From 2e41e68813cab482713ba55a792fce74ddb4f094 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 20 Nov 2017 11:47:43 +0100
Subject: add scheme file

---
 .../resources/schemas/sstc-metadata-attr.xsd       | 35 ++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/sstc-metadata-attr.xsd

diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/sstc-metadata-attr.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/sstc-metadata-attr.xsd
new file mode 100644
index 000000000..f23e462a5
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/sstc-metadata-attr.xsd
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<schema 
+  targetNamespace="urn:oasis:names:tc:SAML:metadata:attribute"
+  xmlns="http://www.w3.org/2001/XMLSchema"
+  xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+  xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"
+  elementFormDefault="unqualified"
+  attributeFormDefault="unqualified"
+  blockDefault="substitution"
+  version="2.0">
+
+  <annotation>
+    <documentation>
+      Document title: SAML V2.0 Metadata Extention for Entity Attributes Schema
+      Document identifier: sstc-metadata-attr.xsd
+      Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
+      Revision history:
+      V1.0 (November 2008):
+        Initial version.
+    </documentation>
+  </annotation>
+
+  <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
+      schemaLocation="saml-schema-assertion-2.0.xsd"/>
+
+  <element name="EntityAttributes" type="mdattr:EntityAttributesType"/>
+  <complexType name="EntityAttributesType">
+    <choice maxOccurs="unbounded">
+      <element ref="saml:Attribute"/>
+      <element ref="saml:Assertion"/>
+    </choice>
+  </complexType>
+
+</schema>
+
-- 
cgit v1.2.3


From d82e0c848f7c82aa9edf28ca55a68de82b19c88c Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Tue, 21 Nov 2017 12:43:57 +0100
Subject: add eIDAS request validation regarding minimum data-set and SPType

---
 .../moa/id/auth/modules/eidas/Constants.java       | 18 +++++++++
 .../moa/id/protocols/eidas/EIDASProtocol.java      | 47 +++++++++++++++-------
 2 files changed, 51 insertions(+), 14 deletions(-)

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index d975b6e0a..74cf665ca 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -22,10 +22,17 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas;
 
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
 import org.apache.xml.security.signature.XMLSignature;
 import org.opensaml.xml.encryption.EncryptionConstants;
 import org.opensaml.xml.signature.SignatureConstants;
 
+import at.gv.egovernment.moa.id.data.Trible;
+
 /**
  * @author tlenz
  *
@@ -119,4 +126,15 @@ public class Constants {
     		EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128 + ";" + 
     		EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256;
     
+    public static final List<URI> NATURALPERSONMINIMUMDATASETLIST = Collections.unmodifiableList(new ArrayList<URI>() {
+		private static final long serialVersionUID = 1L;
+		{
+			add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_FAMILY_NAME.getNameUri());
+			add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_GIVEN_NAME.getNameUri());
+			add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.DATE_OF_BIRTH.getNameUri());
+			add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PERSON_IDENTIFIER.getNameUri());
+		}
+	});
+
+    
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 1ce900ebb..8fb81082f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.eidas;
 
 import java.io.IOException;
 import java.io.StringWriter;
+import java.net.URI;
 import java.util.List;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -62,6 +63,7 @@ import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.EidasStringUtil;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
 import eu.eidas.auth.commons.protocol.IAuthenticationRequest;
 import eu.eidas.auth.commons.protocol.IResponseMessage;
 import eu.eidas.auth.commons.protocol.eidas.IEidasAuthenticationRequest;
@@ -302,7 +304,37 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
 				
 			}
 			
-						
+			//validate service-provider type from eIDAS request
+			String spType = null;
+			if (eIDASSamlReq.getSpType() != null)
+				spType = eIDASSamlReq.getSpType();
+				
+			if (MiscUtil.isEmpty(spType))
+				spType = MetadataUtil.getSPTypeFromMetadata(eIDASNodeEntityDesc);
+							
+			if (MiscUtil.isNotEmpty(spType))
+				Logger.debug("eIDAS request has SPType:" + spType);			
+			else {
+				Logger.warn("eIDAS request and eIDAS metadata contains NO 'SPType' element.");
+				throw new EIDASAuthnRequestProcessingException("eIDAS.06", 
+						new Object[]{"eIDAS request and eIDAS metadata contains NO 'SPType' element."});
+				
+			}
+				
+			//validate if minimal data-set if it is not fully requested
+			//TODO: must be tested!!!!
+			ImmutableAttributeMap reqAttrList = eIDASSamlReq.getRequestedAttributes();
+			for (URI el : Constants.NATURALPERSONMINIMUMDATASETLIST) {
+				if(reqAttrList.getAttributeValuesByNameUri(el) == null) {
+					Logger.warn("Minimum data-set attribute: " + el + " is not requested.");
+					throw new EIDASAuthnRequestProcessingException("eIDAS.06", 
+							new Object[]{"eIDAS request does not contain all attributes of minimum data-set for natural person"});
+					
+				}
+			}
+			
+			
+			
 			//*************************************************
 			//*****  store eIDAS request information  *********
 			//*************************************************
@@ -335,19 +367,6 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
 	
 			// - memorize OA config
 			pendingReq.setOnlineApplicationConfiguration(oaConfig);
-			
-			// - memorize service-provider type from eIDAS request
-			String spType = null;
-			if (eIDASSamlReq.getSpType() != null)
-				spType = eIDASSamlReq.getSpType();
-				
-			if (MiscUtil.isEmpty(spType))
-				spType = MetadataUtil.getSPTypeFromMetadata(eIDASNodeEntityDesc);
-							
-			if (MiscUtil.isNotEmpty(spType))
-				Logger.debug("eIDAS request has SPType:" + spType);			
-			else
-				Logger.info("eIDAS request and eIDAS metadata contains NO 'SPType' element.");
 					
 		} catch (MOAIDException e) {
 			Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage());
-- 
cgit v1.2.3


From 7523477ce0884b45a992748a12ea824fa85ea14d Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Sun, 26 Nov 2017 21:04:51 +0100
Subject: add String escaping on same methods

---
 .../moa/id/auth/servlet/AbstractController.java    |   3 +-
 .../id/auth/servlet/IDPSingleLogOutServlet.java    |   5 +-
 .../moa/id/auth/servlet/RedirectServlet.java       |   2 +-
 .../moa/id/moduls/AuthenticationManager.java       |   2 +-
 .../protocols/ProtocolFinalizationController.java  |   5 +-
 .../moa/id/protocols/pvp2x/utils/Digester.java     |  48 ---
 .../id/protocols/pvp2x/utils/PrettyPrinter.java    | 323 ---------------------
 .../at/gv/egovernment/moa/id/util/XMLUtil.java     | 143 ---------
 .../id/commons/config/MigrateConfiguration.java    | 206 ++++++-------
 .../java/at/gv/egovernment/moa/util/FileUtils.java |  68 ++---
 .../at/gv/egovernment/moa/util/KeyStoreUtils.java  |  54 ++--
 .../at/gv/egovernment/moa/util/OutputXML2File.java | 102 -------
 .../gv/egovernment/moa/util/KeyStoreUtilsTest.java |  20 +-
 .../moa/id/auth/validator/parep/ParepUtils.java    |  36 +--
 .../oauth20/protocol/OAuth20AuthAction.java        |   2 +-
 .../ssotransfer/servlet/SSOTransferServlet.java    |   7 +-
 16 files changed, 206 insertions(+), 820 deletions(-)
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/Digester.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/PrettyPrinter.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/XMLUtil.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/OutputXML2File.java

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
index 5f74d8fdd..67611dd72 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
@@ -254,7 +254,8 @@ public abstract class AbstractController extends MOAIDAuthConstants {
 		
 			//add stacktrace if debug is enabled
 			if (Logger.isTraceEnabled()) {
-				config.putCustomParameter("stacktrace", getStacktraceFromException(error));
+				config.putCustomParameter("stacktrace", 
+						StringEscapeUtils.escapeHtml(getStacktraceFromException(error)));
 			
 			}
 			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index a146f778e..19f3fdc54 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -28,6 +28,7 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.lang.StringEscapeUtils;
 import org.opensaml.saml2.core.LogoutResponse;
 import org.opensaml.saml2.metadata.SingleLogoutService;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -93,9 +94,9 @@ public class IDPSingleLogOutServlet extends AbstractController {
 			
 		String ssoid = ssoManager.getSSOSessionID(req);
 		
-		Object restartProcessObj = req.getParameter(MOAIDAuthConstants.PARAM_SLORESTART);
+		Object restartProcessObj = StringEscapeUtils.escapeHtml(req.getParameter(MOAIDAuthConstants.PARAM_SLORESTART));
 		
-		Object tokkenObj = req.getParameter(MOAIDAuthConstants.PARAM_SLOSTATUS);
+		Object tokkenObj = StringEscapeUtils.escapeHtml(req.getParameter(MOAIDAuthConstants.PARAM_SLOSTATUS));
 		String tokken = null;
 		String status = null;
 		if (tokkenObj != null && tokkenObj instanceof String) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
index be511d888..a7f911845 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
@@ -65,7 +65,7 @@ public class RedirectServlet {
 		Logger.debug("Receive " + RedirectServlet.class + " Request");
 		
 		String url = req.getParameter(REDIRCT_PARAM_URL);
-		String target = req.getParameter(MOAIDAuthConstants.PARAM_TARGET);
+		String target = StringEscapeUtils.escapeHtml(req.getParameter(MOAIDAuthConstants.PARAM_TARGET));
 		String artifact = req.getParameter(MOAIDAuthConstants.PARAM_SAMLARTIFACT);
 		String interIDP = req.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP);
 				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index aff2c83ad..3770dad2f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -161,7 +161,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 		Logger.info("Remove active user-session");
 
 		if(internalMOASsoSessionID == null) {
-			internalMOASsoSessionID = (String) request.getParameter(PARAM_SESSIONID);
+			internalMOASsoSessionID = StringEscapeUtils.escapeHtml((String) request.getParameter(PARAM_SESSIONID));
 		}
 		
 		if(internalMOASsoSessionID == null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
index 0f9b615a4..aebcf372e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
@@ -27,6 +27,7 @@ import java.io.IOException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.lang.StringEscapeUtils;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -51,7 +52,7 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon
 	public void finalizeAuthProtocol(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException {
 		
 		//read pendingRequest from http request
-		Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID);
+		Object idObject = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_TARGET_PENDINGREQUESTID));
 		IRequest pendingReq = null;
 		String pendingRequestID = null;
 		if (idObject != null && (idObject instanceof String)) {
@@ -61,7 +62,7 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon
 		}
  				
 		//receive an authentication error
-		String errorid = req.getParameter(ERROR_CODE_PARAM);
+		String errorid = StringEscapeUtils.escapeHtml(req.getParameter(ERROR_CODE_PARAM));
 		if (errorid != null) {
 			try {				
 				//load stored exception from database
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/Digester.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/Digester.java
deleted file mode 100644
index d715b8b7b..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/Digester.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
-
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-
-public class Digester {
-	public static String byteArrayToHexString(byte[] b) {
-		  String result = "";
-		  for (int i=0; i < b.length; i++) {
-		    result +=
-		          Integer.toString( ( b[i] & 0xff ) + 0x100, 16).substring( 1 );
-		  }
-		  return result;
-		}
-	
-	public static String toSHA1(byte[] convertme) {
-	    MessageDigest md = null;
-	    try {
-	        md = MessageDigest.getInstance("SHA-1");
-	    }
-	    catch(NoSuchAlgorithmException e) {
-	        e.printStackTrace();
-	    } 
-	    return byteArrayToHexString(md.digest(convertme));
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/PrettyPrinter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/PrettyPrinter.java
deleted file mode 100644
index c40731576..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/PrettyPrinter.java
+++ /dev/null
@@ -1,323 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
-
-import java.io.*;
-import javax.xml.parsers.*;
-import javax.xml.transform.*;
-import javax.xml.transform.dom.*;
-import javax.xml.transform.stream.*;
-
-import org.w3c.dom.Document;
-
-import org.xml.sax.*;
-import org.xml.sax.helpers.*;
-
-
-/**
-This class "pretty prints" an XML stream to something more human-readable.
-It duplicates the character content with some modifications to whitespace, 
-restoring line breaks and a simple pattern of indenting child elements.
-
-This version of the class acts as a SAX 2.0 <code>DefaultHandler</code>,
-so to provide the unformatted XML just pass a new instance to a SAX parser.
-Its output is via the {@link #toString toString} method.
-
-One major limitation:  we gather character data for elements in a single
-buffer, so mixed-content documents will lose a lot of data!  This works
-best with data-centric documents where elements either have single values
-or child elements, but not both.
-
-@author Will Provost
-*/
-/*
-Copyright 2002-2003 by Will Provost.
-All rights reserved.
-*/
-public class PrettyPrinter
-    extends DefaultHandler
-{
-    /**
-    Convenience method to wrap pretty-printing SAX pass over existing content.
-    */
-    public static String prettyPrint (byte[] content)
-    {
-        try
-        {
-            PrettyPrinter pretty = new PrettyPrinter ();
-            SAXParserFactory factory = SAXParserFactory.newInstance ();
-            factory.setFeature
-                ("http://xml.org/sax/features/namespace-prefixes", true);
-            factory.newSAXParser ().parse 
-                (new ByteArrayInputStream (content), pretty);
-            return pretty.toString ();
-        }
-        catch (Exception ex)
-        {
-            ex.printStackTrace ();
-            return "EXCEPTION: " + ex.getClass ().getName () + " saying \"" +
-                ex.getMessage () + "\"";
-        }
-    }
-    
-    /**
-    Convenience method to wrap pretty-printing SAX pass over existing content.
-    */
-    public static String prettyPrint (String content)
-    {
-        try
-        {
-            PrettyPrinter pretty = new PrettyPrinter ();
-            SAXParserFactory factory = SAXParserFactory.newInstance ();
-            factory.setFeature
-                ("http://xml.org/sax/features/namespace-prefixes", true);
-            factory.newSAXParser ().parse (content, pretty);
-            return pretty.toString ();
-        }
-        catch (Exception ex)
-        {
-            ex.printStackTrace ();
-            return "EXCEPTION: " + ex.getClass ().getName () + " saying \"" +
-                ex.getMessage () + "\"";
-        }
-    }
-    
-    /**
-    Convenience method to wrap pretty-printing SAX pass over existing content.
-    */
-    public static String prettyPrint (InputStream content)
-    {
-        try
-        {
-            PrettyPrinter pretty = new PrettyPrinter ();
-            SAXParserFactory factory = SAXParserFactory.newInstance ();
-            factory.setFeature
-                ("http://xml.org/sax/features/namespace-prefixes", true);
-            factory.newSAXParser ().parse (content, pretty);
-            return pretty.toString ();
-        }
-        catch (Exception ex)
-        {
-            ex.printStackTrace ();
-            return "EXCEPTION: " + ex.getClass ().getName () + " saying \"" +
-                ex.getMessage () + "\"";
-        }
-    }
-
-    /**
-    Convenience method to wrap pretty-printing SAX pass over existing content.
-    */
-    public static String prettyPrint (Document doc)
-        throws TransformerException
-    {
-        try
-        {
-            ByteArrayOutputStream buffer = new ByteArrayOutputStream ();
-            TransformerFactory.newInstance ().newTransformer()
-                .transform (new DOMSource (doc), new StreamResult (buffer));
-            byte[] rawResult = buffer.toByteArray ();
-            buffer.close ();
-            
-            return prettyPrint (rawResult);
-        }
-        catch (Exception ex)
-        {
-            ex.printStackTrace ();
-            return "EXCEPTION: " + ex.getClass ().getName () + " saying \"" +
-                ex.getMessage () + "\"";
-        }
-    }
-    
-    public static class StreamAdapter
-        extends OutputStream
-    {
-        public StreamAdapter (Writer finalDestination)
-        {
-            this.finalDestination = finalDestination;
-        }
-        
-        public void write (int b)
-        {
-            out.write (b);
-        }
-        
-        public void flushPretty ()
-            throws IOException
-        {
-            PrintWriter finalPrinter = new PrintWriter (finalDestination);
-            finalPrinter.println 
-                (PrettyPrinter.prettyPrint (out.toByteArray ()));
-            finalPrinter.close ();
-            out.close ();
-        }
-        
-        private ByteArrayOutputStream out = new ByteArrayOutputStream ();
-        Writer finalDestination;
-    }
-    
-    /**
-    Call this to get the formatted XML post-parsing.
-    */
-    public String toString ()
-    {
-        return output.toString ();
-    }
-    
-    /**
-    Prints the XML declaration.
-    */
-    public void startDocument () 
-        throws SAXException 
-    {
-        output.append ("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>")
-              .append (endLine);
-    }
-    
-    /**
-    Prints a blank line at the end of the reformatted document.
-    */
-    public void endDocument () throws SAXException 
-    {
-        output.append (endLine);
-    }
-
-    /**
-    Writes the start tag for the element.
-    Attributes are written out, one to a text line.  Starts gathering
-    character data for the element.
-    */
-    public void startElement 
-            (String URI, String name, String qName, Attributes attributes) 
-        throws SAXException 
-    {
-        if (justHitStartTag)
-            output.append ('>');
-
-        output.append (endLine)
-              .append (indent)
-              .append ('<')
-              .append (qName);
-
-        int length = attributes.getLength ();        
-        for (int a = 0; a < length; ++a)
-            output.append (endLine)
-                  .append (indent)
-                  .append (standardIndent)
-                  .append (attributes.getQName (a))
-                  .append ("=\"")
-                  .append (attributes.getValue (a))
-                  .append ('\"');
-                  
-        if (length > 0)
-            output.append (endLine)
-                  .append (indent);
-            
-        indent += standardIndent;
-        currentValue = new StringBuffer ();
-        justHitStartTag = true;
-    }
-    
-    /**
-    Checks the {@link #currentValue} buffer to gather element content.
-    Writes this out if it is available.  Writes the element end tag.
-    */
-    public void endElement (String URI, String name, String qName) 
-        throws SAXException 
-    {
-        indent = indent.substring 
-            (0, indent.length () - standardIndent.length ());
-        
-        if (currentValue == null)
-            output.append (endLine)
-                  .append (indent)
-                  .append ("</")
-                  .append (qName)
-                  .append ('>');
-        else if (currentValue.length () != 0)
-            output.append ('>')
-                  .append (currentValue.toString ())
-                  .append ("</")
-                  .append (qName)
-                  .append ('>');
-        else
-            output.append ("/>");
-              
-        currentValue = null;
-        justHitStartTag = false;
-    }
-        
-    /**
-    When the {@link #currentValue} buffer is enabled, appends character
-    data into it, to be gathered when the element end tag is encountered.
-    */
-    public void characters (char[] chars, int start, int length) 
-        throws SAXException 
-    {
-        if (currentValue != null)
-            currentValue.append (escape (chars, start, length));
-    }
-
-    /**
-    Filter to pass strings to output, escaping <b>&lt;</b> and <b>&amp;</b>
-    characters to &amp;lt; and &amp;amp; respectively.
-    */
-    private static String escape (char[] chars, int start, int length)
-    {
-        StringBuffer result = new StringBuffer ();
-        for (int c = start; c < start + length; ++c)
-            if (chars[c] == '<')
-                result.append ("&lt;");
-            else if (chars[c] == '&')
-                result.append ("&amp;");
-            else
-                result.append (chars[c]);
-                
-        return result.toString ();
-    }
-    
-    /**
-    This whitespace string is expanded and collapsed to manage the output
-    indenting.
-    */
-    private String indent = "";
-
-    /**
-    A buffer for character data.  It is &quot;enabled&quot; in 
-    {@link #startElement startElement} by being initialized to a 
-    new <b>StringBuffer</b>, and then read and reset to 
-    <code>null</code> in {@link #endElement endElement}.
-    */
-    private StringBuffer currentValue = null;
-
-    /**
-    The primary buffer for accumulating the formatted XML.
-    */
-    private StringBuffer output = new StringBuffer ();    
-    
-    private boolean justHitStartTag;
-    
-    private static final String standardIndent = "  ";
-    private static final String endLine = 
-        System.getProperty ("line.separator");
-}
-
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/XMLUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/XMLUtil.java
deleted file mode 100644
index d87d510fa..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/XMLUtil.java
+++ /dev/null
@@ -1,143 +0,0 @@
-/**
- * 
- */
-package at.gv.egovernment.moa.id.util;
-
-import java.io.File;
-import java.io.IOException;
-import java.io.Reader;
-import java.io.StringReader;
-import java.io.StringWriter;
-
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.OutputKeys;
-import javax.xml.transform.Result;
-import javax.xml.transform.Source;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-import org.xml.sax.InputSource;
-import org.xml.sax.SAXException;
-
-/**
- * Helper class for XML processing
- * @author bzwattendorfer
- *
- */
-public class XMLUtil {
-	
-	/**
-	 * Transforms a string representation to a DOM representation
-	 * @param xmlString XML as string
-	 * @return DOM representation of String
-	 * @throws ParserConfigurationException
-	 * @throws SAXException
-	 * @throws IOException
-	 */
-	public static Element stringToDOM(String xmlString) throws ParserConfigurationException, SAXException, IOException {
-		DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
-		dbf.setNamespaceAware(true);
-	   
-	    DocumentBuilder builder = dbf.newDocumentBuilder();
-		
-		Reader reader = new StringReader(xmlString);
-		InputSource src = new InputSource(reader);
-		Document domDoc = builder.parse(src);
-		return domDoc.getDocumentElement();
-	}
-   
-	/**
-	 * Creates a new and empty XML document
-	 * @return New XML document
-	 * @throws ParserConfigurationException
-	 */
-   public static Document createNewDocument() throws ParserConfigurationException {
-	   DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
-		dbf.setNamespaceAware(true);
-	   
-	    DocumentBuilder builder = dbf.newDocumentBuilder();
-	    return builder.newDocument();
-   }
-   
-   /**
-    * Transforms an XML to a String
-    * @param node XML node
-    * @return String represenation of XML
-    */
-   public static String printXML(Node node) {
-        TransformerFactory tfactory = TransformerFactory.newInstance();
-        Transformer serializer;
-        try {
-            serializer = tfactory.newTransformer();
-            
-            serializer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
-            serializer.setOutputProperty(OutputKeys.ENCODING,"UTF-8");
-            
-            StringWriter output = new StringWriter();
-            serializer.transform(new DOMSource(node), new StreamResult(output));
-            return output.toString();
-        } catch (TransformerException e) {
-            
-            throw new RuntimeException(e);
-        }
-    }
-	
-   /**
-    * Writes an XML element to a given file
-    * @param doc XML element
-    * @param filename Filename of the file where to write XML
-    */
-	public static void writeXmlFile(Element doc, String filename) { 
-		try { 
-			 
-			Source source = new DOMSource(doc); 				
-			File file = new File(filename); 
-			Result result = new StreamResult(file); 
-
-			Transformer xformer = TransformerFactory.newInstance().newTransformer(); 
-			xformer.transform(source, result); 
-			} catch (Exception e) { 
-				throw new RuntimeException(e);
-			}  
-	} 
-	
-	/**
-	 * Gets the first text value of a NodeList
-	 * @param nList NodeList
-	 * @return first text value of a NodeList
-	 */
-	public static String getFirstTextValueFromNodeList(NodeList nList) {
-		if (nList != null && nList.getLength() != 0) {
-			return nList.item(0).getTextContent();
-		}
-		return null;
-	}
-	
-	/**
-	 * Gets the first element of a Node
-	 * @param parent Node
-	 * @return first element of a Node
-	 */
-	public static Element getFirstElement(Node parent) {
-	    Node n = parent.getFirstChild();
-	    while (n != null &&  n.getNodeType() !=  Node.ELEMENT_NODE) {
-	        n = n.getNextSibling();
-	    }
-	    if (n == null) {
-	        return null;
-	    }
-	    return (Element)n;
-	}
-	
-
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MigrateConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MigrateConfiguration.java
index 4e8c7dffd..32dd97148 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MigrateConfiguration.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MigrateConfiguration.java
@@ -1,103 +1,103 @@
-package at.gv.egovernment.moa.id.commons.config;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-
-import javax.xml.bind.JAXBException;
-
-import at.gv.egovernment.moa.id.commons.config.cli.MOAIDConfCLI;
-import at.gv.egovernment.moa.id.commons.config.cli.MigrateConfigurationParams;
-
-/**
- * CLI tool which is able to perform the following tasks:
- * <ul>
- * <li>transform a MoaID 2 XML configuration XML file to a MoaID 3 property file
- * </li>
- * <li>read a property file and transfer it's content to a database</li>
- * <li>write the content of a database to a property file</li>
- * </ul>
- */
-public class MigrateConfiguration {
-
-	public static void main(String[] args) {
-
-		MOAIDConfCLI cli = new MOAIDConfCLI();
-		MigrateConfigurationParams parsedParameters = cli.parse(args);
-
-		// consider settings of force switch
-		boolean isOverwriteData = parsedParameters.isOverwriteData();
-		ConfigurationUtil configUtil = new ConfigurationUtil(isOverwriteData);
-
-		if (!parsedParameters.isInputDB() && (parsedParameters.getInputTarget() != null)) {
-			// read input from file
-			workWithInputFromFile(parsedParameters.getInputTarget(), parsedParameters, configUtil);
-
-		} else if (parsedParameters.getInputDBConfig() != null) {
-			// read input from database
-			workWithImputFromDB(parsedParameters, configUtil);
-
-		} else {
-			System.exit(1);
-		}
-	}
-
-	/**
-	 * Handle the case where input from a file is read.
-	 * 
-	 * @param inputFileUrl
-	 *            the url of the input file.
-	 * @param parsedParameters
-	 *            the command line parameters.
-	 * @param configUtil
-	 *            the class for working with the configuration.
-	 */
-	private static void workWithInputFromFile(String inputFileUrl, MigrateConfigurationParams parsedParameters,
-			ConfigurationUtil configUtil) {
-		File inFile = new File(inputFileUrl);
-		try (FileInputStream inStream = new FileInputStream(inFile);) {
-
-			if (!parsedParameters.isOutputDB() && (parsedParameters.getOutputFile() != null)) {
-				// input from file and output to a file is desired
-				File outFile = new File(parsedParameters.getOutputFile());
-				configUtil.readFromXMLFileConvertToPropertyFile(inStream, outFile);
-
-			} else if (parsedParameters.getOutputDBConfig() != null) {
-				// input from file and output to a database is desired
-				configUtil.readFromFileWriteToDB(inStream, parsedParameters.getOutputDBConfig());
-			}
-		} catch (JAXBException e) {
-			System.out.println("MOA-ID XML configuration can not be loaded from given file.");
-			System.exit(1);
-		} catch (FileNotFoundException e) {
-			System.out.println("Could not find the input file.");
-			System.exit(1);
-		} catch (IOException e) {
-			System.out.println("Could not read from the input file.");
-			System.exit(1);
-		}
-	}
-
-	/**
-	 * Handle the case where input is read from a database.
-	 * 
-	 * @param parsedParameters
-	 *            the command line parameters.
-	 * @param configUtil
-	 *            the class for working with the configuration.
-	 */
-	private static void workWithImputFromDB(MigrateConfigurationParams parsedParameters, ConfigurationUtil configUtil) {
-		if (!parsedParameters.isOutputDB() && (parsedParameters.getOutputFile() != null)) {
-			// input from database and output to a file is desired
-			File outFile = new File(parsedParameters.getOutputFile());
-			String inputDBConfigFilePath = parsedParameters.getInputDBConfig();
-			configUtil.readFromDBWriteToFile(inputDBConfigFilePath, outFile);
-
-		} else if (parsedParameters.getOutputDBConfig() != null) {
-			// input from database and output to a database is desired
-			// configUtil.readFromDBWriteToDB(inDBConfigFilePath,
-			// outDBConfigFilePath);
-		}
-	}
-}
\ No newline at end of file
+//package at.gv.egovernment.moa.id.commons.config;
+//
+//import java.io.File;
+//import java.io.FileInputStream;
+//import java.io.FileNotFoundException;
+//import java.io.IOException;
+//
+//import javax.xml.bind.JAXBException;
+//
+//import at.gv.egovernment.moa.id.commons.config.cli.MOAIDConfCLI;
+//import at.gv.egovernment.moa.id.commons.config.cli.MigrateConfigurationParams;
+//
+///**
+// * CLI tool which is able to perform the following tasks:
+// * <ul>
+// * <li>transform a MoaID 2 XML configuration XML file to a MoaID 3 property file
+// * </li>
+// * <li>read a property file and transfer it's content to a database</li>
+// * <li>write the content of a database to a property file</li>
+// * </ul>
+// */
+//public class MigrateConfiguration {
+//
+//	public static void main(String[] args) {
+//
+//		MOAIDConfCLI cli = new MOAIDConfCLI();
+//		MigrateConfigurationParams parsedParameters = cli.parse(args);
+//
+//		// consider settings of force switch
+//		boolean isOverwriteData = parsedParameters.isOverwriteData();
+//		ConfigurationUtil configUtil = new ConfigurationUtil(isOverwriteData);
+//
+//		if (!parsedParameters.isInputDB() && (parsedParameters.getInputTarget() != null)) {
+//			// read input from file
+//			workWithInputFromFile(parsedParameters.getInputTarget(), parsedParameters, configUtil);
+//
+//		} else if (parsedParameters.getInputDBConfig() != null) {
+//			// read input from database
+//			workWithImputFromDB(parsedParameters, configUtil);
+//
+//		} else {
+//			System.exit(1);
+//		}
+//	}
+//
+//	/**
+//	 * Handle the case where input from a file is read.
+//	 * 
+//	 * @param inputFileUrl
+//	 *            the url of the input file.
+//	 * @param parsedParameters
+//	 *            the command line parameters.
+//	 * @param configUtil
+//	 *            the class for working with the configuration.
+//	 */
+//	private static void workWithInputFromFile(String inputFileUrl, MigrateConfigurationParams parsedParameters,
+//			ConfigurationUtil configUtil) {
+//		File inFile = new File(inputFileUrl);
+//		try (FileInputStream inStream = new FileInputStream(inFile);) {
+//
+//			if (!parsedParameters.isOutputDB() && (parsedParameters.getOutputFile() != null)) {
+//				// input from file and output to a file is desired
+//				File outFile = new File(parsedParameters.getOutputFile());
+//				configUtil.readFromXMLFileConvertToPropertyFile(inStream, outFile);
+//
+//			} else if (parsedParameters.getOutputDBConfig() != null) {
+//				// input from file and output to a database is desired
+//				configUtil.readFromFileWriteToDB(inStream, parsedParameters.getOutputDBConfig());
+//			}
+//		} catch (JAXBException e) {
+//			System.out.println("MOA-ID XML configuration can not be loaded from given file.");
+//			System.exit(1);
+//		} catch (FileNotFoundException e) {
+//			System.out.println("Could not find the input file.");
+//			System.exit(1);
+//		} catch (IOException e) {
+//			System.out.println("Could not read from the input file.");
+//			System.exit(1);
+//		}
+//	}
+//
+//	/**
+//	 * Handle the case where input is read from a database.
+//	 * 
+//	 * @param parsedParameters
+//	 *            the command line parameters.
+//	 * @param configUtil
+//	 *            the class for working with the configuration.
+//	 */
+//	private static void workWithImputFromDB(MigrateConfigurationParams parsedParameters, ConfigurationUtil configUtil) {
+//		if (!parsedParameters.isOutputDB() && (parsedParameters.getOutputFile() != null)) {
+//			// input from database and output to a file is desired
+//			File outFile = new File(parsedParameters.getOutputFile());
+//			String inputDBConfigFilePath = parsedParameters.getInputDBConfig();
+//			configUtil.readFromDBWriteToFile(inputDBConfigFilePath, outFile);
+//
+//		} else if (parsedParameters.getOutputDBConfig() != null) {
+//			// input from database and output to a database is desired
+//			// configUtil.readFromDBWriteToDB(inDBConfigFilePath,
+//			// outDBConfigFilePath);
+//		}
+//	}
+//}
\ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java
index a70d62e1e..3291f8a15 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java
@@ -53,40 +53,40 @@ public class FileUtils {
     in.close();
     return content;
   }
-  /**
-   * Reads a file, given by URL, into a String.
-   * @param urlString file URL
-   * @param encoding character encoding
-   * @return file content
-   * @throws IOException on any exception thrown
-   */
-  public static String readURL(String urlString, String encoding) throws IOException {
-    byte[] content = readURL(urlString);
-    return new String(content, encoding);
-  }
-  /**
-   * Reads a file, given by filename, into a byte array.
-   * @param filename filename
-   * @return file content
-   * @throws IOException on any exception thrown
-   */
-  public static byte[] readFile(String filename) throws IOException {
-    BufferedInputStream in = new BufferedInputStream(new FileInputStream(filename));
-    byte[] content = StreamUtils.readStream(in);
-    in.close();
-    return content;
-  }
-  /**
-   * Reads a file, given by filename, into a String.
-   * @param filename filename
-   * @param encoding character encoding
-   * @return file content
-   * @throws IOException on any exception thrown
-   */
-  public static String readFile(String filename, String encoding) throws IOException {
-    byte[] content = readFile(filename);
-    return new String(content, encoding);
-  }
+//  /**
+//   * Reads a file, given by URL, into a String.
+//   * @param urlString file URL
+//   * @param encoding character encoding
+//   * @return file content
+//   * @throws IOException on any exception thrown
+//   */
+//  public static String readURL(String urlString, String encoding) throws IOException {
+//    byte[] content = readURL(urlString);
+//    return new String(content, encoding);
+//  }
+//  /**
+//   * Reads a file, given by filename, into a byte array.
+//   * @param filename filename
+//   * @return file content
+//   * @throws IOException on any exception thrown
+//   */
+//  public static byte[] readFile(String filename) throws IOException {
+//    BufferedInputStream in = new BufferedInputStream(new FileInputStream(filename));
+//    byte[] content = StreamUtils.readStream(in);
+//    in.close();
+//    return content;
+//  }
+//  /**
+//   * Reads a file, given by filename, into a String.
+//   * @param filename filename
+//   * @param encoding character encoding
+//   * @return file content
+//   * @throws IOException on any exception thrown
+//   */
+//  public static String readFile(String filename, String encoding) throws IOException {
+//    byte[] content = readFile(filename);
+//    return new String(content, encoding);
+//  }
   /**
    * Reads a file from a resource.
    * @param name resource name
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java
index 3d28f4f2b..38dcafcc0 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java
@@ -126,33 +126,33 @@ public class KeyStoreUtils {
     }
     return ks;
   }
-  /**
-   * Creates a key store from a directory containg X509 certificate files, 
-   * aliasing them with the index in the <code>String[]</code>, starting with <code>"0"</code>.
-   * All the files in the directory are considered to be certificates.
-   * 
-   * @param keyStoreType key store type
-   * @param certDirURLString file URL of directory containing certificate filenames
-   * @return key store created
-   * @throws IOException thrown while reading the certificates from file
-   * @throws GeneralSecurityException thrown while creating the key store
-   */
-  public static KeyStore createKeyStoreFromCertificateDirectory(
-    String keyStoreType,
-    String certDirURLString)
-    throws IOException, GeneralSecurityException {
-
-    URL certDirURL = new URL(certDirURLString);
-    String certDirname = certDirURL.getFile();
-    File certDir = new File(certDirname);
-    String[] certFilenames = certDir.list();
-    String separator =
-      (certDirname.endsWith(File.separator) ? "" : File.separator);
-    for (int i = 0; i < certFilenames.length; i++) {
-      certFilenames[i] = certDirname + separator + certFilenames[i];
-    }
-    return createKeyStore(keyStoreType, certFilenames);
-  }
+//  /**
+//   * Creates a key store from a directory containg X509 certificate files, 
+//   * aliasing them with the index in the <code>String[]</code>, starting with <code>"0"</code>.
+//   * All the files in the directory are considered to be certificates.
+//   * 
+//   * @param keyStoreType key store type
+//   * @param certDirURLString file URL of directory containing certificate filenames
+//   * @return key store created
+//   * @throws IOException thrown while reading the certificates from file
+//   * @throws GeneralSecurityException thrown while creating the key store
+//   */
+//  public static KeyStore createKeyStoreFromCertificateDirectory(
+//    String keyStoreType,
+//    String certDirURLString)
+//    throws IOException, GeneralSecurityException {
+//
+//    URL certDirURL = new URL(certDirURLString);
+//    String certDirname = certDirURL.getFile();
+//    File certDir = new File(certDirname);
+//    String[] certFilenames = certDir.list();
+//    String separator =
+//      (certDirname.endsWith(File.separator) ? "" : File.separator);
+//    for (int i = 0; i < certFilenames.length; i++) {
+//      certFilenames[i] = certDirname + separator + certFilenames[i];
+//    }
+//    return createKeyStore(keyStoreType, certFilenames);
+//  }
 
