From a0f9ce4fcc9860acdf5fa0a4c23728c0bd0e1077 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 30 Oct 2014 09:16:20 +0100
Subject: set PVP SP metadata wantAssertionSigned=false

---
 .../java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index dbf54951f..0a8a6a581 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -194,7 +194,7 @@ public class MetadataAction implements IAction {
 				.createSAMLObject(SPSSODescriptor.class);
 
 		spSSODescriptor.setAuthnRequestsSigned(true);
-		spSSODescriptor.setWantAssertionsSigned(true);
+		spSSODescriptor.setWantAssertionsSigned(false);
 	
  		
 		//Set AuthRequest Signing certificate
-- 
cgit v1.2.3


From 915aaa6beeb1ca911ab8d557a6c162b84e107f9e Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 30 Oct 2014 09:17:58 +0100
Subject: if no PVP EID-SECTOR-FOR-IDENTIFIER attribute is found, parse target
 from bPK attribute value prefix

---
 .../id/auth/builder/AuthenticationDataBuilder.java | 24 ++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 48933d5c9..5c0e497a3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -364,8 +364,28 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 		authData.setIdentificationType(extractor.getSingleAttributeValue(PVPConstants.EID_SOURCE_PIN_TYPE_NAME));
 		
 		if (extractor.containsAttribute(PVPConstants.BPK_NAME)) {
-			String pvpbPK = extractor.getSingleAttributeValue(PVPConstants.BPK_NAME);				
-			authData.setBPK(pvpbPK.split(":")[1]);
+			String pvpbPK = extractor.getSingleAttributeValue(PVPConstants.BPK_NAME);
+			String[] spitted = pvpbPK.split(":");
+			authData.setBPK(spitted[1]);
+			if (MiscUtil.isEmpty(authData.getBPKType())) {
+				Logger.debug("PVP assertion contains NO bPK/wbPK target attribute. " +
+						"Starting target extraction from bPK/wbPK prefix ...");
+				//exract bPK/wbPK type from bpk attribute value prefix if type is 
+				//not transmitted as single attribute
+			    Pattern pattern = Pattern.compile("[a-zA-Z]{2}(-[a-zA-Z]+)?");
+			    Matcher matcher = pattern.matcher(spitted[0]);
+			    if (matcher.matches()) {
+			    	//find public service bPK
+			    	authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + spitted[0]);
+			    	Logger.debug("Found bPK prefix. Set target to " + authData.getBPKType());
+			    	   
+			    } else {
+			    	//find business service wbPK
+			    	authData.setBPKType(Constants.URN_PREFIX_WBPK+ "+" + spitted[0]);
+			    	Logger.debug("Found wbPK prefix. Set target to " + authData.getBPKType());
+			    	   
+			    }			    	  				
+			}
 		}
 		
 		boolean foundEncryptedbPKForOA = false;
-- 
cgit v1.2.3


From 1dd834817623fec5d7cb4055627ba86ed057f9f7 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 30 Oct 2014 09:18:25 +0100
Subject: update PVPRole to ECRole mapping

---
 .../resources/resources/properties/pvp-stork_role_mapping.properties  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_role_mapping.properties b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_role_mapping.properties
index 5bcfc7bd2..91a19f272 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_role_mapping.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_role_mapping.properties
@@ -1,2 +1,2 @@
-xxpvprole=CIRCABC/viewer
-yypvprole=CIRCABC/admin
\ No newline at end of file
+viewer=CIRCABC/viewer
+CIRCABC/viewer=CIRCABC/viewer
\ No newline at end of file
-- 
cgit v1.2.3


From 3529603a9c841f5554f390bab02032e2950cf2d6 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 30 Oct 2014 09:18:59 +0100
Subject: remove unused depentencies

---
 id/ConfigWebTool/pom.xml | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml
index ec027b497..18bd1306b 100644
--- a/id/ConfigWebTool/pom.xml
+++ b/id/ConfigWebTool/pom.xml
@@ -83,16 +83,20 @@
         <dependency>
             <groupId>at.gv.util</groupId>
             <artifactId>egovutils</artifactId>
-            <version>1.0.7</version>
+            <version>2.0.0</version>
             <exclusions>
                 <exclusion>
-                    <groupId>com.sun</groupId>
+                    <groupId>org.apache.cxf</groupId>
                     <artifactId>*</artifactId>
                 </exclusion>
                 <exclusion>
                     <groupId>org.slf4j</groupId>
                     <artifactId>*</artifactId>
                 </exclusion>
+                <exclusion>
+                	<artifactId>bcprov-jdk16</artifactId>
+                	<groupId>bouncycastle</groupId>
+                </exclusion>
             </exclusions>
         </dependency>
 <!--         <dependency>
@@ -109,6 +113,14 @@
 								<groupId>org.slf4j</groupId>
 								<artifactId>log4j-over-slf4j</artifactId>
 							</exclusion>
+							<exclusion>
+								<groupId>org.apache.xerces</groupId>
+								<artifactId>*</artifactId>
+							</exclusion>
+							<exclusion>
+								<groupId>xalan</groupId>
+								<artifactId>*</artifactId>
+							</exclusion>
 						</exclusions>
         </dependency>
         <dependency>
@@ -119,6 +131,14 @@
 								<groupId>org.slf4j</groupId>
 								<artifactId>log4j-over-slf4j</artifactId>
 							</exclusion>
+							<exclusion>
+								<groupId>org.apache.xerces</groupId>
+								<artifactId>*</artifactId>
+							</exclusion>
+							<exclusion>
+								<groupId>xalan</groupId>
+								<artifactId>*</artifactId>
+							</exclusion>
 						</exclusions>
         </dependency>
 
