true);
+ conn.setDoOutput(true);
+ conn.setUseCaches(false);
+ conn.setAllowUserInteraction(false);
+ conn.setSSLSocketFactory(ssf);
+ try {
+ conn.connect();
+ assertTrue(shouldOK);
+ assertEquals(200, conn.getResponseCode());
+ conn.disconnect();
+ }
+ catch (SSLException ex) {
+ ex.printStackTrace();
+ assertFalse(shouldOK);
+ assertTrue(ex.getMessage().indexOf(exMessageFragment) >= 0);
+ }
+ }
+
+}
diff --git a/id.server/src/test/lasttest/Dispatcher.java b/id.server/src/test/lasttest/Dispatcher.java
new file mode 100644
index 000000000..ad8f10fb4
--- /dev/null
+++ b/id.server/src/test/lasttest/Dispatcher.java
@@ -0,0 +1,64 @@
+package test.lasttest;
+
+/**
+ * @author Stefan Knirsch
+ * @version $Id$
+ *
+ */
+public class Dispatcher extends Thread {
+ private LasttestClient parent = null;
+ private int max;
+ private int turns;
+ private int turn_counter;
+ private int turn;
+ private int time;
+ private long sum;
+ private int turnnum;
+
+ public Dispatcher(LasttestClient parent, int max, int turns, int time, long sum) {
+ this.parent = parent;
+ this.max = max;
+ this.turns = turns;
+ this.time = time;
+ this.sum = sum;
+ turnnum=0;
+ }
+
+ public void run() {
+ this.setPriority(Thread.NORM_PRIORITY + 1);
+ System.out.println("Dispatcher wird gestartet...");
+ TestThread[] old_reqs = buildRequests(0);
+ for (turn_counter = 0; turns == 0 ? true : (turn_counter < turns); turn_counter++) {
+ try {
+// LasttestClient.Log.write(("Starte Durchlauf " + turn_counter + "\n").getBytes());
+ }
+ catch (Exception e) {}
+
+// System.out.println("Starte Durchlauf " + turn_counter);
+ turn = turn_counter;
+ if (turns == 0)
+ turn_counter--;
+ TestThread[] reqs = buildRequests(turn_counter);
+ for (int counter = 0; counter < max; counter++) {
+ old_reqs[counter].start();
+ }
+ old_reqs = reqs;
+ try {
+ Thread.sleep(time);
+ }
+ catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+ parent.stop = true;
+ }
+
+ public TestThread[] buildRequests(int turnNo) {
+ TestThread[] ret = new TestThread[max];
+ for (int counter = 0; counter < max; counter++) {
+// turnnum ++;
+ ret[counter] = new TestThread(parent, turnNo);
+ }
+ return ret;
+ }
+}
diff --git a/id.server/src/test/lasttest/HostnameVerifierHack.java b/id.server/src/test/lasttest/HostnameVerifierHack.java
new file mode 100644
index 000000000..cf34b621a
--- /dev/null
+++ b/id.server/src/test/lasttest/HostnameVerifierHack.java
@@ -0,0 +1,13 @@
+package test.lasttest;
+
+import com.sun.net.ssl.HostnameVerifier;
+
+/**
+ * @author Stefan Knirsch
+ * @version $Id$
+ *
+ */
+public class HostnameVerifierHack implements HostnameVerifier{
+ public boolean verify(String arg0, String arg1) {
+ return true;
+ }}
diff --git a/id.server/src/test/lasttest/LasttestClient.java b/id.server/src/test/lasttest/LasttestClient.java
new file mode 100644
index 000000000..bad5161ba
--- /dev/null
+++ b/id.server/src/test/lasttest/LasttestClient.java
@@ -0,0 +1,218 @@
+package test.lasttest;
+
+import java.io.FileOutputStream;
+import java.io.OutputStream;
+import java.io.PrintStream;
+import java.security.Security;
+import java.util.Date;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.StreamUtils;
+import at.gv.egovernment.moa.util.URLDecoder;
+import at.gv.egovernment.moa.util.URLEncoder;
+import com.sun.net.ssl.HttpsURLConnection;
+
+/**
+ * @author Sven
+ *
+ * To change this generated comment edit the template variable "typecomment":
+ * Window>Preferences>Java>Templates.