   /**
    * Loads an X509 certificate from file.
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/OutputXML2File.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/OutputXML2File.java
deleted file mode 100644
index e3f8f75a1..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/OutputXML2File.java
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-/*
- * Created on 26.04.2004
- *
- * @author rschamberger
- * $ID$
- */
-package at.gv.egovernment.moa.util;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * utility functions to write XML data to files
- * @author rschamberger
- * @version $Id$
- */
-public class OutputXML2File {
-
-	/**
-	 * writes an XML structure to file if debug is enabled in hierarchy (Encoding: UTF-8)
-	 * 
-	 * @param filename file name
-	 * @param rootElem root element in DOM tree
-	 * @param hierarchy of the Logger
-	 */
-	public static void debugOutputXML2File(String filename, Element rootElem, String hierarchy) {
-		if (Logger.isDebugEnabled(hierarchy)) {
-			outputXML2File(filename, rootElem);
-		}
-	}
-	
-	/**
-	 * writes an XML structure to file if debug is enabled in hierarchy (Encoding: UTF-8)
-	 * 
-	 * @param filename file name
-	 * @param xmlString XML string
-	 * @param hierarchy of the Logger 
-	 */
-	public static void debugOutputXML2File(String filename, String xmlString, String hierarchy) {
-		if (Logger.isDebugEnabled(hierarchy)) {
-			outputXML2File(filename, xmlString);
-		}
-	}
-
-	/**
-	 * writes an XML structure to file (Encoding: UTF-8)
-	 * 
-	 * @param filename file name
-	 * @param rootElem root element in DOM tree
-	 */
-	public static void outputXML2File(String filename, Element rootElem) {
-		try {
-			String xmlString = new String(DOMUtils.serializeNode(rootElem));
-			outputXML2File(filename, xmlString);
-		} catch (Exception ex) {
-			ex.printStackTrace();
-		}
-	}
-	
-	/**
-	 * writes an XML structure to file (Encoding: UTF-8)
-	 * 
-	 * @param filename file name
-	 * @param xmlString XML string
-	 */
-	public static void outputXML2File(String filename, String xmlString) {
-		try {
-			java.io.OutputStream fout = new java.io.FileOutputStream(filename);
-			byte[] xmlData = xmlString.getBytes("UTF-8");
-			fout.write(xmlData);
-			fout.close();
-		} catch (Exception ex) {
-			ex.printStackTrace();
-		}
-	}
-
-}
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java
index 2433eca89..be5581139 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java
@@ -75,16 +75,16 @@ public class KeyStoreUtilsTest extends TestCase {
   	X509Certificate cert = (X509Certificate)ks.getCertificate("0");
   	assertEquals(3424, cert.getSerialNumber().intValue());
   }
-  public void testCreateKeyStoreFromCertificateDirectory() throws Exception {
-    // copy certificate files to a temporary directory, 
-    // omitting the "CVS" directory in the source directory
-  	copyCertificates("data/test/security/server-certs", tmpDir);
-  	KeyStore ks = KeyStoreUtils.createKeyStoreFromCertificateDirectory("jks", tmpDirURL);
-  	assertEquals(2, ks.size());
-  	X509Certificate cert0 = (X509Certificate)ks.getCertificate("0");
-  	X509Certificate cert1 = (X509Certificate)ks.getCertificate("1");
-  	assertTrue(3424 == cert0.getSerialNumber().intValue() || 3424 == cert1.getSerialNumber().intValue());
-  }
+//  public void testCreateKeyStoreFromCertificateDirectory() throws Exception {
+//    // copy certificate files to a temporary directory, 
+//    // omitting the "CVS" directory in the source directory
+//  	copyCertificates("data/test/security/server-certs", tmpDir);
+//  	KeyStore ks = KeyStoreUtils.createKeyStoreFromCertificateDirectory("jks", tmpDirURL);
+//  	assertEquals(2, ks.size());
+//  	X509Certificate cert0 = (X509Certificate)ks.getCertificate("0");
+//  	X509Certificate cert1 = (X509Certificate)ks.getCertificate("1");
+//  	assertTrue(3424 == cert0.getSerialNumber().intValue() || 3424 == cert1.getSerialNumber().intValue());
+//  }
   private void copyCertificates(String from, String to) throws IOException {
 		String[] fromList = new File(from).list();
 		for (int i = 0; i < fromList.length; i++) {
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
index 09c64c267..7bb07df74 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
@@ -94,24 +94,24 @@ public class ParepUtils {
     return str == null || "".equals(str);
   }
 
-  /**
-   * Reads a XML document from an input stream (namespace-aware).
-   * 
-   * @param is
-   *          the input stream to read from.
-   * @return the read XML document.
-   * @throws SZRGWClientException
-   *           if an error occurs reading the document from the input stream.
-   */
-  public static Document readDocFromIs(InputStream is) throws SZRGWClientException {
-    try {
-      DocumentBuilderFactory f = DocumentBuilderFactory.newInstance();
-      f.setNamespaceAware(true);
-      return f.newDocumentBuilder().parse(is);
-    } catch (Exception e) {
-      throw new SZRGWClientException(e);
-    }
-  }
+//  /**
+//   * Reads a XML document from an input stream (namespace-aware).
+//   * 
+//   * @param is
+//   *          the input stream to read from.
+//   * @return the read XML document.
+//   * @throws SZRGWClientException
+//   *           if an error occurs reading the document from the input stream.
+//   */
+//  public static Document readDocFromIs(InputStream is) throws SZRGWClientException {
+//    try {
+//      DocumentBuilderFactory f = DocumentBuilderFactory.newInstance();
+//      f.setNamespaceAware(true);
+//      return f.newDocumentBuilder().parse(is);
+//    } catch (Exception e) {
+//      throw new SZRGWClientException(e);
+//    }
+//  }
 
 //  /*
 //   * 
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index b2522ea33..b7c54203f 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -71,7 +71,7 @@ class OAuth20AuthAction implements IAction {
 		
 		revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST);
 		
-		String code = Random.nextRandom();		
+		String code = Random.nextHexRandom32();		
 				
 		try {
 			
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
index 7d1bfd7b9..a37beac70 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
@@ -50,6 +50,7 @@ import javax.security.cert.X509Certificate;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.lang.StringEscapeUtils;
 import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.asn1.x509.BasicConstraints;
 import org.bouncycastle.asn1.x509.Extension;
@@ -186,7 +187,7 @@ public class SSOTransferServlet{
 		Logger.debug("Receive " + this.getClass().getName() + " request");
 		Object tokenObj = req.getParameter(SSOTransferConstants.REQ_PARAM_TOKEN);		
 		if (tokenObj != null && tokenObj instanceof String) {
-			String token = (String)tokenObj;
+			String token = StringEscapeUtils.escapeHtml((String)tokenObj);
 			try {
 				Logger.debug("Load token:" + token + " from storage.");
 				SSOTransferContainer container = transactionStorage.get(token, SSOTransferContainer.class, transmisionTimeOut * 1000);
@@ -285,7 +286,7 @@ public class SSOTransferServlet{
 		
 		Object tokenObj = req.getParameter(SSOTransferConstants.REQ_PARAM_TOKEN);		
 		if (tokenObj != null && tokenObj instanceof String) {
-			String token = (String)tokenObj;
+			String token = StringEscapeUtils.escapeHtml((String)tokenObj);
 			try {								
 				SSOTransferContainer container = transactionStorage.get(token, SSOTransferContainer.class, transmisionTimeOut);
 				if (container != null) {				
@@ -402,8 +403,6 @@ public class SSOTransferServlet{
 					null);
 			
 			if (ssomanager.isValidSSOSession(ssoid, null)) {
-				//Object createQRObj = req.getParameter(SSOTransferConstants.REQ_PARAM_GENERATE_QR);		
-				
 				//create first step of SSO Transfer GUI
 								
 				IAuthenticationSession authSession = authenticationSessionStorage.getInternalMOASessionWithSSOID(ssoid);
-- 
cgit v1.2.3


From c635f245db55dbab616db3835087fbf33be832d0 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 27 Nov 2017 12:09:21 +0100
Subject: refactoring: rename method

---
 .../configuration/data/FormularCustomization.java  |  4 +-
 .../id/configuration/data/oa/OABPKEncryption.java  | 12 +++---
 .../id/configuration/data/oa/OAGeneralConfig.java  |  4 +-
 .../configuration/struts/action/IndexAction.java   | 12 +++---
 .../configuration/struts/action/ListOAsAction.java |  4 +-
 .../validation/FormularCustomizationValitator.java | 12 +++---
 .../validation/UserDatabaseFormValidator.java      | 22 +++++------
 .../validation/moaconfig/MOAConfigValidator.java   | 46 +++++++++++-----------
 .../validation/moaconfig/PVP2ContactValidator.java | 12 +++---
 .../validation/moaconfig/StorkConfigValidator.java |  8 ++--
 .../oa/OAAuthenticationDataValidation.java         |  4 +-
 .../validation/oa/OAFileUploadValidation.java      |  2 +-
 .../validation/oa/OATargetConfigValidation.java    |  8 ++--
 .../task/impl/GeneralMOAIDConfigurationTask.java   | 36 ++++++++---------
 .../task/impl/GeneralPVP2XConfigurationTask.java   | 24 +++++------
 .../task/impl/GeneralSTORKConfigurationTask.java   |  8 ++--
 .../ServicesAuthenticationInformationTask.java     |  4 +-
 .../task/impl/ServicesBKUSelectionTask.java        | 20 +++++-----
 .../task/impl/ServicesGeneralInformationTask.java  |  4 +-
 .../validation/task/impl/ServicesTargetTask.java   |  8 ++--
 .../id/commons/validation/ValidationHelper.java    | 13 +++---
 21 files changed, 133 insertions(+), 134 deletions(-)

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java
index 5ee2ee6a7..b3f7c1f79 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java
@@ -352,10 +352,10 @@ public class FormularCustomization implements IOnlineApplicationData {
 			//validate aditionalAuthBlockText
 			check = getAditionalAuthBlockText();
 			if (MiscUtil.isNotEmpty(check)) {
-				if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				if (ValidationHelper.containsNotValidCharacter(check, false)) {
 					log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check);
 					errors.add(LanguageHelper.getErrorString("validation.general.aditionalauthblocktext", 
-							new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+							new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 				}
 			}
 		}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java
index b2cd18c26..bac69cf34 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java
@@ -203,10 +203,10 @@ public class OABPKEncryption implements IOnlineApplicationData {
     			errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.empty", request));
     			
     		} else {
-    			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+    			if (ValidationHelper.containsNotValidCharacter(check, false)) {
     				log.warn("bPK decryption keystore password contains potentail XSS characters: " + check);
     				errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.valid", 
-    						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+    						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
     				
     			}			
     		}
@@ -217,20 +217,20 @@ public class OABPKEncryption implements IOnlineApplicationData {
     			errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.empty", request));
     			
     		} else {
-    			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+    			if (ValidationHelper.containsNotValidCharacter(check, false)) {
     				log.warn("bPK decryption key alias contains potentail XSS characters: " + check);
     				errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.valid", 
-    						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+    						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
     				
     			}			
     		}
     		
     		check = getKeyPassword();
     		if (MiscUtil.isNotEmpty(check)) {
-    			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+    			if (ValidationHelper.containsNotValidCharacter(check, false)) {
     				log.warn("bPK decryption key password contains potentail XSS characters: " + check);
     				errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyPassword.valid", 
-    						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+    						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
     				
     			}			
     		}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java
index 4cb7eba2d..c51513193 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java
@@ -117,10 +117,10 @@ public class OAGeneralConfig implements IOnlineApplicationData{
 		//check OA FriendlyName
 		check = getFriendlyName();
 		if (MiscUtil.isNotEmpty(check)) {
-			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+			if (ValidationHelper.containsNotValidCharacter(check, false)) {
 				log.warn("OAFriendlyName contains potentail XSS characters: " + check);
 				errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 			}
 		} else {
 			log.info("OA friendlyName is empty");
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
index 4fecd89c1..df1786402 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
@@ -159,10 +159,10 @@ public class IndexAction extends BasicAction {
 		String key = null;		
 		
 		if (MiscUtil.isNotEmpty(username)) {
-			if (ValidationHelper.containsPotentialCSSCharacter(username, false)) {
+			if (ValidationHelper.containsNotValidCharacter(username, false)) {
 				log.warn("Username contains potentail XSS characters: " + username);
 				addActionError(LanguageHelper.getErrorString("validation.edituser.username.valid", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 				return Constants.STRUTS_ERROR;
 			}
 		} else {
@@ -614,10 +614,10 @@ public class IndexAction extends BasicAction {
 			if (!sessionform.isIsmandateuser()) {
 				check = user.getInstitut();
 				if (MiscUtil.isNotEmpty(check)) {
-					if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+					if (ValidationHelper.containsNotValidCharacter(check, false)) {
 						log.warn("Organisation contains potentail XSS characters: " + check);
 						addActionError(LanguageHelper.getErrorString("validation.edituser.institut.valid", 
-								new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+								new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 					}
 				} else {
 					log.warn("Organisation is empty");
@@ -630,7 +630,7 @@ public class IndexAction extends BasicAction {
 				if (!ValidationHelper.isEmailAddressFormat(check)) {
 					log.warn("Mailaddress is not valid: " + check);
 					addActionError(LanguageHelper.getErrorString("validation.edituser.mail.valid", 
-							new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+							new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 				}
 			} else {
 				log.warn("Mailaddress is empty");
@@ -642,7 +642,7 @@ public class IndexAction extends BasicAction {
 				if (!ValidationHelper.validatePhoneNumber(check)) {
 					log.warn("No valid Phone Number: " + check);
 					addActionError(LanguageHelper.getErrorString("validation.edituser.phone.valid", 
-							new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+							new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 				}
 			} else {
 				log.warn("Phonenumber is empty");
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java
index c6b0965fe..ca018d5b0 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java
@@ -132,10 +132,10 @@ public class ListOAsAction extends BasicAction {
 			return Constants.STRUTS_SUCCESS;
 			
 		} else {
-			if (ValidationHelper.containsPotentialCSSCharacter(friendlyname, false)) {
+			if (ValidationHelper.containsNotValidCharacter(friendlyname, false)) {
 				log.warn("SearchOA textfield contains potential XSS characters");
 				addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request));
 				return Constants.STRUTS_SUCCESS;
 			}	
 		}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java
index c9a174813..4ef4bc762 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java
@@ -94,10 +94,10 @@ public class FormularCustomizationValitator {
 		
 		check = form.getHeader_text();
 		if (MiscUtil.isNotEmpty(check)) {			
-			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+			if (ValidationHelper.containsNotValidCharacter(check, false)) {
 				log.warn("HeaderText contains potentail XSS characters: " + check);
 				errors.add(LanguageHelper.getErrorString("validation.general.form.header.text", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 			}
 		}
 
@@ -144,10 +144,10 @@ public class FormularCustomizationValitator {
 		
 		check = form.getFontType();
 		if (MiscUtil.isNotEmpty(check)) {			
-			if (ValidationHelper.containsPotentialCSSCharacter(check, true)) {
+			if (ValidationHelper.containsNotValidCharacter(check, true)) {
 				log.warn("FontType contains potentail XSS characters: " + check);
 				errors.add(LanguageHelper.getErrorString("validation.general.form.fonttype", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request ));
+						new Object[] {ValidationHelper.getNotValidCharacter(true)}, request ));
 			}
 		}
 		
@@ -156,7 +156,7 @@ public class FormularCustomizationValitator {
 			if (!ValidationHelper.validateNumber(check)) {
 				log.warn("Applet height "+ check + " is no valid number");
 				errors.add(LanguageHelper.getErrorString("validation.general.form.applet.height", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request ));
+						new Object[] {ValidationHelper.getNotValidCharacter(true)}, request ));
 			}			
 		}
 		
@@ -165,7 +165,7 @@ public class FormularCustomizationValitator {
 			if (!ValidationHelper.validateNumber(check)) {
 				log.warn("Applet width "+ check + " is no valid number");
 				errors.add(LanguageHelper.getErrorString("validation.general.form.applet.width", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request ));
+						new Object[] {ValidationHelper.getNotValidCharacter(true)}, request ));
 			}			
 		}
 		
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
index 44afd0599..f0594c38d 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
@@ -62,10 +62,10 @@ public class UserDatabaseFormValidator {
 		if (!isPVP2Generated) { 
 			check = form.getGivenName();
 			if (MiscUtil.isNotEmpty(check)) {
-				if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				if (ValidationHelper.containsNotValidCharacter(check, false)) {
 					log.warn("GivenName contains potentail XSS characters: " + check);
 					errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid", 
-							new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+							new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 				}
 			} else {
 				log.warn("GivenName is empty");
@@ -75,10 +75,10 @@ public class UserDatabaseFormValidator {
 			
 			check = form.getFamilyName();
 			if (MiscUtil.isNotEmpty(check)) {
-				if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				if (ValidationHelper.containsNotValidCharacter(check, false)) {
 					log.warn("FamilyName contains potentail XSS characters: " + check);
 					errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid", 
-							new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+							new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 				}
 			} else {
 				log.warn("FamilyName is empty");
@@ -89,10 +89,10 @@ public class UserDatabaseFormValidator {
 		if (!isMandateUser) {
 			check = form.getInstitut();
 			if (MiscUtil.isNotEmpty(check)) {
-				if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				if (ValidationHelper.containsNotValidCharacter(check, false)) {
 					log.warn("Organisation contains potentail XSS characters: " + check);
 					errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid", 
-							new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+							new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 				}
 			} else {
 				log.warn("Organisation is empty");
@@ -105,7 +105,7 @@ public class UserDatabaseFormValidator {
 			if (!ValidationHelper.isEmailAddressFormat(check)) {
 				log.warn("Mailaddress is not valid: " + check);
 				errors.add(LanguageHelper.getErrorString("validation.edituser.mail.valid", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 			}
 		} else {
 			log.warn("Mailaddress is empty");
@@ -114,10 +114,10 @@ public class UserDatabaseFormValidator {
 		
 		check = form.getPhone();
 		if (MiscUtil.isNotEmpty(check)) {
-			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+			if (ValidationHelper.containsNotValidCharacter(check, false)) {
 				log.warn("Phonenumber contains potentail XSS characters: " + check);
 				errors.add(LanguageHelper.getErrorString("validation.edituser.phone.valid", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 			}
 		} else {
 			log.warn("Phonenumber is empty");
@@ -127,10 +127,10 @@ public class UserDatabaseFormValidator {
 		if (form.isIsusernamepasswordallowed()) {
 			check = form.getUsername();
 			if (MiscUtil.isNotEmpty(check)) {
-				if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				if (ValidationHelper.containsNotValidCharacter(check, false)) {
 					log.warn("Username contains potentail XSS characters: " + check);
 					errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid", 
-							new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+							new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 					
 				} else {
 					UserDatabase dbuser = newConfigRead.getUserWithUserName(check);
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
index 70c43d9b4..717a0c827 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
@@ -55,10 +55,10 @@ public class MOAConfigValidator {
 	
 		String check = form.getSaml1SourceID();
 		if (MiscUtil.isNotEmpty(check)) {
-			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+			if (ValidationHelper.containsNotValidCharacter(check, false)) {
 				log.warn("SAML1 SourceID contains potentail XSS characters: " + check);
 				errors.add(LanguageHelper.getErrorString("validation.general.SAML1SourceID", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 			}
 		}
 	
@@ -217,10 +217,10 @@ public class MOAConfigValidator {
 			log.info("Empty MOA-SP/SS Authblock TrustProfile");
 			errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty", request));
 		} else {
-			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+			if (ValidationHelper.containsNotValidCharacter(check, false)) {
 				log.info("Authblock TrustProfile is not valid: " +check);
 				errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.valid", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 			}
 		}
 		
@@ -229,10 +229,10 @@ public class MOAConfigValidator {
 			log.info("Empty MOA-SP/SS IdentityLink TrustProfile");
 			errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty", request));
 		} else {
-			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+			if (ValidationHelper.containsNotValidCharacter(check, false)) {
 				log.info("IdentityLink TrustProfile is not valid: " +check);
 				errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.valid", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 			}
 		}
 		
@@ -241,10 +241,10 @@ public class MOAConfigValidator {
 			log.info("Empty MOA-SP/SS Test-Authblock TrustProfile");
 			errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.empty", request));
 		} else {
-			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+			if (ValidationHelper.containsNotValidCharacter(check, false)) {
 				log.info("Test-Authblock TrustProfile is not valid: " +check);
 				errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.valid", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 			}
 		}
 		
@@ -253,10 +253,10 @@ public class MOAConfigValidator {
 			log.info("Empty MOA-SP/SS Test-IdentityLink TrustProfile");
 			errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.empty", request));
 		} else {
-			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+			if (ValidationHelper.containsNotValidCharacter(check, false)) {
 				log.info("Test-IdentityLink TrustProfile is not valid: " +check);
 				errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.valid", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 			}
 		}
 		
@@ -271,28 +271,28 @@ public class MOAConfigValidator {
 		
 		check = form.getPvp2IssuerName();
 		if (MiscUtil.isNotEmpty(check)) {
-			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+			if (ValidationHelper.containsNotValidCharacter(check, false)) {
 				log.info("PVP2 IssuerName is not valid: " + check);
 				errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.issuername.valid", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 			}
 		}
 		
 		check = form.getPvp2OrgDisplayName();
 		if (MiscUtil.isNotEmpty(check)) {
-			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+			if (ValidationHelper.containsNotValidCharacter(check, false)) {
 				log.info("PVP2 organisation display name is not valid: " + check);
 				errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.displayname.valid", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 			}
 		}
 		
 		check = form.getPvp2OrgName();
 		if (MiscUtil.isNotEmpty(check)) {
-			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+			if (ValidationHelper.containsNotValidCharacter(check, false)) {
 				log.info("PVP2 organisation name is not valid: " + check);
 				errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.name.valid", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 			}
 		}
 		
@@ -347,10 +347,10 @@ public class MOAConfigValidator {
 		
 		check = form.getSsoFriendlyName();
 		if (MiscUtil.isNotEmpty(check)) {
-			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+			if (ValidationHelper.containsNotValidCharacter(check, false)) {
 				log.info("SSO friendlyname is not valid: " + check);
 				errors.add(LanguageHelper.getErrorString("validation.general.sso.friendlyname.valid", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 			}
 		}
 		
@@ -373,10 +373,10 @@ public class MOAConfigValidator {
 		
 		check = form.getSsoSpecialText();
 		if (MiscUtil.isNotEmpty(check)) {
-			if (ValidationHelper.containsPotentialCSSCharacter(check, true)) {
+			if (ValidationHelper.containsNotValidCharacter(check, true)) {
 				log.info("SSO SpecialText is not valid: " + check);
 				errors.add(LanguageHelper.getErrorString("validation.general.sso.specialauthtext.valid", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} , request));
+						new Object[] {ValidationHelper.getNotValidCharacter(true)} , request));
 			}
 		}
 		
@@ -388,10 +388,10 @@ public class MOAConfigValidator {
 		} else {
 			if (!ValidationHelper.isValidAdminTarget(check)) {
 				
-				if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				if (ValidationHelper.containsNotValidCharacter(check, false)) {
 					log.warn("IdentificationNumber contains potentail XSS characters: " + check);
 					errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", 
-							new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+							new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 				}
 				
 				String num = check.replaceAll(" ", "");
@@ -440,7 +440,7 @@ public class MOAConfigValidator {
 				String filename = form.getFileUploadFileName().get(i);
 				
 				if (MiscUtil.isNotEmpty(filename)) {
-					if (ValidationHelper.containsPotentialCSSCharacter(filename, false)) {
+					if (ValidationHelper.containsNotValidCharacter(filename, false)) {
 						log.info("SL Transformation Filename is not valid");
 						errors.add(LanguageHelper.getErrorString("validation.general.slrequest.filename.valid", request));
 						
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java
index e4a091c7e..f7edbee71 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java
@@ -52,28 +52,28 @@ public class PVP2ContactValidator {
 		
 		String check = contact.getCompany();
 		if (MiscUtil.isNotEmpty(check)) {
-			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+			if (ValidationHelper.containsNotValidCharacter(check, false)) {
 				log.info("PVP2 Contact: Company is not valid: " + check);
 				errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.company.valid", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 			}
 		}
 		
 		check = contact.getGivenname();
 		if (MiscUtil.isNotEmpty(check)) {
-			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+			if (ValidationHelper.containsNotValidCharacter(check, false)) {
 				log.info("PVP2 Contact: GivenName is not valid: " + check);
 				errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.givenname.valid", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 			}
 		}
 		
 		check = contact.getSurname();
 		if (MiscUtil.isNotEmpty(check)) {
-			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+			if (ValidationHelper.containsNotValidCharacter(check, false)) {
 				log.info("PVP2 Contact: SureName is not valid: " + check);
 				errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.surename.valid", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 			}
 		}
 		
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
index fbd2f3bb3..41fce8e60 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
@@ -38,10 +38,10 @@ public class StorkConfigValidator {
 				// check country code
 				String check = current.getCountryCode();
 				if (MiscUtil.isNotEmpty(check)) {
-					if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+					if (ValidationHelper.containsNotValidCharacter(check, false)) {
 						log.warn("CPEPS config countrycode contains potentail XSS characters: " + check);
 						errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc",
-								new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+								new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 					}
 					if(!check.toLowerCase().matches("(^[a-z][a-z]$)|(^[a-z][a-z]-[a-z,0-9]*)")) {
 							log.warn("CPEPS config countrycode does not comply to ISO 3166-2 : " + check);
@@ -95,10 +95,10 @@ public class StorkConfigValidator {
 			for(StorkAttribute check : form.getAttributes()) {
 				if (check != null && MiscUtil.isNotEmpty(check.getName())) {
 					String tmp = check.getName().replace("eidas/attributes/", ""); // since eIDaS attributes come with a "/", we need to exclude them from validation. TODO Or should we require the admin to escape them in the UI?
-					if (ValidationHelper.containsPotentialCSSCharacter(tmp, true)) { 
+					if (ValidationHelper.containsNotValidCharacter(tmp, true)) { 
 						log.warn("default attributes contains potentail XSS characters: " + check);
 						errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes",
-								new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request ));
+								new Object[] {ValidationHelper.getNotValidCharacter(true)}, request ));
 					}
 					if(!tmp.toLowerCase().matches("^[A-Za-z]*$")) {
 							log.warn("default attributes do not match the requested format : " + check);
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
index 7e6396b75..a758088b1 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
@@ -140,10 +140,10 @@ public class OAAuthenticationDataValidation {
 				errors.add(LanguageHelper.getErrorString("validation.general.mandate.usemandate", request));
 			}
 			
-			if (ValidationHelper.containsPotentialCSSCharacter(check, true)) {
+			if (ValidationHelper.containsNotValidCharacter(check, true)) {
 				log.warn("MandateProfiles contains potentail XSS characters: " + check);
 				errors.add(LanguageHelper.getErrorString("validation.general.mandate.profiles", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request ));
+						new Object[] {ValidationHelper.getNotValidCharacter(true)}, request ));
 			}
 		}
 		
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java
index d2dac3b28..2011a07f1 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java
@@ -66,7 +66,7 @@ public class OAFileUploadValidation {
 				String filename = fileName.get(i);
 				
 				if (MiscUtil.isNotEmpty(filename)) {
-					if (ValidationHelper.containsPotentialCSSCharacter(filename, false)) {
+					if (ValidationHelper.containsNotValidCharacter(filename, false)) {
 						log.info("Filename is not valid");
 						errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".filename.valid", request));
 						
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java
index 0062beb96..ca0231577 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java
@@ -64,10 +64,10 @@ public class OATargetConfigValidation {
 				errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.empty", request));
 				
 			} else {
-				if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				if (ValidationHelper.containsNotValidCharacter(check, false)) {
 					log.warn("IdentificationNumber contains potentail XSS characters: " + check);
 					errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.valid", 
-							new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+							new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 				}
 				
 				if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_FN)) {
@@ -129,10 +129,10 @@ public class OATargetConfigValidation {
 				//check targetFrindlyName();
 				check = form.getTargetFriendlyName();
 				if (MiscUtil.isNotEmpty(check)) {
-					if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+					if (ValidationHelper.containsNotValidCharacter(check, false)) {
 						log.warn("TargetFriendlyName contains potentail XSS characters: " + check);
 						errors.add(LanguageHelper.getErrorString("validation.general.targetfriendlyname", 
-								new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+								new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 					}
 				}
 
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java
index e229b6ef4..c9ad63121 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java
@@ -106,13 +106,13 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
 		
 		String check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_SOURCEID, getKeyPrefix()));
 		if (MiscUtil.isNotEmpty(check)) {
-			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+			if (ValidationHelper.containsNotValidCharacter(check, false)) {
 				log.warn("SAML1 SourceID contains potentail XSS characters: " + check);
 				errors.add(new ValidationObjectIdentifier(
 						MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_SOURCEID, 
 						"SAML1 - SourceID", 
 						LanguageHelper.getErrorString("validation.general.SAML1SourceID", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)})));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)})));
 			}
 		}
 		
@@ -293,13 +293,13 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
 					"MOA-SP - AuthBlocktransformation",
 					LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty")));
 		} else {
-			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+			if (ValidationHelper.containsNotValidCharacter(check, false)) {
 				log.info("IdentityLinkSigners is not valid: " + check);
 				errors.add(new ValidationObjectIdentifier(
 						MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_AUTHBLOCK_TRANSFORM,
 						"MOA-SP - AuthBlocktransformationx",
 						LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.valid", 
-							new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )));
+							new Object[] {ValidationHelper.getNotValidCharacter(false)} )));
 					
 			} 
 		}			
@@ -312,13 +312,13 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
 					"MOA-SP - TrustProfile AuthBlock",
 					LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty")));
 		} else {
-			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+			if (ValidationHelper.containsNotValidCharacter(check, false)) {
 				log.info("Authblock TrustProfile is not valid: " +check);
 				errors.add(new ValidationObjectIdentifier(
 						MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_PROD, 
 						"MOA-SP - TrustProfile AuthBlock",
 						LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.valid", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) ));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)}) ));
 			}
 		}
 		
@@ -330,13 +330,13 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
 					"MOA-SP - TrustProfile IdL",
 					LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty")));
 		} else {
-			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+			if (ValidationHelper.containsNotValidCharacter(check, false)) {
 				log.info("IdentityLink TrustProfile is not valid: " +check);
 				errors.add(new ValidationObjectIdentifier(
 						MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_PROD, 
 						"MOA-SP - TrustProfile IdL",
 						LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.valid", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) ));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)}) ));
 			}
 		}
 		
@@ -348,13 +348,13 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
 					"MOA-SP - Test-TrustProfile AuthBlock",
 					LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.empty")));
 		} else {
-			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+			if (ValidationHelper.containsNotValidCharacter(check, false)) {
 				log.info("Authblock Test-TrustProfile is not valid: " +check);
 				errors.add(new ValidationObjectIdentifier(
 						MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_PROD, 
 						"MOA-SP - Test-TrustProfile AuthBlock",
 						LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.valid", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) ));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)}) ));
 			}
 		}
 		
@@ -366,13 +366,13 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
 					"MOA-SP - Test-TrustProfile IdL",
 					LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.empty")));
 		} else {
-			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+			if (ValidationHelper.containsNotValidCharacter(check, false)) {
 				log.info("IdentityLink Test-TrustProfile is not valid: " +check);
 				errors.add(new ValidationObjectIdentifier(
 						MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_PROD, 
 						"MOA-SP - Test-TrustProfile IdL",
 						LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.valid", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) ));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)}) ));
 			}
 		}
 		
@@ -430,25 +430,25 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
 		
 		check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_SERVICENAME, getKeyPrefix()));
 		if (MiscUtil.isNotEmpty(check)) {
-			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+			if (ValidationHelper.containsNotValidCharacter(check, false)) {
 				log.info("SSO friendlyname is not valid: " + check);
 				errors.add(new ValidationObjectIdentifier(
 						MOAIDConfigurationConstants.GENERAL_AUTH_SSO_SERVICENAME, 
 						"SSO - Servicename",
 						LanguageHelper.getErrorString("validation.general.sso.friendlyname.valid", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) ));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)}) ));
 			}
 		}
 		
 		check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_AUTHBLOCK_TEXT, getKeyPrefix()));
 		if (MiscUtil.isNotEmpty(check)) {
-			if (ValidationHelper.containsPotentialCSSCharacter(check, true)) {
+			if (ValidationHelper.containsNotValidCharacter(check, true)) {
 				log.info("SSO SpecialText is not valid: " + check);
 				errors.add(new ValidationObjectIdentifier(
 						MOAIDConfigurationConstants.GENERAL_AUTH_SSO_AUTHBLOCK_TEXT, 
 						"SSO - AuthBlocktext",
 						LanguageHelper.getErrorString("validation.general.sso.specialauthtext.valid", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} )));
+						new Object[] {ValidationHelper.getNotValidCharacter(true)} )));
 			}
 		}
 		
@@ -465,13 +465,13 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
 			//TODO: maybe store full bPK target (incl. prefix)
 			if (!ValidationHelper.isValidAdminTarget(check)) {
 				
-				if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				if (ValidationHelper.containsNotValidCharacter(check, false)) {
 					log.warn("IdentificationNumber contains potentail XSS characters: " + check);
 					errors.add(new ValidationObjectIdentifier(
 							MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET, 
 							"SSO - Target",
 							LanguageHelper.getErrorString("validation.general.sso.target.valid", 
-							new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) ));
+							new Object[] {ValidationHelper.getNotValidCharacter(false)}) ));
 				}
 				
 				String num = check.replaceAll(" ", "");
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java
index a593b5461..cdd2a7ce2 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java
@@ -90,35 +90,35 @@ public class GeneralPVP2XConfigurationTask extends AbstractTaskValidator impleme
 		String check = 
 				input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_SERVICENAMME, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL));
 		if (MiscUtil.isNotEmpty(check)) {
-			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+			if (ValidationHelper.containsNotValidCharacter(check, false)) {
 				logger.info("PVP2 IssuerName is not valid: " + check);
 				errors.add(new ValidationObjectIdentifier(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_SERVICENAMME, 
 						"Service Name", 
 						LanguageHelper.getErrorString("validation.general.protocol.pvp2.issuername.valid", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)})));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)})));
 			}
 		}
 		
 		check = 
 				input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_ORG_FULLNAME, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL));
 		if (MiscUtil.isNotEmpty(check)) {
-			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+			if (ValidationHelper.containsNotValidCharacter(check, false)) {
 				logger.info("PVP2 organisation display name is not valid: " + check);
 				errors.add(new ValidationObjectIdentifier(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_ORG_FULLNAME, 
 						"Organisation - Full name",						
 						LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.displayname.valid", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)})));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)})));
 			}
 		}
 		
 		check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_ORG_SHORTNAME, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL));
 		if (MiscUtil.isNotEmpty(check)) {
-			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+			if (ValidationHelper.containsNotValidCharacter(check, false)) {
 				logger.info("PVP2 organisation name is not valid: " + check);
 				errors.add(new ValidationObjectIdentifier(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_ORG_SHORTNAME, 
 						"Organisation - Short name",							
 						LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.name.valid", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)})));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)})));
 			}
 		}
 		
@@ -135,34 +135,34 @@ public class GeneralPVP2XConfigurationTask extends AbstractTaskValidator impleme
 		
 		check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT_COMPANY, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL));
 		if (MiscUtil.isNotEmpty(check)) {
-			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+			if (ValidationHelper.containsNotValidCharacter(check, false)) {
 				logger.info("PVP2 Contact: Company is not valid: " + check);
 				errors.add(new ValidationObjectIdentifier(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT_COMPANY, 
 						"Contact - Company",
 						LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.company.valid", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)})));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)})));
 			}
 		}
 		
 		check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT_GIVENNAME, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL));
 		if (MiscUtil.isNotEmpty(check)) {
-			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+			if (ValidationHelper.containsNotValidCharacter(check, false)) {
 				logger.info("PVP2 Contact: GivenName is not valid: " + check);
 				errors.add(new ValidationObjectIdentifier(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT_GIVENNAME, 
 						"Contact - GivenName",
 						LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.givenname.valid", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)})));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)})));
 			}
 		}
 		
 		check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT_FAMLIYNAME, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL));
 		if (MiscUtil.isNotEmpty(check)) {
-			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+			if (ValidationHelper.containsNotValidCharacter(check, false)) {
 				logger.info("PVP2 Contact: SureName is not valid: " + check);
 				errors.add(new ValidationObjectIdentifier(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT_FAMLIYNAME, 
 						"Contact - FamilyName",
 						LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.surename.valid", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)})));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)})));
 			}
 		}
 		