-- 
cgit v1.2.3


From 714e1895abf0ae67a8d97f680fd896cd46cfc6cb Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 30 Oct 2014 09:19:58 +0100
Subject: switch to axis-1.0_IAIK_1.2.jar to solve problems with wsdl resource
 loader

---
 pom.xml                                               |   2 +-
 .../axis/axis/1.0_IAIK_1.2/axis-1.0_IAIK_1.1.pom      |   7 +++++++
 .../axis/axis/1.0_IAIK_1.2/axis-1.0_IAIK_1.2.jar      | Bin 0 -> 1095753 bytes
 .../src/main/webapp/WEB-INF/server-config.wsdd        |   4 ++--
 4 files changed, 10 insertions(+), 3 deletions(-)
 create mode 100644 repository/axis/axis/1.0_IAIK_1.2/axis-1.0_IAIK_1.1.pom
 create mode 100644 repository/axis/axis/1.0_IAIK_1.2/axis-1.0_IAIK_1.2.jar

diff --git a/pom.xml b/pom.xml
index 887ee8a8d..3407bfcd9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -157,7 +157,7 @@
             <dependency>
                 <groupId>axis</groupId>
                 <artifactId>axis</artifactId>
-                <version>1.0_IAIK_1.1</version>                
+                <version>1.0_IAIK_1.2</version>                
                 <scope>compile</scope>
             </dependency>
             <dependency>
diff --git a/repository/axis/axis/1.0_IAIK_1.2/axis-1.0_IAIK_1.1.pom b/repository/axis/axis/1.0_IAIK_1.2/axis-1.0_IAIK_1.1.pom
new file mode 100644
index 000000000..6efb3d78d
--- /dev/null
+++ b/repository/axis/axis/1.0_IAIK_1.2/axis-1.0_IAIK_1.1.pom
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?><project>
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>axis</groupId>
+  <artifactId>axis</artifactId>
+  <version>1.0_IAIK_1.2</version>
+  <description>AXIS 1.0 patched(1.2) (XXE attacks / wsdl ressource loader)</description>
+</project>
diff --git a/repository/axis/axis/1.0_IAIK_1.2/axis-1.0_IAIK_1.2.jar b/repository/axis/axis/1.0_IAIK_1.2/axis-1.0_IAIK_1.2.jar
new file mode 100644
index 000000000..3418552f4
Binary files /dev/null and b/repository/axis/axis/1.0_IAIK_1.2/axis-1.0_IAIK_1.2.jar differ
diff --git a/spss/server/serverws/src/main/webapp/WEB-INF/server-config.wsdd b/spss/server/serverws/src/main/webapp/WEB-INF/server-config.wsdd
index 9ff243e5c..43e748734 100644
--- a/spss/server/serverws/src/main/webapp/WEB-INF/server-config.wsdd
+++ b/spss/server/serverws/src/main/webapp/WEB-INF/server-config.wsdd
@@ -16,7 +16,7 @@
     <namespace>http://reference.e-government.gv.at/namespace/moa/20020822#</namespace>
     <parameter name="allowedMethods" value="CreateCMSSignatureRequest CreateXMLSignatureRequest"/>
     <parameter name="className" value="at.gv.egovernment.moa.spss.server.service.SignatureCreationService"/>
-    <wsdlFile>webapps/moa-spss/resources/schemas/MOA-SPSS-2.0.0.wsdl</wsdlFile>
+    <wsdlFile>/resources/schemas/MOA-SPSS-2.0.0.wsdl</wsdlFile>
     
     <requestFlow>
       <handler type="MOAHandler"/>
@@ -30,7 +30,7 @@
     <namespace>http://reference.e-government.gv.at/namespace/moa/20020822#</namespace>
     <parameter name="allowedMethods" value="VerifyCMSSignatureRequest VerifyXMLSignatureRequest"/>
     <parameter name="className" value="at.gv.egovernment.moa.spss.server.service.SignatureVerificationService"/>
-        <wsdlFile>webapps/moa-spss/resources/schemas/MOA-SPSS-2.0.0.wsdl</wsdlFile>
+        <wsdlFile>/resources/schemas/MOA-SPSS-2.0.0.wsdl</wsdlFile>
     <requestFlow>
       <handler type="MOAHandler"/>
     </requestFlow>
-- 
cgit v1.2.3