+ * To enable and disable the creation of type comments go to
+ * Window>Preferences>Java>Code Generation.
+ *
+ * Aufruf: Requestdatei (==null), ServerURL, Anzahl der Requests pro Sekunde, Anzahl der Wiederholungen
+ * z.b. "data/CX0/TestGeneratorCX0.001.Req.xml" "http://127.0.0.1:8080/" 5 100
+ *
+ * ==> GEÄNDERT: ersten 2 Parameter gekillt... nur noch 5 100
+ */
+public class LasttestClient {
+
+ protected static final String TESTDATA_ROOT = "data/abnahme-test/";
+ protected static final String MOA_AUTH_SERVER = "https://localhost:8443/moa-id-auth/";
+ protected AuthenticationServer server;
+
+ public int max_thread_count = 300;
+ public int thread_counter = 0;
+ public int error_count = 0;
+ public int turns = 0;
+ public long sum = 0;
+ public long max = 0;
+ public long min = Long.MAX_VALUE;
+
+ public static PrintStream Log = null;
+
+ public boolean stop = false;
+
+ public static final String trustStore = "javax.net.ssl.trustStore";
+ public static final String trustStorePassword = "javax.net.ssl.trustStorePassword";
+ public static final String handler = "java.protocol.handler.pkgs";
+
+ public void startTest(int req_per_second, int turns, int time) throws Exception {
+ Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+
+ System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
+ System.setProperty("javax.net.ssl.trustStore", "C:/Programme/ApacheGroup/abnahme/server.keystore");
+ System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
+
+ System.setProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME, TESTDATA_ROOT + "xmldata/L000/Configuration.xml");
+
+ AuthConfigurationProvider.reload();
+
+ this.turns = turns;
+
+ boolean result = new TestThread(this,0).doRequest(0);// doTestRequest();
+ if (result) {
+ System.out.println("TestRequest OK. Lasttest wird gestartet.");
+ sum=0;
+ max=0;
+ Dispatcher dp = new Dispatcher(this, req_per_second, turns, time, sum);
+ dp.start();
+ while (!stop) {
+ try {
+ Log.println(new String(("Checking Stop Condition ...(Running " + thread_counter + ", Min " + (min) + ", Max " + (max) + ", " + new Date(System.currentTimeMillis()) + ")")));
+ Log.flush();
+ }
+ catch (Exception e) {}
+
+ System.out.println("Checking Stop Condition ...(Running " + thread_counter + ", Min " + (min) + ", Max " + (max) + ", " + new Date(System.currentTimeMillis()) + ")");
+ Thread.sleep(10000);
+ }
+ System.out.println("Fehler:" + error_count + " (Running " + thread_counter + ", Min " + (min) + ", Max " + (max) + ", " + new Date(System.currentTimeMillis()) + ")");
+ }
+ else {
+ System.out.println("TestRequest lieferte einen Fehler. Lasttest wird nicht gestartet.");
+ }
+ }
+
+
+ public boolean doTestRequest() throws Exception {
+
+ try {
+
+ TestThread tt = new TestThread(null,0);
+
+ // Anmelden
+ String URL = tt.getURL(MOA_AUTH_SERVER, "gb", "http://10.16.126.28:9080/moa-id-proxy/");
+ HttpsURLConnection conn = tt.giveConnection(URL, "GET");
+
+ conn.connect();
+ String result = new String(StreamUtils.readStream(conn.getInputStream()));
+ String MOASessionID = tt.parseSessionIDFromForm(result);
+ conn.disconnect();
+
+ URL = tt.parseDataURL(result);
+ // Verify Identity Link
+ conn = tt.giveConnection(URL, "POST");
+ conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
+ String infoboxReadResponse = tt.readXmldata("InfoboxReadResponse.xml");
+ OutputStream out = conn.getOutputStream();
+ out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes());
+ out.flush();
+ out.close();
+ conn.connect();
+ String redirectLoc = conn.getHeaderField("Location");
+ conn.disconnect();
+ //Verify Auth Block
+ conn = tt.giveConnection(redirectLoc, "POST");
+ String createXMLSignatureResponse = URLEncoder.encode(tt.readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8");