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
index df67ca2f1..309e0745b 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
@@ -116,14 +116,14 @@ public static final List<String> KEYWHITELIST;
 					log.trace("Extract C-PEPS for country: " + cc + " with URL:" + url);
 					if (!validatedCPeps.containsKey(cc)) {
 						if (MiscUtil.isNotEmpty(cc)) {
-							if (ValidationHelper.containsPotentialCSSCharacter(cc, false)) {
+							if (ValidationHelper.containsNotValidCharacter(cc, false)) {
 								log.warn("CPEPS config countrycode contains potentail XSS characters: " + cc);
 								errors.add(new ValidationObjectIdentifier(
 										MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST
 											+ "." + cpepsKey, 
 										"STORK - CPEPS Country",
 										LanguageHelper.getErrorString("validation.stork.cpeps.cc",
-												new Object[] {ValidationHelper.getPotentialCSSCharacter(false)})));
+												new Object[] {ValidationHelper.getNotValidCharacter(false)})));
 							}
 							if(!cc.toLowerCase().matches("(^[a-z][a-z]$)|(^[a-z][a-z]-[a-z,0-9]*)")) {
 								log.warn("CPEPS config countrycode does not comply to ISO 3166-2 : " + cc);
@@ -215,13 +215,13 @@ public static final List<String> KEYWHITELIST;
 					String value = attributeList.get(key);
 					value = value.replace("eidas/attributes/", ""); // since eIDaS attributes come with a "/", we need to exclude them from validation. TODO Or should we require the admin to escape them in the UI?
 					if (!validatedAttributes.contains(value)) {
-						if (ValidationHelper.containsPotentialCSSCharacter(value, true)) {
+						if (ValidationHelper.containsNotValidCharacter(value, true)) {
 							log.warn("default attributes contains potentail XSS characters: " + value);
 							errors.add(new ValidationObjectIdentifier(
 									MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, 
 									"STORK - Attributes",
 									LanguageHelper.getErrorString("validation.stork.requestedattributes",
-											new Object[] {ValidationHelper.getPotentialCSSCharacter(true)})));
+											new Object[] {ValidationHelper.getNotValidCharacter(true)})));
 						}
 						if(!value.toLowerCase().matches("^[A-Za-z]*$")) {
 							log.warn("default attributes do not match the requested format : " + value);
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java
index 05467c3bc..25855dcb6 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java
@@ -220,13 +220,13 @@ public class ServicesAuthenticationInformationTask extends AbstractTaskValidator
 		String checkUseMandate = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_OVS_USE);
 		if (MiscUtil.isNotEmpty(checkUseMandate) && Boolean.parseBoolean(checkUseMandate)) {
 			check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_OVS_PROFILES);
-			if (ValidationHelper.containsPotentialCSSCharacter(check, true)) {
+			if (ValidationHelper.containsNotValidCharacter(check, true)) {
 				log.warn("MandateProfiles contains potentail XSS characters: " + check);
 				errors.add(new ValidationObjectIdentifier(
 						MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_OVS_PROFILES, 
 						"Mandates - Profiles",
 						LanguageHelper.getErrorString("validation.general.mandate.profiles", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}) ));
+						new Object[] {ValidationHelper.getNotValidCharacter(true)}) ));
 			}
 			
 		}
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesBKUSelectionTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesBKUSelectionTask.java
index f8ce21c99..83e6cb234 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesBKUSelectionTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesBKUSelectionTask.java
@@ -153,13 +153,13 @@ public class ServicesBKUSelectionTask extends AbstractTaskValidator implements I
 		//validate aditionalAuthBlockText
 		String check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_AUTHBLOCKTEXT);
 		if (MiscUtil.isNotEmpty(check)) {
-			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+			if (ValidationHelper.containsNotValidCharacter(check, false)) {
 				log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check);
 				errors.add(new ValidationObjectIdentifier(
 						MOAIDConfigurationConstants.SERVICE_AUTH_BKU_AUTHBLOCKTEXT, 
 						"AuthBlock - Addition AuthBlocktext",
 						LanguageHelper.getErrorString("validation.general.aditionalauthblocktext", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)})));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)})));
 			}
 		}
 		
@@ -172,7 +172,7 @@ public class ServicesBKUSelectionTask extends AbstractTaskValidator implements I
 			try {				
 				String bkuSelectTemplateUploadedFileName = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_FILENAME);
 				if (MiscUtil.isNotEmpty(bkuSelectTemplateUploadedFileName)) {
-					if (ValidationHelper.containsPotentialCSSCharacter(bkuSelectTemplateUploadedFileName, false)) {
+					if (ValidationHelper.containsNotValidCharacter(bkuSelectTemplateUploadedFileName, false)) {
 						log.info("BKU Selection Filename is not valid");
 						errors.add(new ValidationObjectIdentifier(
 								MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_FILENAME, 
@@ -221,7 +221,7 @@ public class ServicesBKUSelectionTask extends AbstractTaskValidator implements I
 			try {				
 				String sendAssertionTemplateUploadedFileName = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_FILENAME);
 				if (MiscUtil.isNotEmpty(sendAssertionTemplateUploadedFileName)) {
-					if (ValidationHelper.containsPotentialCSSCharacter(sendAssertionTemplateUploadedFileName, false)) {
+					if (ValidationHelper.containsNotValidCharacter(sendAssertionTemplateUploadedFileName, false)) {
 						log.info("Send Assertion Filename is not valid");
 						errors.add(new ValidationObjectIdentifier(
 								MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_FILENAME, 
@@ -342,13 +342,13 @@ public class ServicesBKUSelectionTask extends AbstractTaskValidator implements I
 		
 		check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERTEXT);
 		if (MiscUtil.isNotEmpty(check)) {			
-			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+			if (ValidationHelper.containsNotValidCharacter(check, false)) {
 				log.warn("HeaderText contains potentail XSS characters: " + check);
 				errors.add(new ValidationObjectIdentifier(
 						MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERTEXT, 
 						"Templates - Header Text",
 						LanguageHelper.getErrorString("validation.general.form.header.text", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) ));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)}) ));
 			}
 		}
 
@@ -407,13 +407,13 @@ public class ServicesBKUSelectionTask extends AbstractTaskValidator implements I
 		
 		check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FONTTYPE);
 		if (MiscUtil.isNotEmpty(check)) {			
-			if (ValidationHelper.containsPotentialCSSCharacter(check, true)) {
+			if (ValidationHelper.containsNotValidCharacter(check, true)) {
 				log.warn("FontType contains potentail XSS characters: " + check);
 				errors.add(new ValidationObjectIdentifier(
 						MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FONTTYPE, 
 						"Templates - Font Type",
 						LanguageHelper.getErrorString("validation.general.form.fonttype", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}) ));
+						new Object[] {ValidationHelper.getNotValidCharacter(true)}) ));
 			}
 		}
 		
@@ -425,7 +425,7 @@ public class ServicesBKUSelectionTask extends AbstractTaskValidator implements I
 						MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT, 
 						"Templates - Applet Height",
 						LanguageHelper.getErrorString("validation.general.form.applet.height", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}) ));
+						new Object[] {ValidationHelper.getNotValidCharacter(true)}) ));
 			}			
 		}
 		
@@ -437,7 +437,7 @@ public class ServicesBKUSelectionTask extends AbstractTaskValidator implements I
 						MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH, 
 						"Templates - Applet Width",
 						LanguageHelper.getErrorString("validation.general.form.applet.width", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}) ));
+						new Object[] {ValidationHelper.getNotValidCharacter(true)}) ));
 			}			
 		}
 							
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesGeneralInformationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesGeneralInformationTask.java
index 86d047c74..5ff157b3b 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesGeneralInformationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesGeneralInformationTask.java
@@ -107,13 +107,13 @@ public class ServicesGeneralInformationTask extends AbstractTaskValidator implem
 				
 		String check = input.get(MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME);
 		if (MiscUtil.isNotEmpty(check)) {
-			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+			if (ValidationHelper.containsNotValidCharacter(check, false)) {
 				log.warn("OAFriendlyName contains potentail XSS characters: " + check);
 				errors.add(new ValidationObjectIdentifier(
 						MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME, 
 						"FriendlyName",
 						LanguageHelper.getErrorString("validation.general.oafriendlyname.valid", 
-						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)})));
+						new Object[] {ValidationHelper.getNotValidCharacter(false)})));
 			}
 		} else {
 			log.info("OA friendlyName is empty");
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java
index 5d23a60f6..e8d49a391 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java
@@ -113,13 +113,13 @@ public class ServicesTargetTask extends AbstractTaskValidator implements ITaskVa
 						LanguageHelper.getErrorString("validation.general.identificationnumber.empty")));
 				
 			} else {
-				if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				if (ValidationHelper.containsNotValidCharacter(check, false)) {
 					log.warn("IdentificationNumber contains potentail XSS characters: " + check);
 					errors.add(new ValidationObjectIdentifier(
 							MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE, 
 							"BusinessService - Value",
 							LanguageHelper.getErrorString("validation.general.identificationnumber.valid", 
-							new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) ));
+							new Object[] {ValidationHelper.getNotValidCharacter(false)}) ));
 				}
 				
 				if (input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE)
@@ -142,13 +142,13 @@ public class ServicesTargetTask extends AbstractTaskValidator implements ITaskVa
 			if (MiscUtil.isNotEmpty(useOwnTarget) && Boolean.parseBoolean(useOwnTarget)) {
 				check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_NAME);
 				if (MiscUtil.isNotEmpty(check)) {
-					if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+					if (ValidationHelper.containsNotValidCharacter(check, false)) {
 						log.warn("TargetFriendlyName contains potentail XSS characters: " + check);
 						errors.add(new ValidationObjectIdentifier(
 								MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_NAME, 
 								"Own Target - FriendlyName",
 								LanguageHelper.getErrorString("validation.general.targetfriendlyname", 
-								new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) ));
+								new Object[] {ValidationHelper.getNotValidCharacter(false)}) ));
 					}
 				}
 				
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java
index 01ae2a354..0a0c4b06d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java
@@ -22,11 +22,6 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.commons.validation;
 
-import iaik.asn1.ObjectID;
-import iaik.utils.Util;
-import iaik.x509.X509Certificate;
-import iaik.x509.X509ExtensionInitException;
-
 import java.io.IOException;
 import java.net.MalformedURLException;
 import java.net.URL;
@@ -45,6 +40,10 @@ import javax.net.ssl.SSLSocket;
 import javax.net.ssl.SSLSocketFactory;
 
 import at.gv.egovernment.moa.logging.Logger;
+import iaik.asn1.ObjectID;
+import iaik.utils.Util;
+import iaik.x509.X509Certificate;
+import iaik.x509.X509ExtensionInitException;
 
 
 public class ValidationHelper {
@@ -322,7 +321,7 @@ public class ValidationHelper {
 		return "; % \" ' ` , < > \\";
 	}	
 	
-	public static boolean containsPotentialCSSCharacter(String param, boolean commaallowed) {
+	public static boolean containsNotValidCharacter(String param, boolean commaallowed) {
 		
 		if (param == null) {
 			return false;
@@ -340,7 +339,7 @@ public class ValidationHelper {
 					 param.indexOf("/") != -1;					 					
 	}
 	
-	public static String getPotentialCSSCharacter(boolean commaallowed) {
+	public static String getNotValidCharacter(boolean commaallowed) {
 		
 		if (commaallowed)
 			return "; % \" ' ` < > \\ /";
-- 
cgit v1.2.3


From 868d6e587cb262683a658fdbd56bb752913638b4 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 27 Nov 2017 12:10:05 +0100
Subject: delete old and unused jar's from local repository

---
 .../MOA/spss/common/3.0.0-RC1/common-3.0.0-RC1.jar | Bin 192309 -> 0 bytes
 .../MOA/spss/common/3.0.0-RC5/common-3.0.0-RC5.jar | Bin 193264 -> 0 bytes
 repository/MOA/spss/common/3.0.0/common-3.0.0.jar  | Bin 193336 -> 0 bytes
 .../3.0.0-RC1/moa-sig-lib-3.0.0-RC1.jar            | Bin 384648 -> 0 bytes
 .../3.0.0-RC5/moa-sig-lib-3.0.0-RC5.jar            | Bin 392883 -> 0 bytes
 .../server/moa-sig-lib/3.0.0/moa-sig-lib-3.0.0.jar | Bin 393827 -> 0 bytes
 .../server/moa-sig-lib/3.0.1/moa-sig-lib-3.0.1.jar | Bin 396504 -> 0 bytes
 .../2.0.5-RC1/moa-spss-lib-2.0.5-RC1-javadoc.jar   | Bin 978350 -> 0 bytes
 .../2.0.5-RC1/moa-spss-lib-2.0.5-RC1.jar           | Bin 371794 -> 0 bytes
 .../2.0.5/moa-spss-lib-2.0.5-javadoc.jar           | Bin 976947 -> 0 bytes
 .../moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar      | Bin 381412 -> 0 bytes
 .../at/gv/util/egovutils/1.0.7/egovutils-1.0.7.jar | Bin 3123386 -> 0 bytes
 .../at/gv/util/egovutils/1.0.7/egovutils-1.0.7.pom |  85 -------
 repository/axis/axis/1.0_IAIK/axis-1.0_IAIK.jar    | Bin 1025987 -> 0 bytes
 repository/axis/axis/1.0_IAIK/axis-1.0_IAIK.pom    |   7 -
 .../axis/axis/1.0_IAIK_1.1/axis-1.0_IAIK_1.1.jar   | Bin 1095327 -> 0 bytes
 .../axis/axis/1.0_IAIK_1.1/axis-1.0_IAIK_1.1.pom   |   7 -
 .../webservices-rt/2.0.1/webservices-rt-2.0.1.jar  | Bin 13098832 -> 0 bytes
 .../webservices-rt/2.0.1/webservices-rt-2.0.1.pom  |   9 -
 .../2.0.1/webservices-tools-2.0.1.jar              | Bin 3620372 -> 0 bytes
 .../2.0.1/webservices-tools-2.0.1.pom              |   9 -
 .../0.2/iaik_X509TrustManager-0.2.jar              | Bin 3635 -> 0 bytes
 .../0.2/iaik_X509TrustManager-0.2.jar.md5          |   1 -
 .../0.2/iaik_X509TrustManager-0.2.jar.sha1         |   1 -
 .../0.2/iaik_X509TrustManager-0.2.pom              |   7 -
 .../0.2/iaik_X509TrustManager-0.2.pom.md5          |   1 -
 .../0.2/iaik_X509TrustManager-0.2.pom.sha1         |   1 -
 .../prod/iaik_cms/4.01_MOA/iaik_cms-4.01_MOA.jar   | Bin 340782 -> 0 bytes
 .../iaik_cms/4.01_MOA/iaik_cms-4.01_MOA.jar.md5    |   1 -
 .../iaik_cms/4.01_MOA/iaik_cms-4.01_MOA.jar.sha1   |   1 -
 .../prod/iaik_cms/4.01_MOA/iaik_cms-4.01_MOA.pom   |   6 -
 .../iaik_cms/4.01_MOA/iaik_cms-4.01_MOA.pom.md5    |   1 -
 .../iaik_cms/4.01_MOA/iaik_cms-4.01_MOA.pom.sha1   |   1 -
 .../iaik_cms/4.01_MOA_SV/iaik_cms-4.01_MOA_SV.jar  | Bin 365565 -> 0 bytes
 .../4.01_MOA_SV/iaik_cms-4.01_MOA_SV.jar.md5       |   1 -
 .../4.01_MOA_SV/iaik_cms-4.01_MOA_SV.jar.sha1      |   1 -
 .../iaik_cms/4.01_MOA_SV/iaik_cms-4.01_MOA_SV.pom  |   6 -
 .../4.01_MOA_SV/iaik_cms-4.01_MOA_SV.pom.md5       |   1 -
 .../4.01_MOA_SV/iaik_cms-4.01_MOA_SV.pom.sha1      |   1 -
 .../prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.jar     | Bin 364606 -> 0 bytes
 .../prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.pom     |   6 -
 .../2.2b3_tmp/iaik_cpades-2.2b3_tmp.jar            | Bin 120778 -> 0 bytes
 .../3.1_eval/iaik_eccelerate-3.1_eval.jar          | Bin 359608 -> 0 bytes
 .../3.01_eval/iaik_eccelerate_addon-3.01_eval.jar  | Bin 77097 -> 0 bytes
 .../3.01/iaik_eccelerate_cms-3.01.jar              | Bin 4501 -> 0 bytes
 .../3.16_MOA/iaik_jce_full-3.16_MOA.jar            | Bin 854872 -> 0 bytes
 .../3.16_MOA/iaik_jce_full-3.16_MOA.jar.md5        |   1 -
 .../3.16_MOA/iaik_jce_full-3.16_MOA.jar.sha1       |   1 -
 .../3.16_MOA/iaik_jce_full-3.16_MOA.pom            |   6 -
 .../3.16_MOA/iaik_jce_full-3.16_MOA.pom.md5        |   1 -
 .../3.16_MOA/iaik_jce_full-3.16_MOA.pom.sha1       |   1 -
 .../3.18_MOA/iaik_jce_full-3.18_MOA.jar            | Bin 919238 -> 0 bytes
 .../3.18_MOA/iaik_jce_full-3.18_MOA.jar.md5        |   1 -
 .../3.18_MOA/iaik_jce_full-3.18_MOA.jar.sha1       |   1 -
 .../3.18_MOA/iaik_jce_full-3.18_MOA.pom            |   6 -
 .../3.18_MOA/iaik_jce_full-3.18_MOA.pom.md5        |   1 -
 .../3.18_MOA/iaik_jce_full-3.18_MOA.pom.sha1       |   1 -
 .../4.0_MOA/iaik_jce_full-4.0_MOA.jar              | Bin 999669 -> 0 bytes
 .../4.0_MOA/iaik_jce_full-4.0_MOA.jar.sha1         |   1 -
 .../4.0_MOA/iaik_jce_full-4.0_MOA.pom              |   6 -
 .../4.0_MOA/iaik_jce_full-4.0_MOA.pom.sha1         |   1 -
 .../iaik_jce_full/5.101/iaik_jce_full-5.101.jar    | Bin 1115849 -> 0 bytes
 .../5.101/iaik_jce_full-5.101.jar.md5              |   1 -
 .../5.101/iaik_jce_full-5.101.jar.sha1             |   1 -
 .../iaik_jce_full/5.101/iaik_jce_full-5.101.pom    |   9 -
 .../5.101/iaik_jce_full-5.101.pom.md5              |   1 -
 .../5.101/iaik_jce_full-5.101.pom.sha1             |   1 -
 .../prod/iaik_jce_full/5.2/iaik_jce_full-5.2.jar   | Bin 1123926 -> 0 bytes
 .../prod/iaik_jce_full/5.2/iaik_jce_full-5.2.pom   |   9 -
 .../5.3_MOA/iaik_jce_full-5.3_MOA.jar              | Bin 1160539 -> 0 bytes
 .../prod/iaik_jce_full/iaik_jce_full-4.0_MOA.jar   | Bin 999669 -> 0 bytes
 .../iaik_jce_full/iaik_jce_full-4.0_MOA.jar.sha1   |   1 -
 .../prod/iaik_jce_full/iaik_jce_full-4.0_MOA.pom   |   6 -
 .../iaik_jce_full/iaik_jce_full-4.0_MOA.pom.sha1   |   1 -
 .../iaik/prod/iaik_moa/1.23/iaik_moa-1.23.jar      | Bin 696910 -> 0 bytes
 .../iaik/prod/iaik_moa/1.23/iaik_moa-1.23.jar.md5  |   1 -
 .../iaik/prod/iaik_moa/1.23/iaik_moa-1.23.jar.sha1 |   1 -
 .../iaik/prod/iaik_moa/1.23/iaik_moa-1.23.pom      |   6 -
 .../iaik/prod/iaik_moa/1.23/iaik_moa-1.23.pom.md5  |   1 -
 .../iaik/prod/iaik_moa/1.23/iaik_moa-1.23.pom.sha1 |   1 -
 .../iaik/prod/iaik_moa/1.24/iaik_moa-1.24.jar      | Bin 697496 -> 0 bytes
 .../iaik/prod/iaik_moa/1.24/iaik_moa-1.24.jar.md5  |   1 -
 .../iaik/prod/iaik_moa/1.24/iaik_moa-1.24.jar.sha1 |   1 -
 .../iaik/prod/iaik_moa/1.24/iaik_moa-1.24.pom      |   7 -
 .../iaik/prod/iaik_moa/1.24/iaik_moa-1.24.pom.md5  |   1 -
 .../iaik/prod/iaik_moa/1.24/iaik_moa-1.24.pom.sha1 |   1 -
 .../iaik/prod/iaik_moa/1.26/iaik_moa-1.26.jar      | Bin 710601 -> 0 bytes
 .../iaik/prod/iaik_moa/1.26/iaik_moa-1.26.jar.md5  |   1 -
 .../iaik/prod/iaik_moa/1.26/iaik_moa-1.26.jar.sha1 |   1 -
 .../iaik/prod/iaik_moa/1.26/iaik_moa-1.26.pom      |   7 -
 .../iaik/prod/iaik_moa/1.26/iaik_moa-1.26.pom.md5  |   1 -
 .../iaik/prod/iaik_moa/1.26/iaik_moa-1.26.pom.sha1 |   1 -
 .../iaik/prod/iaik_moa/1.27/iaik_moa-1.27.jar      | Bin 711034 -> 0 bytes
 .../iaik/prod/iaik_moa/1.28/iaik_moa-1.28.jar      | Bin 711652 -> 0 bytes
 .../iaik/prod/iaik_moa/1.28/iaik_moa-1.28.pom      |   6 -
 .../iaik/prod/iaik_moa/1.29/iaik_moa-1.29.jar      | Bin 711857 -> 0 bytes
 .../iaik/prod/iaik_moa/1.29/iaik_moa-1.29.pom      |   6 -
 .../iaik/prod/iaik_moa/1.31/iaik_moa-1.31.jar      | Bin 725273 -> 0 bytes
 .../iaik/prod/iaik_moa/1.31/iaik_moa-1.31.pom      |   6 -
 .../iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar      | Bin 729484 -> 0 bytes
 .../iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar.md5  |   1 -
 .../iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar.sha1 |   1 -
 .../iaik/prod/iaik_moa/1.32/iaik_moa-1.32.pom      |   9 -
 .../iaik/prod/iaik_moa/1.32/iaik_moa-1.32.pom.md5  |   1 -
 .../iaik/prod/iaik_moa/1.32/iaik_moa-1.32.pom.sha1 |   1 -
 .../prod/iaik_moa/1.32/m2e-lastUpdated.properties  |  10 -
 repository/iaik/prod/iaik_moa/1.5/iaik_moa-1.5.jar | Bin 767868 -> 0 bytes
 .../iaik/prod/iaik_moa/1.5/iaik_moa-1.5.jar.md5    |   1 -
 .../iaik/prod/iaik_moa/1.5/iaik_moa-1.5.jar.sha1   |   1 -
 repository/iaik/prod/iaik_moa/1.5/iaik_moa-1.5.pom |   9 -
 .../iaik/prod/iaik_moa/1.5/iaik_moa-1.5.pom.md5    |   1 -
 .../iaik/prod/iaik_moa/1.5/iaik_moa-1.5.pom.sha1   |   1 -
 .../prod/iaik_moa/1.5/m2e-lastUpdated.properties   |   9 -
 .../iaik/prod/iaik_moa/1.51/iaik_moa-1.51.jar      | Bin 768699 -> 0 bytes
 .../iaik/prod/iaik_moa/1.51/iaik_moa-1.51.pom      |   9 -
 .../iaik/prod/iaik_moa/2.00/iaik_moa-2.00.jar      | Bin 513660 -> 0 bytes
 .../iaik/prod/iaik_moa/2.01/iaik_moa-2.01.jar      | Bin 518680 -> 0 bytes
 .../1.00_moa/iaik_pki_module-1.00_moa.jar          | Bin 587551 -> 0 bytes
 .../1.01_moa/iaik_pki_module-1.01_moa.jar          | Bin 587665 -> 0 bytes
 .../1.02_moa/iaik_pki_module-1.02_moa.jar          | Bin 598025 -> 0 bytes
 .../0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.jar     | Bin 543360 -> 0 bytes
 .../0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.jar.md5 |   1 -
 .../iaik_tsl-0.0.2-SNAPSHOT.jar.sha1               |   1 -
 .../0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.pom     |   9 -
 .../0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.pom.md5 |   1 -
 .../iaik_tsl-0.0.2-SNAPSHOT.pom.sha1               |   1 -
 .../0.0.2-SNAPSHOT/maven-metadata-local.xml        |  12 -
 .../0.0.2-SNAPSHOT/resolver-status.properties      |   3 -
 repository/iaik/prod/iaik_tsl/1.0/iaik_tsl-1.0.jar | Bin 558131 -> 0 bytes
 repository/iaik/prod/iaik_tsl/1.0/iaik_tsl-1.0.pom | 251 ---------------------
 .../prod/iaik_tsl/1.1_moa/iaik_tsl-1.1_moa.jar     | Bin 558558 -> 0 bytes
 .../iaik/prod/iaik_tsl/maven-metadata-local.xml    |  12 -
 .../20160408_eval/iaik_xades-20160408_eval.jar     | Bin 312190 -> 0 bytes
 .../iaik_xsect-2.10_20160408_eval.jar              | Bin 422263 -> 0 bytes
 .../3.7.8-SNAPSHOT/maven-metadata-local.xml        |  12 -
 .../3.7.8-SNAPSHOT/resolver-status.properties      |   3 -
 .../3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.jar  | Bin 3516830 -> 0 bytes
 .../sqlite-jdbc-3.7.8-SNAPSHOT.jar.md5             |   1 -
 .../sqlite-jdbc-3.7.8-SNAPSHOT.jar.sha1            |   1 -
 .../3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.pom  |   9 -
 .../sqlite-jdbc-3.7.8-SNAPSHOT.pom.md5             |   1 -
 .../sqlite-jdbc-3.7.8-SNAPSHOT.pom.sha1            |   1 -
 .../xerial/sqlite-jdbc/maven-metadata-local.xml    |  12 -
 143 files changed, 647 deletions(-)
 delete mode 100644 repository/MOA/spss/common/3.0.0-RC1/common-3.0.0-RC1.jar
 delete mode 100644 repository/MOA/spss/common/3.0.0-RC5/common-3.0.0-RC5.jar
 delete mode 100644 repository/MOA/spss/common/3.0.0/common-3.0.0.jar
 delete mode 100644 repository/MOA/spss/server/moa-sig-lib/3.0.0-RC1/moa-sig-lib-3.0.0-RC1.jar
 delete mode 100644 repository/MOA/spss/server/moa-sig-lib/3.0.0-RC5/moa-sig-lib-3.0.0-RC5.jar
 delete mode 100644 repository/MOA/spss/server/moa-sig-lib/3.0.0/moa-sig-lib-3.0.0.jar
 delete mode 100644 repository/MOA/spss/server/moa-sig-lib/3.0.1/moa-sig-lib-3.0.1.jar
 delete mode 100644 repository/MOA/spss/server/moa-spss-lib/2.0.5-RC1/moa-spss-lib-2.0.5-RC1-javadoc.jar
 delete mode 100644 repository/MOA/spss/server/moa-spss-lib/2.0.5-RC1/moa-spss-lib-2.0.5-RC1.jar
 delete mode 100644 repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5-javadoc.jar
 delete mode 100644 repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar
 delete mode 100644 repository/at/gv/util/egovutils/1.0.7/egovutils-1.0.7.jar
 delete mode 100644 repository/at/gv/util/egovutils/1.0.7/egovutils-1.0.7.pom
 delete mode 100644 repository/axis/axis/1.0_IAIK/axis-1.0_IAIK.jar
 delete mode 100644 repository/axis/axis/1.0_IAIK/axis-1.0_IAIK.pom
 delete mode 100644 repository/axis/axis/1.0_IAIK_1.1/axis-1.0_IAIK_1.1.jar
 delete mode 100644 repository/axis/axis/1.0_IAIK_1.1/axis-1.0_IAIK_1.1.pom
 delete mode 100644 repository/com/sun/webservices-rt/2.0.1/webservices-rt-2.0.1.jar
 delete mode 100644 repository/com/sun/webservices-rt/2.0.1/webservices-rt-2.0.1.pom
 delete mode 100644 repository/com/sun/webservices-tools/2.0.1/webservices-tools-2.0.1.jar
 delete mode 100644 repository/com/sun/webservices-tools/2.0.1/webservices-tools-2.0.1.pom
 delete mode 100644 repository/iaik/prod/iaik_X509TrustManager/0.2/iaik_X509TrustManager-0.2.jar
 delete mode 100644 repository/iaik/prod/iaik_X509TrustManager/0.2/iaik_X509TrustManager-0.2.jar.md5
 delete mode 100644 repository/iaik/prod/iaik_X509TrustManager/0.2/iaik_X509TrustManager-0.2.jar.sha1
 delete mode 100644 repository/iaik/prod/iaik_X509TrustManager/0.2/iaik_X509TrustManager-0.2.pom
 delete mode 100644 repository/iaik/prod/iaik_X509TrustManager/0.2/iaik_X509TrustManager-0.2.pom.md5
 delete mode 100644 repository/iaik/prod/iaik_X509TrustManager/0.2/iaik_X509TrustManager-0.2.pom.sha1
 delete mode 100644 repository/iaik/prod/iaik_cms/4.01_MOA/iaik_cms-4.01_MOA.jar
 delete mode 100644 repository/iaik/prod/iaik_cms/4.01_MOA/iaik_cms-4.01_MOA.jar.md5
 delete mode 100644 repository/iaik/prod/iaik_cms/4.01_MOA/iaik_cms-4.01_MOA.jar.sha1
 delete mode 100644 repository/iaik/prod/iaik_cms/4.01_MOA/iaik_cms-4.01_MOA.pom
 delete mode 100644 repository/iaik/prod/iaik_cms/4.01_MOA/iaik_cms-4.01_MOA.pom.md5
 delete mode 100644 repository/iaik/prod/iaik_cms/4.01_MOA/iaik_cms-4.01_MOA.pom.sha1
 delete mode 100644 repository/iaik/prod/iaik_cms/4.01_MOA_SV/iaik_cms-4.01_MOA_SV.jar
 delete mode 100644 repository/iaik/prod/iaik_cms/4.01_MOA_SV/iaik_cms-4.01_MOA_SV.jar.md5
 delete mode 100644 repository/iaik/prod/iaik_cms/4.01_MOA_SV/iaik_cms-4.01_MOA_SV.jar.sha1
 delete mode 100644 repository/iaik/prod/iaik_cms/4.01_MOA_SV/iaik_cms-4.01_MOA_SV.pom
 delete mode 100644 repository/iaik/prod/iaik_cms/4.01_MOA_SV/iaik_cms-4.01_MOA_SV.pom.md5
 delete mode 100644 repository/iaik/prod/iaik_cms/4.01_MOA_SV/iaik_cms-4.01_MOA_SV.pom.sha1
 delete mode 100644 repository/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.jar
 delete mode 100644 repository/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.pom
 delete mode 100644 repository/iaik/prod/iaik_cpades/2.2b3_tmp/iaik_cpades-2.2b3_tmp.jar
 delete mode 100644 repository/iaik/prod/iaik_eccelerate/3.1_eval/iaik_eccelerate-3.1_eval.jar
 delete mode 100644 repository/iaik/prod/iaik_eccelerate_addon/3.01_eval/iaik_eccelerate_addon-3.01_eval.jar
 delete mode 100644 repository/iaik/prod/iaik_eccelerate_cms/3.01/iaik_eccelerate_cms-3.01.jar
 delete mode 100644 repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.jar
 delete mode 100644 repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.jar.md5
 delete mode 100644 repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.jar.sha1
 delete mode 100644 repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.pom
 delete mode 100644 repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.pom.md5
 delete mode 100644 repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.pom.sha1
 delete mode 100644 repository/iaik/prod/iaik_jce_full/3.18_MOA/iaik_jce_full-3.18_MOA.jar
 delete mode 100644 repository/iaik/prod/iaik_jce_full/3.18_MOA/iaik_jce_full-3.18_MOA.jar.md5
 delete mode 100644 repository/iaik/prod/iaik_jce_full/3.18_MOA/iaik_jce_full-3.18_MOA.jar.sha1
 delete mode 100644 repository/iaik/prod/iaik_jce_full/3.18_MOA/iaik_jce_full-3.18_MOA.pom
 delete mode 100644 repository/iaik/prod/iaik_jce_full/3.18_MOA/iaik_jce_full-3.18_MOA.pom.md5
 delete mode 100644 repository/iaik/prod/iaik_jce_full/3.18_MOA/iaik_jce_full-3.18_MOA.pom.sha1
 delete mode 100644 repository/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.jar
 delete mode 100644 repository/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.jar.sha1
 delete mode 100644 repository/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.pom
 delete mode 100644 repository/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.pom.sha1
 delete mode 100644 repository/iaik/prod/iaik_jce_full/5.101/iaik_jce_full-5.101.jar
 delete mode 100644 repository/iaik/prod/iaik_jce_full/5.101/iaik_jce_full-5.101.jar.md5
 delete mode 100644 repository/iaik/prod/iaik_jce_full/5.101/iaik_jce_full-5.101.jar.sha1
 delete mode 100644 repository/iaik/prod/iaik_jce_full/5.101/iaik_jce_full-5.101.pom
 delete mode 100644 repository/iaik/prod/iaik_jce_full/5.101/iaik_jce_full-5.101.pom.md5
 delete mode 100644 repository/iaik/prod/iaik_jce_full/5.101/iaik_jce_full-5.101.pom.sha1
 delete mode 100644 repository/iaik/prod/iaik_jce_full/5.2/iaik_jce_full-5.2.jar
 delete mode 100644 repository/iaik/prod/iaik_jce_full/5.2/iaik_jce_full-5.2.pom
 delete mode 100644 repository/iaik/prod/iaik_jce_full/5.3_MOA/iaik_jce_full-5.3_MOA.jar
 delete mode 100644 repository/iaik/prod/iaik_jce_full/iaik_jce_full-4.0_MOA.jar
 delete mode 100644 repository/iaik/prod/iaik_jce_full/iaik_jce_full-4.0_MOA.jar.sha1
 delete mode 100644 repository/iaik/prod/iaik_jce_full/iaik_jce_full-4.0_MOA.pom
 delete mode 100644 repository/iaik/prod/iaik_jce_full/iaik_jce_full-4.0_MOA.pom.sha1
 delete mode 100644 repository/iaik/prod/iaik_moa/1.23/iaik_moa-1.23.jar
 delete mode 100644 repository/iaik/prod/iaik_moa/1.23/iaik_moa-1.23.jar.md5
 delete mode 100644 repository/iaik/prod/iaik_moa/1.23/iaik_moa-1.23.jar.sha1
 delete mode 100644 repository/iaik/prod/iaik_moa/1.23/iaik_moa-1.23.pom
 delete mode 100644 repository/iaik/prod/iaik_moa/1.23/iaik_moa-1.23.pom.md5
 delete mode 100644 repository/iaik/prod/iaik_moa/1.23/iaik_moa-1.23.pom.sha1
 delete mode 100644 repository/iaik/prod/iaik_moa/1.24/iaik_moa-1.24.jar
 delete mode 100644 repository/iaik/prod/iaik_moa/1.24/iaik_moa-1.24.jar.md5
 delete mode 100644 repository/iaik/prod/iaik_moa/1.24/iaik_moa-1.24.jar.sha1
 delete mode 100644 repository/iaik/prod/iaik_moa/1.24/iaik_moa-1.24.pom
 delete mode 100644 repository/iaik/prod/iaik_moa/1.24/iaik_moa-1.24.pom.md5
 delete mode 100644 repository/iaik/prod/iaik_moa/1.24/iaik_moa-1.24.pom.sha1
 delete mode 100644 repository/iaik/prod/iaik_moa/1.26/iaik_moa-1.26.jar
 delete mode 100644 repository/iaik/prod/iaik_moa/1.26/iaik_moa-1.26.jar.md5
 delete mode 100644 repository/iaik/prod/iaik_moa/1.26/iaik_moa-1.26.jar.sha1
 delete mode 100644 repository/iaik/prod/iaik_moa/1.26/iaik_moa-1.26.pom
 delete mode 100644 repository/iaik/prod/iaik_moa/1.26/iaik_moa-1.26.pom.md5
 delete mode 100644 repository/iaik/prod/iaik_moa/1.26/iaik_moa-1.26.pom.sha1
 delete mode 100644 repository/iaik/prod/iaik_moa/1.27/iaik_moa-1.27.jar
 delete mode 100644 repository/iaik/prod/iaik_moa/1.28/iaik_moa-1.28.jar
 delete mode 100644 repository/iaik/prod/iaik_moa/1.28/iaik_moa-1.28.pom
 delete mode 100644 repository/iaik/prod/iaik_moa/1.29/iaik_moa-1.29.jar
 delete mode 100644 repository/iaik/prod/iaik_moa/1.29/iaik_moa-1.29.pom
 delete mode 100644 repository/iaik/prod/iaik_moa/1.31/iaik_moa-1.31.jar
 delete mode 100644 repository/iaik/prod/iaik_moa/1.31/iaik_moa-1.31.pom
 delete mode 100644 repository/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar
 delete mode 100644 repository/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar.md5
 delete mode 100644 repository/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar.sha1
 delete mode 100644 repository/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.pom
 delete mode 100644 repository/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.pom.md5
 delete mode 100644 repository/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.pom.sha1
 delete mode 100644 repository/iaik/prod/iaik_moa/1.32/m2e-lastUpdated.properties
 delete mode 100644 repository/iaik/prod/iaik_moa/1.5/iaik_moa-1.5.jar
 delete mode 100644 repository/iaik/prod/iaik_moa/1.5/iaik_moa-1.5.jar.md5
 delete mode 100644 repository/iaik/prod/iaik_moa/1.5/iaik_moa-1.5.jar.sha1
 delete mode 100644 repository/iaik/prod/iaik_moa/1.5/iaik_moa-1.5.pom
 delete mode 100644 repository/iaik/prod/iaik_moa/1.5/iaik_moa-1.5.pom.md5
 delete mode 100644 repository/iaik/prod/iaik_moa/1.5/iaik_moa-1.5.pom.sha1
 delete mode 100644 repository/iaik/prod/iaik_moa/1.5/m2e-lastUpdated.properties
 delete mode 100644 repository/iaik/prod/iaik_moa/1.51/iaik_moa-1.51.jar
 delete mode 100644 repository/iaik/prod/iaik_moa/1.51/iaik_moa-1.51.pom
 delete mode 100644 repository/iaik/prod/iaik_moa/2.00/iaik_moa-2.00.jar
 delete mode 100644 repository/iaik/prod/iaik_moa/2.01/iaik_moa-2.01.jar
 delete mode 100644 repository/iaik/prod/iaik_pki_module/1.00_moa/iaik_pki_module-1.00_moa.jar
 delete mode 100644 repository/iaik/prod/iaik_pki_module/1.01_moa/iaik_pki_module-1.01_moa.jar
 delete mode 100644 repository/iaik/prod/iaik_pki_module/1.02_moa/iaik_pki_module-1.02_moa.jar
 delete mode 100644 repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.jar
 delete mode 100644 repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.jar.md5
 delete mode 100644 repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.jar.sha1
 delete mode 100644 repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.pom
 delete mode 100644 repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.pom.md5
 delete mode 100644 repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.pom.sha1
 delete mode 100644 repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/maven-metadata-local.xml
 delete mode 100644 repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/resolver-status.properties
 delete mode 100644 repository/iaik/prod/iaik_tsl/1.0/iaik_tsl-1.0.jar
 delete mode 100644 repository/iaik/prod/iaik_tsl/1.0/iaik_tsl-1.0.pom
 delete mode 100644 repository/iaik/prod/iaik_tsl/1.1_moa/iaik_tsl-1.1_moa.jar
 delete mode 100644 repository/iaik/prod/iaik_tsl/maven-metadata-local.xml
 delete mode 100644 repository/iaik/prod/iaik_xades/20160408_eval/iaik_xades-20160408_eval.jar
 delete mode 100644 repository/iaik/prod/iaik_xsect/2.10_20160408_eval/iaik_xsect-2.10_20160408_eval.jar
 delete mode 100644 repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/maven-metadata-local.xml
 delete mode 100644 repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/resolver-status.properties
 delete mode 100644 repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.jar
 delete mode 100644 repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.jar.md5
 delete mode 100644 repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.jar.sha1
 delete mode 100644 repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.pom
 delete mode 100644 repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.pom.md5
 delete mode 100644 repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.pom.sha1
 delete mode 100644 repository/org/xerial/sqlite-jdbc/maven-metadata-local.xml