From 94b921759431baf4c8330da79e9a1a839dc47d85 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 30 Oct 2014 09:58:10 +0100
Subject: update TSL fixup filter   > fix wrong encoded Id attributes in TSL
 root element

---
 .../at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java
index 492d10eda..f8e8f608b 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java
@@ -726,7 +726,8 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
 
 
 		} else if (e.getMessage().startsWith("cvc-datatype-valid.1.2.1: '") &&  e.getMessage().endsWith("' is not a valid value for 'NCName'.")){
-			if (expectedTerritory_ == Countries.CY || expectedTerritory_ == Countries.LV){
+			if (expectedTerritory_ == Countries.CY || expectedTerritory_ == Countries.LV ||
+					expectedTerritory_ == Countries.HR || expectedTerritory_ == Countries.NL){
 				return new AttributeValueFixup("","Id","(.+)","x$1",e, this);
 			}
 		} else if (e.getMessage().startsWith("cvc-complex-type.2.3: Element '") &&  e.getMessage().endsWith("' cannot have character [children], because the type's content type is element-only.")) {
-- 
cgit v1.2.3


From 9db09d20a485496a558aa880f1d76684181e4085 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 30 Oct 2014 14:39:48 +0100
Subject: solve some moa-spss problems

---
 spss/server/serverlib/pom.xml                      |   6 +
 spss/server/serverws/pom.xml                       |   2 +-
 .../serverws/resources/wsdl/MOA-SPSS-1.5.2.wsdl    | 128 -----
 .../serverws/resources/wsdl/MOA-SPSS-1.5.2.xsd     | 564 ---------------------
 .../serverws/resources/wsdl/MOA-SPSS-2.0.0.wsdl    | 128 +++++
 .../serverws/resources/wsdl/MOA-SPSS-2.0.0.xsd     | 564 +++++++++++++++++++++
 6 files changed, 699 insertions(+), 693 deletions(-)
 delete mode 100644 spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.wsdl
 delete mode 100644 spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.xsd
 create mode 100644 spss/server/serverws/resources/wsdl/MOA-SPSS-2.0.0.wsdl
 create mode 100644 spss/server/serverws/resources/wsdl/MOA-SPSS-2.0.0.xsd

diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml
index 7c11659e1..da78d3dc1 100644
--- a/spss/server/serverlib/pom.xml
+++ b/spss/server/serverlib/pom.xml
@@ -167,6 +167,12 @@
 			<version>2.2.11</version>
 		</dependency>
 		