+ out = conn.getOutputStream();
+ out.write(("XMLResponse=" + createXMLSignatureResponse).getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ conn.connect();
+ redirectLoc = conn.getHeaderField("Location");
+ String samlArtifact = tt.parseSamlArtifact(redirectLoc);
+ System.out.println("SamlArtifact: " + samlArtifact);
+
+ conn.disconnect();
+
+ conn = null;
+
+ SAMLRequestBuilder srb = new SAMLRequestBuilder();
+
+ Element erg = tt.doCall(srb.build(MOASessionID, URLDecoder.decode(samlArtifact, "UTF-8")),MOA_AUTH_SERVER);
+ result = DOMUtils.serializeNode(erg);
+ if (result.indexOf("saml:Assertion")<0)
+ {
+ System.err.println("Falsche Antwort vom Webservice:\n" + result);
+ throw new Exception("Falsche Antwort vom Webservice");
+
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN LASTTEST :" + e.getLocalizedMessage());
+ throw e;
+ }
+
+ return true;
+
+ }
+
+ public String replaceString(String input, String oldPart, String newPart) throws Exception {
+ String erg = null;
+
+ //First Part
+ erg = input.substring(0, input.indexOf(oldPart));
+ //Insert new Part
+ erg += newPart;
+
+ //insert REST
+ erg += input.substring(input.indexOf(oldPart) + oldPart.length(), input.length());
+
+ return erg;
+ }
+
+ public static void main(String[] args) throws Exception {
+ Log = new PrintStream(new FileOutputStream("C:/Lasttest.log"));
+ int time = 0;
+ int sek = 0;
+ int turns = 0;
+
+ if (args.length != 3) {
+ System.out.println("Parameteranzahl falsch. Bitte verwenden Sie die Syntax <Request_pro_Zeiteinheit(Zahl)> <Anzahl_der_Durchläufe(Zahl oder INF)> <Zeit_zwischen_Aufrufen_in_ms(Zahl)>");
+ return;
+ }
+
+ try {
+ sek = Integer.parseInt(args[0]);
+ time = Integer.parseInt(args[2]);
+ if (args[1].equals("INF")) {
+ turns = 0;
+ }
+ else
+ turns = Integer.parseInt(args[1]);
+ }
+ catch (NumberFormatException e) {
+ System.out.println("Einer der Parameter (Requestanzahl oder Testanzahl) ist keine Zahl !");
+ return;
+ }
+
+ System.out.println("Starte Lastest mit folgenden Parametern ...");
+ System.out.println("ServerURL: " + MOA_AUTH_SERVER);
+ double reqPerSek = sek*1000;
+ System.out.println("Requests pro Sekunde: " + reqPerSek/time);
+ System.out.println("Durchläufe: " + (turns == 0 ? "INF" : turns + ""));
+
+ Log.println("Starte Lastest mit folgenden Parametern ...");
+ Log.println("ServerURL: " + MOA_AUTH_SERVER);
+ Log.println("Requests pro Sekunde: " + reqPerSek / time);
+ Log.println("Durchläufe: " + (turns == 0 ? "INF" : turns + ""));
+
+
+ try {
+ LasttestClient lc = new LasttestClient();
+ //lc.startTest("data/CX0/TestGeneratorCX0.001.Req.xml","http://161.106.2.255:8080/",10,1000);
+ lc.startTest(sek, turns, time);
+ }
+ catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
+
diff --git a/id.server/src/test/lasttest/TestThread.java b/id.server/src/test/lasttest/TestThread.java
new file mode 100644
index 000000000..0d2973c7f
--- /dev/null
+++ b/id.server/src/test/lasttest/TestThread.java
@@ -0,0 +1,251 @@
+package test.lasttest;
+
+import java.io.OutputStream;
+import java.net.URL;
+import java.util.Vector;
+
+import javax.xml.namespace.QName;
+import javax.xml.rpc.Call;
+import javax.xml.rpc.Service;
+import javax.xml.rpc.ServiceFactory;
+
+import org.apache.axis.message.SOAPBodyElement;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder;
+import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory;
+import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.StreamUtils;
+import at.gv.egovernment.moa.util.URLDecoder;
+import at.gv.egovernment.moa.util.URLEncoder;
+import com.sun.net.ssl.HttpsURLConnection;
+
+/**
+ * @author Stefan Knirsch
+ * @version $Id$
+ *
+ */