diff --git a/repository/MOA/spss/common/3.0.0-RC1/common-3.0.0-RC1.jar b/repository/MOA/spss/common/3.0.0-RC1/common-3.0.0-RC1.jar
deleted file mode 100644
index 46b4118cd..000000000
Binary files a/repository/MOA/spss/common/3.0.0-RC1/common-3.0.0-RC1.jar and /dev/null differ
diff --git a/repository/MOA/spss/common/3.0.0-RC5/common-3.0.0-RC5.jar b/repository/MOA/spss/common/3.0.0-RC5/common-3.0.0-RC5.jar
deleted file mode 100644
index 07f59e006..000000000
Binary files a/repository/MOA/spss/common/3.0.0-RC5/common-3.0.0-RC5.jar and /dev/null differ
diff --git a/repository/MOA/spss/common/3.0.0/common-3.0.0.jar b/repository/MOA/spss/common/3.0.0/common-3.0.0.jar
deleted file mode 100644
index dafb5aef7..000000000
Binary files a/repository/MOA/spss/common/3.0.0/common-3.0.0.jar and /dev/null differ
diff --git a/repository/MOA/spss/server/moa-sig-lib/3.0.0-RC1/moa-sig-lib-3.0.0-RC1.jar b/repository/MOA/spss/server/moa-sig-lib/3.0.0-RC1/moa-sig-lib-3.0.0-RC1.jar
deleted file mode 100644
index 6ed6a8c44..000000000
Binary files a/repository/MOA/spss/server/moa-sig-lib/3.0.0-RC1/moa-sig-lib-3.0.0-RC1.jar and /dev/null differ
diff --git a/repository/MOA/spss/server/moa-sig-lib/3.0.0-RC5/moa-sig-lib-3.0.0-RC5.jar b/repository/MOA/spss/server/moa-sig-lib/3.0.0-RC5/moa-sig-lib-3.0.0-RC5.jar
deleted file mode 100644
index 16112cd27..000000000
Binary files a/repository/MOA/spss/server/moa-sig-lib/3.0.0-RC5/moa-sig-lib-3.0.0-RC5.jar and /dev/null differ
diff --git a/repository/MOA/spss/server/moa-sig-lib/3.0.0/moa-sig-lib-3.0.0.jar b/repository/MOA/spss/server/moa-sig-lib/3.0.0/moa-sig-lib-3.0.0.jar
deleted file mode 100644
index d89f547aa..000000000
Binary files a/repository/MOA/spss/server/moa-sig-lib/3.0.0/moa-sig-lib-3.0.0.jar and /dev/null differ
diff --git a/repository/MOA/spss/server/moa-sig-lib/3.0.1/moa-sig-lib-3.0.1.jar b/repository/MOA/spss/server/moa-sig-lib/3.0.1/moa-sig-lib-3.0.1.jar
deleted file mode 100644
index 7cae9b26d..000000000
Binary files a/repository/MOA/spss/server/moa-sig-lib/3.0.1/moa-sig-lib-3.0.1.jar and /dev/null differ
diff --git a/repository/MOA/spss/server/moa-spss-lib/2.0.5-RC1/moa-spss-lib-2.0.5-RC1-javadoc.jar b/repository/MOA/spss/server/moa-spss-lib/2.0.5-RC1/moa-spss-lib-2.0.5-RC1-javadoc.jar
deleted file mode 100644
index 27f46cda4..000000000
Binary files a/repository/MOA/spss/server/moa-spss-lib/2.0.5-RC1/moa-spss-lib-2.0.5-RC1-javadoc.jar and /dev/null differ
diff --git a/repository/MOA/spss/server/moa-spss-lib/2.0.5-RC1/moa-spss-lib-2.0.5-RC1.jar b/repository/MOA/spss/server/moa-spss-lib/2.0.5-RC1/moa-spss-lib-2.0.5-RC1.jar
deleted file mode 100644
index aa3999f19..000000000
Binary files a/repository/MOA/spss/server/moa-spss-lib/2.0.5-RC1/moa-spss-lib-2.0.5-RC1.jar and /dev/null differ
diff --git a/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5-javadoc.jar b/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5-javadoc.jar
deleted file mode 100644
index f166efece..000000000
Binary files a/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5-javadoc.jar and /dev/null differ
diff --git a/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar b/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar
deleted file mode 100644
index f57276444..000000000
Binary files a/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar and /dev/null differ
diff --git a/repository/at/gv/util/egovutils/1.0.7/egovutils-1.0.7.jar b/repository/at/gv/util/egovutils/1.0.7/egovutils-1.0.7.jar
deleted file mode 100644
index 1ed9e413f..000000000
Binary files a/repository/at/gv/util/egovutils/1.0.7/egovutils-1.0.7.jar and /dev/null differ
diff --git a/repository/at/gv/util/egovutils/1.0.7/egovutils-1.0.7.pom b/repository/at/gv/util/egovutils/1.0.7/egovutils-1.0.7.pom
deleted file mode 100644
index ffad37237..000000000
--- a/repository/at/gv/util/egovutils/1.0.7/egovutils-1.0.7.pom
+++ /dev/null
@@ -1,85 +0,0 @@
-<?xml version="1.0"?>
-<project
-	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"
-	xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-	<modelVersion>4.0.0</modelVersion>
-	<groupId>at.gv.util</groupId>
-	<artifactId>egovutils</artifactId>
-	<version>1.0.7</version>
-	<name>zuseutil</name>
-	<url>http://maven.apache.org</url>
-	<properties>
-		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-	</properties>
-	<dependencies>
-		<dependency>
-			<groupId>xerces</groupId>
-			<artifactId>xercesImpl</artifactId>
-			<version>2.11.0</version>
-		</dependency>
-		<dependency>
-			<groupId>xalan</groupId>
-			<artifactId>xalan</artifactId>
-			<version>2.7.1</version>
-		</dependency>
-		<dependency>
-			<groupId>com.sun</groupId>
-			<artifactId>webservices-tools</artifactId>
-			<version>2.0.1</version>
-		</dependency>
-		<dependency>
-			<groupId>com.sun</groupId>
-			<artifactId>webservices-rt</artifactId>
-			<version>2.0.1</version>
-		</dependency>
-		<dependency>
-			<groupId>commons-validator</groupId>
-			<artifactId>commons-validator</artifactId>
-			<version>1.4.0</version>
-		</dependency>
-		<dependency>
-			<groupId>commons-beanutils</groupId>
-			<artifactId>commons-beanutils</artifactId>
-			<version>1.9.2</version>
-		</dependency>		
-		<dependency>
-			<groupId>bouncycastle</groupId>
-			<artifactId>bcprov-jdk16</artifactId>
-			<version>140</version>
-		</dependency>
-		<dependency>
-			<groupId>org.slf4j</groupId>
-			<artifactId>slf4j-api</artifactId>
-			<version>1.7.7</version>
-		</dependency>
-		<dependency>
-			<groupId>org.slf4j</groupId>
-			<artifactId>slf4j-log4j12</artifactId>
-			<version>1.7.7</version>
-		</dependency>
-		<dependency>
-			<groupId>javax.servlet</groupId>
-			<artifactId>servlet-api</artifactId>
-			<version>2.5</version>
-			<scope>provided</scope>
-		</dependency>
-		<dependency>
-			<groupId>commons-codec</groupId>
-			<artifactId>commons-codec</artifactId>
-			<version>1.9</version>
-		</dependency>
-		<dependency>
-			<groupId>commons-lang</groupId>
-			<artifactId>commons-lang</artifactId>
-			<version>2.6</version>
-			<type>jar</type>
-			<scope>compile</scope>
-		</dependency>
-		<dependency>
-			<groupId>commons-httpclient</groupId>
-			<artifactId>commons-httpclient</artifactId>
-			<version>3.1</version>
-		</dependency>
-	</dependencies>
-	
-</project>
diff --git a/repository/axis/axis/1.0_IAIK/axis-1.0_IAIK.jar b/repository/axis/axis/1.0_IAIK/axis-1.0_IAIK.jar
deleted file mode 100644
index a354bf718..000000000
Binary files a/repository/axis/axis/1.0_IAIK/axis-1.0_IAIK.jar and /dev/null differ
diff --git a/repository/axis/axis/1.0_IAIK/axis-1.0_IAIK.pom b/repository/axis/axis/1.0_IAIK/axis-1.0_IAIK.pom
deleted file mode 100644
index 51dd78d1e..000000000
--- a/repository/axis/axis/1.0_IAIK/axis-1.0_IAIK.pom
+++ /dev/null
@@ -1,7 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?><project>
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>axis</groupId>
-  <artifactId>axis</artifactId>
-  <version>1.0_IAIK</version>
-  <description>AXIS 1.0 patched</description>
-</project>
diff --git a/repository/axis/axis/1.0_IAIK_1.1/axis-1.0_IAIK_1.1.jar b/repository/axis/axis/1.0_IAIK_1.1/axis-1.0_IAIK_1.1.jar
deleted file mode 100644
index 7aefe85c1..000000000
Binary files a/repository/axis/axis/1.0_IAIK_1.1/axis-1.0_IAIK_1.1.jar and /dev/null differ
diff --git a/repository/axis/axis/1.0_IAIK_1.1/axis-1.0_IAIK_1.1.pom b/repository/axis/axis/1.0_IAIK_1.1/axis-1.0_IAIK_1.1.pom
deleted file mode 100644
index 5aa7bc508..000000000
--- a/repository/axis/axis/1.0_IAIK_1.1/axis-1.0_IAIK_1.1.pom
+++ /dev/null
@@ -1,7 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?><project>
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>axis</groupId>
-  <artifactId>axis</artifactId>
-  <version>1.0_IAIK_1.1</version>
-  <description>AXIS 1.0 patched(1.1) (XXE attacks)</description>
-</project>
diff --git a/repository/com/sun/webservices-rt/2.0.1/webservices-rt-2.0.1.jar b/repository/com/sun/webservices-rt/2.0.1/webservices-rt-2.0.1.jar
deleted file mode 100644
index c7b70869f..000000000
Binary files a/repository/com/sun/webservices-rt/2.0.1/webservices-rt-2.0.1.jar and /dev/null differ
diff --git a/repository/com/sun/webservices-rt/2.0.1/webservices-rt-2.0.1.pom b/repository/com/sun/webservices-rt/2.0.1/webservices-rt-2.0.1.pom
deleted file mode 100644
index 22fe5d78e..000000000
--- a/repository/com/sun/webservices-rt/2.0.1/webservices-rt-2.0.1.pom
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>com.sun</groupId>
-  <artifactId>webservices-rt</artifactId>
-  <version>2.0.1</version>
-  <description>POM was created by Sonatype Nexus</description>
-</project>
diff --git a/repository/com/sun/webservices-tools/2.0.1/webservices-tools-2.0.1.jar b/repository/com/sun/webservices-tools/2.0.1/webservices-tools-2.0.1.jar
deleted file mode 100644
index 651722d87..000000000
Binary files a/repository/com/sun/webservices-tools/2.0.1/webservices-tools-2.0.1.jar and /dev/null differ
diff --git a/repository/com/sun/webservices-tools/2.0.1/webservices-tools-2.0.1.pom b/repository/com/sun/webservices-tools/2.0.1/webservices-tools-2.0.1.pom
deleted file mode 100644
index a7db1c6b2..000000000
--- a/repository/com/sun/webservices-tools/2.0.1/webservices-tools-2.0.1.pom
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>com.sun</groupId>
-  <artifactId>webservices-tools</artifactId>
-  <version>2.0.1</version>
-  <description>POM was created by Sonatype Nexus</description>
-</project>
diff --git a/repository/iaik/prod/iaik_X509TrustManager/0.2/iaik_X509TrustManager-0.2.jar b/repository/iaik/prod/iaik_X509TrustManager/0.2/iaik_X509TrustManager-0.2.jar
deleted file mode 100644
index 0c2d98400..000000000
Binary files a/repository/iaik/prod/iaik_X509TrustManager/0.2/iaik_X509TrustManager-0.2.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_X509TrustManager/0.2/iaik_X509TrustManager-0.2.jar.md5 b/repository/iaik/prod/iaik_X509TrustManager/0.2/iaik_X509TrustManager-0.2.jar.md5
deleted file mode 100644
index 03de5944e..000000000
--- a/repository/iaik/prod/iaik_X509TrustManager/0.2/iaik_X509TrustManager-0.2.jar.md5
+++ /dev/null
@@ -1 +0,0 @@
-2def897df8ea889bd1160cd311b61a42
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_X509TrustManager/0.2/iaik_X509TrustManager-0.2.jar.sha1 b/repository/iaik/prod/iaik_X509TrustManager/0.2/iaik_X509TrustManager-0.2.jar.sha1
deleted file mode 100644
index 80aa2ea09..000000000
--- a/repository/iaik/prod/iaik_X509TrustManager/0.2/iaik_X509TrustManager-0.2.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-39bfb3145140f6b53f3a15f9236b3c507049d2f5
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_X509TrustManager/0.2/iaik_X509TrustManager-0.2.pom b/repository/iaik/prod/iaik_X509TrustManager/0.2/iaik_X509TrustManager-0.2.pom
deleted file mode 100644
index f4c3c25cd..000000000
--- a/repository/iaik/prod/iaik_X509TrustManager/0.2/iaik_X509TrustManager-0.2.pom
+++ /dev/null
@@ -1,7 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?><project>
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>iaik.prod</groupId>
-  <artifactId>iaik_X509TrustManager</artifactId>
-  <version>0.2</version>
-  <description>POM was created from install:install-file</description>
-</project>
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_X509TrustManager/0.2/iaik_X509TrustManager-0.2.pom.md5 b/repository/iaik/prod/iaik_X509TrustManager/0.2/iaik_X509TrustManager-0.2.pom.md5
deleted file mode 100644
index 4ad6445ba..000000000
--- a/repository/iaik/prod/iaik_X509TrustManager/0.2/iaik_X509TrustManager-0.2.pom.md5
+++ /dev/null
@@ -1 +0,0 @@
-aaaaff7a5d6a29d0a4256527a8616ef4
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_X509TrustManager/0.2/iaik_X509TrustManager-0.2.pom.sha1 b/repository/iaik/prod/iaik_X509TrustManager/0.2/iaik_X509TrustManager-0.2.pom.sha1
deleted file mode 100644
index a51e29ffa..000000000
--- a/repository/iaik/prod/iaik_X509TrustManager/0.2/iaik_X509TrustManager-0.2.pom.sha1
+++ /dev/null
@@ -1 +0,0 @@
-4252e14194fb7fc66b91331015cebc9a9e1b2e9b
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_cms/4.01_MOA/iaik_cms-4.01_MOA.jar b/repository/iaik/prod/iaik_cms/4.01_MOA/iaik_cms-4.01_MOA.jar
deleted file mode 100644
index cc5b36c98..000000000
Binary files a/repository/iaik/prod/iaik_cms/4.01_MOA/iaik_cms-4.01_MOA.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_cms/4.01_MOA/iaik_cms-4.01_MOA.jar.md5 b/repository/iaik/prod/iaik_cms/4.01_MOA/iaik_cms-4.01_MOA.jar.md5
deleted file mode 100644
index 81c1a3bc7..000000000
--- a/repository/iaik/prod/iaik_cms/4.01_MOA/iaik_cms-4.01_MOA.jar.md5
+++ /dev/null
@@ -1 +0,0 @@
-3e2a79017366f887b3bbe4483d44f954
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_cms/4.01_MOA/iaik_cms-4.01_MOA.jar.sha1 b/repository/iaik/prod/iaik_cms/4.01_MOA/iaik_cms-4.01_MOA.jar.sha1
deleted file mode 100644
index 687c5d2b5..000000000
--- a/repository/iaik/prod/iaik_cms/4.01_MOA/iaik_cms-4.01_MOA.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-55005815b937cb6951bec229ae07ec5add519832
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_cms/4.01_MOA/iaik_cms-4.01_MOA.pom b/repository/iaik/prod/iaik_cms/4.01_MOA/iaik_cms-4.01_MOA.pom
deleted file mode 100644
index c4920ae4a..000000000
--- a/repository/iaik/prod/iaik_cms/4.01_MOA/iaik_cms-4.01_MOA.pom
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?><project>
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>iaik.prod</groupId>
-  <artifactId>iaik_cms</artifactId>
-  <version>4.01_MOA</version>
-</project>
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_cms/4.01_MOA/iaik_cms-4.01_MOA.pom.md5 b/repository/iaik/prod/iaik_cms/4.01_MOA/iaik_cms-4.01_MOA.pom.md5
deleted file mode 100644
index 3894d9d06..000000000
--- a/repository/iaik/prod/iaik_cms/4.01_MOA/iaik_cms-4.01_MOA.pom.md5
+++ /dev/null
@@ -1 +0,0 @@
-1bb62e794f864f86e5d97e563d1800bf
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_cms/4.01_MOA/iaik_cms-4.01_MOA.pom.sha1 b/repository/iaik/prod/iaik_cms/4.01_MOA/iaik_cms-4.01_MOA.pom.sha1
deleted file mode 100644
index 189f21722..000000000
--- a/repository/iaik/prod/iaik_cms/4.01_MOA/iaik_cms-4.01_MOA.pom.sha1
+++ /dev/null
@@ -1 +0,0 @@
-fc1b35563e2fa452a82e5f9c5b474cad7f1dc397
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_cms/4.01_MOA_SV/iaik_cms-4.01_MOA_SV.jar b/repository/iaik/prod/iaik_cms/4.01_MOA_SV/iaik_cms-4.01_MOA_SV.jar
deleted file mode 100644
index 91ad9505d..000000000
Binary files a/repository/iaik/prod/iaik_cms/4.01_MOA_SV/iaik_cms-4.01_MOA_SV.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_cms/4.01_MOA_SV/iaik_cms-4.01_MOA_SV.jar.md5 b/repository/iaik/prod/iaik_cms/4.01_MOA_SV/iaik_cms-4.01_MOA_SV.jar.md5
deleted file mode 100644
index 9ca556e54..000000000
--- a/repository/iaik/prod/iaik_cms/4.01_MOA_SV/iaik_cms-4.01_MOA_SV.jar.md5
+++ /dev/null
@@ -1 +0,0 @@
-89895bd5cf39659b32a5eaa23ab7a241
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_cms/4.01_MOA_SV/iaik_cms-4.01_MOA_SV.jar.sha1 b/repository/iaik/prod/iaik_cms/4.01_MOA_SV/iaik_cms-4.01_MOA_SV.jar.sha1
deleted file mode 100644
index 29d414fd9..000000000
--- a/repository/iaik/prod/iaik_cms/4.01_MOA_SV/iaik_cms-4.01_MOA_SV.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-7796f42059f77249baa7cfe75326a7f5f1742821
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_cms/4.01_MOA_SV/iaik_cms-4.01_MOA_SV.pom b/repository/iaik/prod/iaik_cms/4.01_MOA_SV/iaik_cms-4.01_MOA_SV.pom
deleted file mode 100644
index 29b57342a..000000000
--- a/repository/iaik/prod/iaik_cms/4.01_MOA_SV/iaik_cms-4.01_MOA_SV.pom
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?><project>
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>iaik.prod</groupId>
-  <artifactId>iaik_cms</artifactId>
-  <version>4.01_MOA_SV</version>
-</project>
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_cms/4.01_MOA_SV/iaik_cms-4.01_MOA_SV.pom.md5 b/repository/iaik/prod/iaik_cms/4.01_MOA_SV/iaik_cms-4.01_MOA_SV.pom.md5
deleted file mode 100644
index 8ed1e29bd..000000000
--- a/repository/iaik/prod/iaik_cms/4.01_MOA_SV/iaik_cms-4.01_MOA_SV.pom.md5
+++ /dev/null
@@ -1 +0,0 @@
-b2746e061aa5cf7c05b1504d8d80c0db
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_cms/4.01_MOA_SV/iaik_cms-4.01_MOA_SV.pom.sha1 b/repository/iaik/prod/iaik_cms/4.01_MOA_SV/iaik_cms-4.01_MOA_SV.pom.sha1
deleted file mode 100644
index 5a2f4a10e..000000000
--- a/repository/iaik/prod/iaik_cms/4.01_MOA_SV/iaik_cms-4.01_MOA_SV.pom.sha1
+++ /dev/null
@@ -1 +0,0 @@
-5b4a31ca81d6880390d2e6a3f9131410dad9cfbb
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.jar b/repository/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.jar
deleted file mode 100644
index 8d41ba860..000000000
Binary files a/repository/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.pom b/repository/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.pom
deleted file mode 100644
index 19c21e912..000000000
--- a/repository/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.pom
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?><project>
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>iaik.prod</groupId>
-  <artifactId>iaik_cms</artifactId>
-  <version>4.1_MOA</version>
-</project>
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_cpades/2.2b3_tmp/iaik_cpades-2.2b3_tmp.jar b/repository/iaik/prod/iaik_cpades/2.2b3_tmp/iaik_cpades-2.2b3_tmp.jar
deleted file mode 100644
index 914bc5426..000000000
Binary files a/repository/iaik/prod/iaik_cpades/2.2b3_tmp/iaik_cpades-2.2b3_tmp.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_eccelerate/3.1_eval/iaik_eccelerate-3.1_eval.jar b/repository/iaik/prod/iaik_eccelerate/3.1_eval/iaik_eccelerate-3.1_eval.jar
deleted file mode 100644
index 0ec311030..000000000
Binary files a/repository/iaik/prod/iaik_eccelerate/3.1_eval/iaik_eccelerate-3.1_eval.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_eccelerate_addon/3.01_eval/iaik_eccelerate_addon-3.01_eval.jar b/repository/iaik/prod/iaik_eccelerate_addon/3.01_eval/iaik_eccelerate_addon-3.01_eval.jar
deleted file mode 100644
index bd57ff24c..000000000
Binary files a/repository/iaik/prod/iaik_eccelerate_addon/3.01_eval/iaik_eccelerate_addon-3.01_eval.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_eccelerate_cms/3.01/iaik_eccelerate_cms-3.01.jar b/repository/iaik/prod/iaik_eccelerate_cms/3.01/iaik_eccelerate_cms-3.01.jar
deleted file mode 100644
index 3c9ac8325..000000000
Binary files a/repository/iaik/prod/iaik_eccelerate_cms/3.01/iaik_eccelerate_cms-3.01.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.jar b/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.jar
deleted file mode 100644
index 4cb8ce274..000000000
Binary files a/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.jar.md5 b/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.jar.md5
deleted file mode 100644
index 16c49ae10..000000000
--- a/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.jar.md5
+++ /dev/null
@@ -1 +0,0 @@
-eb3456b843ffe6a7f6bb0a96579fbc56
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.jar.sha1 b/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.jar.sha1
deleted file mode 100644
index f001288ea..000000000
--- a/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-9d6ed37423e93765e38fa8791278ba43d3e6c320
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.pom b/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.pom
deleted file mode 100644
index ae3f8e03a..000000000
--- a/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.pom
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?><project>
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>iaik.prod</groupId>
-  <artifactId>iaik_jce_full</artifactId>
-  <version>3.16_MOA</version>
-</project>
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.pom.md5 b/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.pom.md5
deleted file mode 100644
index dacc772d7..000000000
--- a/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.pom.md5
+++ /dev/null
@@ -1 +0,0 @@
-c4474c1a43d0b50ebdafaebebb190c06
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.pom.sha1 b/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.pom.sha1
deleted file mode 100644
index 4f3bdee9b..000000000
--- a/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.pom.sha1
+++ /dev/null
@@ -1 +0,0 @@
-ba6cad038de86b5a0a726df0f7c95e1d99d7f5e7
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/3.18_MOA/iaik_jce_full-3.18_MOA.jar b/repository/iaik/prod/iaik_jce_full/3.18_MOA/iaik_jce_full-3.18_MOA.jar
deleted file mode 100644
index 4a0aa89c7..000000000
Binary files a/repository/iaik/prod/iaik_jce_full/3.18_MOA/iaik_jce_full-3.18_MOA.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_jce_full/3.18_MOA/iaik_jce_full-3.18_MOA.jar.md5 b/repository/iaik/prod/iaik_jce_full/3.18_MOA/iaik_jce_full-3.18_MOA.jar.md5
deleted file mode 100644
index 656260f63..000000000
--- a/repository/iaik/prod/iaik_jce_full/3.18_MOA/iaik_jce_full-3.18_MOA.jar.md5
+++ /dev/null
@@ -1 +0,0 @@
-B8CD86C18E600501E61BF894541B7586
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/3.18_MOA/iaik_jce_full-3.18_MOA.jar.sha1 b/repository/iaik/prod/iaik_jce_full/3.18_MOA/iaik_jce_full-3.18_MOA.jar.sha1
deleted file mode 100644
index 594674c0e..000000000
--- a/repository/iaik/prod/iaik_jce_full/3.18_MOA/iaik_jce_full-3.18_MOA.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-EC96520B6269A0D38788DF0A259B9C09E3FCC9E3
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/3.18_MOA/iaik_jce_full-3.18_MOA.pom b/repository/iaik/prod/iaik_jce_full/3.18_MOA/iaik_jce_full-3.18_MOA.pom
deleted file mode 100644
index 5fef87d52..000000000
--- a/repository/iaik/prod/iaik_jce_full/3.18_MOA/iaik_jce_full-3.18_MOA.pom
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?><project>
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>iaik.prod</groupId>
-  <artifactId>iaik_jce_full</artifactId>
-  <version>3.18_MOA</version>
-</project>
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/3.18_MOA/iaik_jce_full-3.18_MOA.pom.md5 b/repository/iaik/prod/iaik_jce_full/3.18_MOA/iaik_jce_full-3.18_MOA.pom.md5
deleted file mode 100644
index 3520099ae..000000000
--- a/repository/iaik/prod/iaik_jce_full/3.18_MOA/iaik_jce_full-3.18_MOA.pom.md5
+++ /dev/null
@@ -1 +0,0 @@
-98B885777FB5879B69DA1237B4D8FA27
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/3.18_MOA/iaik_jce_full-3.18_MOA.pom.sha1 b/repository/iaik/prod/iaik_jce_full/3.18_MOA/iaik_jce_full-3.18_MOA.pom.sha1
deleted file mode 100644
index d18c1dcce..000000000
--- a/repository/iaik/prod/iaik_jce_full/3.18_MOA/iaik_jce_full-3.18_MOA.pom.sha1
+++ /dev/null
@@ -1 +0,0 @@
-3B91CD08B81AEBF56AE12E440B8D339C2B8C4D0A
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.jar b/repository/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.jar
deleted file mode 100644
index bacb70edc..000000000
Binary files a/repository/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.jar.sha1 b/repository/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.jar.sha1
deleted file mode 100644
index 0248d3cbe..000000000
--- a/repository/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-4a893ba4503786d33bbca85b82d16927adc6d6a6
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.pom b/repository/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.pom
deleted file mode 100644
index 9610b3951..000000000
--- a/repository/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.pom
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?><project>
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>iaik.prod</groupId>
-  <artifactId>iaik_jce_full</artifactId>
-  <version>4.0_MOA</version>
-</project>
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.pom.sha1 b/repository/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.pom.sha1
deleted file mode 100644
index 33eae7f2e..000000000
--- a/repository/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.pom.sha1
+++ /dev/null
@@ -1 +0,0 @@
-567fb4bf4a266d5b4eafbbc582972dbc2fad7195
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/5.101/iaik_jce_full-5.101.jar b/repository/iaik/prod/iaik_jce_full/5.101/iaik_jce_full-5.101.jar
deleted file mode 100644
index fd0457332..000000000
Binary files a/repository/iaik/prod/iaik_jce_full/5.101/iaik_jce_full-5.101.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_jce_full/5.101/iaik_jce_full-5.101.jar.md5 b/repository/iaik/prod/iaik_jce_full/5.101/iaik_jce_full-5.101.jar.md5
deleted file mode 100644
index 9c56fb171..000000000
--- a/repository/iaik/prod/iaik_jce_full/5.101/iaik_jce_full-5.101.jar.md5
+++ /dev/null
@@ -1 +0,0 @@
-af60ce7b632e2f9871e0a66caf61d6f5
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/5.101/iaik_jce_full-5.101.jar.sha1 b/repository/iaik/prod/iaik_jce_full/5.101/iaik_jce_full-5.101.jar.sha1
deleted file mode 100644
index 9f9892687..000000000
--- a/repository/iaik/prod/iaik_jce_full/5.101/iaik_jce_full-5.101.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-219988809f988c415491cecf007663c838cba88e
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/5.101/iaik_jce_full-5.101.pom b/repository/iaik/prod/iaik_jce_full/5.101/iaik_jce_full-5.101.pom
deleted file mode 100644
index 7ca126e32..000000000
--- a/repository/iaik/prod/iaik_jce_full/5.101/iaik_jce_full-5.101.pom
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>iaik.prod</groupId>
-  <artifactId>iaik_jce_full</artifactId>
-  <version>5.101</version>
-  <description>POM was created from install:install-file</description>
-</project>
diff --git a/repository/iaik/prod/iaik_jce_full/5.101/iaik_jce_full-5.101.pom.md5 b/repository/iaik/prod/iaik_jce_full/5.101/iaik_jce_full-5.101.pom.md5
deleted file mode 100644
index 554ae2add..000000000
--- a/repository/iaik/prod/iaik_jce_full/5.101/iaik_jce_full-5.101.pom.md5
+++ /dev/null
@@ -1 +0,0 @@
-85210f5905c1b5b256c49ef421135393
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/5.101/iaik_jce_full-5.101.pom.sha1 b/repository/iaik/prod/iaik_jce_full/5.101/iaik_jce_full-5.101.pom.sha1
deleted file mode 100644
index ba732463f..000000000
--- a/repository/iaik/prod/iaik_jce_full/5.101/iaik_jce_full-5.101.pom.sha1
+++ /dev/null
@@ -1 +0,0 @@
-e40fc538b46ef614833d2cc38349b32e3ee691c3
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/5.2/iaik_jce_full-5.2.jar b/repository/iaik/prod/iaik_jce_full/5.2/iaik_jce_full-5.2.jar
deleted file mode 100644
index c10f494ff..000000000
Binary files a/repository/iaik/prod/iaik_jce_full/5.2/iaik_jce_full-5.2.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_jce_full/5.2/iaik_jce_full-5.2.pom b/repository/iaik/prod/iaik_jce_full/5.2/iaik_jce_full-5.2.pom
deleted file mode 100644
index f12cc5542..000000000
--- a/repository/iaik/prod/iaik_jce_full/5.2/iaik_jce_full-5.2.pom
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>iaik.prod</groupId>
-  <artifactId>iaik_jce_full</artifactId>
-  <version>5.2</version>
-  <description>POM was created from install:install-file</description>
-</project>
diff --git a/repository/iaik/prod/iaik_jce_full/5.3_MOA/iaik_jce_full-5.3_MOA.jar b/repository/iaik/prod/iaik_jce_full/5.3_MOA/iaik_jce_full-5.3_MOA.jar
deleted file mode 100644
index 736981acc..000000000
Binary files a/repository/iaik/prod/iaik_jce_full/5.3_MOA/iaik_jce_full-5.3_MOA.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_jce_full/iaik_jce_full-4.0_MOA.jar b/repository/iaik/prod/iaik_jce_full/iaik_jce_full-4.0_MOA.jar
deleted file mode 100644
index bacb70edc..000000000
Binary files a/repository/iaik/prod/iaik_jce_full/iaik_jce_full-4.0_MOA.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_jce_full/iaik_jce_full-4.0_MOA.jar.sha1 b/repository/iaik/prod/iaik_jce_full/iaik_jce_full-4.0_MOA.jar.sha1
deleted file mode 100644
index 0248d3cbe..000000000
--- a/repository/iaik/prod/iaik_jce_full/iaik_jce_full-4.0_MOA.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-4a893ba4503786d33bbca85b82d16927adc6d6a6
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/iaik_jce_full-4.0_MOA.pom b/repository/iaik/prod/iaik_jce_full/iaik_jce_full-4.0_MOA.pom
deleted file mode 100644
index 4e0b27a6c..000000000
--- a/repository/iaik/prod/iaik_jce_full/iaik_jce_full-4.0_MOA.pom
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?><project>
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>iaik.prod</groupId>
-  <artifactId>iaik_jce_full</artifactId>
-  <version>4.0_MOA</version>
-</project>
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/iaik_jce_full-4.0_MOA.pom.sha1 b/repository/iaik/prod/iaik_jce_full/iaik_jce_full-4.0_MOA.pom.sha1
deleted file mode 100644
index 33eae7f2e..000000000
--- a/repository/iaik/prod/iaik_jce_full/iaik_jce_full-4.0_MOA.pom.sha1
+++ /dev/null
@@ -1 +0,0 @@
-567fb4bf4a266d5b4eafbbc582972dbc2fad7195
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_moa/1.23/iaik_moa-1.23.jar b/repository/iaik/prod/iaik_moa/1.23/iaik_moa-1.23.jar
deleted file mode 100644
index fba7fde77..000000000
Binary files a/repository/iaik/prod/iaik_moa/1.23/iaik_moa-1.23.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_moa/1.23/iaik_moa-1.23.jar.md5 b/repository/iaik/prod/iaik_moa/1.23/iaik_moa-1.23.jar.md5
deleted file mode 100644
index 2355476d5..000000000
--- a/repository/iaik/prod/iaik_moa/1.23/iaik_moa-1.23.jar.md5
+++ /dev/null
@@ -1 +0,0 @@
-a947a334136d608e7b519b4214333c27
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_moa/1.23/iaik_moa-1.23.jar.sha1 b/repository/iaik/prod/iaik_moa/1.23/iaik_moa-1.23.jar.sha1
deleted file mode 100644
index 04a4e73d8..000000000
--- a/repository/iaik/prod/iaik_moa/1.23/iaik_moa-1.23.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-9212660edcd77ad844069b9e334074f8af5cada2
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_moa/1.23/iaik_moa-1.23.pom b/repository/iaik/prod/iaik_moa/1.23/iaik_moa-1.23.pom
deleted file mode 100644
index 1230c7915..000000000
--- a/repository/iaik/prod/iaik_moa/1.23/iaik_moa-1.23.pom
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?><project>
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>iaik.prod</groupId>
-  <artifactId>iaik_moa</artifactId>
-  <version>1.23</version>
-</project>
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_moa/1.23/iaik_moa-1.23.pom.md5 b/repository/iaik/prod/iaik_moa/1.23/iaik_moa-1.23.pom.md5
deleted file mode 100644
index 922df4439..000000000
--- a/repository/iaik/prod/iaik_moa/1.23/iaik_moa-1.23.pom.md5
+++ /dev/null
@@ -1 +0,0 @@
-3a1ed73f234e7cce43769eb35ef3a3d6
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_moa/1.23/iaik_moa-1.23.pom.sha1 b/repository/iaik/prod/iaik_moa/1.23/iaik_moa-1.23.pom.sha1
deleted file mode 100644
index cf6a691bb..000000000
--- a/repository/iaik/prod/iaik_moa/1.23/iaik_moa-1.23.pom.sha1
+++ /dev/null
@@ -1 +0,0 @@