+		<dependency>
+			<groupId>com.sun.xml.bind</groupId>
+			<artifactId>jaxb-core</artifactId>
+			<version>2.2.11</version>
+		</dependency>
+				
 <!-- 		<dependency>
 			<groupId>iaik</groupId>
 			<artifactId>iaik_util</artifactId>
diff --git a/spss/server/serverws/pom.xml b/spss/server/serverws/pom.xml
index 79a16cbb5..bbfb3c443 100644
--- a/spss/server/serverws/pom.xml
+++ b/spss/server/serverws/pom.xml
@@ -50,7 +50,7 @@
                     <webResources>
                         <resource>
                             <directory>${basedir}/resources/wsdl</directory>
-                            <targetPath>resources/schemas</targetPath>
+                            <targetPath>WEB-INF/classes/resources/schemas</targetPath>
                             <includes>
                                 <include>*.xsd</include>
                                 <include>*.wsdl</include>
diff --git a/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.wsdl b/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.wsdl
deleted file mode 100644
index 4f9deee38..000000000
--- a/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.wsdl
+++ /dev/null
@@ -1,128 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- 
-  Web Service Description for MOA SP/SS 1.4
--->
-<definitions xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
-	<import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="../resources/schemas/MOA-SPSS-2.0.0.xsd"/>
-	<message name="CreateCMSSignatureInput">
-		<part name="body" element="moa:CreateCMSSignatureRequest"/>
-	</message>
-	<message name="CreateCMSSignatureOutput">
-		<part name="body" element="moa:CreateCMSSignatureResponse"/>
-	</message>
-	<message name="CreateXMLSignatureInput">
-		<part name="body" element="moa:CreateXMLSignatureRequest"/>
-	</message>
-	<message name="CreateXMLSignatureOutput">
-		<part name="body" element="moa:CreateXMLSignatureResponse"/>
-	</message>
-	<message name="VerifyCMSSignatureInput">
-		<part name="body" element="moa:VerifyCMSSignatureRequest"/>
-	</message>
-	<message name="VerifyCMSSignatureOutput">
-		<part name="body" element="moa:VerifyCMSSignatureResponse"/>
-	</message>
-	<message name="VerifyXMLSignatureInput">
-		<part name="body" element="moa:VerifyXMLSignatureRequest"/>
-	</message>
-	<message name="VerifyXMLSignatureOutput">
-		<part name="body" element="moa:VerifyXMLSignatureResponse"/>
-	</message>
-	<message name="MOAFault">
-		<part name="body" element="moa:ErrorResponse"/>
-	</message>
-	<portType name="SignatureCreationPortType">
-		<operation name="createXMLSignature">
-			<input message="tns:CreateXMLSignatureInput"/>
-			<output message="tns:CreateXMLSignatureOutput"/>
-			<fault name="MOAFault" message="tns:MOAFault"/>
-		</operation>
-		<operation name="createCMSSignature">
-			<input message="tns:CreateCMSSignatureInput"/>
-			<output message="tns:CreateCMSSignatureOutput"/>
-			<fault name="MOAFault" message="tns:MOAFault"/>
-		</operation>
-	</portType>
-	<portType name="SignatureVerificationPortType">
-		<operation name="verifyCMSSignature">
-			<input message="tns:VerifyCMSSignatureInput"/>
-			<output message="tns:VerifyCMSSignatureOutput"/>
-			<fault name="MOAFault" message="tns:MOAFault"/>
-		</operation>
-		<operation name="verifyXMLSignature">
-			<input message="tns:VerifyXMLSignatureInput"/>
-			<output message="tns:VerifyXMLSignatureOutput"/>
-			<fault name="MOAFault" message="tns:MOAFault"/>
-		</operation>
-	</portType>
-	<binding name="SignatureCreationBinding" type="tns:SignatureCreationPortType">
-		<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
-		<operation name="createXMLSignature">
-			<soap:operation soapAction="urn:CreateXMLSignatureAction"/>
-			<input>
-				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-			</input>
-			<output>
-				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-			</output>
-			<fault name="MOAFault">
-				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-			</fault>
-		</operation>
-		<operation name="createCMSSignature">
-			<soap:operation soapAction="urn:CreateCMSSignatureAction"/>
-			<input>
-				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-			</input>
-			<output>
-				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-			</output>
-			<fault name="MOAFault">
-				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-			</fault>
-		</operation>
-	</binding>
-	<binding name="SignatureVerificationBinding" type="tns:SignatureVerificationPortType">
-		<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
-		<operation name="verifyCMSSignature">
-			<soap:operation soapAction="urn:VerifyCMSSignatureAction"/>
-			<input>
-				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-			</input>
-			<output>
-				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-			</output>
-			<fault name="MOAFault">
-				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-			</fault>
-		</operation>
-		<operation name="verifyXMLSignature">
-			<soap:operation soapAction="urn:VerifyXMLSignatureAction"/>
-			<input>
-				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-			</input>
-			<output>
-				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-			</output>
-			<fault name="MOAFault">
-				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-			</fault>
-		</operation>
-	</binding>
-	<service name="SignatureCreationService">
-		<port name="SignatureCreationPort" binding="tns:SignatureCreationBinding">
-			<!--
-        Please note that the location URL must be adapted to the actual service URL.
-      <soap:address location="http://localhost/moa-spss/services/SignatureCreation"/>
-      -->
-		</port>
-	</service>
-	<service name="SignatureVerificationService">
-		<port name="SignatureVerificationPort" binding="tns:SignatureVerificationBinding">