+public class TestThread extends Thread {
+ private LasttestClient parent = null;
+ private int turn_no;
+ private Dispatcher disp = null;
+
+ public TestThread( LasttestClient parent, int durchlauf_nr) {
+ turn_no = durchlauf_nr;
+ this.parent = parent;
+
+ }
+
+ protected Element doCall(Element request, String server) throws Exception {
+
+ /* QName serviceName = new QName("GetAuthenticationData");
+
+ String endPoint = server + "services/GetAuthenticationData";
+ Service service = ServiceFactory.newInstance().createService(serviceName);
+ Call call = service.createCall();
+ SOAPBodyElement body = new SOAPBodyElement(request);
+ SOAPBodyElement[] params = new SOAPBodyElement[] { body };
+ Vector responses;
+ SOAPBodyElement response;
+
+
+ System.out.println(DOMUtils.serializeNode(body.getAsDOM()));
+ call.setTargetEndpointAddress(endPoint);
+ System.out.println("Rufe WS auf: " + endPoint);
+ responses = (Vector) call.invoke(params);
+ System.out.println("WS aufgerufen.");
+ response = (SOAPBodyElement) responses.get(0);
+ System.out.println(DOMUtils.serializeNode(response.getAsDOM()));
+ return response.getAsDOM();*/
+
+ QName serviceName = new QName("GetAuthenticationData");
+ String endPoint = server + "services/GetAuthenticationData";
+ Service service = ServiceFactory.newInstance().createService(serviceName);
+ Call call = service.createCall();
+
+ System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
+ System.setProperty("javax.net.ssl.trustStore", "C:/Programme/ApacheGroup/abnahme/server.keystore");
+ System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
+ SOAPBodyElement body = new SOAPBodyElement(request);
+ SOAPBodyElement[] params = new SOAPBodyElement[] { body };
+ Vector responses;
+ SOAPBodyElement response;
+
+ call.setTargetEndpointAddress(endPoint);
+ responses = (Vector) call.invoke(params);
+ response = (SOAPBodyElement) responses.get(0);
+ return response.getAsDOM();
+ }
+
+ public boolean doRequest(int turnNo) throws Exception {
+ long start = System.currentTimeMillis();
+
+ try {
+ LasttestClient.Log.write(("Starte Durchlauf " + turnNo + "\n").getBytes());
+ }
+ catch (Exception e) {}
+
+ System.out.println("Starte Durchlauf " + turnNo);
+ // Anmelden
+ String URL = getURL(LasttestClient.MOA_AUTH_SERVER, "gb", "http://10.16.126.28:9080/moa-id-proxy/");
+ HttpsURLConnection conn = giveConnection(URL, "GET");
+ conn.connect();
+ String result = new String(StreamUtils.readStream(conn.getInputStream()));
+ /*
+ * FOR DEBUG ONLY
+ */
+ // System.out.println(URL);
+ // System.out.println(result);
+ //----------------
+
+ String MOASessionID = parseSessionIDFromForm(result);
+ conn.disconnect();
+
+ URL = parseDataURL(result);
+ // Verify Identity Link
+ conn = giveConnection(URL, "POST");
+ conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
+ String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml");
+ OutputStream out = conn.getOutputStream();
+ out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes());
+ out.flush();
+ out.close();
+ conn.connect();
+
+ /*
+ * FOR DEBUG ONLY
+ */
+ // System.out.println(URL);
+ // System.out.println(new String(StreamUtils.readStream(conn.getInputStream())));
+ //----------------
+
+ String redirectLoc = conn.getHeaderField("Location");
+ conn.disconnect();
+ //Verify Auth Block
+ conn = giveConnection(redirectLoc, "POST");
+ String createXMLSignatureResponse = URLEncoder.encode(readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8");
+ out = conn.getOutputStream();
+ out.write(("XMLResponse=" + createXMLSignatureResponse).getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ conn.connect();
+ redirectLoc = conn.getHeaderField("Location");
+
+ /*
+ * FOR DEBUG ONLY