-a8d15530dbfea7443f2f8e1eea07388cc7b98d97
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_moa/1.24/iaik_moa-1.24.jar b/repository/iaik/prod/iaik_moa/1.24/iaik_moa-1.24.jar
deleted file mode 100644
index afc65d15d..000000000
Binary files a/repository/iaik/prod/iaik_moa/1.24/iaik_moa-1.24.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_moa/1.24/iaik_moa-1.24.jar.md5 b/repository/iaik/prod/iaik_moa/1.24/iaik_moa-1.24.jar.md5
deleted file mode 100644
index 6635b65a9..000000000
--- a/repository/iaik/prod/iaik_moa/1.24/iaik_moa-1.24.jar.md5
+++ /dev/null
@@ -1 +0,0 @@
-b650ef016f467c14c9eb324426da1bb0
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_moa/1.24/iaik_moa-1.24.jar.sha1 b/repository/iaik/prod/iaik_moa/1.24/iaik_moa-1.24.jar.sha1
deleted file mode 100644
index 951fd3373..000000000
--- a/repository/iaik/prod/iaik_moa/1.24/iaik_moa-1.24.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-bb5b1e76f8f15890daa92268d870b9a479771d6d
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_moa/1.24/iaik_moa-1.24.pom b/repository/iaik/prod/iaik_moa/1.24/iaik_moa-1.24.pom
deleted file mode 100644
index 5b274e9c9..000000000
--- a/repository/iaik/prod/iaik_moa/1.24/iaik_moa-1.24.pom
+++ /dev/null
@@ -1,7 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?><project>
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>iaik.prod</groupId>
-  <artifactId>iaik_moa</artifactId>
-  <version>1.24</version>
-  <description>POM was created from install:install-file</description>
-</project>
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_moa/1.24/iaik_moa-1.24.pom.md5 b/repository/iaik/prod/iaik_moa/1.24/iaik_moa-1.24.pom.md5
deleted file mode 100644
index 4a8e46e2b..000000000
--- a/repository/iaik/prod/iaik_moa/1.24/iaik_moa-1.24.pom.md5
+++ /dev/null
@@ -1 +0,0 @@
-70403182e82cbed8ba878db087813cbc
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_moa/1.24/iaik_moa-1.24.pom.sha1 b/repository/iaik/prod/iaik_moa/1.24/iaik_moa-1.24.pom.sha1
deleted file mode 100644
index d17b6a43d..000000000
--- a/repository/iaik/prod/iaik_moa/1.24/iaik_moa-1.24.pom.sha1
+++ /dev/null
@@ -1 +0,0 @@
-5d8db6c590778d2a4d277a9f802c05ed1ab12e07
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_moa/1.26/iaik_moa-1.26.jar b/repository/iaik/prod/iaik_moa/1.26/iaik_moa-1.26.jar
deleted file mode 100644
index 081b1de49..000000000
Binary files a/repository/iaik/prod/iaik_moa/1.26/iaik_moa-1.26.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_moa/1.26/iaik_moa-1.26.jar.md5 b/repository/iaik/prod/iaik_moa/1.26/iaik_moa-1.26.jar.md5
deleted file mode 100644
index 733571ded..000000000
--- a/repository/iaik/prod/iaik_moa/1.26/iaik_moa-1.26.jar.md5
+++ /dev/null
@@ -1 +0,0 @@
-2DAE775314F1B40FA0FCEA54D8768280
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_moa/1.26/iaik_moa-1.26.jar.sha1 b/repository/iaik/prod/iaik_moa/1.26/iaik_moa-1.26.jar.sha1
deleted file mode 100644
index a5afe4d9c..000000000
--- a/repository/iaik/prod/iaik_moa/1.26/iaik_moa-1.26.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-BCA16470663CD25252BAF084FCE63BA6CC82A6F7
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_moa/1.26/iaik_moa-1.26.pom b/repository/iaik/prod/iaik_moa/1.26/iaik_moa-1.26.pom
deleted file mode 100644
index e6d1c2263..000000000
--- a/repository/iaik/prod/iaik_moa/1.26/iaik_moa-1.26.pom
+++ /dev/null
@@ -1,7 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?><project>
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>iaik.prod</groupId>
-  <artifactId>iaik_moa</artifactId>
-  <version>1.26</version>
-  <description>POM was created from install:install-file</description>
-</project>
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_moa/1.26/iaik_moa-1.26.pom.md5 b/repository/iaik/prod/iaik_moa/1.26/iaik_moa-1.26.pom.md5
deleted file mode 100644
index 733571ded..000000000
--- a/repository/iaik/prod/iaik_moa/1.26/iaik_moa-1.26.pom.md5
+++ /dev/null
@@ -1 +0,0 @@
-2DAE775314F1B40FA0FCEA54D8768280
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_moa/1.26/iaik_moa-1.26.pom.sha1 b/repository/iaik/prod/iaik_moa/1.26/iaik_moa-1.26.pom.sha1
deleted file mode 100644
index a5afe4d9c..000000000
--- a/repository/iaik/prod/iaik_moa/1.26/iaik_moa-1.26.pom.sha1
+++ /dev/null
@@ -1 +0,0 @@
-BCA16470663CD25252BAF084FCE63BA6CC82A6F7
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_moa/1.27/iaik_moa-1.27.jar b/repository/iaik/prod/iaik_moa/1.27/iaik_moa-1.27.jar
deleted file mode 100644
index 0f4f153e1..000000000
Binary files a/repository/iaik/prod/iaik_moa/1.27/iaik_moa-1.27.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_moa/1.28/iaik_moa-1.28.jar b/repository/iaik/prod/iaik_moa/1.28/iaik_moa-1.28.jar
deleted file mode 100644
index 15d117873..000000000
Binary files a/repository/iaik/prod/iaik_moa/1.28/iaik_moa-1.28.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_moa/1.28/iaik_moa-1.28.pom b/repository/iaik/prod/iaik_moa/1.28/iaik_moa-1.28.pom
deleted file mode 100644
index 51b55a52f..000000000
--- a/repository/iaik/prod/iaik_moa/1.28/iaik_moa-1.28.pom
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?><project>
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>iaik.prod</groupId>
-  <artifactId>iaik_moa</artifactId>
-  <version>1.28</version>
-</project>
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_moa/1.29/iaik_moa-1.29.jar b/repository/iaik/prod/iaik_moa/1.29/iaik_moa-1.29.jar
deleted file mode 100644
index 95a6773a6..000000000
Binary files a/repository/iaik/prod/iaik_moa/1.29/iaik_moa-1.29.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_moa/1.29/iaik_moa-1.29.pom b/repository/iaik/prod/iaik_moa/1.29/iaik_moa-1.29.pom
deleted file mode 100644
index e94fe3f49..000000000
--- a/repository/iaik/prod/iaik_moa/1.29/iaik_moa-1.29.pom
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?><project>
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>iaik.prod</groupId>
-  <artifactId>iaik_moa</artifactId>
-  <version>1.29</version>
-</project>
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_moa/1.31/iaik_moa-1.31.jar b/repository/iaik/prod/iaik_moa/1.31/iaik_moa-1.31.jar
deleted file mode 100644
index 07aa937c3..000000000
Binary files a/repository/iaik/prod/iaik_moa/1.31/iaik_moa-1.31.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_moa/1.31/iaik_moa-1.31.pom b/repository/iaik/prod/iaik_moa/1.31/iaik_moa-1.31.pom
deleted file mode 100644
index baa924c02..000000000
--- a/repository/iaik/prod/iaik_moa/1.31/iaik_moa-1.31.pom
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?><project>
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>iaik.prod</groupId>
-  <artifactId>iaik_moa</artifactId>
-  <version>1.31</version>
-</project>
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar b/repository/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar
deleted file mode 100644
index 32e60a6fa..000000000
Binary files a/repository/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar.md5 b/repository/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar.md5
deleted file mode 100644
index 8419ad45f..000000000
--- a/repository/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar.md5
+++ /dev/null
@@ -1 +0,0 @@
-2ba4953b48519859c12f592e20d1170f
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar.sha1 b/repository/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar.sha1
deleted file mode 100644
index 42c556093..000000000
--- a/repository/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-1ea3dfb5cf7980bef810599668b908f4e35faff8
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.pom b/repository/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.pom
deleted file mode 100644
index 97393614f..000000000
--- a/repository/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.pom
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>iaik.prod</groupId>
-  <artifactId>iaik_moa</artifactId>
-  <version>1.32</version>
-  <description>POM was created from install:install-file</description>
-</project>
diff --git a/repository/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.pom.md5 b/repository/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.pom.md5
deleted file mode 100644
index e3a68c7fd..000000000
--- a/repository/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.pom.md5
+++ /dev/null
@@ -1 +0,0 @@
-a03dd95996a14f07b1f1e1b7fd98912b
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.pom.sha1 b/repository/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.pom.sha1
deleted file mode 100644
index e00945b47..000000000
--- a/repository/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.pom.sha1
+++ /dev/null
@@ -1 +0,0 @@
-d8b9485e65e2a84aa7edf5243de6aaf41a2e7618
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_moa/1.32/m2e-lastUpdated.properties b/repository/iaik/prod/iaik_moa/1.32/m2e-lastUpdated.properties
deleted file mode 100644
index 0bc0b0a6c..000000000
--- a/repository/iaik/prod/iaik_moa/1.32/m2e-lastUpdated.properties
+++ /dev/null
@@ -1,10 +0,0 @@
-#Thu Jul 18 07:34:24 CEST 2013
-iaikInternal|tlenz|http\://nexus.iaik.tugraz.at/nexus/content/groups/internal|sources=1374125664765
-central|http\://repo1.maven.org/maven2/|sources=1374125664765
-MOA|file\://D\:\\Projekte\\svn\\moa-id\\moa-idspss\\common/../repository|sources=1374125664765
-shibboleth.internet2.edu|https\://build.shibboleth.net/nexus/content/groups/public/|sources=1374125664765
-iaik3rd\ Party|tlenz|http\://nexus/nexus/content/repositories/thirdparty|sources=1374125664765
-iaikPublic|tlenz|http\://nexus.iaik.tugraz.at/nexus/content/groups/public|sources=1374125664765
-java.net-Public|https\://maven.java.net/content/groups/public/|sources=1374125664765
-hyberjaxb|http\://repository.highsource.org/maven2/releases/|sources=1374125664765
-iaikLibs|tlenz|http\://nexus/nexus/content/repositories/iaik|sources=1374125664765
diff --git a/repository/iaik/prod/iaik_moa/1.5/iaik_moa-1.5.jar b/repository/iaik/prod/iaik_moa/1.5/iaik_moa-1.5.jar
deleted file mode 100644
index f6864c9c2..000000000
Binary files a/repository/iaik/prod/iaik_moa/1.5/iaik_moa-1.5.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_moa/1.5/iaik_moa-1.5.jar.md5 b/repository/iaik/prod/iaik_moa/1.5/iaik_moa-1.5.jar.md5
deleted file mode 100644
index 83d2687ab..000000000
--- a/repository/iaik/prod/iaik_moa/1.5/iaik_moa-1.5.jar.md5
+++ /dev/null
@@ -1 +0,0 @@
-991b90b2e379270abd9a7fbeb7820ac8
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_moa/1.5/iaik_moa-1.5.jar.sha1 b/repository/iaik/prod/iaik_moa/1.5/iaik_moa-1.5.jar.sha1
deleted file mode 100644
index e8fb9d47f..000000000
--- a/repository/iaik/prod/iaik_moa/1.5/iaik_moa-1.5.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-dc87fadbd50c9549f96b238830526bf470a89201
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_moa/1.5/iaik_moa-1.5.pom b/repository/iaik/prod/iaik_moa/1.5/iaik_moa-1.5.pom
deleted file mode 100644
index 5661eeda3..000000000
--- a/repository/iaik/prod/iaik_moa/1.5/iaik_moa-1.5.pom
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>iaik.prod</groupId>
-  <artifactId>iaik_moa</artifactId>
-  <version>1.5</version>
-  <description>POM was created from install:install-file</description>
-</project>
diff --git a/repository/iaik/prod/iaik_moa/1.5/iaik_moa-1.5.pom.md5 b/repository/iaik/prod/iaik_moa/1.5/iaik_moa-1.5.pom.md5
deleted file mode 100644
index 5c3ab00ad..000000000
--- a/repository/iaik/prod/iaik_moa/1.5/iaik_moa-1.5.pom.md5
+++ /dev/null
@@ -1 +0,0 @@
-21650af41d52222d315568a424266fb6
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_moa/1.5/iaik_moa-1.5.pom.sha1 b/repository/iaik/prod/iaik_moa/1.5/iaik_moa-1.5.pom.sha1
deleted file mode 100644
index 3435065de..000000000
--- a/repository/iaik/prod/iaik_moa/1.5/iaik_moa-1.5.pom.sha1
+++ /dev/null
@@ -1 +0,0 @@
-b24c98f538e82790db37b83e784919b68f652a82
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_moa/1.5/m2e-lastUpdated.properties b/repository/iaik/prod/iaik_moa/1.5/m2e-lastUpdated.properties
deleted file mode 100644
index 1c0e7bd32..000000000
--- a/repository/iaik/prod/iaik_moa/1.5/m2e-lastUpdated.properties
+++ /dev/null
@@ -1,9 +0,0 @@
-#Wed Sep 04 11:14:45 CEST 2013
-java.net-Public|https\://maven.java.net/content/groups/public/|sources=1378286085859
-iaikLibs|tlenz|http\://nexus/nexus/content/repositories/iaik|sources=1378286085859
-iaik3rd\ Party|tlenz|http\://nexus/nexus/content/repositories/thirdparty|sources=1378286085859
-iaikPublic|tlenz|http\://nexus.iaik.tugraz.at/nexus/content/groups/public|sources=1378286085859
-shibboleth.internet2.edu|https\://build.shibboleth.net/nexus/content/groups/public/|sources=1378286085859
-central|http\://repo1.maven.org/maven2/|sources=1378286085859
-hyberjaxb|http\://repository.highsource.org/maven2/releases/|sources=1378286085859
-iaikInternal|tlenz|http\://nexus.iaik.tugraz.at/nexus/content/groups/internal|sources=1378286085859
diff --git a/repository/iaik/prod/iaik_moa/1.51/iaik_moa-1.51.jar b/repository/iaik/prod/iaik_moa/1.51/iaik_moa-1.51.jar
deleted file mode 100644
index 3e94e44a5..000000000
Binary files a/repository/iaik/prod/iaik_moa/1.51/iaik_moa-1.51.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_moa/1.51/iaik_moa-1.51.pom b/repository/iaik/prod/iaik_moa/1.51/iaik_moa-1.51.pom
deleted file mode 100644
index ccfb5558c..000000000
--- a/repository/iaik/prod/iaik_moa/1.51/iaik_moa-1.51.pom
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>iaik.prod</groupId>
-  <artifactId>iaik_moa</artifactId>
-  <version>1.51</version>
-  <description>POM was created from install:install-file</description>
-</project>
diff --git a/repository/iaik/prod/iaik_moa/2.00/iaik_moa-2.00.jar b/repository/iaik/prod/iaik_moa/2.00/iaik_moa-2.00.jar
deleted file mode 100644
index 7cd630564..000000000
Binary files a/repository/iaik/prod/iaik_moa/2.00/iaik_moa-2.00.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_moa/2.01/iaik_moa-2.01.jar b/repository/iaik/prod/iaik_moa/2.01/iaik_moa-2.01.jar
deleted file mode 100644
index 52b3b850a..000000000
Binary files a/repository/iaik/prod/iaik_moa/2.01/iaik_moa-2.01.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_pki_module/1.00_moa/iaik_pki_module-1.00_moa.jar b/repository/iaik/prod/iaik_pki_module/1.00_moa/iaik_pki_module-1.00_moa.jar
deleted file mode 100644
index 6e13efa81..000000000
Binary files a/repository/iaik/prod/iaik_pki_module/1.00_moa/iaik_pki_module-1.00_moa.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_pki_module/1.01_moa/iaik_pki_module-1.01_moa.jar b/repository/iaik/prod/iaik_pki_module/1.01_moa/iaik_pki_module-1.01_moa.jar
deleted file mode 100644
index cc0705915..000000000
Binary files a/repository/iaik/prod/iaik_pki_module/1.01_moa/iaik_pki_module-1.01_moa.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_pki_module/1.02_moa/iaik_pki_module-1.02_moa.jar b/repository/iaik/prod/iaik_pki_module/1.02_moa/iaik_pki_module-1.02_moa.jar
deleted file mode 100644
index cc32a7470..000000000
Binary files a/repository/iaik/prod/iaik_pki_module/1.02_moa/iaik_pki_module-1.02_moa.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.jar b/repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.jar
deleted file mode 100644
index 241dbff7f..000000000
Binary files a/repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.jar.md5 b/repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.jar.md5
deleted file mode 100644
index e89eb733d..000000000
--- a/repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.jar.md5
+++ /dev/null
@@ -1 +0,0 @@
-d61e17cfab195ace55d6aab4134057cc
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.jar.sha1 b/repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.jar.sha1
deleted file mode 100644
index c07abd7e7..000000000
--- a/repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-ba408f6a16ddf375c6dc8c5925bee66a2fef0bf9
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.pom b/repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.pom
deleted file mode 100644
index 6e923d489..000000000
--- a/repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.pom
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>iaik.prod</groupId>
-  <artifactId>iaik_tsl</artifactId>
-  <version>0.0.2-SNAPSHOT</version>
-  <description>POM was created from install:install-file</description>
-</project>
diff --git a/repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.pom.md5 b/repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.pom.md5
deleted file mode 100644
index c33b19dcf..000000000
--- a/repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.pom.md5
+++ /dev/null
@@ -1 +0,0 @@
-e045e46303c2c1bb348b5137489b209e
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.pom.sha1 b/repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.pom.sha1
deleted file mode 100644
index 2f3293a26..000000000
--- a/repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.pom.sha1
+++ /dev/null
@@ -1 +0,0 @@
-31236933e6104b6165e39b1184c04c41132b6c24
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/maven-metadata-local.xml b/repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/maven-metadata-local.xml
deleted file mode 100644
index 3e04f192d..000000000
--- a/repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/maven-metadata-local.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<metadata>
-  <groupId>iaik.prod</groupId>
-  <artifactId>iaik_tsl</artifactId>
-  <version>0.0.2-SNAPSHOT</version>
-  <versioning>
-    <snapshot>
-      <localCopy>true</localCopy>
-    </snapshot>
-    <lastUpdated>20121227131129</lastUpdated>
-  </versioning>
-</metadata>
diff --git a/repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/resolver-status.properties b/repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/resolver-status.properties
deleted file mode 100644
index acb8f4807..000000000
--- a/repository/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/resolver-status.properties
+++ /dev/null
@@ -1,3 +0,0 @@
-#Last modified on: Thu Dec 27 14:05:37 CET 2012
-#Thu Dec 27 14:05:37 CET 2012
-MOA.maven-metadata-MOA.xml.lastUpdated=1356613537913
diff --git a/repository/iaik/prod/iaik_tsl/1.0/iaik_tsl-1.0.jar b/repository/iaik/prod/iaik_tsl/1.0/iaik_tsl-1.0.jar
deleted file mode 100644
index 2d661e8d6..000000000
Binary files a/repository/iaik/prod/iaik_tsl/1.0/iaik_tsl-1.0.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_tsl/1.0/iaik_tsl-1.0.pom b/repository/iaik/prod/iaik_tsl/1.0/iaik_tsl-1.0.pom
deleted file mode 100644
index e7cd54c8d..000000000
--- a/repository/iaik/prod/iaik_tsl/1.0/iaik_tsl-1.0.pom
+++ /dev/null
@@ -1,251 +0,0 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-	<modelVersion>4.0.0</modelVersion>
-	<groupId>iaik.prod</groupId>
-	<artifactId>iaik_tsl</artifactId>
-	<packaging>jar</packaging>
-	<version>1.0</version>
-	<name>TSL_library</name>
-
-	<properties>
-		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
-		<endorsed.dir>${project.build.directory}/endorsed</endorsed.dir>
-	</properties>
-
-
-	<build>
-		<resources>
-			<resource>
-				<filtering>true</filtering>
-				<directory>src/main/resources</directory>
-			</resource>
-		</resources>
-
-		<finalName>${project.artifactId}</finalName>
-
-		<plugins>
-			<plugin>
-				<artifactId>maven-dependency-plugin</artifactId>
-				<executions>
-					<execution>
-						<id>copy-dependencies</id>
-						<phase>validate</phase>
-						<goals>
-							<goal>copy-dependencies</goal>
-						</goals>
-						<configuration>
-							<outputDirectory>${endorsed.dir}</outputDirectory>
-							<excludeTransitive>true</excludeTransitive>
-							<includeArtifactIds>jaxb-api,jaxb-impl</includeArtifactIds>
-						</configuration>
-					</execution>
-				</executions>
-			</plugin>
-
-			<plugin>
-				<artifactId>maven-resources-plugin</artifactId>
-				<version>2.5</version>
-				<configuration>
-					<encoding>UTF-8</encoding>
-				</configuration>
-			</plugin>
-			<plugin>
-				<groupId>org.apache.maven.plugins</groupId>
-				<artifactId>maven-compiler-plugin</artifactId>
-				<version>3.0</version>
-				<configuration>
-					<compilerArguments>
-						<verbose />
-						<endorseddirs>${endorsed.dir}</endorseddirs>
-					</compilerArguments>
-					<source>${java.version}</source>
-					<target>${java.version}</target>
-					<fork>true</fork>
-					<compilerVersion>${java.version}</compilerVersion>
-					<encoding>${project.build.sourceEncoding}</encoding>
-				</configuration>
-			</plugin>
-
-			<plugin>
-				<groupId>org.apache.maven.plugins</groupId>
-				<artifactId>maven-enforcer-plugin</artifactId>
-				<version>1.2</version>
-				<executions>
-					<execution>
-						<id>enforce-versions</id>
-						<goals>
-							<goal>enforce</goal>
-						</goals>
-						<configuration>
-							<rules>
-								<requireJavaVersion>
-									<version>1.5</version>
-								</requireJavaVersion>
-							</rules>
-						</configuration>
-					</execution>
-				</executions>
-			</plugin>
-		</plugins>
-		<pluginManagement>
-			<plugins>
-				<plugin>
-					<groupId>org.eclipse.m2e</groupId>
-					<artifactId>lifecycle-mapping</artifactId>
-					<version>1.0.0</version>
-					<configuration>
-						<lifecycleMappingMetadata>
-							<pluginExecutions>
-								<pluginExecution>
-									<pluginExecutionFilter>
-										<groupId>org.apache.maven.plugins</groupId>
-										<artifactId>maven-dependency-plugin</artifactId>
-										<versionRange>[2.0,)</versionRange>
-										<goals>
-											<goal>copy-dependencies</goal>
-										</goals>
-									</pluginExecutionFilter>
-									<action>
-										<ignore />
-									</action>
-								</pluginExecution>
-							</pluginExecutions>
-						</lifecycleMappingMetadata>
-					</configuration>
-				</plugin>
-			</plugins>
-		</pluginManagement>
-	</build>
-
-	<profiles>
-		<profile>
-			<id>profile-for-jdk1.6</id>
-			<activation>
-				<activeByDefault>false</activeByDefault>
-				<jdk>[1.6,)</jdk>
-			</activation>
-			<properties>
-				<java.version>1.6</java.version>
-				<envClassifier>jdk${java.version}</envClassifier>
-			</properties>
-			<build>
-				<finalName>${project.artifactId}-${project.version}-${envClassifier}</finalName>
-			</build>
-			<dependencies>
-				<!-- Requires JAVA 1.6 -->
-				<dependency>
-					<groupId>javax.xml.bind</groupId>
-					<artifactId>jaxb-api</artifactId>
-					<version>2.2.6</version>
-				</dependency>
-				<dependency>
-					<groupId>com.sun.xml.bind</groupId>
-					<artifactId>jaxb-impl</artifactId>
-					<version>2.2.6</version>
-				</dependency>
-
-			</dependencies>
-		</profile>
-		<profile>
-			<id>profile-for-jdk1.5</id>
-			<activation>
-				<activeByDefault>true</activeByDefault>
-				<jdk>(,1.5]</jdk>
-			</activation>
-			<properties>
-				<java.version>1.5</java.version>
-				<envClassifier>jdk${java.version}</envClassifier>
-			</properties>
-			<build>
-				<finalName>${project.artifactId}-${project.version}-${envClassifier}</finalName>
-			</build>
-			<dependencies>
-				<!-- Last Version with JAVA 1.5 -->
-				<dependency>
-					<groupId>javax.xml.bind</groupId>
-					<artifactId>jaxb-api</artifactId>
-					<version>2.2.4</version>
-				</dependency>
-				<dependency>
-					<groupId>com.sun.xml.bind</groupId>
-					<artifactId>jaxb-impl</artifactId>
-					<version>2.2.4-1</version>
-				</dependency>
-			</dependencies>
-		</profile>
-	</profiles>
-
-	<dependencies>
-
-		<dependency>
-			<groupId>iaik</groupId>
-			<artifactId>iaik_xsect_eval</artifactId>
-			<version>1.1709142</version>
-		</dependency>
-		<dependency>
-			<groupId>iaik</groupId>
-			<artifactId>iaik_ecc_signed</artifactId>
-			<version>2.19</version>
-		</dependency>
-		<dependency>
-			<groupId>iaik</groupId>
-			<artifactId>iaik_jce_eval_signed</artifactId>
-			<version>3.181</version>
-		</dependency>
-		<dependency>
-			<groupId>iaik</groupId>
-			<artifactId>iaik_pki_module</artifactId>
-			<version>1.0</version>
-		</dependency>
-		<dependency>
-			<groupId>iaik</groupId>
-			<artifactId>iaik_javax_crypto</artifactId>
-			<version>1.0</version>
-		</dependency>
-		<dependency>
-			<groupId>iaik</groupId>
-			<artifactId>iaik_util</artifactId>
-			<!-- <version>0.23 (snapshot 20121011-125127  eval)</version>-->
-			<version>0.23</version>
-		</dependency>
-		<dependency>
-			<groupId>iaik</groupId>
-			<artifactId>iaik_jsse</artifactId>
-			<version>4.4</version>
-		</dependency>
-		<dependency>
-			<groupId>iaik</groupId>
-			<artifactId>iaik_ssl</artifactId>
-			<version>4.4</version>
-		</dependency>
-		<dependency>
-			<groupId>iaik</groupId>
-			<artifactId>w3c_http</artifactId>
-			<version>1.0</version>
-		</dependency>
-		<dependency>
-			<groupId>org.xerial</groupId>
-			<artifactId>sqlite-jdbc</artifactId>
-			<version>3.7.2</version>
-		</dependency>
-
-
-		<dependency>
-			<groupId>javax.activation</groupId>
-			<artifactId>activation</artifactId>
-			<version>1.1.1</version>
-		</dependency>
-		<dependency>
-			<groupId>stax</groupId>
-			<artifactId>stax-api</artifactId>
-			<version>1.0.1</version>
-		</dependency>
-		<dependency>
-			<groupId>xerces</groupId>
-			<artifactId>xercesImpl</artifactId>
-			<version>2.7.1</version>
-		</dependency>
-	</dependencies>
-
-</project>
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_tsl/1.1_moa/iaik_tsl-1.1_moa.jar b/repository/iaik/prod/iaik_tsl/1.1_moa/iaik_tsl-1.1_moa.jar
deleted file mode 100644
index b4eb067cf..000000000
Binary files a/repository/iaik/prod/iaik_tsl/1.1_moa/iaik_tsl-1.1_moa.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_tsl/maven-metadata-local.xml b/repository/iaik/prod/iaik_tsl/maven-metadata-local.xml
deleted file mode 100644
index ba442c16e..000000000
--- a/repository/iaik/prod/iaik_tsl/maven-metadata-local.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<metadata>
-  <groupId>iaik.prod</groupId>
-  <artifactId>iaik_tsl</artifactId>
-  <version>0.0.2-SNAPSHOT</version>
-  <versioning>
-    <versions>
-      <version>0.0.2-SNAPSHOT</version>
-    </versions>
-    <lastUpdated>20121227131129</lastUpdated>
-  </versioning>
-</metadata>
diff --git a/repository/iaik/prod/iaik_xades/20160408_eval/iaik_xades-20160408_eval.jar b/repository/iaik/prod/iaik_xades/20160408_eval/iaik_xades-20160408_eval.jar
deleted file mode 100644
index 2ac459ce1..000000000
Binary files a/repository/iaik/prod/iaik_xades/20160408_eval/iaik_xades-20160408_eval.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_xsect/2.10_20160408_eval/iaik_xsect-2.10_20160408_eval.jar b/repository/iaik/prod/iaik_xsect/2.10_20160408_eval/iaik_xsect-2.10_20160408_eval.jar
deleted file mode 100644
index 1f93b7c2d..000000000
Binary files a/repository/iaik/prod/iaik_xsect/2.10_20160408_eval/iaik_xsect-2.10_20160408_eval.jar and /dev/null differ
diff --git a/repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/maven-metadata-local.xml b/repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/maven-metadata-local.xml
deleted file mode 100644
index 1a07edf04..000000000
--- a/repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/maven-metadata-local.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<metadata>
-  <groupId>org.xerial</groupId>
-  <artifactId>sqlite-jdbc</artifactId>
-  <version>3.7.8-SNAPSHOT</version>
-  <versioning>
-    <snapshot>
-      <localCopy>true</localCopy>
-    </snapshot>
-    <lastUpdated>20121227132151</lastUpdated>
-  </versioning>
-</metadata>
diff --git a/repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/resolver-status.properties b/repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/resolver-status.properties
deleted file mode 100644
index bf40cd793..000000000
--- a/repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/resolver-status.properties
+++ /dev/null
@@ -1,3 +0,0 @@
-#Last modified on: Thu Dec 27 12:24:22 CET 2012
-#Thu Dec 27 12:24:22 CET 2012
-MOA.maven-metadata-MOA.xml.lastUpdated=1356607462439
diff --git a/repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.jar b/repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.jar
deleted file mode 100644
index bcea83745..000000000
Binary files a/repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.jar and /dev/null differ
diff --git a/repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.jar.md5 b/repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.jar.md5
deleted file mode 100644
index 78dcc204f..000000000
--- a/repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.jar.md5
+++ /dev/null
@@ -1 +0,0 @@
-73e977c31630c2bebb4a476665bbf7fb
\ No newline at end of file
diff --git a/repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.jar.sha1 b/repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.jar.sha1
deleted file mode 100644
index 59e8f1e98..000000000
--- a/repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-7193374401097a37e24bc30a961c19e1af732493
\ No newline at end of file
diff --git a/repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.pom b/repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.pom
deleted file mode 100644
index 3f3f3b91b..000000000
--- a/repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.pom
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>org.xerial</groupId>
-  <artifactId>sqlite-jdbc</artifactId>
-  <version>3.7.8-SNAPSHOT</version>
-  <description>POM was created from install:install-file</description>
-</project>
diff --git a/repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.pom.md5 b/repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.pom.md5
deleted file mode 100644
index 219a81671..000000000
--- a/repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.pom.md5
+++ /dev/null
@@ -1 +0,0 @@
-2f52b7cb16e62c757bd1db86a2f8e407
\ No newline at end of file
diff --git a/repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.pom.sha1 b/repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.pom.sha1
deleted file mode 100644
index 5580b6c42..000000000
--- a/repository/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.pom.sha1
+++ /dev/null
@@ -1 +0,0 @@
-8d25a1093d4bb59daac35b0355851e162ce4c8c2
\ No newline at end of file
diff --git a/repository/org/xerial/sqlite-jdbc/maven-metadata-local.xml b/repository/org/xerial/sqlite-jdbc/maven-metadata-local.xml
deleted file mode 100644
index ed1392d3a..000000000
--- a/repository/org/xerial/sqlite-jdbc/maven-metadata-local.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<metadata>
-  <groupId>org.xerial</groupId>
-  <artifactId>sqlite-jdbc</artifactId>
-  <version>3.7.8-SNAPSHOT</version>
-  <versioning>
-    <versions>
-      <version>3.7.8-SNAPSHOT</version>
-    </versions>
-    <lastUpdated>20121227132151</lastUpdated>
-  </versioning>
-</metadata>
-- 
cgit v1.2.3