-			<!--
-        Please note that the location URL must be adapted to the actual service URL.
-      <soap:address location="http://localhost/moa-spss/services/SignatureVerification"/>
-      -->
-		</port>
-	</service>
-</definitions>
diff --git a/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.xsd b/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.xsd
deleted file mode 100644
index cc0a7c882..000000000
--- a/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.xsd
+++ /dev/null
@@ -1,564 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  MOA SP/SS 2.0.0 Schema
--->
-<xsd:schema xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.2">
-	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
-	<xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
-	<!--########## Create CMS Signature ###-->
-	<!--### Create CMS Signature Request ###-->
-	<xsd:element name="CreateCMSSignatureRequest">
-		<xsd:complexType>
-			<xsd:complexContent>
-				<xsd:extension base="CreateCMSSignatureRequestType"/>
-			</xsd:complexContent>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:complexType name="CreateCMSSignatureRequestType">
-		<xsd:sequence>
-			<xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
-			<xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
-				<xsd:annotation>
-					<xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="DataObjectInfo">
-							<xsd:complexType>
-								<xsd:complexContent>
-									<xsd:extension base="CMSDataObjectInfoType"/>
-								</xsd:complexContent>
-							</xsd:complexType>
-						</xsd:element>
-					</xsd:sequence>
-					<xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>
-				</xsd:complexType>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!--### Create CMS Signature Response ###-->
-	<xsd:element name="CreateCMSSignatureResponse" type="CreateCMSSignatureResponseType"/>
-	<xsd:complexType name="CreateCMSSignatureResponseType">
-		<xsd:choice maxOccurs="unbounded">
-			<xsd:annotation>
-				<xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage</xsd:documentation>
-			</xsd:annotation>
-			<xsd:element name="CMSSignature" type="xsd:base64Binary">
-				<xsd:annotation>
-					<xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element ref="ErrorResponse"/>
-		</xsd:choice>
-	</xsd:complexType>
-	<!--########## Create XML Signature ###-->
-	<!--### Create XML Signature Request ###-->
-	<xsd:element name="CreateXMLSignatureRequest">
-		<xsd:complexType>
-			<xsd:complexContent>
-				<xsd:extension base="CreateXMLSignatureRequestType"/>
-			</xsd:complexContent>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:complexType name="CreateXMLSignatureRequestType">
-		<xsd:sequence>
-			<xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
-			<xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
-				<xsd:annotation>
-					<xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="DataObjectInfo" maxOccurs="unbounded">
-							<xsd:complexType>
-								<xsd:complexContent>
-									<xsd:extension base="DataObjectInfoType">
-										<xsd:attribute name="ChildOfManifest" type="xsd:boolean" use="optional" default="false"/>
-									</xsd:extension>
-								</xsd:complexContent>
-							</xsd:complexType>
-						</xsd:element>
-						<xsd:element name="CreateSignatureInfo" minOccurs="0">
-							<xsd:complexType>
-								<xsd:sequence>
-									<xsd:element name="CreateSignatureEnvironment" type="ContentOptionalRefType"/>
-									<xsd:choice>
-										<xsd:annotation>
-											<xsd:documentation>Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil</xsd:documentation>
-										</xsd:annotation>
-										<xsd:element ref="CreateSignatureEnvironmentProfile"/>
-										<xsd:element name="CreateSignatureEnvironmentProfileID" type="ProfileIdentifierType"/>
-									</xsd:choice>
-								</xsd:sequence>
-							</xsd:complexType>
-						</xsd:element>
-					</xsd:sequence>
-					<xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>
-				</xsd:complexType>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!--### Create XML Signature Response ###-->
-	<xsd:complexType name="CreateXMLSignatureResponseType">
-		<xsd:choice maxOccurs="unbounded">
-			<xsd:annotation>
-				<xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage</xsd:documentation>
-			</xsd:annotation>
-			<xsd:element name="SignatureEnvironment">
-				<xsd:annotation>
-					<xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:any namespace="##any" processContents="lax"/>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element ref="ErrorResponse"/>
-		</xsd:choice>
-	</xsd:complexType>
-	<xsd:element name="CreateXMLSignatureResponse" type="CreateXMLSignatureResponseType"/>
-	<!--########## Verify CMS Signature ###-->
-	<!--### Verifiy CMS Signature Request ###-->
-	<xsd:element name="VerifyCMSSignatureRequest">
-		<xsd:complexType>
-			<xsd:complexContent>
-				<xsd:extension base="VerifyCMSSignatureRequestType">
-					<xsd:attribute name="Signatories" type="SignatoriesType" use="optional" default="1"/>
-				</xsd:extension>
-			</xsd:complexContent>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:complexType name="VerifyCMSSignatureRequestType">
-		<xsd:sequence>
-			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
-			<xsd:element name="CMSSignature" type="xsd:base64Binary"/>
-			<xsd:element name="DataObject" type="CMSDataObjectOptionalMetaType" minOccurs="0"/>
-			<xsd:element name="TrustProfileID" type="xsd:token">
-				<xsd:annotation>
-					<xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!--### Verify CMS Signature Response ###-->
-	<xsd:element name="VerifyCMSSignatureResponse" type="VerifyCMSSignatureResponseType"/>