+ */
+ // System.out.println(redirectLoc);
+ // System.out.println(new String(StreamUtils.readStream(conn.getInputStream())));
+ //----------------
+ String samlArtifact = parseSamlArtifact(redirectLoc);
+
+ // System.out.println("SamlArtifact: " + samlArtifact);
+
+ AxisSecureSocketFactory.initialize(conn.getSSLSocketFactory());
+ conn.disconnect();
+
+ conn = null;
+
+ SAMLRequestBuilder srb = new SAMLRequestBuilder();
+
+ doCall(srb.build(MOASessionID, URLDecoder.decode(samlArtifact, "UTF-8")), LasttestClient.MOA_AUTH_SERVER);
+ // writeXmldata("GetAuthenticationDataWebServiceResponse.xml", result.getBytes("UTF-8"));
+
+ long end = System.currentTimeMillis();
+ long diff = end - start;
+ parent.sum +=diff;
+ if (parent.max < diff) {
+ parent.max = diff;
+ }
+ if (parent.min > diff) {
+ parent.min = diff;
+ }
+ if (turnNo>0) {
+ long totalmem = Runtime.getRuntime().totalMemory();
+ long freemem = Runtime.getRuntime().freeMemory();
+ try {
+ LasttestClient.Log.write(new String("Ende Durchlauf: " + turnNo + " ==> Dauer:" + diff + " Schnitt: " + (parent.sum/turnNo/2) + " Total-Mem: " + totalmem + " Free-Mem: " + freemem + "\n").getBytes());
+ LasttestClient.Log.flush();
+ }
+ catch (Exception e) {}
+ System.out.println(new String("Ende Durchlauf: " + turnNo + " ==> Dauer:" + diff + " Schnitt: " + (parent.sum/turnNo/2) + " Total-Mem: " + totalmem + " Free-Mem: " + freemem));
+ }
+ return true;
+
+ }
+
+ public String getSubString(String input, String startsWith, String endsWith) {
+ return input.substring(input.indexOf(startsWith) + startsWith.length(), input.indexOf(endsWith, input.indexOf(startsWith) + startsWith.length()));
+ }
+
+ public String getURL(String authURL, String target, String oaURL) {
+ return authURL + "StartAuthentication?Target=" + target + "&OA=" + oaURL;
+ }
+
+ public HttpsURLConnection giveConnection(String targetURL, String requestMethod) throws Exception {
+ HttpsURLConnection conn = (HttpsURLConnection) new URL(targetURL).openConnection();
+ conn.setRequestMethod(requestMethod);
+ conn.setDoInput(true);
+ conn.setDoOutput(true);
+ conn.setUseCaches(false);
+ conn.setAllowUserInteraction(false);
+ conn.setHostnameVerifier(new HostnameVerifierHack());
+ return conn;
+ }
+
+ public String killInclusive(String input, String startsWith, String endsWith, String newValue) {
+ int start = 0;
+ int ende;
+ String result;
+ result = input;
+ do {
+ start = result.indexOf(startsWith, start) + startsWith.length();
+ ende = result.indexOf(endsWith, start);
+ result = result.substring(0, start - startsWith.length()) + newValue + result.substring(ende + endsWith.length(), result.length());
+ start++;
+ }
+ while (result.indexOf(startsWith, ende + 1) > 0);
+
+ return result;
+ }
+
+ public String parseDataURL(String input) {
+ return getSubString(input.substring(input.indexOf("DataURL"), input.length()), "value=\"", "\"");
+ }
+
+ public String parseSamlArtifact(String input) {
+// System.out.println(input);
+ return getSubString(input + "@@@", "SAMLArtifact=", "@@@");
+ }
+
+ public String parseSessionIDFromForm(String htmlForm) {
+ String parName = "MOASessionID=";
+ int i1 = htmlForm.indexOf(parName) + parName.length();
+ int i2 = htmlForm.indexOf("\"", i1);
+ return htmlForm.substring(i1, i2);
+ }
+
+ public String readXmldata(String filename) throws Exception {
+
+ return FileUtils.readFile(LasttestClient.TESTDATA_ROOT + "xmldata/L000/" + filename, "UTF-8");
+ }
+
+ /**
+ * @see java.lang.Runnable#run()
+ */
+ public void run() {
+ parent.thread_counter++;
+
+ try {
+ if (!doRequest(turn_no)) {
+ parent.error_count++;
+ }
+ }
+ catch (Exception e) {
+ e.printStackTrace();
+ parent.error_count++;
+ }
+ parent.thread_counter--;
+ }
+
+}