From 366c463274f3ca06d500c59c0839feb225b4e0b5 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 27 Nov 2017 12:11:45 +0100
Subject: add escaping on some places

---
 .../auth/pvp2/servlets/SLOBackChannelServlet.java  |  9 ++--
 .../moa/id/auth/servlet/AbstractController.java    |  4 +-
 .../WebFrontEndSecurityInterceptor.java            |  3 +-
 .../AbstractGUIFormBuilderConfiguration.java       |  3 +-
 ...roviderSpecificGUIFormBuilderConfiguration.java | 27 +++++++++-
 .../DefaultGUIFormBuilderConfiguration.java        | 20 +++++++-
 ...PSpecificGUIBuilderConfigurationWithDBLoad.java |  2 +-
 .../main/resources/mainGUI/iframeLBKUdetect.html   |  3 +-
 .../ssotransfer/servlet/SSOTransferServlet.java    | 58 +++++++++++-----------
 .../auth/modules/ssotransfer/utils/GUIUtils.java   |  2 +-
 10 files changed, 87 insertions(+), 44 deletions(-)

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java
index 17d3d9e50..f2c95f391 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java
@@ -33,6 +33,7 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.lang.StringEscapeUtils;
 import org.opensaml.common.SAMLObject;
 import org.opensaml.common.binding.BasicSAMLMessageContext;
 import org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder;
@@ -144,19 +145,19 @@ public class SLOBackChannelServlet extends SLOBasicServlet {
 		
 		} catch (MessageDecodingException | SecurityException | NoSuchAlgorithmException | ConfigurationException | ValidationException e) {
 			log.error("SLO message processing FAILED." , e);			
-			response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
+			response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e.getMessage()));
 			
 		} catch (CertificateException e) {
 			log.error("SLO message processing FAILED." , e);
-			response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
+			response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e.getMessage()));
 			
 		} catch (KeyStoreException e) {
 			log.error("SLO message processing FAILED." , e);
-			response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
+			response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e.getMessage()));
 			
 		} catch (MessageEncodingException e) {
 			log.error("SLO message processing FAILED." , e);
-			response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
+			response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e.getMessage()));
 			
 		}
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
index 67611dd72..dcf337213 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
@@ -91,7 +91,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
 		resp.setContentType(MediaType.HTML_UTF_8.toString());
 		resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Internal Server Error!" +
 				"(Errorcode=9199"
-				+" | Description="+ exception.getMessage() + ")");
+				+" | Description="+ StringEscapeUtils.escapeHtml(exception.getMessage()) + ")");
 		return;
 		
 	}
@@ -318,7 +318,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
 		if (e instanceof ProtocolNotActiveException) {
 			resp.getWriter().write(e.getMessage());
 			resp.setContentType(MediaType.HTML_UTF_8.toString());
-			resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
+			resp.sendError(HttpServletResponse.SC_FORBIDDEN, StringEscapeUtils.escapeHtml(e.getMessage()));
 		
 		} else if (e instanceof AuthnRequestValidatorException) {
 			AuthnRequestValidatorException ex = (AuthnRequestValidatorException)e;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
index 2976dc420..c8c6c1fb5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
@@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.auth.servlet.interceptor;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.lang.StringEscapeUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.servlet.ModelAndView;
@@ -76,7 +77,7 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor {
 			Logger.info(errorMsg);
 			response.sendError(
 					HttpServletResponse.SC_FORBIDDEN, 
-					errorMsg);
+					StringEscapeUtils.escapeHtml(errorMsg));
 						
 			return false;
 		} else {		
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java
index 52c1f0f97..d57834192 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java
@@ -70,7 +70,8 @@ public abstract class AbstractGUIFormBuilderConfiguration implements IGUIBuilder
 	
 	
 	/**
-	 * Define the parameters, which should be evaluated in the template
+	 * Define the parameters, which should be evaluated in the template <br>
+	 * <b>IMPORTANT:</b> external HTML escapetion is required, because it is NOT done internally during the building process
 	 * 
 	 * @return Map of parameters, which should be added to template
 	 */
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
index 15bc92a54..ad068ac49 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
@@ -65,6 +65,7 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration
 	
 	protected IRequest pendingReq = null;
 	protected String templateClasspahtDir = null;
+	private  Map<String, Object> customParameters = null;
 	
 	/**
 	 * @param authURL PublicURLPrefix of the IDP but never null
@@ -91,11 +92,29 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration
 		
 	}
 
+	/**
+	 * Add a key/value pair into Velocity context.<br>
+	 * Parameter values get escaped internally
+	 * 
+	 * @param key velocity context key
+	 * @param value of this key
+	 */
+	public void putCustomParameter(String key, Object value) {
+		if (customParameters == null)
+			customParameters = new HashMap<String, Object>();
+		
+		if (value instanceof String)
+			customParameters.put(key, StringEscapeUtils.escapeHtml((String)value));
+		else
+			customParameters.put(key, StringEscapeUtils.escapeHtml(value.toString()));
+		
+	}
+	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration#getViewParameters()
 	 */
 	@Override
-	public Map<String, Object> getSpecificViewParameters() {
+	public final Map<String, Object> getSpecificViewParameters() {
 		Map<String, Object> params =  new HashMap<String, Object>();
 		params.put(PARAM_BKU_ONLINE, IOAAuthParameters.THIRDBKU);
 		params.put(PARAM_BKU_HANDY, IOAAuthParameters.HANDYBKU);
@@ -107,7 +126,7 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration
 			//add service-provider specific GUI parameters
 			IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
 			if (oaParam != null) {
-				params.put(PARAM_OANAME, oaParam.getFriendlyName());
+				params.put(PARAM_OANAME, StringEscapeUtils.escapeHtml(oaParam.getFriendlyName()));
 
 				//set BKU URLs
 				if (MiscUtil.isNotEmpty(oaParam.getBKUURL(IOAAuthParameters.LOCALBKU)))
@@ -138,6 +157,10 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration
 			
 		}
 
+		//add additional custom parameters
+		if (customParameters != null)
+			params.putAll(customParameters);
+		
 		return params;
 	}
 	
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
index 0c07ad3fb..901dbae53 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
@@ -77,13 +77,31 @@ public class DefaultGUIFormBuilderConfiguration extends AbstractGUIFormBuilderCo
 	 * @param key velocity context key
 	 * @param value of this key
 	 */
-	public void putCustomParameter(String key, Object value) {
+	public void putCustomParameterWithOutEscaption(String key, Object value) {
 		if (customParameters == null)
 			customParameters = new HashMap<String, Object>();
 		
 		customParameters.put(key, value);
 	}
 	
+	/**
+	 * Add a key/value pair into Velocity context.<br>
+	 * All parameters get escaped internally
+	 * 
+	 * @param key velocity context key
+	 * @param value of this key
+	 */
+	public void putCustomParameter(String key, Object value) {
+		if (customParameters == null)
+			customParameters = new HashMap<String, Object>();
+		
+		if (value instanceof String)
+			customParameters.put(key, StringEscapeUtils.escapeHtml((String)value));
+		else
+			customParameters.put(key, StringEscapeUtils.escapeHtml(value.toString()));
+		
+	}
+	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration#getViewParameters()
 	 */
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java
index 13d8d3bb7..0215afc41 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java
@@ -56,7 +56,7 @@ public class SPSpecificGUIBuilderConfigurationWithDBLoad extends AbstractService
 		super(pendingReq, viewName, formSubmitEndpoint);
 		
 	}
-
+	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getTemplate(java.lang.String)
 	 */
diff --git a/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/iframeLBKUdetect.html b/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/iframeLBKUdetect.html
index 261e19a33..f54484307 100644
--- a/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/iframeLBKUdetect.html
+++ b/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/iframeLBKUdetect.html
@@ -9,7 +9,6 @@
 	bkuport = (bkuprot == "https:" ? 3496 : 3495);
 	bkupath = "https-security-layer-request";
 	bkuurl = bkuprot + "//" + bkuhost + ":" + bkuport + "/" + bkupath;
-	baseurl = location.href.substr(0, location.href.lastIndexOf("/"));
 //-->
 </script>
 </head>
@@ -20,7 +19,7 @@
 		parent.setBKUAvailable(false);
 		document.write('<form name="bkudetectform" method="POST" target="bkudetect" action="' + bkuurl + '" enctype="application/x-www-form-urlencoded">');
 		document.write('<input type="hidden" name="XMLRequest" value="&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;&lt;NullOperationRequest xmlns=&quot;http://www.buergerkarte.at/namespaces/securitylayer/1.2#&quot;/&gt;" />');
-		document.write('<input type="hidden" name="RedirectURL" value="' + baseurl + '/iframeLBKUdetected.html"/>');
+		document.write('<input type="hidden" name="RedirectURL" value="' + $contextPath + '/iframeLBKUdetected.html"/>');
 		document.write('</form>');
 		try {
 			document.bkudetectform.submit();
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
index a37beac70..dc55df05b 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
@@ -160,15 +160,15 @@ public class SSOTransferServlet{
 
 		} catch (MOAIDException | MOADatabaseException e) {
 			e.printStackTrace();
-			resp.sendError(500, e.getMessage());
+			resp.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage()));
 
 		} catch (NoSuchAlgorithmException | InvalidParameterSpecException e) {
 			e.printStackTrace();
-			resp.sendError(500, e.getMessage());
+			resp.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage()));
 
 		} catch (Exception e) {
 			e.printStackTrace();
-			resp.sendError(500, e.getMessage());
+			resp.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage()));
 		}							
 	}
 
@@ -221,51 +221,51 @@ public class SSOTransferServlet{
 				
 			} catch (OperatorCreationException e) {
 				Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (CredentialsNotAvailableException e) {
 				Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (PKCSException e) {
 				Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (CertificateException e) {
 				Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (InvalidKeyException e) {
 				Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (NoSuchAlgorithmException e) {
 				Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (InvalidKeySpecException e) {
 				Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (SessionDataStorageException e) {
 				Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (ParseException e) {
 				Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (IllegalBlockSizeException e) {
 				Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (BadPaddingException e) {
 				Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (NoSuchPaddingException e) {
 				Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			}
 							
@@ -323,50 +323,50 @@ public class SSOTransferServlet{
 			} catch (OperatorCreationException e) {
 				// TODO Auto-generated catch block
 				e.printStackTrace();
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (CredentialsNotAvailableException e) {
 				// TODO Auto-generated catch block
 				e.printStackTrace();
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (PKCSException e) {
 				// TODO Auto-generated catch block
 				e.printStackTrace();
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (CertificateException e) {
 				// TODO Auto-generated catch block
 				e.printStackTrace();
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (InvalidKeyException e) {
 				// TODO Auto-generated catch block
 				e.printStackTrace();
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (NoSuchAlgorithmException e) {
 				// TODO Auto-generated catch block
 				e.printStackTrace();
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (InvalidKeySpecException e) {
 				// TODO Auto-generated catch block
 				e.printStackTrace();
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (SessionDataStorageException e) {
 				e.printStackTrace();
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 			} catch (IllegalBlockSizeException e) {
 				e.printStackTrace();
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 			} catch (BadPaddingException e) {
 				e.printStackTrace();
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 			} catch (NoSuchPaddingException e) {
 				e.printStackTrace();
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 			}
 			
 			
@@ -423,15 +423,15 @@ public class SSOTransferServlet{
 			
 		} catch (MOAIDException | MOADatabaseException e) {
 			e.printStackTrace();
-			resp.sendError(500, e.getMessage());
+			resp.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage()));
 		
 		} catch (NoSuchAlgorithmException | InvalidParameterSpecException e) {
 			e.printStackTrace();
-			resp.sendError(500, e.getMessage());
+			resp.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage()));
 			
 		} catch (Exception e) {
 			e.printStackTrace();
-			resp.sendError(500, e.getMessage());
+			resp.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage()));
 		}							
 	}
 	
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
index 13a278d1d..fe164c514 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
@@ -105,7 +105,7 @@ public class GUIUtils {
 			
 			config.putCustomParameter("QRImage", base64EncodedImage);		
 			config.putCustomParameter("successMsg", "Select the SSO Session in your <i>SSO-Transfer App</i> and scan the QR-Code to start the process.");			
-			config.putCustomParameter("timeoutURL", containerURL);
+			config.putCustomParameterWithOutEscaption("timeoutURL", containerURL);
 			config.putCustomParameter("timeout", REFESH_TIMEOUT);
 				
 			guiBuilder.build(response, config, "SSO-Transfer-Module");
-- 
cgit v1.2.3


From 75c7ab602fe14d56217f268ea80e787a5316288a Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 27 Nov 2017 15:30:31 +0100
Subject: fix nullpointer in MandateNaturalPersonBPKAttributeBuilder.java

---
 .../MandateNaturalPersonBPKAttributeBuilder.java     | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
index 6ac517e19..ad469921c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
@@ -57,15 +57,21 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
 				
 				if (MiscUtil.isEmpty(bpk))
 					throw new UnavailableAttributeException(BPK_NAME);
-					
-				if (type.startsWith(Constants.URN_PREFIX_WBPK))
-					type = type.substring((Constants.URN_PREFIX_WBPK + "+").length());
 				
-				else if (type.startsWith(Constants.URN_PREFIX_CDID)) 
-					type = type.substring((Constants.URN_PREFIX_CDID + "+").length());
+				if (type != null) {	
+					if (type.startsWith(Constants.URN_PREFIX_WBPK))
+						type = type.substring((Constants.URN_PREFIX_WBPK + "+").length());
+				
+					else if (type.startsWith(Constants.URN_PREFIX_CDID)) 
+						type = type.substring((Constants.URN_PREFIX_CDID + "+").length());
 				
-				else if (type.startsWith(Constants.URN_PREFIX_EIDAS)) 
-					type = type.substring((Constants.URN_PREFIX_EIDAS + "+").length());
+					else if (type.startsWith(Constants.URN_PREFIX_EIDAS)) 
+						type = type.substring((Constants.URN_PREFIX_EIDAS + "+").length());
+					
+				} else {
+					Logger.debug("bPK type is 'null' --> use it as it is");
+					
+				}
 				
 				if (bpk.length() > BPK_MAX_LENGTH) {
 					bpk = bpk.substring(0, BPK_MAX_LENGTH);
-- 
cgit v1.2.3


From f6ef9b2e21af5a55b9f2b360de3cff38c56904d6 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 27 Nov 2017 15:33:37 +0100
Subject: add some more escaptions

---
 .../configuration/struts/action/IndexAction.java   |  32 ++----
 .../id/auth/builder/AuthenticationDataBuilder.java |   1 +
 .../id/auth/servlet/IDPSingleLogOutServlet.java    |   4 +-
 .../gv/egovernment/moa/id/data/EncryptedData.java  |   9 +-
 .../moa/id/moduls/AuthenticationManager.java       |   4 +-
 .../moa/id/storage/DBTransactionStorage.java       | 112 +++++++++++++++------
 .../moa/id/storage/ITransactionStorage.java        |   4 +
 .../moa/id/util/AbstractEncrytionUtil.java         |  25 +++--
 .../java/at/gv/egovernment/moa/id/util/Random.java |  12 ++-
 .../src/test/java/test/MOAIDTestCase.java          |   3 +-
 .../java/at/gv/egovernment/moa/logging/Logger.java |   5 +-
 .../java/at/gv/egovernment/moa/util/FileUtils.java |  35 +------
 .../test/at/gv/egovernment/moa/util/FileUtils.java |  72 +++++++++++++
 .../at/gv/egovernment/moa/util/URLDecoderTest.java |   2 -
 .../at/gv/egovernment/moa/util/URLEncoderTest.java |   1 -
 .../main/resources/mainGUI/iframeLBKUdetect.html   |   2 +-
 .../moa/id/auth/AuthenticationServer.java          |  11 +-
 .../ssotransfer/servlet/SSOTransferServlet.java    |   2 +-
 .../auth/modules/ssotransfer/utils/GUIUtils.java   |   2 +-
 19 files changed, 225 insertions(+), 113 deletions(-)
 create mode 100644 id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/FileUtils.java

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
index df1786402..bf75a3068 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
@@ -39,7 +39,6 @@ import org.apache.log4j.Logger;
 import org.joda.time.DateTime;
 import org.opensaml.common.SAMLObject;
 import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.common.xml.SAMLConstants;
 import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
 import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.core.AttributeStatement;
@@ -51,34 +50,18 @@ import org.opensaml.saml2.core.StatusCode;
 import org.opensaml.saml2.core.Subject;
 import org.opensaml.saml2.encryption.Decrypter;
 import org.opensaml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver;
-import org.opensaml.saml2.metadata.IDPSSODescriptor;
-import org.opensaml.security.MetadataCredentialResolver;
-import org.opensaml.security.MetadataCredentialResolverFactory;
-import org.opensaml.security.MetadataCriteria;
-import org.opensaml.security.SAMLSignatureProfileValidator;
 import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
 import org.opensaml.xml.encryption.ChainingEncryptedKeyResolver;
 import org.opensaml.xml.encryption.InlineEncryptedKeyResolver;
 import org.opensaml.xml.encryption.SimpleRetrievalMethodEncryptedKeyResolver;
 import org.opensaml.xml.parse.BasicParserPool;
-import org.opensaml.xml.security.CriteriaSet;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.criteria.EntityIDCriteria;
-import org.opensaml.xml.security.criteria.UsageCriteria;
-import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver;
-import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
-import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
 import org.opensaml.xml.security.keyinfo.StaticKeyInfoCredentialResolver;
-import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider;
-import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider;
-import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider;
 import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter;
 import org.opensaml.xml.security.x509.X509Credential;
 import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine;
 
-import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
 import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
+import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
 import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
@@ -86,7 +69,6 @@ import at.gv.egovernment.moa.id.configuration.Constants;
 import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
 import at.gv.egovernment.moa.id.configuration.auth.AuthenticationManager;
 import at.gv.egovernment.moa.id.configuration.auth.pvp2.PVP2Utils;
-import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
 import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom;
 import at.gv.egovernment.moa.id.configuration.exception.BasicActionException;
 import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper;
@@ -160,7 +142,7 @@ public class IndexAction extends BasicAction {
 		
 		if (MiscUtil.isNotEmpty(username)) {
 			if (ValidationHelper.containsNotValidCharacter(username, false)) {
-				log.warn("Username contains potentail XSS characters: " + username);
+				log.warn("Username contains potentail XSS characters: " + StringEscapeUtils.escapeHtml(username));
 				addActionError(LanguageHelper.getErrorString("validation.edituser.username.valid", 
 						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 				return Constants.STRUTS_ERROR;
@@ -197,13 +179,13 @@ public class IndexAction extends BasicAction {
 				dbuser.setIsUsernamePasswordAllowed(true);
 			
 			if (!dbuser.isIsActive() || !dbuser.isIsUsernamePasswordAllowed()) {
-				log.warn("Username " + dbuser.getUsername() + " is not active or Username/Password login is not allowed");
+				log.warn("Username " + StringEscapeUtils.escapeHtml(dbuser.getUsername()) + " is not active or Username/Password login is not allowed");
 				addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed", request));
 				return Constants.STRUTS_ERROR;
 			}
 						
 			if (!dbuser.getPassword().equals(key)) {
-				log.warn("Username " + dbuser.getUsername() + " use a false password");
+				log.warn("Username " + StringEscapeUtils.escapeHtml(dbuser.getUsername()) + " use a false password");
 				addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed", request));
 				return Constants.STRUTS_ERROR;
 			}
@@ -615,7 +597,7 @@ public class IndexAction extends BasicAction {
 				check = user.getInstitut();
 				if (MiscUtil.isNotEmpty(check)) {
 					if (ValidationHelper.containsNotValidCharacter(check, false)) {
-						log.warn("Organisation contains potentail XSS characters: " + check);
+						log.warn("Organisation contains potentail XSS characters: " + StringEscapeUtils.escapeHtml(check));
 						addActionError(LanguageHelper.getErrorString("validation.edituser.institut.valid", 
 								new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 					}
@@ -628,7 +610,7 @@ public class IndexAction extends BasicAction {
 			check = user.getMail();
 			if (MiscUtil.isNotEmpty(check)) {
 				if (!ValidationHelper.isEmailAddressFormat(check)) {
-					log.warn("Mailaddress is not valid: " + check);
+					log.warn("Mailaddress is not valid: " + StringEscapeUtils.escapeHtml(check));
 					addActionError(LanguageHelper.getErrorString("validation.edituser.mail.valid", 
 							new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 				}
@@ -640,7 +622,7 @@ public class IndexAction extends BasicAction {
 			check = user.getPhone();
 			if (MiscUtil.isNotEmpty(check)) {
 				if (!ValidationHelper.validatePhoneNumber(check)) {
-					log.warn("No valid Phone Number: " + check);
+					log.warn("No valid Phone Number: " + StringEscapeUtils.escapeHtml(check));
 					addActionError(LanguageHelper.getErrorString("validation.edituser.phone.valid", 
 							new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
 				}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 5a5d0bcf6..cc716f9f8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -352,6 +352,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 				authData.setBkuURL(session.getGenericDataFromSession(PVPConstants.EID_CCS_URL_NAME, String.class));
 						
 	
+			//TODO: fully switch from STORK QAA to eIDAS LoA
 			//####################################################
 			//set QAA level
 			includedToGenericAuthData.remove(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index 19f3fdc54..0397bd501 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -117,7 +117,7 @@ public class IDPSingleLogOutServlet extends AbstractController {
 					config.putCustomParameter("successMsg",
 							MOAIDMessageProvider.getInstance().getMessage("slo.00", null));
 				else
-					config.putCustomParameter("errorMsg", 
+					config.putCustomParameterWithOutEscaption("errorMsg", 
 							MOAIDMessageProvider.getInstance().getMessage("slo.01", null));			
 				guiBuilder.build(resp, config, "Single-LogOut GUI");
 			
@@ -213,7 +213,7 @@ public class IDPSingleLogOutServlet extends AbstractController {
 								DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, 
 								null);					
 						
-						config.putCustomParameter("errorMsg", 
+						config.putCustomParameterWithOutEscaption("errorMsg", 
 								MOAIDMessageProvider.getInstance().getMessage("slo.01", null));		                	
 				
 						guiBuilder.build(resp, config, "Single-LogOut GUI");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/EncryptedData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/EncryptedData.java
index e0484eb1b..4e7a72da6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/EncryptedData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/EncryptedData.java
@@ -22,12 +22,19 @@
  */
 package at.gv.egovernment.moa.id.data;
 
+import java.io.Serializable;
+
 /**
  * @author tlenz
  *
  */
-public class EncryptedData {
+public class EncryptedData implements Serializable{
 
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 1L;
+	
 	private byte[] encData = null;
 	private byte[] iv = null;
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 3770dad2f..bb849a8d0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -659,7 +659,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 			        	
 			        } else {
 			        	revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
-			        	config.putCustomParameter("errorMsg", 
+			        	config.putCustomParameterWithOutEscaption("errorMsg", 
 			        			MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
 			        	
 			        }
@@ -690,7 +690,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 						null);
 				
 				revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
-				config.putCustomParameter("errorMsg", 
+				config.putCustomParameterWithOutEscaption("errorMsg", 
 	        			MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
 	        	
 	        	try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
index f17e4a99a..2395b913d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
@@ -38,8 +38,11 @@ import org.springframework.stereotype.Repository;
 import org.springframework.transaction.annotation.Transactional;
 
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.data.EncryptedData;
+import at.gv.egovernment.moa.id.util.SessionEncrytionUtil;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -106,18 +109,36 @@ public class DBTransactionStorage implements ITransactionStorage {
 			
 		}	
 	}
-	
-	public Object getAssertionStore(String key) throws MOADatabaseException{
-		return searchInDatabase(key);
-	}
-	
+		
 	public Object get(String key) throws MOADatabaseException {
 		  AssertionStore element = searchInDatabase(key);
 		  
 		  if (element == null)
 			  return null;
+		  		  
+		  Object data = SerializationUtils.deserialize(element.getAssertion());
 		  
-		  return SerializationUtils.deserialize(element.getAssertion());
+		//decrypt data if required
+		  Object resultData = null;
+		  if (data instanceof EncryptedData) {
+			  Logger.trace("Find encrypted data. --> Starting decryption process ...");
+			  try {
+				byte[] decData = decryptData((EncryptedData)data);
+				resultData = SerializationUtils.deserialize(decData);
+				
+			  } catch (BuildException e) {
+				  Logger.warn("Transaction information decryption FAILED.", e);
+				  throw new MOADatabaseException("Transaction information decryption FAILED.", e);
+				  
+			  }
+			  		  
+		  } else {
+			  Logger.trace("Find unencrypted data. --> Use it as is");
+			  resultData = data;
+			  
+		  }
+		  
+		  return resultData;
 		
 		
 	}
@@ -141,13 +162,34 @@ public class DBTransactionStorage implements ITransactionStorage {
 	  }
 	  
 	  
-	  //Deserialize Assertion
+	  //Deserialize Assertion	  
 	  Object data = SerializationUtils.deserialize(element.getAssertion());
 	  
+	  //decrypt data if required
+	  Object resultData = null;
+	  if (data instanceof EncryptedData) {
+		  Logger.trace("Find encrypted data. --> Starting decryption process ...");
+		  try {
+			byte[] decData = decryptData((EncryptedData)data);
+			resultData = SerializationUtils.deserialize(decData);
+			
+		  } catch (BuildException e) {
+			  Logger.warn("Transaction information decryption FAILED.", e);
+			  throw new MOADatabaseException("Transaction information decryption FAILED.", e);
+			  
+		  }
+		  		  
+	  } else {
+		  Logger.trace("Find unencrypted data. --> Use it as is");
+		  resultData = data;
+		  
+	  }
+		  
+	  
 	  //check if assertion has the correct class type 
 	  try {
 		  @SuppressWarnings("unchecked")
-		T test = (T) Class.forName(element.getType()).cast(data);
+		T test = (T) Class.forName(element.getType()).cast(resultData);
 		return test;
 		
 	  } catch (Exception e) {
@@ -198,6 +240,17 @@ public class DBTransactionStorage implements ITransactionStorage {
 		}
 	}
 
+	public Object getAssertionStore(String key) throws MOADatabaseException{
+		return searchInDatabase(key);
+		
+	}
+	
+	@Override
+	public void putAssertionStore(Object element) throws MOADatabaseException{
+		entityManager.merge(element);
+		
+	}
+	
 	private void cleanDelete(AssertionStore element) {
 	
 			
@@ -245,30 +298,33 @@ public class DBTransactionStorage implements ITransactionStorage {
 			throw new MOADatabaseException("Transaction-Storage can only store objects which implements the 'Seralizable' interface", null);
 			
 		}	
-		
-		//serialize the Assertion for Database storage
-		byte[] data = SerializationUtils.serialize((Serializable) value);
-		element.setAssertion(data);
-		
-		//store AssertionStore element to Database
-		//try {
+	
+		try {
+			//serialize the Assertion for Database storage
+			byte[] data = SerializationUtils.serialize((Serializable) value);
+			element.setAssertion(encryptData(data));
+
+			//store AssertionStore element to Database
 			entityManager.persist(element);
-			//MOASessionDBUtils.saveOrUpdate(element);
-			Logger.debug(value.getClass().getName() + " with ID: " + key + " is stored in Database");
-//			
-//		} catch (MOADatabaseException e) {
-//			Logger.warn("Sessioninformation could not be stored.");
-//			throw new MOADatabaseException(e);
-//			
-//		}
+			Logger.debug(value.getClass().getName() + " with ID: " + key + " is stored in Database");			
+			
+		} catch (BuildException e) {
+			Logger.warn("Sessioninformation could not be stored.");
+			throw new MOADatabaseException(e);
+			
+		}
 		
 	}
+	
+	private static byte[] encryptData(byte[] data) throws BuildException {		
+		EncryptedData encdata = SessionEncrytionUtil.getInstance().encrypt(data);
+		return SerializationUtils.serialize(encdata);
 
-	@Override
-	public void putAssertionStore(Object element) throws MOADatabaseException{
-		// TODO Auto-generated method stub
-		entityManager.merge(element);
-		
+	}
+	
+	private static byte[] decryptData(EncryptedData encdata) throws BuildException {
+		return SessionEncrytionUtil.getInstance().decrypt(encdata);
+						
 	}
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java
index 53a7f4f5e..51a36d426 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java
@@ -114,6 +114,8 @@ public interface ITransactionStorage {
 	
 	/**
 	 * Get whole AssertionStoreObject, required for SLO
+	 * <br>
+	 * <b>IMPORTANT:</b> This method does NOT decrypt information before storage
 	 * 
 	 * @param key key Id which identifiers the data object
 	 * @return The transaction-data object, or null
@@ -123,6 +125,8 @@ public interface ITransactionStorage {
 	
 	/**
 	 * Put whole AssertionStoreObject to db, required for SLO
+ 	 * <br>
+	 * <b>IMPORTANT:</b> This method does NOT encrypt information before storage
 	 * 
 	 * @param element assertion store object
 	 */
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
index b0d166951..84d40f619 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
@@ -22,9 +22,6 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.util;
 
-import iaik.security.cipher.PBEKey;
-import iaik.security.spec.PBEKeyAndParameterSpec;
-
 import java.security.InvalidAlgorithmParameterException;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
@@ -35,19 +32,26 @@ import javax.crypto.Cipher;
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
 import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.GCMParameterSpec;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.PBEKeySpec;
 import javax.crypto.spec.SecretKeySpec;
 
-
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.DatabaseEncryptionException;
 import at.gv.egovernment.moa.id.data.EncryptedData;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
+import iaik.security.cipher.PBEKey;
+import iaik.security.spec.PBEKeyAndParameterSpec;
 
 public abstract class AbstractEncrytionUtil {
-	protected static final String CIPHER_MODE = "AES/CBC/PKCS5Padding";
+	//protected static final String CIPHER_MODE = "AES/CBC/PKCS5Padding";
+	
+	protected static final String CIPHER_MODE = "AES/GCM/NoPadding";
+	public static final int GCM_NONCE_LENGTH = 12; // in bytes
+	public static final int GCM_TAG_LENGTH = 16; // in bytes
+	
 	protected static final String KEYNAME = "AES";
 
 	private SecretKey secret = null;
@@ -114,8 +118,15 @@ public abstract class AbstractEncrytionUtil {
 		
 		if (secret != null) {
 			try {
-				cipher = Cipher.getInstance(CIPHER_MODE, "IAIK");
-			    cipher.init(Cipher.ENCRYPT_MODE, secret);
+				final byte[] nonce = Random.nextBytes(GCM_NONCE_LENGTH);
+				
+//				final byte[] nonce = new byte[GCM_NONCE_LENGTH];				
+//				SecureRandom.getInstanceStrong().nextBytes(nonce);
+		        
+				GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce);
+		        
+				cipher = Cipher.getInstance(CIPHER_MODE, "IAIK");				
+			    cipher.init(Cipher.ENCRYPT_MODE, secret, spec);
 				
 			    Logger.debug("Encrypt MOASession");
 			    
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
index ac2b3c415..38c384c3a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
@@ -151,6 +151,16 @@ public class Random {
 		
   }
   
+/**
+ * Creates a new random byte[]
+ * 	
+ * @param size Size of random number in byte
+ * @return
+ */
+public static byte[] nextBytes(int size) {
+	return  nextByteRandom(size);
+	
+}
   
   public static void seedRandom() {
 	  
@@ -165,7 +175,7 @@ public class Random {
   /**
    * Generate a new random number
    * 
-   * @param size Size of random number in bits
+   * @param size Size of random number in byte
    * @return
    */
   private static synchronized byte[] nextByteRandom(int size) {
diff --git a/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java b/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java
index e28b154f4..b3a9d367f 100644
--- a/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java
+++ b/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java
@@ -56,10 +56,8 @@ import org.w3c.dom.Element;
 
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.StreamUtils;
 import at.gv.egovernment.moa.util.XPathUtils;
-
 import iaik.ixsil.algorithms.Transform;
 import iaik.ixsil.algorithms.TransformImplExclusiveCanonicalXML;
 import iaik.ixsil.exceptions.AlgorithmException;
@@ -68,6 +66,7 @@ import iaik.ixsil.exceptions.URIException;
 import iaik.ixsil.init.IXSILInit;
 import iaik.ixsil.util.URI;
 import test.at.gv.egovernment.moa.MOATestCase;
+import test.at.gv.egovernment.moa.util.FileUtils;
 
 /*
  * @author Paul Ivancsics
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/Logger.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/Logger.java
index 3730b36ce..9152f2549 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/Logger.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/Logger.java
@@ -27,6 +27,9 @@ package at.gv.egovernment.moa.logging;
 import java.util.HashMap;
 import java.util.Map;
 
+import org.apache.commons.lang3.StringEscapeUtils;
+
+
 /**
  * A utility class acting as a facade to the logging subsystem.
  * 
@@ -88,7 +91,7 @@ public class Logger {
   private static String prepareMessage(Object message) {
       if(null == message)
           return "no message given";
-      return message.toString();
+      return StringEscapeUtils.escapeHtml4(message.toString());
   }
   
   /**
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java
index 3291f8a15..8d6aea164 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java
@@ -53,40 +53,7 @@ public class FileUtils {
     in.close();
     return content;
   }
-//  /**
-//   * Reads a file, given by URL, into a String.
-//   * @param urlString file URL
-//   * @param encoding character encoding
-//   * @return file content
-//   * @throws IOException on any exception thrown
-//   */
-//  public static String readURL(String urlString, String encoding) throws IOException {
-//    byte[] content = readURL(urlString);
-//    return new String(content, encoding);
-//  }
-//  /**
-//   * Reads a file, given by filename, into a byte array.
-//   * @param filename filename
-//   * @return file content
-//   * @throws IOException on any exception thrown
-//   */
-//  public static byte[] readFile(String filename) throws IOException {
-//    BufferedInputStream in = new BufferedInputStream(new FileInputStream(filename));
-//    byte[] content = StreamUtils.readStream(in);
-//    in.close();
-//    return content;
-//  }
-//  /**
-//   * Reads a file, given by filename, into a String.
-//   * @param filename filename
-//   * @param encoding character encoding
-//   * @return file content
-//   * @throws IOException on any exception thrown
-//   */
-//  public static String readFile(String filename, String encoding) throws IOException {
-//    byte[] content = readFile(filename);
-//    return new String(content, encoding);
-//  }
+
   /**
    * Reads a file from a resource.
    * @param name resource name
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/FileUtils.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/FileUtils.java
new file mode 100644
index 000000000..8941ab4cf
--- /dev/null
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/FileUtils.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package test.at.gv.egovernment.moa.util;
+
+import java.io.BufferedInputStream;
+import java.io.FileInputStream;
+import java.io.IOException;
+
+import at.gv.egovernment.moa.util.StreamUtils;
+
+/**
+ * @author tlenz
+ *
+ */
+public class FileUtils extends at.gv.egovernment.moa.util.FileUtils {
+
+  /**
+  * Reads a file, given by URL, into a String.
+  * @param urlString file URL
+  * @param encoding character encoding
+  * @return file content
+  * @throws IOException on any exception thrown
+  */
+ public static String readURL(String urlString, String encoding) throws IOException {
+   byte[] content = readURL(urlString);
+   return new String(content, encoding);
+ }
+ /**
+  * Reads a file, given by filename, into a byte array.
+  * @param filename filename
+  * @return file content
+  * @throws IOException on any exception thrown
+  */
+ public static byte[] readFile(String filename) throws IOException {
+   BufferedInputStream in = new BufferedInputStream(new FileInputStream(filename));
+   byte[] content = StreamUtils.readStream(in);
+   in.close();
+   return content;
+ }
+ /**
+  * Reads a file, given by filename, into a String.
+  * @param filename filename
+  * @param encoding character encoding
+  * @return file content
+  * @throws IOException on any exception thrown
+  */
+ public static String readFile(String filename, String encoding) throws IOException {
+   byte[] content = readFile(filename);
+   return new String(content, encoding);
+ }
+	
+}
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/URLDecoderTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/URLDecoderTest.java
index 2ded896d0..9196a8718 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/URLDecoderTest.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/URLDecoderTest.java
@@ -26,9 +26,7 @@ package test.at.gv.egovernment.moa.util;
 
 import java.net.URLEncoder;
 
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.URLDecoder;
-
 import junit.framework.TestCase;
 
 /*
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/URLEncoderTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/URLEncoderTest.java
index 5f72c8aad..d89e9f21f 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/URLEncoderTest.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/URLEncoderTest.java
@@ -24,7 +24,6 @@
 
 package test.at.gv.egovernment.moa.util;
 
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.URLDecoder;
 import at.gv.egovernment.moa.util.URLEncoder;
 import junit.framework.TestCase;
diff --git a/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/iframeLBKUdetect.html b/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/iframeLBKUdetect.html
index f54484307..cbc16cb38 100644
--- a/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/iframeLBKUdetect.html
+++ b/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/iframeLBKUdetect.html
@@ -19,7 +19,7 @@
 		parent.setBKUAvailable(false);
 		document.write('<form name="bkudetectform" method="POST" target="bkudetect" action="' + bkuurl + '" enctype="application/x-www-form-urlencoded">');
 		document.write('<input type="hidden" name="XMLRequest" value="&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;&lt;NullOperationRequest xmlns=&quot;http://www.buergerkarte.at/namespaces/securitylayer/1.2#&quot;/&gt;" />');
-		document.write('<input type="hidden" name="RedirectURL" value="' + $contextPath + '/iframeLBKUdetected.html"/>');
+		document.write('<input type="hidden" name="RedirectURL" value="$contextPath/iframeLBKUdetected.html"/>');
 		document.write('</form>');
 		try {
 			document.bkudetectform.submit();
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index c9bc31f6c..faeb0158b 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -67,7 +67,6 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.util.XMLUtil;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
@@ -1203,9 +1202,13 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 	public static X509Certificate getCertificateFromXML(Element signedXML) throws CertificateException {
 