-	<xsd:complexType name="VerifyCMSSignatureResponseType">
-		<xsd:sequence maxOccurs="unbounded">
-			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">
-				<xsd:annotation>
-					<xsd:documentation>only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="SignatureCheck" type="CheckResultType"/>
-			<xsd:element name="CertificateCheck" type="CheckResultType"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!--########## Verify XML Signature ###-->
-	<!--### Verify XML Signature Request ###-->
-	<xsd:element name="VerifyXMLSignatureRequest" type="VerifyXMLSignatureRequestType"/>
-	<xsd:complexType name="VerifyXMLSignatureRequestType">
-		<xsd:sequence>
-			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
-			<xsd:element name="VerifySignatureInfo">
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="VerifySignatureEnvironment" type="ContentOptionalRefType"/>
-						<xsd:element name="VerifySignatureLocation" type="xsd:token"/>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:choice minOccurs="0" maxOccurs="unbounded">
-				<xsd:element ref="SupplementProfile"/>
-				<xsd:element name="SupplementProfileID" type="xsd:string"/>
-			</xsd:choice>
-			<xsd:element name="SignatureManifestCheckParams" minOccurs="0">
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="ReferenceInfo" type="VerifyTransformsDataType" maxOccurs="unbounded">
-							<xsd:annotation>
-								<xsd:documentation>Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur.</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-					</xsd:sequence>
-					<xsd:attribute name="ReturnReferenceInputData" type="xsd:boolean" use="optional" default="true"/>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="ReturnHashInputData" minOccurs="0"/>
-			<xsd:element name="TrustProfileID" type="xsd:token">
-				<xsd:annotation>
-					<xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!--### Verify XML Signature Response ###-->
-	<xsd:element name="VerifyXMLSignatureResponse" type="VerifyXMLSignatureResponseType"/>
-	<xsd:complexType name="VerifyXMLSignatureResponseType">
-		<xsd:sequence>
-			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">
-				<xsd:annotation>
-					<xsd:documentation>only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="HashInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
-			<xsd:element name="ReferenceInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
-			<xsd:element name="SignatureCheck" type="ReferencesCheckResultType"/>
-			<xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" minOccurs="0"/>
-			<xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/>
-			<xsd:element name="CertificateCheck" type="CheckResultType"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:simpleType name="ProfileIdentifierType">
-		<xsd:restriction base="xsd:token"/>
-	</xsd:simpleType>
-	<xsd:complexType name="InputDataType">
-		<xsd:complexContent>
-			<xsd:extension base="ContentExLocRefBaseType">
-				<xsd:attribute name="PartOf" use="optional" default="SignedInfo">
-					<xsd:simpleType>
-						<xsd:restriction base="xsd:token">
-							<xsd:enumeration value="SignedInfo"/>
-							<xsd:enumeration value="XMLDSIGManifest"/>
-						</xsd:restriction>
-					</xsd:simpleType>
-				</xsd:attribute>
-				<xsd:attribute name="ReferringSigReference" type="xsd:nonNegativeInteger" use="optional"/>
-			</xsd:extension>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<xsd:complexType name="MetaInfoType">
-		<xsd:sequence>
-			<xsd:element name="MimeType" type="MimeTypeType"/>
-			<xsd:element name="Description" type="xsd:anyURI" minOccurs="0"/>
-			<xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="FinalDataMetaInfoType">
-		<xsd:complexContent>
-			<xsd:extension base="MetaInfoType">
-				<xsd:sequence>
-					<xsd:element name="Type" type="xsd:anyURI" minOccurs="0"/>
-				</xsd:sequence>
-			</xsd:extension>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<xsd:complexType name="DataObjectInfoType">
-		<xsd:sequence>
-			<xsd:element name="DataObject">
-				<xsd:complexType>
-					<xsd:complexContent>
-						<xsd:extension base="ContentOptionalRefType"/>
-					</xsd:complexContent>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:choice>
-				<xsd:annotation>
-					<xsd:documentation>Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil</xsd:documentation>
-				</xsd:annotation>
-				<xsd:element ref="CreateTransformsInfoProfile"/>
-				<xsd:element name="CreateTransformsInfoProfileID" type="ProfileIdentifierType"/>
-			</xsd:choice>
-		</xsd:sequence>
-		<xsd:attribute name="Structure" use="required">
-			<xsd:simpleType>
-				<xsd:restriction base="xsd:string">
-					<xsd:enumeration value="detached"/>
-					<xsd:enumeration value="enveloping"/>
-				</xsd:restriction>
-			</xsd:simpleType>
-		</xsd:attribute>
-	</xsd:complexType>
-	<xsd:complexType name="CMSDataObjectInfoType">
-		<xsd:sequence>
-			<xsd:element name="DataObject">
-				<xsd:complexType>
-					<xsd:complexContent>
-						<xsd:extension base="CMSDataObjectRequiredMetaType"/>
-					</xsd:complexContent>
-				</xsd:complexType>
-			</xsd:element>
-		</xsd:sequence>
-		<xsd:attribute name="Structure" use="required">
-			<xsd:simpleType>
-				<xsd:restriction base="xsd:string">
-					<xsd:enumeration value="detached"/>
-					<xsd:enumeration value="enveloping"/>
-				</xsd:restriction>
-			</xsd:simpleType>
-		</xsd:attribute>
-	</xsd:complexType>
-	<xsd:complexType name="TransformsInfoType">
-		<xsd:sequence>
-			<xsd:element ref="dsig:Transforms" minOccurs="0"/>
-			<xsd:element name="FinalDataMetaInfo" type="FinalDataMetaInfoType"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="XMLDataObjectAssociationType">
-		<xsd:sequence>
-			<xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