 		NodeList nList = signedXML.getElementsByTagNameNS(Constants.DSIG_NS_URI, "X509Certificate");
-
-		String base64CertString = XMLUtil.getFirstTextValueFromNodeList(nList);
-
+	
+		String base64CertString = null;
+		if (nList != null && nList.getLength() != 0) {
+			base64CertString = nList.item(0).getTextContent();
+			
+		}
+		
 		if (StringUtils.isEmpty(base64CertString)) {
 			String msg = "XML does not contain a X509Certificate element.";
 			Logger.error(msg);
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
index dc55df05b..af64e745e 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
@@ -558,7 +558,7 @@ public class SSOTransferServlet{
 		String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray());							
 		config.putCustomParameter("QRImage", base64EncodedImage);
 		
-		config.putCustomParameter("successMsg", "Scan the QR-Code with your <i>SSO-Transfer App</i> to start the transfer operation.");
+		config.putCustomParameterWithOutEscaption("successMsg", "Scan the QR-Code with your <i>SSO-Transfer App</i> to start the transfer operation.");
 		
 		
 		guiBuilder.build(resp, config, "SSO-Session Transfer-Module");
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
index fe164c514..5c66f257d 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
@@ -104,7 +104,7 @@ public class GUIUtils {
 					null);
 			
 			config.putCustomParameter("QRImage", base64EncodedImage);		
-			config.putCustomParameter("successMsg", "Select the SSO Session in your <i>SSO-Transfer App</i> and scan the QR-Code to start the process.");			
+			config.putCustomParameterWithOutEscaption("successMsg", "Select the SSO Session in your <i>SSO-Transfer App</i> and scan the QR-Code to start the process.");			
 			config.putCustomParameterWithOutEscaption("timeoutURL", containerURL);
 			config.putCustomParameter("timeout", REFESH_TIMEOUT);
 				
-- 
cgit v1.2.3


From ee5d22920aec815371b1b2ca16bc0a2bb61fd987 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 27 Nov 2017 15:34:27 +0100
Subject: add PVP attribute for eIDAS QAA level

---
 .../at/gv/egovernment/moa/id/data/IAuthData.java   | 12 ++++++
 .../EIDCitizenQAALevelAttributeBuilder.java        |  2 +-
 .../builder/attributes/EIDSTORKTOKEN.java          |  2 +-
 .../EIDeIDASQAALevelAttributeBuilder.java          | 48 ++++++++++++++++++++++
 ....protocols.builder.attributes.IAttributeBuilder |  1 +
 5 files changed, 63 insertions(+), 2 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDeIDASQAALevelAttributeBuilder.java

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
index e9fef4676..cb3def678 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
@@ -79,7 +79,19 @@ public interface IAuthData {
 	 Element getMandate();
 	 String getMandateReferenceValue();
 
+	 @Deprecated
+	 /**
+	  * Return STORK QAA level
+	  * 
+	  * @return
+	  */
 	 String getQAALevel();
+	 
+	 /**
+	  * Return authentication QAA level from eIDAS
+	  * 
+	  * @return
+	  */
 	 public String getEIDASQAALevel();
 	 
 	 String getSessionIndex();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
index cfc6b102c..b254bc305 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
@@ -23,10 +23,10 @@
 package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 
+@Deprecated
 public class EIDCitizenQAALevelAttributeBuilder implements IPVPAttributeBuilder {
 
 	public String getName() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java
index b1474acda..0978cfe90 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java
@@ -26,7 +26,6 @@ import java.io.IOException;
 
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
@@ -34,6 +33,7 @@ import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
+@Deprecated
 public class EIDSTORKTOKEN implements IPVPAttributeBuilder  {
 
 	public String getName() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDeIDASQAALevelAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDeIDASQAALevelAttributeBuilder.java
new file mode 100644
index 000000000..ca3dfa765
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDeIDASQAALevelAttributeBuilder.java
@@ -0,0 +1,48 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.builder.attributes;
+
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+
+public class EIDeIDASQAALevelAttributeBuilder implements IPVPAttributeBuilder {
+
+	public String getName() {
+		return EID_CITIZEN_EIDAS_QAA_LEVEL_NAME;
+	}
+
+	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeException {
+		
+		return g.buildStringAttribute(EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, 
+				EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, authData.getEIDASQAALevel());
+	}
+	
+	
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, 
+				EID_CITIZEN_EIDAS_QAA_LEVEL_NAME);
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder
index d40be32f5..6a5ce2171 100644
--- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder
+++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder
@@ -30,3 +30,4 @@ at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeOIDAttributeBui
 at.gv.egovernment.moa.id.protocols.builder.attributes.PrincipalNameAttributeBuilder
 at.gv.egovernment.moa.id.protocols.builder.attributes.PVPVersionAttributeBuilder
 at.gv.egovernment.moa.id.protocols.builder.attributes.HolderOfKey
+at.gv.egovernment.moa.id.protocols.builder.attributes.EIDeIDASQAALevelAttributeBuilder
-- 
cgit v1.2.3


From c114cbf86bc483b6cb39232c65d0bed98cafa855 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 27 Nov 2017 15:41:23 +0100
Subject: update history.txt

---
 id/history.txt | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/id/history.txt b/id/history.txt
index cffdd6ae3..c0b12dd1c 100644
--- a/id/history.txt
+++ b/id/history.txt
@@ -9,6 +9,8 @@ Version MOA-ID Release 3.3.0: 
   - Anpassungen der Konfigurationsoberfläche (OnlineBKU entfernt)
   - Bugfix - Problem mit openSAML welches unsignierte SAML2 AuthnRequests bei Redirect Binding ermöglicht
   - Bugfix - Ungültig kodierter PVP2 Attributwert 'MANDATOR-NATURAL-PERSON-BPK'
+  - Bugfix - Updates an Endpunten um Cross-Site-Scripting (XSS) zu verhindern
+  - Code-Cleaning von unbenutzen Methoden und Klassen   
   - Update von Libraries
     > org.springframework 4.3.11.RELEASE
     > org.springframework.data.spring-data-jpa 1.11.7.RELEASE
-- 
cgit v1.2.3


From d5e50b587485a778d6fdd8b52958318204000d00 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 27 Nov 2017 15:42:22 +0100
Subject: switch version to 3.3.0

---
 pom.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pom.xml b/pom.xml
index b19b8cd98..c54907550 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,14 +22,14 @@
 		-->
 		
 			<!-- Project Version -->			
-			<moa-id-version>3.3.0-RC1</moa-id-version>
+			<moa-id-version>3.3.0</moa-id-version>
 			
-			<moa-id-version-final>3.3.0-RC1</moa-id-version-final>			
-			<moa-id-version-edu>3.3.0-RC1</moa-id-version-edu>			
+			<moa-id-version-final>3.3.0</moa-id-version-final>			
+			<moa-id-version-edu>3.3.0</moa-id-version-edu>			
 			
 			<moa-id-proxy-version>2.0.1</moa-id-proxy-version>
 			
-			<configtool-version>2.4.0-RC1</configtool-version>
+			<configtool-version>2.4.0</configtool-version>
 			<demo-oa-version>2.0.6</demo-oa-version>
 			
 			<moa-id-module-elga_mandate_client>1.3</moa-id-module-elga_mandate_client>
-- 
cgit v1.2.3


From bbc999c5d7912d0658216e7a8f59619135731ebf Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 20 Nov 2017 11:47:29 +0100
Subject: Add PVP metadata SAML2 EntityAttribute resolver filter

---
 .../pvp2x/metadata/MOAMetadataProvider.java        |   2 +
 .../metadata/PVPEntityCategoryFilter.java          | 207 +++++++++++++++++++++
 2 files changed, 209 insertions(+)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index ab355646c..585aac805 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -55,6 +55,7 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPEntityCategoryFilter;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPMetadataFilterChain;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
 import at.gv.egovernment.moa.logging.Logger;
@@ -490,6 +491,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 	private PVPMetadataFilterChain buildMetadataFilterChain(IOAAuthParameters oaParam, String metadataURL, byte[] certificate) throws CertificateException, ConfigurationException {
 		PVPMetadataFilterChain filterChain = new PVPMetadataFilterChain(metadataURL, certificate);
 		filterChain.getFilters().add(new SchemaValidationFilter());
+		filterChain.getFilters().add(new PVPEntityCategoryFilter());
 		
 		if (oaParam.isInderfederationIDP()) {
 			Logger.info("Online-Application is an interfederated IDP. Add addional Metadata policies");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
new file mode 100644
index 000000000..95d30db49
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
@@ -0,0 +1,207 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.common.Extensions;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.metadata.AttributeConsumingService;
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.LocalizedString;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.ServiceName;
+import org.opensaml.saml2.metadata.provider.FilterException;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.samlext.saml2mdattr.EntityAttributes;
+import org.opensaml.xml.XMLObject;
+
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.data.Trible;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moaspss.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class PVPEntityCategoryFilter implements MetadataFilter {
+
+
+	
+	
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
+	 */
+	@Override
+	public void doFilter(XMLObject metadata) throws FilterException {
+		String entityId = null;
+		try {
+			if (metadata instanceof EntitiesDescriptor) {
+				Logger.trace("Find EnitiesDescriptor ... ");
+				EntitiesDescriptor entitiesDesc = (EntitiesDescriptor) metadata;
+				if (entitiesDesc.getEntityDescriptors() != null) {
+					for (EntityDescriptor el : entitiesDesc.getEntityDescriptors()) 
+						resolveEntityCategoriesToAttributes(el);
+					
+				}
+								
+			} else if (metadata instanceof EntityDescriptor) {
+				Logger.trace("Find EntityDescriptor");
+				resolveEntityCategoriesToAttributes((EntityDescriptor)metadata);
+				
+				
+			} else
+				throw new MOAIDException("Invalid Metadata file Root element is no Entities- or EntityDescriptor", null);
+			
+			
+			
+		} catch (Exception e) {
+			Logger.warn("SAML2 Metadata processing FAILED: Can not resolve EntityCategories for metadata: " + entityId, e);
+			
+		}
+	}
+
+	private void resolveEntityCategoriesToAttributes(EntityDescriptor metadata) {
+		Logger.debug("Resolving EntityCategorie for Entity: " + metadata.getEntityID() + " ...");
+		Extensions extensions = metadata.getExtensions();
+		if (extensions != null) {
+			List<XMLObject> listOfExt = extensions.getUnknownXMLObjects();
+			if (listOfExt != null && !listOfExt.isEmpty()) {
+				for (XMLObject el : listOfExt) {
+					Logger.trace("Find ExtensionElement: " + el.getElementQName().toString());
+					if (el instanceof EntityAttributes) {
+						EntityAttributes entityAttrElem = (EntityAttributes)el;
+						if (entityAttrElem.getAttributes() != null) {
+							Logger.trace("Find EntityAttributes. Start attribute processing ...");
+							for (Attribute entityAttr : entityAttrElem.getAttributes()) {
+								if (entityAttr.getName().equals(PVPConstants.ENTITY_CATEGORY_ATTRIBITE)) {
+									if (!entityAttr.getAttributeValues().isEmpty()) {
+										String entityAttrValue = entityAttr.getAttributeValues().get(0).getDOM().getTextContent();
+										if (PVPConstants.EGOVTOKEN.equals(entityAttrValue)) {
+											Logger.debug("Find 'EGOVTOKEN' EntityAttribute. Adding single pvp attributes ... ");
+											addAttributesToEntityDescriptor(metadata, 
+													buildAttributeList(PVPConstants.EGOVTOKEN_PVP_ATTRIBUTES), 
+													entityAttrValue);
+											
+																													
+										} else if (PVPConstants.CITIZENTOKEN.equals(entityAttrValue)) {
+											Logger.debug("Find 'CITIZENTOKEN' EntityAttribute. Adding single pvp attributes ... ");
+											addAttributesToEntityDescriptor(metadata, 
+													buildAttributeList(PVPConstants.CITIZENTOKEN_PVP_ATTRIBUTES), 
+													entityAttrValue);
+											
+										} else
+											Logger.info("EntityAttributeValue: " + entityAttrValue + " is UNKNOWN!");
+																			
+									} else
+										Logger.info("EntityAttribute: No attribute value");
+																		
+								} else 
+									Logger.info("EntityAttribute: " + entityAttr.getName() + " is NOT supported");
+								
+							}
+										
+						} else
+							Logger.info("Can NOT resolve EntityAttributes! Reason: Only EntityAttributes are supported!");
+						
+					}					
+				}				
+			}			
+		}
+				
+	}
+	
+	/**
+	 * @param metadata
+	 * @param attrList
+	 */
+	private void addAttributesToEntityDescriptor(EntityDescriptor metadata, List<RequestedAttribute> attrList, String entityAttr) {
+		SPSSODescriptor spSSODesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+		if (spSSODesc != null) {
+			if (spSSODesc.getAttributeConsumingServices() == null || 
+					spSSODesc.getAttributeConsumingServices().isEmpty()) {
+				Logger.trace("No 'AttributeConsumingServices' found. Added it ...");
+				
+				AttributeConsumingService attributeService = SAML2Utils.createSAMLObject(AttributeConsumingService.class);						
+				attributeService.setIndex(0);
+				attributeService.setIsDefault(true);
+				ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class);
+				serviceName.setName(new LocalizedString("Default Service", "en"));
+				attributeService.getNames().add(serviceName);
+				
+				if (attrList != null && !attrList.isEmpty()) {
+					attributeService.getRequestAttributes().addAll(attrList);
+					Logger.info("Add  " + attrList.size() + " attributes for 'EntityAttribute': " + entityAttr);
+					
+				}
+				
+				spSSODesc.getAttributeConsumingServices().add(attributeService);
+				
+			} else {
+				Logger.debug("Find 'AttributeConsumingServices'. Starting updating process ... ");
+				for (AttributeConsumingService el : spSSODesc.getAttributeConsumingServices()) {
+					Logger.debug("Update 'AttributeConsumingService' with Index: " + el.getIndex());
+					
+					//load currently requested attributes
+					List<String> currentlyReqAttr = new ArrayList<String>();
+					for (RequestedAttribute reqAttr : el.getRequestAttributes())
+						currentlyReqAttr.add(reqAttr.getName());
+						
+
+					//check against EntityAttribute List
+					for (RequestedAttribute entityAttrListEl : attrList) {
+						if (!currentlyReqAttr.contains(entityAttrListEl.getName())) {
+							el.getRequestAttributes().add(entityAttrListEl);
+							
+						} else
+							Logger.debug("'AttributeConsumingService' already contains attr: " + entityAttrListEl.getName());
+						
+					}
+					
+				}
+				
+			}
+			
+		} else
+			Logger.info("Can ONLY add 'EntityAttributes' to 'SPSSODescriptor'");
+		
+	}
+
+	private List<RequestedAttribute> buildAttributeList(List<Trible<String, String, Boolean>> attrSet) {
+		List<RequestedAttribute> requestedAttributes = new ArrayList<RequestedAttribute>();
+		for (Trible<String, String, Boolean> el : attrSet)
+			requestedAttributes.add(PVPAttributeBuilder.buildReqAttribute(el.getFirst(), el.getSecond(), el.getThird()));	
+					
+		return requestedAttributes;
+		
+		
+	}
+	 	
+}
-- 
cgit v1.2.3


From 91b54c413aca1f214de482e7ea899bdec114880d Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 28 Nov 2017 10:54:34 +0100
Subject: deactivated PVP EntityCategory mapper as default

---
 .../data/deploy/conf/moa-id/moa-id.properties      |  7 +--
 id/server/doc/handbook/config/config.html          |  5 ++
 .../PropertyBasedAuthConfigurationProvider.java    |  2 +-
 .../pvp2x/metadata/MOAMetadataProvider.java        |  6 ++-
 .../metadata/PVPEntityCategoryFilter.java          | 60 ++++++++++++++--------
 .../moa/id/commons/api/AuthConfiguration.java      |  1 +
 6 files changed, 52 insertions(+), 29 deletions(-)

diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties
index 15084b387..4228b0d3a 100644
--- a/id/server/data/deploy/conf/moa-id/moa-id.properties
+++ b/id/server/data/deploy/conf/moa-id/moa-id.properties
@@ -43,12 +43,6 @@ service.foreignidentities.acceptedServerCertificates=
 service.foreignidentities.clientKeyStore=keys/....
 service.foreignidentities.clientKeyStorePassword=
 
-##STORK 2
-stork.fakeIdL.active=false
-stork.fakeIdL.countries=
-stork.fakeIdL.keygroup=
-stork.documentservice.url=
-
 ##Protocol configuration##
 #PVP2
 protocols.pvp2.idp.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12
@@ -59,6 +53,7 @@ protocols.pvp2.idp.ks.assertion.sign.alias=pvp_assertion
 protocols.pvp2.idp.ks.assertion.sign.keypassword=password
 protocols.pvp2.idp.ks.assertion.encryption.alias=pvp_assertion
 protocols.pvp2.idp.ks.assertion.encryption.keypassword=password
+protocols.pvp2.metadata.entitycategories.active=false
 
 #OpenID connect (OAuth)
 protocols.oauth20.jwt.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12
diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html
index e6b86204a..1972d2150 100644
--- a/id/server/doc/handbook/config/config.html
+++ b/id/server/doc/handbook/config/config.html
@@ -576,6 +576,11 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
     <td>password</td>
     <td>Passwort des Schl&uuml;ssels mit dem PVP 2.1 Assertion f&uuml;r MOA-ID-Auth als Service Provider durch einen weiteren IDP Verschl&uuml;sselt werden sollen (siehe Kapitel <a href="./../interfederation/interfederation.html">Interfederation</a>)</td>
   </tr>
+  <tr>
+    <td>protocols.pvp2.metadata.entitycategories.active</td>
+    <td>true / <strong>false</strong></td>
+    <td>Funktion zum Mappen einer in den Metadaten enthaltenen PVP EntityCategory auf ein Set von PVP Attributen, welche von MOA-ID returniert werden sollen.</td>
+  </tr>
 </table>
 <p>&nbsp;</p>
 <h6><a name="basisconfig_moa_id_auth_param_protocol_openid" id="uebersicht_bekanntmachung11"></a>2.2.2.3.2 OpenID Connect</h6>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
index 332604257..d3e340a90 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
@@ -1311,7 +1311,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 		String value = properties.getProperty(key);
 		
 		if (MiscUtil.isNotEmpty(value))
-			return Boolean.valueOf(value);
+			return Boolean.valueOf(value.trim());
 						
 		return defaultValue;
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 585aac805..7f6f9b88c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -51,6 +51,7 @@ import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.auth.IDestroyableObject;
 import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
@@ -491,7 +492,10 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 	private PVPMetadataFilterChain buildMetadataFilterChain(IOAAuthParameters oaParam, String metadataURL, byte[] certificate) throws CertificateException, ConfigurationException {
 		PVPMetadataFilterChain filterChain = new PVPMetadataFilterChain(metadataURL, certificate);
 		filterChain.getFilters().add(new SchemaValidationFilter());
-		filterChain.getFilters().add(new PVPEntityCategoryFilter());
+		filterChain.getFilters().add(
+				new PVPEntityCategoryFilter(authConfig.getBasicMOAIDConfigurationBoolean(
+						AuthConfiguration.PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER, 
+						false)));
 		
 		if (oaParam.isInderfederationIDP()) {
 			Logger.info("Online-Application is an interfederated IDP. Add addional Metadata policies");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
index 95d30db49..ed96f1962 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
@@ -54,6 +54,17 @@ import at.gv.egovernment.moaspss.logging.Logger;
 public class PVPEntityCategoryFilter implements MetadataFilter {
 
 
+	private boolean isUsed = false;
+	
+	/**
+	 * Filter to map PVP EntityCategories into a set of single PVP attributes 
+	 * 
+	 * @param isUsed if true PVP EntityCategories are mapped, otherwise they are ignored
+	 * 
+	 */
+	public PVPEntityCategoryFilter(boolean isUsed) {
+		this.isUsed = isUsed;
+	}
 	
 	
 	/* (non-Javadoc)
@@ -61,31 +72,38 @@ public class PVPEntityCategoryFilter implements MetadataFilter {
 	 */
 	@Override
 	public void doFilter(XMLObject metadata) throws FilterException {
-		String entityId = null;
-		try {
-			if (metadata instanceof EntitiesDescriptor) {
-				Logger.trace("Find EnitiesDescriptor ... ");
-				EntitiesDescriptor entitiesDesc = (EntitiesDescriptor) metadata;
-				if (entitiesDesc.getEntityDescriptors() != null) {
-					for (EntityDescriptor el : entitiesDesc.getEntityDescriptors()) 
-						resolveEntityCategoriesToAttributes(el);
+		
+		if (isUsed) {
+			Logger.trace("Map PVP EntityCategory to single PVP Attributes ... ");
+			String entityId = null;
+			try {
+				if (metadata instanceof EntitiesDescriptor) {
+					Logger.trace("Find EnitiesDescriptor ... ");
+					EntitiesDescriptor entitiesDesc = (EntitiesDescriptor) metadata;
+					if (entitiesDesc.getEntityDescriptors() != null) {
+						for (EntityDescriptor el : entitiesDesc.getEntityDescriptors()) 
+							resolveEntityCategoriesToAttributes(el);
+						
+					}
+									
+				} else if (metadata instanceof EntityDescriptor) {
+					Logger.trace("Find EntityDescriptor");
+					resolveEntityCategoriesToAttributes((EntityDescriptor)metadata);
 					
-				}
-								
-			} else if (metadata instanceof EntityDescriptor) {
-				Logger.trace("Find EntityDescriptor");
-				resolveEntityCategoriesToAttributes((EntityDescriptor)metadata);
+					
+				} else
+					throw new MOAIDException("Invalid Metadata file Root element is no Entities- or EntityDescriptor", null);
 				
 				
-			} else
-				throw new MOAIDException("Invalid Metadata file Root element is no Entities- or EntityDescriptor", null);
-			
-			
-			
-		} catch (Exception e) {
-			Logger.warn("SAML2 Metadata processing FAILED: Can not resolve EntityCategories for metadata: " + entityId, e);
+				
+			} catch (Exception e) {
+				Logger.warn("SAML2 Metadata processing FAILED: Can not resolve EntityCategories for metadata: " + entityId, e);
+				
+			}
 			
-		}
+		} else
+			Logger.trace("Filter to map PVP EntityCategory to single PVP Attributes is deactivated");
+		
 	}
 
 	private void resolveEntityCategoriesToAttributes(EntityDescriptor metadata) {
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
index 07b07d980..4dda4c736 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
@@ -13,6 +13,7 @@ public interface AuthConfiguration extends ConfigurationProvider{
 
 	public static final String PROP_KEY_SSL_HOSTNAME_VALIDATION = "configuration.ssl.validation.hostname";
 	public static final String PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION = "service.onlinemandates.ssl.validation.hostname";
+	public static final String PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER = "protocols.pvp2.metadata.entitycategories.active";
 	
 	public static final String DEFAULT_X509_CHAININGMODE = "pkix";
 
-- 
cgit v1.2.3


From 7e853bf1c8e738e05544795fc7200a2c5d213a00 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 28 Nov 2017 10:54:59 +0100
Subject: Remove unused configuration values

---
 .../deploy/conf/moa-id/oa/BasicOAConfiguration.xml |   9 --
 .../conf/moa-id/oa/HeaderOAConfiguration.xml       |  10 --
 .../deploy/conf/moa-id/oa/ParamOAConfiguration.xml |  10 --
 .../conf/moa-id/oa/SampleOAConfiguration.xml       |   9 --
 .../conf/moa-id/oa/SamplewbPKOAConfiguration.xml   |   9 --
 .../data/deploy/conf/moa-id/stork/SamlEngine.xml   |  70 -----------
 .../conf/moa-id/stork/SignModule_incoming.xml      |  12 --
 .../conf/moa-id/stork/SignModule_incoming_attr.xml |  12 --
 .../conf/moa-id/stork/SignModule_outgoing.xml      |  12 --
 .../conf/moa-id/stork/StorkSamlEngine_VIDP.xml     | 127 --------------------
 .../conf/moa-id/stork/StorkSamlEngine_incoming.xml | 100 ----------------
 .../moa-id/stork/StorkSamlEngine_incoming_attr.xml |  98 ----------------
 .../conf/moa-id/stork/StorkSamlEngine_outgoing.xml | 130 ---------------------
 .../deploy/conf/moa-id/stork/storkDemoKeysPT.jks   | Bin 3013 -> 0 bytes
 .../moa-id/stork/storkDemoKeys_minividp_old.jks    | Bin 4592 -> 0 bytes
 15 files changed, 608 deletions(-)
 delete mode 100644 id/server/data/deploy/conf/moa-id/oa/BasicOAConfiguration.xml
 delete mode 100644 id/server/data/deploy/conf/moa-id/oa/HeaderOAConfiguration.xml
 delete mode 100644 id/server/data/deploy/conf/moa-id/oa/ParamOAConfiguration.xml
 delete mode 100644 id/server/data/deploy/conf/moa-id/oa/SampleOAConfiguration.xml
 delete mode 100644 id/server/data/deploy/conf/moa-id/oa/SamplewbPKOAConfiguration.xml
 delete mode 100644 id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml
 delete mode 100644 id/server/data/deploy/conf/moa-id/stork/SignModule_incoming.xml
 delete mode 100644 id/server/data/deploy/conf/moa-id/stork/SignModule_incoming_attr.xml
 delete mode 100644 id/server/data/deploy/conf/moa-id/stork/SignModule_outgoing.xml
 delete mode 100644 id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
 delete mode 100644 id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming.xml
 delete mode 100644 id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml
 delete mode 100644 id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_outgoing.xml
 delete mode 100644 id/server/data/deploy/conf/moa-id/stork/storkDemoKeysPT.jks
 delete mode 100644 id/server/data/deploy/conf/moa-id/stork/storkDemoKeys_minividp_old.jks