-			<xsd:element name="Content" type="ContentRequiredRefType"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="CMSDataObjectOptionalMetaType">
-		<xsd:sequence>
-			<xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
-			<xsd:element name="Content" type="CMSContentBaseType"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="CMSDataObjectRequiredMetaType">
-		<xsd:sequence>
-			<xsd:element name="MetaInfo" type="MetaInfoType"/>
-			<xsd:element name="Content" type="CMSContentBaseType"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="CMSContentBaseType">
-		<xsd:complexContent>
-			<xsd:restriction base="ContentOptionalRefType">
-				<xsd:choice minOccurs="0">
-					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
-				</xsd:choice>
-			</xsd:restriction>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<xsd:complexType name="CheckResultType">
-		<xsd:sequence>
-			<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
-			<xsd:element name="Info" type="AnyChildrenType" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="ReferencesCheckResultType">
-		<xsd:complexContent>
-			<xsd:restriction base="CheckResultType">
-				<xsd:sequence>
-					<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
-					<xsd:element name="Info" type="ReferencesCheckResultInfoType" minOccurs="0"/>
-				</xsd:sequence>
-			</xsd:restriction>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<xsd:complexType name="ReferencesCheckResultInfoType" mixed="true">
-		<xsd:complexContent>
-			<xsd:restriction base="AnyChildrenType">
-				<xsd:sequence>
-					<xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
-					<xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
-				</xsd:sequence>
-			</xsd:restriction>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<xsd:complexType name="ManifestRefsCheckResultType">
-		<xsd:complexContent>
-			<xsd:restriction base="CheckResultType">
-				<xsd:sequence>
-					<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
-					<xsd:element name="Info" type="ManifestRefsCheckResultInfoType"/>
-				</xsd:sequence>
-			</xsd:restriction>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<xsd:complexType name="ManifestRefsCheckResultInfoType" mixed="true">
-		<xsd:complexContent>
-			<xsd:restriction base="AnyChildrenType">
-				<xsd:sequence>
-					<xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
-					<xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
-					<xsd:element name="ReferringSigReference" type="xsd:positiveInteger"/>
-				</xsd:sequence>
-			</xsd:restriction>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<!--########## Error Response ###-->
-	<xsd:element name="ErrorResponse" type="ErrorResponseType">
-		<xsd:annotation>
-			<xsd:documentation>Resultat, falls die Signaturerstellung gescheitert ist</xsd:documentation>
-		</xsd:annotation>
-	</xsd:element>
-	<xsd:complexType name="ErrorResponseType">
-		<xsd:sequence>
-			<xsd:element name="ErrorCode" type="xsd:integer"/>
-			<xsd:element name="Info" type="xsd:string"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!--########## Auxiliary Types ###-->
-	<xsd:simpleType name="KeyIdentifierType">
-		<xsd:restriction base="xsd:string"/>
-	</xsd:simpleType>
-	<xsd:simpleType name="KeyStorageType">
-		<xsd:restriction base="xsd:string">
-			<xsd:enumeration value="Software"/>
-			<xsd:enumeration value="Hardware"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:simpleType name="MimeTypeType">
-		<xsd:restriction base="xsd:token"/>
-	</xsd:simpleType>
-	<xsd:complexType name="AnyChildrenType" mixed="true">
-		<xsd:sequence>
-			<xsd:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="XMLContentType" mixed="true">
-		<xsd:complexContent>
-			<xsd:extension base="AnyChildrenType">
-				<xsd:attribute ref="xml:space" use="optional"/>
-			</xsd:extension>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<xsd:complexType name="ContentBaseType">
-		<xsd:choice minOccurs="0">
-			<xsd:element name="Base64Content" type="xsd:base64Binary"/>
-			<xsd:element name="XMLContent" type="XMLContentType"/>
-			<xsd:element name="LocRefContent" type="xsd:anyURI"/>
-		</xsd:choice>
-	</xsd:complexType>
-	<xsd:complexType name="ContentExLocRefBaseType">
-		<xsd:complexContent>
-			<xsd:restriction base="ContentBaseType">
-				<xsd:choice minOccurs="0">
-					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
-					<xsd:element name="XMLContent" type="XMLContentType"/>
-				</xsd:choice>
-			</xsd:restriction>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<xsd:complexType name="ContentOptionalRefType">
-		<xsd:complexContent>
-			<xsd:extension base="ContentBaseType">
-				<xsd:attribute name="Reference" type="xsd:anyURI" use="optional"/>
-			</xsd:extension>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<xsd:complexType name="ContentRequiredRefType">
-		<xsd:complexContent>
-			<xsd:restriction base="ContentOptionalRefType">
-				<xsd:choice minOccurs="0">
-					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
-					<xsd:element name="XMLContent" type="XMLContentType"/>
-					<xsd:element name="LocRefContent" type="xsd:anyURI"/>
-				</xsd:choice>
-				<xsd:attribute name="Reference" type="xsd:anyURI" use="required"/>
-			</xsd:restriction>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<xsd:complexType name="VerifyTransformsDataType">
-		<xsd:choice maxOccurs="unbounded">
-			<xsd:annotation>
-				<xsd:documentation>Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen.</xsd:documentation>
-			</xsd:annotation>
-			<xsd:element ref="VerifyTransformsInfoProfile"/>
-			<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string">
-				<xsd:annotation>
-					<xsd:documentation>Profilbezeichner für einen Transformationsweg</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:choice>