diff --git a/id/server/data/deploy/conf/moa-id/oa/BasicOAConfiguration.xml b/id/server/data/deploy/conf/moa-id/oa/BasicOAConfiguration.xml
deleted file mode 100644
index fc99cea79..000000000
--- a/id/server/data/deploy/conf/moa-id/oa/BasicOAConfiguration.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Demokonfiguration fuer eine Online Applikation (OA) welche 401 Basic Authentication zur Uebergabe der Parameter verwendet -->
-<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-	<LoginType>stateless</LoginType>
-	<BasicAuth>
-		<UserID>MOAFamilyName</UserID>
-		<Password>MOAGivenName</Password>
-	</BasicAuth>
-</Configuration>
diff --git a/id/server/data/deploy/conf/moa-id/oa/HeaderOAConfiguration.xml b/id/server/data/deploy/conf/moa-id/oa/HeaderOAConfiguration.xml
deleted file mode 100644
index 4d34c3646..000000000
--- a/id/server/data/deploy/conf/moa-id/oa/HeaderOAConfiguration.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Demokonfiguration fuer eine Online Applikation (OA) welche Header Authentication zur Uebergabe der Parameter verwendet -->
-<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-	<LoginType>stateless</LoginType>
-	<HeaderAuth>
-		<!-- zusaetzlicher Header GivenName -->
-		<Header Name="X-MOAParameterGivenName" Value="MOAGivenName"></Header>
-		<Header Name="X-MOAParameterFamilyName" Value="MOAFamilyName"></Header>
-	</HeaderAuth>
-</Configuration>
diff --git a/id/server/data/deploy/conf/moa-id/oa/ParamOAConfiguration.xml b/id/server/data/deploy/conf/moa-id/oa/ParamOAConfiguration.xml
deleted file mode 100644
index 979faca95..000000000
--- a/id/server/data/deploy/conf/moa-id/oa/ParamOAConfiguration.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Demokonfiguration fuer eine Online Applikation (OA) welche Parameter Authentication verwendet -->
-<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-	<LoginType>stateless</LoginType>
-	<ParamAuth>
-		<!-- URL Parameter GivenName und FamilyName -->
-		<Parameter Name="GivenName" Value="MOAGivenName"></Parameter>
-		<Parameter Name="FamilyName" Value="MOAFamilyName"></Parameter>
-	</ParamAuth>
-</Configuration>
diff --git a/id/server/data/deploy/conf/moa-id/oa/SampleOAConfiguration.xml b/id/server/data/deploy/conf/moa-id/oa/SampleOAConfiguration.xml
deleted file mode 100644
index edbfe7aa5..000000000
--- a/id/server/data/deploy/conf/moa-id/oa/SampleOAConfiguration.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Demokonfiguration fuer Online Applikation (OA) welche 401 Basic Authentication zur Uebergabe der Parameter verwendet -->
-<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-	<LoginType>stateless</LoginType>
-	<BasicAuth>
-		<UserID>MOAFamilyName</UserID>
-		<Password>MOAGivenName</Password>
-	</BasicAuth>
-</Configuration>
diff --git a/id/server/data/deploy/conf/moa-id/oa/SamplewbPKOAConfiguration.xml b/id/server/data/deploy/conf/moa-id/oa/SamplewbPKOAConfiguration.xml
deleted file mode 100644
index 2cff3bd67..000000000
--- a/id/server/data/deploy/conf/moa-id/oa/SamplewbPKOAConfiguration.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Demokonfiguration fuer eine Online Applikation (OA) welche 401 Basic Authentication zur Uebergabe der Parameter verwendet -->
-<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-	<LoginType>stateless</LoginType>
-	<BasicAuth>
-		<UserID>MOAWBPK</UserID>
-		<Password>MOAGivenName</Password>
-	</BasicAuth>
-</Configuration>
diff --git a/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml b/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml
deleted file mode 100644
index eca38ec8c..000000000
--- a/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml
+++ /dev/null
@@ -1,70 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<instances>
-
-
-	<!-- Configuration name-->
-	<instance name="outgoing">
-		<!-- Configurations parameters StorkSamlEngine  -->
-		<configuration name="SamlEngineConf">			
-			<parameter name="fileConfiguration" value="StorkSamlEngine_outgoing.xml" />
-		</configuration>
-
-		<!-- Settings module signature-->
-		<configuration name="SignatureConf">
-			<!-- Specific signature module -->
-			<parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignSW" />
-			<!-- Settings specific module -->
-			<parameter name="fileConfiguration" value="SignModule_outgoing.xml" />
-		</configuration>
-	</instance>
-
-        <instance name="incoming">
-                <!-- Configurations parameters StorkSamlEngine  -->
-                <configuration name="SamlEngineConf">
-                        <parameter name="fileConfiguration" value="StorkSamlEngine_incoming.xml" />
-                </configuration>
-
-                <!-- Settings module signature-->
-                <configuration name="SignatureConf">
-                        <!-- Specific signature module -->
-                        <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignSW" />
-                        <!-- Settings specific module -->
-                        <parameter name="fileConfiguration" value="SignModule_incoming.xml" />
-                </configuration>
-        </instance>
-
-
-        <instance name="incoming_attr">
-                <!-- Configurations parameters StorkSamlEngine  -->
-                <configuration name="SamlEngineConf">
-                        <parameter name="fileConfiguration" value="StorkSamlEngine_incoming_attr.xml" />
-                </configuration>
-
-                <!-- Settings module signature-->
-                <configuration name="SignatureConf">
-                        <!-- Specific signature module -->
-                        <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignSW" />
-                        <!-- Settings specific module -->
-                        <parameter name="fileConfiguration" value="SignModule_incoming_attr.xml" />
-                </configuration>
-        </instance>
-
-
-        <instance name="VIDP">
-                <!-- Configurations parameters StorkSamlEngine  -->
-                <configuration name="SamlEngineConf">
-                        <parameter name="fileConfiguration" value="StorkSamlEngine_VIDP.xml" />
-                </configuration>
-
-                <!-- Settings module signature-->
-                <configuration name="SignatureConf">
-                        <!-- Specific signature module -->
-                        <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignSW" />
-                        <!-- Settings specific module -->
-                        <parameter name="fileConfiguration" value="SignModule_VIDP.xml" />
-                </configuration>
-        </instance>
-
-
-	
-</instances>
diff --git a/id/server/data/deploy/conf/moa-id/stork/SignModule_incoming.xml b/id/server/data/deploy/conf/moa-id/stork/SignModule_incoming.xml
deleted file mode 100644
index 68b15e667..000000000
--- a/id/server/data/deploy/conf/moa-id/stork/SignModule_incoming.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
-
-<properties>
-	<comment>SWModule sign with JKS.</comment>
-	<entry key="keystorePath">/home/stork/repos/moa-idspss/id/server/data/deploy/conf/moa-id/stork/storkDemoKeysPT.jks</entry>
-	<entry key="keyStorePassword">local-demo</entry>
-	<entry key="keyPassword">local-demo</entry>
-	<entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry>	
-	<entry key="serialNumber">4BA89DB2</entry>		
-	<entry key="keystoreType">JKS</entry>
-</properties>
diff --git a/id/server/data/deploy/conf/moa-id/stork/SignModule_incoming_attr.xml b/id/server/data/deploy/conf/moa-id/stork/SignModule_incoming_attr.xml
deleted file mode 100644
index 68b15e667..000000000
--- a/id/server/data/deploy/conf/moa-id/stork/SignModule_incoming_attr.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
-
-<properties>
-	<comment>SWModule sign with JKS.</comment>
-	<entry key="keystorePath">/home/stork/repos/moa-idspss/id/server/data/deploy/conf/moa-id/stork/storkDemoKeysPT.jks</entry>
-	<entry key="keyStorePassword">local-demo</entry>
-	<entry key="keyPassword">local-demo</entry>
-	<entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry>	
-	<entry key="serialNumber">4BA89DB2</entry>		
-	<entry key="keystoreType">JKS</entry>
-</properties>
diff --git a/id/server/data/deploy/conf/moa-id/stork/SignModule_outgoing.xml b/id/server/data/deploy/conf/moa-id/stork/SignModule_outgoing.xml
deleted file mode 100644
index 7139c5a41..000000000
--- a/id/server/data/deploy/conf/moa-id/stork/SignModule_outgoing.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
-
-<properties>
-	<comment>SWModule sign with JKS.</comment>
-	<entry key="keystorePath">projects/stork2/code/moa-idspss/id/server/stork2-saml-engine/src/test/resources/storkDemoKeys.jks</entry>
-	<entry key="keyStorePassword">local-demo</entry>
-	<entry key="keyPassword">local-demo</entry>
-	<entry key="issuer">CN=local-demo-cert, O=Indra, L=Madrid, ST=Spain, C=ES</entry>
-	<entry key="serialNumber">4BA89DB2</entry> 
-	<entry key="keystoreType">JKS</entry>
-</properties>
\ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
deleted file mode 100644
index 29973690e..000000000
--- a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
+++ /dev/null
@@ -1,127 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
-
-<properties>
-	<comment>SAML constants for AuthnRequests and Responses.</comment>
-
-	<!--
-		Types of consent obtained from the user for this authentication and
-		data transfer.
-		Allow values: 'unspecified'.
-	-->
-	<entry key="consentAuthnRequest">unspecified</entry>
-	
-	<!--
-	Allow values: 'obtained', 'prior', 'current-implicit', 'current-explicit', 'unspecified'.
-	-->
-	<entry key="consentAuthnResponse">obtained</entry>
-
-	<!--URI representing the classification of the identifier
-		Allow values: 'entity'.
-	-->
-	<entry key="formatEntity">entity</entry>
-
-	<!--Only HTTP-POST binding is only supported for inter PEPS-->
-	<!--The SOAP binding is only supported for direct communication between SP-MW and VIdP-->
-	<entry key="protocolBinding">HTTP-POST</entry>	
-	
-	<!--URI representing the classification of the identifier
-		Allow values: 'entity'.
-		<entry key="eIDSectorShare">true</entry>
-		<entry key="eIDCrossSectorShare">true</entry>
-		<entry key="eIDCrossBorderShare">true</entry>
-	-->
-	
-	
-	<!-- A friendly name for the attribute that can be displayed to a user -->
-	<entry key="friendlyName">false</entry>
-	
-	<!-- A friendly name for the attribute that can be displayed to a user -->
-	<entry key="isRequired">true</entry>
-	
-        <!--PEPS in the Service Provider's country-->
-        <entry key="requester">https://testvidp.buergerkarte.at/moa-id-auth/stork2/SendPEPSAuthnRequest</entry>
-
-        <!--PEPS in the citizen's origin country-->
-        <entry key="responder">https://testvidp.buergerkarte.at/moa-id-auth/stork2/SendPEPSAuthnRequest</entry>
-
-	<!--Subject cannot be confirmed on or after this seconds time (positive number)-->
-	<entry key="timeNotOnOrAfter">600</entry>
-	
-	<!--Validation IP of the response-->
-	<entry key="ipAddrValidation">false</entry>
-
-        <!--One time use-->
-        <entry key="oneTimeUse">true</entry>	
-	
-	<!--Subject Attribute Definitions-->
-	<entry key="eIdentifier">http://www.stork.gov.eu/1.0/eIdentifier</entry>
-	<entry key="givenName">http://www.stork.gov.eu/1.0/givenName</entry>
-	<entry key="surname">http://www.stork.gov.eu/1.0/surname</entry>
-	<entry key="inheritedFamilyName">http://www.stork.gov.eu/1.0/inheritedFamilyName</entry>
-	<entry key="adoptedFamilyName">http://www.stork.gov.eu/1.0/adoptedFamilyName</entry>
-	<entry key="gender">http://www.stork.gov.eu/1.0/gender</entry>
-	<entry key="dateOfBirth">http://www.stork.gov.eu/1.0/dateOfBirth</entry>
-	<entry key="countryCodeOfBirth">http://www.stork.gov.eu/1.0/countryCodeOfBirth</entry>
-	<entry key="nationalityCode">http://www.stork.gov.eu/1.0/nationalityCode</entry>
-	<entry key="maritalStatus">http://www.stork.gov.eu/1.0/maritalStatus</entry>
-	<entry key="residenceAddress">http://www.stork.gov.eu/1.0/residenceAddress</entry>
-	<entry key="eMail">http://www.stork.gov.eu/1.0/eMail</entry>
-	<entry key="academicTitle">http://www.stork.gov.eu/1.0/academicTitle</entry>
-	<entry key="pseudonym">http://www.stork.gov.eu/1.0/pseudonym</entry>
-	<entry key="age">http://www.stork.gov.eu/1.0/age</entry>
-	<entry key="isAgeOver">http://www.stork.gov.eu/1.0/isAgeOver</entry>
-
-	<entry key="textResidenceAddress">http://www.stork.gov.eu/1.0/textResidenceAddress</entry>
-	<entry key="canonicalResidenceAddress">http://www.stork.gov.eu/1.0/canonicalResidenceAddress</entry>
-
-	<entry key="title">http://www.stork.gov.eu/1.0/title</entry>
-	<entry key="residencePermit">http://www.stork.gov.eu/1.0/residencePermit</entry>
-
-	<entry key="signedDoc">http://www.stork.gov.eu/1.0/signedDoc</entry>
-	<entry key="citizen509Certificate">http://www.stork.gov.eu/1.0/citizen509Certificate</entry>
-	
-	<entry key="newAttribute1">http://www.stork.gov.eu/1.0/newAttribute1</entry>
-	<entry key="newAttribute2">http://www.stork.gov.eu/1.0/newAttribute2</entry>
-        <entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry>
-
-
-        <entry key="diplomaSupplement">http://www.stork.gov.eu/1.0/diplomaSupplement</entry>
-        <entry key="currentStudiesSupplement">http://www.stork.gov.eu/1.0/currentStudiesSupplement</entry>
-        <entry key="isStudent">http://www.stork.gov.eu/1.0/isStudent</entry>
-        <entry key="isAcademicStaff">http://www.stork.gov.eu/1.0/isAcademicStaff</entry>
-        <entry key="isTeacherOf">http://www.stork.gov.eu/1.0/isTeacherOf</entry>
-        <entry key="isCourseCoordinator">http://www.stork.gov.eu/1.0/isCourseCoordinator</entry>
-        <entry key="isAdminStaff">http://www.stork.gov.eu/1.0/isAdminStaff</entry>
-        <entry key="habilitation">http://www.stork.gov.eu/1.0/habilitation</entry>
-        <entry key="Title">http://www.stork.gov.eu/1.0/Title</entry>
-        <entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry>
-        <entry key="hasAccountInBank">http://www.stork.gov.eu/1.0/hasAccountInBank</entry>
-        <entry key="isHealthCareProfessional">http://www.stork.gov.eu/1.0/isHealthCareProfessional</entry>
-
-        <entry key="eLPIdentifier">http://www.stork.gov.eu/1.0/eLPIdentifier</entry>
-        <entry key="legalName">http://www.stork.gov.eu/1.0/legalName</entry>
-        <entry key="alternativeName">http://www.stork.gov.eu/1.0/alternativeName</entry>
-        <entry key="type">http://www.stork.gov.eu/1.0/type</entry>
-        <entry key="translatableType">http://www.stork.gov.eu/1.0/translatableType</entry>
-        <entry key="status">http://www.stork.gov.eu/1.0/status</entry>
-        <entry key="activity">http://www.stork.gov.eu/1.0/activity</entry>
-        <entry key="registeredAddress">http://www.stork.gov.eu/1.0/registeredAddress</entry>
-        <entry key="registeredCanonicalAddress">http://www.stork.gov.eu/1.0/registeredCanonicalAddress</entry>
-        <entry key="contactInformation">http://www.stork.gov.eu/1.0/contactInformation</entry>
-        <entry key="LPFiscalNumber">http://www.stork.gov.eu/1.0/LPFiscalNumber</entry>
-        <entry key="mandate">http://www.stork.gov.eu/1.0/mandate</entry>
-	<entry key="docRequest">http://www.stork.gov.eu/1.0/docRequest</entry>
-
-        <entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry>
-        <entry key="representative">http://www.stork.gov.eu/1.0/representative</entry>
-        <entry key="represented">http://www.stork.gov.eu/1.0/represented</entry>
-        
-        <!-- ISA 1.18 attributes-->
-        <entry key="ECApplicationRole">http://www.stork.gov.eu/1.1/ECApplicationRole</entry>
-        <entry key="MSOrganization">http://www.stork.gov.eu/1.1/MSOrganization</entry>
-
-        <entry key="citizenQAALevel">http://www.stork.gov.eu/1.0/citizenQAALevel</entry>
-
-
-</properties>
diff --git a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming.xml b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming.xml
deleted file mode 100644
index a817e29c0..000000000
--- a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming.xml
+++ /dev/null
@@ -1,100 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
-
-<properties>
-	<comment>SAML constants for AuthnRequests and Responses.</comment>
-
-	<!--
-		Types of consent obtained from the user for this authentication and
-		data transfer.
-		Allow values: 'unspecified'.
-	-->
-	<entry key="consentAuthnRequest">unspecified</entry>
-	
-	<!--
-	Allow values: 'obtained', 'prior', 'current-implicit', 'current-explicit', 'unspecified'.
-	-->
-	<entry key="consentAuthnResponse">obtained</entry>
-
-	<!--URI representing the classification of the identifier
-		Allow values: 'entity'.
-	-->
-	<entry key="formatEntity">entity</entry>
-
-	<!--Only HTTP-POST binding is only supported for inter PEPS-->
-	<!--The SOAP binding is only supported for direct communication between SP-MW and VIdP-->
-	<entry key="protocolBinding">HTTP-POST</entry>
-	
-	
-	
-	
-	<!--URI representing the classification of the identifier
-		Allow values: 'entity'.
-		<entry key="eIDSectorShare">true</entry>
-		<entry key="eIDCrossSectorShare">true</entry>
-		<entry key="eIDCrossBorderShare">true</entry>
-	-->
-	
-	
-	
-	<!-- A friendly name for the attribute that can be displayed to a user -->
-	<entry key="friendlyName">false</entry>
-	
-	<!-- A friendly name for the attribute that can be displayed to a user -->
-	<entry key="isRequired">true</entry>
-	
-	<!--PEPS in the Service Provider's country-->
-	<entry key="requester">http://S-PEPS.gov.xx</entry>
-
-	<!--PEPS in the citizen's origin country-->
-	<entry key="responder">http://C-PEPS.gov.xx</entry>
-
-	<!--Subject cannot be confirmed on or after this seconds time (positive number)-->
-	<entry key="timeNotOnOrAfter">300</entry>
-	
-	<!--Validation IP of the response-->
-	<entry key="ipAddrValidation">false</entry>
-	
-	
-	<!--Subject Attribute Definitions-->
-	<entry key="eIdentifier">http://www.stork.gov.eu/1.0/eIdentifier</entry>
-	<entry key="givenName">http://www.stork.gov.eu/1.0/givenName</entry>
-	<entry key="surname">http://www.stork.gov.eu/1.0/surname</entry>
-	<entry key="inheritedFamilyName">http://www.stork.gov.eu/1.0/inheritedFamilyName</entry>
-	<entry key="adoptedFamilyName">http://www.stork.gov.eu/1.0/adoptedFamilyName</entry>
-	<entry key="gender">http://www.stork.gov.eu/1.0/gender</entry>
-	<entry key="dateOfBirth">http://www.stork.gov.eu/1.0/dateOfBirth</entry>
-	<entry key="countryCodeOfBirth">http://www.stork.gov.eu/1.0/countryCodeOfBirth</entry>
-	<entry key="nationalityCode">http://www.stork.gov.eu/1.0/nationalityCode</entry>
-	<entry key="maritalStatus">http://www.stork.gov.eu/1.0/maritalStatus</entry>
-	<entry key="residenceAddress">http://www.stork.gov.eu/1.0/residenceAddress</entry>
-	<entry key="eMail">http://www.stork.gov.eu/1.0/eMail</entry>
-	<entry key="academicTitle">http://www.stork.gov.eu/1.0/academicTitle</entry>
-	<entry key="pseudonym">http://www.stork.gov.eu/1.0/pseudonym</entry>
-	<entry key="age">http://www.stork.gov.eu/1.0/age</entry>
-	<entry key="isAgeOver">http://www.stork.gov.eu/1.0/isAgeOver</entry>
-  <entry key="fiscalNumber">http://www.stork.gov.eu/1.0/fiscalNumber</entry>
-
-	<entry key="textResidenceAddress">http://www.stork.gov.eu/1.0/textResidenceAddress</entry>
-	<entry key="canonicalResidenceAddress">http://www.stork.gov.eu/1.0/canonicalResidenceAddress</entry>
-
-	<entry key="title">http://www.stork.gov.eu/1.0/title</entry>
-	<entry key="residencePermit">http://www.stork.gov.eu/1.0/residencePermit</entry>
-
-	<entry key="signedDoc">http://www.stork.gov.eu/1.0/signedDoc</entry>
-	<entry key="citizen509Certificate">http://www.stork.gov.eu/1.0/citizen509Certificate</entry>
-	
-	<entry key="newAttribute1">http://www.stork.gov.eu/1.0/newAttribute1</entry>
-	<entry key="newAttribute2">http://www.stork.gov.eu/1.0/newAttribute2</entry>
-	<entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry>
-	<entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry>
-	<entry key="representative">http://www.stork.gov.eu/1.0/representative</entry>
-	<entry key="represented">http://www.stork.gov.eu/1.0/represented</entry>
-  
-  <!-- ISA 1.18 attributes-->
-  <entry key="ECApplicationRole">http://www.stork.gov.eu/1.1/ECApplicationRole</entry>
-  <entry key="MSOrganization">http://www.stork.gov.eu/1.1/MSOrganization</entry>
-
-  <entry key="citizenQAALevel">http://www.stork.gov.eu/1.0/citizenQAALevel</entry>
-  	
-</properties>
diff --git a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml
deleted file mode 100644
index 33437c110..000000000
--- a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml
+++ /dev/null
@@ -1,98 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
-
-<properties>
-	<comment>SAML constants for AuthnRequests and Responses.</comment>
-
-	<!--
-		Types of consent obtained from the user for this authentication and
-		data transfer.
-		Allow values: 'unspecified'.
-	-->
-	<entry key="consentAuthnRequest">unspecified</entry>
-	
-	<!--
-	Allow values: 'obtained', 'prior', 'current-implicit', 'current-explicit', 'unspecified'.
-	-->
-	<entry key="consentAuthnResponse">obtained</entry>
-
-	<!--URI representing the classification of the identifier
-		Allow values: 'entity'.
-	-->
-	<entry key="formatEntity">entity</entry>
-
-	<!--Only HTTP-POST binding is only supported for inter PEPS-->
-	<!--The SOAP binding is only supported for direct communication between SP-MW and VIdP-->
-	<entry key="protocolBinding">HTTP-POST</entry>
-	
-	
-	
-	
-	<!--URI representing the classification of the identifier
-		Allow values: 'entity'.
-		<entry key="eIDSectorShare">true</entry>
-		<entry key="eIDCrossSectorShare">true</entry>
-		<entry key="eIDCrossBorderShare">true</entry>
-	-->
-	
-	
-	
-	<!-- A friendly name for the attribute that can be displayed to a user -->
-	<entry key="friendlyName">false</entry>
-	
-	<!-- A friendly name for the attribute that can be displayed to a user -->
-	<entry key="isRequired">true</entry>
-	
-	<!--PEPS in the Service Provider's country-->
-	<entry key="requester">http://S-PEPS.gov.xx</entry>
-
-	<!--PEPS in the citizen's origin country-->
-	<entry key="responder">http://C-PEPS.gov.xx</entry>
-
-	<!--Subject cannot be confirmed on or after this seconds time (positive number)-->
-	<entry key="timeNotOnOrAfter">300</entry>
-	
-	<!--Validation IP of the response-->
-	<entry key="ipAddrValidation">false</entry>
-	
-	
-	<!--Subject Attribute Definitions-->
-	<entry key="eIdentifier">http://www.stork.gov.eu/1.0/eIdentifier</entry>
-	<entry key="givenName">http://www.stork.gov.eu/1.0/givenName</entry>
-	<entry key="surname">http://www.stork.gov.eu/1.0/surname</entry>
-	<entry key="inheritedFamilyName">http://www.stork.gov.eu/1.0/inheritedFamilyName</entry>
-	<entry key="adoptedFamilyName">http://www.stork.gov.eu/1.0/adoptedFamilyName</entry>
-	<entry key="gender">http://www.stork.gov.eu/1.0/gender</entry>
-	<entry key="dateOfBirth">http://www.stork.gov.eu/1.0/dateOfBirth</entry>
-	<entry key="countryCodeOfBirth">http://www.stork.gov.eu/1.0/countryCodeOfBirth</entry>
-	<entry key="nationalityCode">http://www.stork.gov.eu/1.0/nationalityCode</entry>
-	<entry key="maritalStatus">http://www.stork.gov.eu/1.0/maritalStatus</entry>
-	<entry key="residenceAddress">http://www.stork.gov.eu/1.0/residenceAddress</entry>
-	<entry key="eMail">http://www.stork.gov.eu/1.0/eMail</entry>
-	<entry key="academicTitle">http://www.stork.gov.eu/1.0/academicTitle</entry>
-	<entry key="pseudonym">http://www.stork.gov.eu/1.0/pseudonym</entry>
-	<entry key="age">http://www.stork.gov.eu/1.0/age</entry>
-	<entry key="isAgeOver">http://www.stork.gov.eu/1.0/isAgeOver</entry>
-  <entry key="fiscalNumber">http://www.stork.gov.eu/1.0/fiscalNumber</entry>
-
-	<entry key="textResidenceAddress">http://www.stork.gov.eu/1.0/textResidenceAddress</entry>
-	<entry key="canonicalResidenceAddress">http://www.stork.gov.eu/1.0/canonicalResidenceAddress</entry>
-
-	<entry key="title">http://www.stork.gov.eu/1.0/title</entry>
-	<entry key="residencePermit">http://www.stork.gov.eu/1.0/residencePermit</entry>
-
-	<entry key="signedDoc">http://www.stork.gov.eu/1.0/signedDoc</entry>
-	<entry key="citizen509Certificate">http://www.stork.gov.eu/1.0/citizen509Certificate</entry>
-	
-	<entry key="newAttribute1">http://www.stork.gov.eu/1.0/newAttribute1</entry>
-	<entry key="newAttribute2">http://www.stork.gov.eu/1.0/newAttribute2</entry>
-	<entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry>
-	<entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry>
-	<entry key="representative">http://www.stork.gov.eu/1.0/representative</entry>
-	<entry key="represented">http://www.stork.gov.eu/1.0/represented</entry>
-        
-  <!-- ISA 1.18 attributes-->
-  <entry key="ECApplicationRole">http://www.stork.gov.eu/1.1/ECApplicationRole</entry>
-  <entry key="MSOrganization">http://www.stork.gov.eu/1.1/MSOrganization</entry>
-  	
-</properties>
diff --git a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_outgoing.xml b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_outgoing.xml
deleted file mode 100644
index b840b4fe5..000000000
--- a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_outgoing.xml
+++ /dev/null
@@ -1,130 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
-
-<properties>
-	<comment>SAML constants for AuthnRequests and Responses.</comment>
-
-	<!--
-		Types of consent obtained from the user for this authentication and
-		data transfer.
-		Allow values: 'unspecified'.
-	-->
-	<entry key="consentAuthnRequest">unspecified</entry>
-	
-	<!--
-	Allow values: 'obtained', 'prior', 'current-implicit', 'current-explicit', 'unspecified'.
-	-->
-	<entry key="consentAuthnResponse">obtained</entry>
-
-	<!--URI representing the classification of the identifier
-		Allow values: 'entity'.
-	-->
-	<entry key="formatEntity">entity</entry>
-
-	<!--Only HTTP-POST binding is only supported for inter PEPS-->
-	<!--The SOAP binding is only supported for direct communication between SP-MW and VIdP-->
-	<entry key="protocolBinding">HTTP-POST</entry>
-	
-	
-	
-	
-	<!--URI representing the classification of the identifier
-		Allow values: 'entity'.
-		<entry key="eIDSectorShare">true</entry>
-		<entry key="eIDCrossSectorShare">true</entry>
-		<entry key="eIDCrossBorderShare">true</entry>
-	-->
-	
-	
-	
-	<!-- A friendly name for the attribute that can be displayed to a user -->
-	<entry key="friendlyName">false</entry>
-	
-	<!-- A friendly name for the attribute that can be displayed to a user -->
-	<entry key="isRequired">true</entry>
-	
-	<!--PEPS in the Service Provider's country-->
-	<entry key="requester">http://S-PEPS.gov.xx</entry>
-
-	<!--PEPS in the citizen's origin country-->
-	<entry key="responder">http://C-PEPS.gov.xx</entry>
-
-	<!--Subject cannot be confirmed on or after this seconds time (positive number)-->
-	<entry key="timeNotOnOrAfter">300</entry>
-	
-	<!--Validation IP of the response-->
-	<entry key="ipAddrValidation">false</entry>
-	
-	
-	<!--Subject Attribute Definitions-->
-	<entry key="eIdentifier">http://www.stork.gov.eu/1.0/eIdentifier</entry>
-	<entry key="givenName">http://www.stork.gov.eu/1.0/givenName</entry>
-	<entry key="surname">http://www.stork.gov.eu/1.0/surname</entry>
-	<entry key="inheritedFamilyName">http://www.stork.gov.eu/1.0/inheritedFamilyName</entry>
-	<entry key="adoptedFamilyName">http://www.stork.gov.eu/1.0/adoptedFamilyName</entry>
-	<entry key="gender">http://www.stork.gov.eu/1.0/gender</entry>
-	<entry key="dateOfBirth">http://www.stork.gov.eu/1.0/dateOfBirth</entry>
-	<entry key="countryCodeOfBirth">http://www.stork.gov.eu/1.0/countryCodeOfBirth</entry>
-	<entry key="nationalityCode">http://www.stork.gov.eu/1.0/nationalityCode</entry>
-	<entry key="maritalStatus">http://www.stork.gov.eu/1.0/maritalStatus</entry>
-	<entry key="residenceAddress">http://www.stork.gov.eu/1.0/residenceAddress</entry>
-	<entry key="eMail">http://www.stork.gov.eu/1.0/eMail</entry>
-	<entry key="academicTitle">http://www.stork.gov.eu/1.0/academicTitle</entry>
-	<entry key="pseudonym">http://www.stork.gov.eu/1.0/pseudonym</entry>
-	<entry key="age">http://www.stork.gov.eu/1.0/age</entry>
-	<entry key="isAgeOver">http://www.stork.gov.eu/1.0/isAgeOver</entry>
-  <entry key="fiscalNumber">http://www.stork.gov.eu/1.0/fiscalNumber</entry>
-
-	<entry key="textResidenceAddress">http://www.stork.gov.eu/1.0/textResidenceAddress</entry>
-	<entry key="canonicalResidenceAddress">http://www.stork.gov.eu/1.0/canonicalResidenceAddress</entry>
-
-	<entry key="title">http://www.stork.gov.eu/1.0/title</entry>
-	<entry key="residencePermit">http://www.stork.gov.eu/1.0/residencePermit</entry>
-
-	<entry key="signedDoc">http://www.stork.gov.eu/1.0/signedDoc</entry>
-	<entry key="citizen509Certificate">http://www.stork.gov.eu/1.0/citizen509Certificate</entry>
-	
-	<entry key="newAttribute1">http://www.stork.gov.eu/1.0/newAttribute1</entry>
-	<entry key="newAttribute2">http://www.stork.gov.eu/1.0/newAttribute2</entry>
-	<entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry>
-  
-  
-          <entry key="diplomaSupplement">http://www.stork.gov.eu/1.0/diplomaSupplement</entry>
-        <entry key="currentStudiesSupplement">http://www.stork.gov.eu/1.0/currentStudiesSupplement</entry>
-        <entry key="isStudent">http://www.stork.gov.eu/1.0/isStudent</entry>
-        <entry key="isAcademicStaff">http://www.stork.gov.eu/1.0/isAcademicStaff</entry>
-        <entry key="isTeacherOf">http://www.stork.gov.eu/1.0/isTeacherOf</entry>
-        <entry key="isCourseCoordinator">http://www.stork.gov.eu/1.0/isCourseCoordinator</entry>
-        <entry key="isAdminStaff">http://www.stork.gov.eu/1.0/isAdminStaff</entry>
-        <entry key="habilitation">http://www.stork.gov.eu/1.0/habilitation</entry>
-        <entry key="Title">http://www.stork.gov.eu/1.0/Title</entry>
-        <entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry>
-        <entry key="hasAccountInBank">http://www.stork.gov.eu/1.0/hasAccountInBank</entry>
-        <entry key="isHealthCareProfessional">http://www.stork.gov.eu/1.0/isHealthCareProfessional</entry>
-
-        <entry key="eLPIdentifier">http://www.stork.gov.eu/1.0/eLPIdentifier</entry>
-        <entry key="legalName">http://www.stork.gov.eu/1.0/legalName</entry>
-        <entry key="alternativeName">http://www.stork.gov.eu/1.0/alternativeName</entry>
-        <entry key="type">http://www.stork.gov.eu/1.0/type</entry>
-        <entry key="translatableType">http://www.stork.gov.eu/1.0/translatableType</entry>
-        <entry key="status">http://www.stork.gov.eu/1.0/status</entry>
-        <entry key="activity">http://www.stork.gov.eu/1.0/activity</entry>
-        <entry key="registeredAddress">http://www.stork.gov.eu/1.0/registeredAddress</entry>
-        <entry key="registeredCanonicalAddress">http://www.stork.gov.eu/1.0/registeredCanonicalAddress</entry>
-        <entry key="contactInformation">http://www.stork.gov.eu/1.0/contactInformation</entry>
-        <entry key="LPFiscalNumber">http://www.stork.gov.eu/1.0/LPFiscalNumber</entry>
-        <entry key="mandate">http://www.stork.gov.eu/1.0/mandate</entry>
-	<entry key="docRequest">http://www.stork.gov.eu/1.0/docRequest</entry>
-  
-  
-	<entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry>
-	<entry key="representative">http://www.stork.gov.eu/1.0/representative</entry>
-	<entry key="represented">http://www.stork.gov.eu/1.0/represented</entry>
-	
-  <!-- ISA 1.18 attributes-->
-  <entry key="ECApplicationRole">http://www.stork.gov.eu/1.1/ECApplicationRole</entry>
-  <entry key="MSOrganization">http://www.stork.gov.eu/1.1/MSOrganization</entry>
-
-        <entry key="citizenQAALevel">http://www.stork.gov.eu/1.0/citizenQAALevel</entry>
-  
-</properties>
diff --git a/id/server/data/deploy/conf/moa-id/stork/storkDemoKeysPT.jks b/id/server/data/deploy/conf/moa-id/stork/storkDemoKeysPT.jks
deleted file mode 100644
index f9baad202..000000000
Binary files a/id/server/data/deploy/conf/moa-id/stork/storkDemoKeysPT.jks and /dev/null differ
diff --git a/id/server/data/deploy/conf/moa-id/stork/storkDemoKeys_minividp_old.jks b/id/server/data/deploy/conf/moa-id/stork/storkDemoKeys_minividp_old.jks
deleted file mode 100644
index efaeac86c..000000000
Binary files a/id/server/data/deploy/conf/moa-id/stork/storkDemoKeys_minividp_old.jks and /dev/null differ
-- 
cgit v1.2.3


From b77f94b81123ddf50ea02fd893254579dc220880 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 28 Nov 2017 11:33:02 +0100
Subject: update default log4j.properties

---
 id/server/data/deploy/conf/moa-id/log4j.properties | 57 +++++++++++++++-------
 1 file changed, 40 insertions(+), 17 deletions(-)

diff --git a/id/server/data/deploy/conf/moa-id/log4j.properties b/id/server/data/deploy/conf/moa-id/log4j.properties
index f37100a5b..2c3b8a311 100644
--- a/id/server/data/deploy/conf/moa-id/log4j.properties
+++ b/id/server/data/deploy/conf/moa-id/log4j.properties
@@ -2,34 +2,57 @@
 org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFactory
 
 # define log4j root loggers
-log4j.rootLogger=info, stdout
-log4j.logger.at.gv.egovernment.moa=info
-log4j.logger.at.gv.egovernment.moa.spss=info
-log4j.logger.iaik.server=info
-log4j.logger.at.gv.egovernment.moa.id=info,R
-log4j.logger.at.gv.egovernment.moa.id.proxy=info
-log4j.logger.eu.stork=info
-log4j.logger.org.hibernate=warn
+log4j.rootLogger=warn,stdout
 
+### MOA-ID process log ###
+log4j.logger.at.gv.egovernment.moa.id=info,moaid
+log4j.logger.at.gv.egovernment.moa.spss=info,moaid
+
+### process revision log with event-codes ###
+log4j.logger.at.gv.egiz.eventlog.plain.all=info,reversion
+
+### Signature verification and certificate proofing ####
+log4j.logger.at.gv.egovernment.moa.spss=info,moaspss
+log4j.logger.iaik.server=info,moaspss
+log4j.logger.pki=info,moaspss
+
+### ConfigTool Logs ####
 log4j.logger.at.gv.egiz.components.configuration=info,CONFIGTOOL
-log4j.logger.at.gv.egovernment.moa.id.commons=info,CONFIGTOOL R
+log4j.logger.at.gv.egovernment.moa.id.commons=info,CONFIGTOOL
 log4j.logger.at.gv.egovernment.moa.id.config.webgui=info,CONFIGTOOL
 log4j.logger.at.gv.egovernment.moa.id.configuration=info,CONFIGTOOL
 
+
+### Log Appender ####
 # configure the stdout appender
 log4j.appender.stdout=org.apache.log4j.ConsoleAppender
 log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
 log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} |%20.20c | %10t | %m%n
 
-# configure the rolling file appender (R)
-log4j.appender.R=org.apache.log4j.RollingFileAppender
-log4j.appender.R.File=${catalina.base}/logs/moa-id.log
-log4j.appender.R.MaxFileSize=10000KB
-log4j.appender.R.MaxBackupIndex=1
-log4j.appender.R.layout=org.apache.log4j.PatternLayout
-log4j.appender.R.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n
+# configure the rolling file appender (moaid)
+log4j.appender.moaid=org.apache.log4j.RollingFileAppender
+log4j.appender.moaid.File=${catalina.base}/logs/moa-id.log
+log4j.appender.moaid.MaxFileSize=10000KB
+log4j.appender.moaid.MaxBackupIndex=1
+log4j.appender.moaid.layout=org.apache.log4j.PatternLayout
+log4j.appender.moaid.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n
+
+# configure the rolling file appender (moaid)
+log4j.appender.moaspss=org.apache.log4j.RollingFileAppender
+log4j.appender.moaspss.File=${catalina.base}/logs/moa-spss.log
+log4j.appender.moaspss.MaxFileSize=10000KB
+log4j.appender.moaspss.MaxBackupIndex=1
+log4j.appender.moaspss.layout=org.apache.log4j.PatternLayout
+log4j.appender.moaspss.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n
+
+log4j.appender.reversion=org.apache.log4j.RollingFileAppender
+log4j.appender.reversion.File=${catalina.base}/moa-id-reversion.log
+log4j.appender.reversion.MaxFileSize=10000KB
+log4j.appender.reversion.MaxBackupIndex=9999
+log4j.appender.reversion.layout=org.apache.log4j.PatternLayout
+log4j.appender.reversion.layout.ConversionPattern=%5p | %d{ISO8601} | %t | %m%n
 
-# configure the rolling file appender (R)
+# configure the rolling file appender (configtool)
 log4j.appender.CONFIGTOOL=org.apache.log4j.RollingFileAppender
 log4j.appender.CONFIGTOOL.File=${catalina.base}/logs/moa-id-webgui.log
 log4j.appender.CONFIGTOOL.MaxFileSize=10000KB
-- 
cgit v1.2.3


From bbeef4d494f2af3b60a8093258887e4223dbe5d7 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 29 Nov 2017 08:13:34 +0100
Subject: Fix problem in SAML2 AuthnRequestValidator

---
 id/history.txt                                     |  1 +
 .../builder/assertion/PVP2AssertionBuilder.java    |  3 ++-
 .../pvp2x/validation/AuthnRequestValidator.java    | 24 +++++++++++++---------
 3 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/id/history.txt b/id/history.txt
index c0b12dd1c..8d1495e30 100644
--- a/id/history.txt
+++ b/id/history.txt
@@ -8,6 +8,7 @@ Version MOA-ID Release 3.3.0: 
   - Anpassungen des BKU Auswahl(OnlineBKU entfernt, Detection der lokalen BKU hinzugefügt)
   - Anpassungen der Konfigurationsoberfläche (OnlineBKU entfernt)
   - Bugfix - Problem mit openSAML welches unsignierte SAML2 AuthnRequests bei Redirect Binding ermöglicht
+  - Bugfix - Nicht spezifikationskonforme Validierung PVP2 AuthnRequest bezüglich NameIDPolicy 
   - Bugfix - Ungültig kodierter PVP2 Attributwert 'MANDATOR-NATURAL-PERSON-BPK'
   - Bugfix - Updates an Endpunten um Cross-Site-Scripting (XSS) zu verhindern
   - Code-Cleaning von unbenutzen Methoden und Klassen   
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 45539da3f..196aa47af 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -373,7 +373,8 @@ public class PVP2AssertionBuilder implements PVPConstants {
 		
 		//get NameIDFormat from request		
 		AuthnRequest authnReq = (AuthnRequestImpl) authnRequest;
-		if (authnReq.getNameIDPolicy() != null) {
+		if (authnReq.getNameIDPolicy() != null && 
+				MiscUtil.isNotEmpty(authnReq.getNameIDPolicy().getFormat())) {
 			nameIDFormat = authnReq.getNameIDPolicy().getFormat();
 			
 		} else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
index ab8fab5d1..4ae89466d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
@@ -28,6 +28,7 @@ import org.opensaml.saml2.core.NameIDPolicy;
 
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
+import at.gv.egovernment.moaspss.logging.Logger;
 
 /**
  * @author tlenz
@@ -41,17 +42,20 @@ public class AuthnRequestValidator {
 		NameIDPolicy nameIDPolicy = req.getNameIDPolicy();
 		if (nameIDPolicy != null) {
 			String nameIDFormat = nameIDPolicy.getFormat();
-			
-			if ( !(nameIDFormat != null &&
-					(NameID.TRANSIENT.equals(nameIDFormat) ||
-							NameID.PERSISTENT.equals(nameIDFormat) ||
-							NameID.UNSPECIFIED.equals(nameIDFormat))) ) {
-			
-				throw new NameIDFormatNotSupportedException(nameIDFormat);
+			if (nameIDFormat != null) {
+				if ( !(NameID.TRANSIENT.equals(nameIDFormat) ||
+						NameID.PERSISTENT.equals(nameIDFormat) ||
+						NameID.UNSPECIFIED.equals(nameIDFormat)) ) {
 				
-			}
-		}
-		
+					throw new NameIDFormatNotSupportedException(nameIDFormat);
+					
+				}
+				
+			} else
+				Logger.trace("Find NameIDPolicy, but NameIDFormat is 'null'");							
+		} else
+			Logger.trace("AuthnRequest includes no 'NameIDPolicy'");
+			
 		
 		
 	}
-- 
cgit v1.2.3


From f18f6318f7233b336ea2653f183460f17d6562f0 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 29 Nov 2017 08:13:51 +0100
Subject: update logging

---
 .../gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java |  2 ++
 .../pvp2x/verification/metadata/MetadataSignatureFilter.java | 12 ++++++------
 .../pvp2x/verification/metadata/PVPEntityCategoryFilter.java | 11 ++++++++---
 3 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 216d7a8b1..cdb85c563 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -259,6 +259,8 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController  {
 			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
 			
 		} catch (MOAIDException e) {
+			String samlRequest = req.getParameter("SAMLRequest");			
+			Logger.info("Receive INVALID protocol request: " + samlRequest);
 			throw e;
 						
 		} catch (Throwable e) {			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
index 679bdd10f..589713c4b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
@@ -22,8 +22,6 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
 
-import iaik.x509.X509Certificate;
-
 import java.security.cert.CertificateException;
 import java.util.ArrayList;
 import java.util.Iterator;
@@ -31,16 +29,15 @@ import java.util.List;
 
 import org.opensaml.saml2.metadata.EntitiesDescriptor;
 import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.provider.FilterException;
 import org.opensaml.saml2.metadata.provider.MetadataFilter;
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.security.x509.BasicX509Credential;
 
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier;
 import at.gv.egovernment.moa.logging.Logger;
+import iaik.x509.X509Certificate;
 
 public class MetadataSignatureFilter implements MetadataFilter {
 	
@@ -87,8 +84,9 @@ public class MetadataSignatureFilter implements MetadataFilter {
 			
 			//CHECK if Entity also match MetaData signature.
 			/*This check is necessary to prepend declaration of counterfeit OA metadata!!*/
+			Logger.debug("Validate metadata for entityID: " + entityID + " ..... ");
 			byte[] entityCert = EntityVerifier.fetchSavedCredential(entityID);
-			
+						
 			if (entityCert != null) {
 			
 				X509Certificate cert;
@@ -99,8 +97,10 @@ public class MetadataSignatureFilter implements MetadataFilter {
 	
 					EntityVerifier.verify(desc, entityCrendential);
 					
-					//add entity to verified entity-list
+					//add entity to verified entity-list					
 					verifiedEntIT.add(entity);
+					Logger.debug("Metadata for entityID: " + entityID + " valid");
+					
 					
 				} catch (Exception e) {
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
index ed96f1962..caabfea30 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
@@ -112,6 +112,7 @@ public class PVPEntityCategoryFilter implements MetadataFilter {
 		if (extensions != null) {
 			List<XMLObject> listOfExt = extensions.getUnknownXMLObjects();
 			if (listOfExt != null && !listOfExt.isEmpty()) {
+				Logger.trace("Find #" + listOfExt.size() + " 'Extension' elements ");
 				for (XMLObject el : listOfExt) {
 					Logger.trace("Find ExtensionElement: " + el.getElementQName().toString());
 					if (el instanceof EntityAttributes) {
@@ -150,9 +151,13 @@ public class PVPEntityCategoryFilter implements MetadataFilter {
 							Logger.info("Can NOT resolve EntityAttributes! Reason: Only EntityAttributes are supported!");
 						
 					}					
-				}				
-			}			
-		}
+				}
+				
+			} else
+				Logger.trace("'Extension' element is 'null' or empty");
+			
+		} else
+			Logger.trace("No 'Extension' element found");
 				
 	}
 	
-- 
cgit v1.2.3