-	</xsd:complexType>
-	<xsd:element name="QualifiedCertificate">
-		<xsd:complexType>
-			<xsd:attribute name="source" use="optional">
-				<xsd:simpleType>
-					<xsd:restriction base="xsd:token">
-						<xsd:enumeration value="TSL"/>
-						<xsd:enumeration value="Certificate"/>
-					</xsd:restriction>
-				</xsd:simpleType>
-			</xsd:attribute>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="SecureSignatureCreationDevice">
-		<xsd:complexType>
-			<xsd:attribute name="source" use="optional">
-				<xsd:simpleType>
-					<xsd:restriction base="xsd:token">
-						<xsd:enumeration value="TSL"/>
-						<xsd:enumeration value="Certificate"/>
-					</xsd:restriction>
-				</xsd:simpleType>
-			</xsd:attribute>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="IssuingCountry" type="xsd:token"/>
-	<xsd:element name="PublicAuthority" type="PublicAuthorityType"/>
-	<xsd:complexType name="PublicAuthorityType">
-		<xsd:sequence>
-			<xsd:element name="Code" type="xsd:string" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:simpleType name="SignatoriesType">
-		<xsd:union memberTypes="AllSignatoriesType">
-			<xsd:simpleType>
-				<xsd:list itemType="xsd:positiveInteger"/>
-			</xsd:simpleType>
-		</xsd:union>
-	</xsd:simpleType>
-	<xsd:simpleType name="AllSignatoriesType">
-		<xsd:restriction base="xsd:string">
-			<xsd:enumeration value="all"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:complexType name="CreateSignatureLocationType">
-		<xsd:simpleContent>
-			<xsd:extension base="xsd:token">
-				<xsd:attribute name="Index" type="xsd:integer" use="required"/>
-			</xsd:extension>
-		</xsd:simpleContent>
-	</xsd:complexType>
-	<xsd:complexType name="TransformParameterType">
-		<xsd:choice minOccurs="0">
-			<xsd:annotation>
-				<xsd:documentation>Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann.</xsd:documentation>
-			</xsd:annotation>
-			<xsd:element name="Base64Content" type="xsd:base64Binary">
-				<xsd:annotation>
-					<xsd:documentation>Der Transformationsparameter explizit angegeben.</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="Hash">
-				<xsd:annotation>
-					<xsd:documentation>Der Hashwert des Transformationsparameters.</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element ref="dsig:DigestMethod"/>
-						<xsd:element ref="dsig:DigestValue"/>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-		</xsd:choice>
-		<xsd:attribute name="URI" type="xsd:anyURI" use="required"/>
-	</xsd:complexType>
-	<xsd:element name="CreateSignatureEnvironmentProfile">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element name="CreateSignatureLocation" type="CreateSignatureLocationType"/>
-				<xsd:element name="Supplement" type="XMLDataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="VerifyTransformsInfoProfile">
-		<xsd:annotation>
-			<xsd:documentation>Explizite Angabe des Transformationswegs</xsd:documentation>
-		</xsd:annotation>
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element ref="dsig:Transforms" minOccurs="0"/>
-				<xsd:element name="TransformParameter" type="TransformParameterType" minOccurs="0" maxOccurs="unbounded">
-					<xsd:annotation>
-						<xsd:documentation>Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird.</xsd:documentation>
-					</xsd:annotation>
-				</xsd:element>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="Supplement" type="XMLDataObjectAssociationType"/>
-	<xsd:element name="SupplementProfile" type="XMLDataObjectAssociationType"/>
-	<xsd:element name="CreateTransformsInfoProfile">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element name="CreateTransformsInfo" type="TransformsInfoType"/>
-				<xsd:element ref="Supplement" minOccurs="0" maxOccurs="unbounded"/>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-</xsd:schema>
diff --git a/spss/server/serverws/resources/wsdl/MOA-SPSS-2.0.0.wsdl b/spss/server/serverws/resources/wsdl/MOA-SPSS-2.0.0.wsdl
new file mode 100644
index 000000000..4f9deee38
--- /dev/null
+++ b/spss/server/serverws/resources/wsdl/MOA-SPSS-2.0.0.wsdl
@@ -0,0 +1,128 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- 
+  Web Service Description for MOA SP/SS 1.4
+-->
+<definitions xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+	<import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="../resources/schemas/MOA-SPSS-2.0.0.xsd"/>
+	<message name="CreateCMSSignatureInput">
+		<part name="body" element="moa:CreateCMSSignatureRequest"/>
+	</message>
+	<message name="CreateCMSSignatureOutput">
+		<part name="body" element="moa:CreateCMSSignatureResponse"/>
+	</message>
+	<message name="CreateXMLSignatureInput">
+		<part name="body" element="moa:CreateXMLSignatureRequest"/>
+	</message>
+	<message name="CreateXMLSignatureOutput">
+		<part name="body" element="moa:CreateXMLSignatureResponse"/>
+	</message>
+	<message name="VerifyCMSSignatureInput">
+		<part name="body" element="moa:VerifyCMSSignatureRequest"/>
+	</message>
+	<message name="VerifyCMSSignatureOutput">
+		<part name="body" element="moa:VerifyCMSSignatureResponse"/>
+	</message>
+	<message name="VerifyXMLSignatureInput">
+		<part name="body" element="moa:VerifyXMLSignatureRequest"/>
+	</message>
+	<message name="VerifyXMLSignatureOutput">
+		<part name="body" element="moa:VerifyXMLSignatureResponse"/>
+	</message>
+	<message name="MOAFault">
+		<part name="body" element="moa:ErrorResponse"/>
+	</message>
+	<portType name="SignatureCreationPortType">
+		<operation name="createXMLSignature">
+			<input message="tns:CreateXMLSignatureInput"/>
+			<output message="tns:CreateXMLSignatureOutput"/>
+			<fault name="MOAFault" message="tns:MOAFault"/>
+		</operation>
+		<operation name="createCMSSignature">
+			<input message="tns:CreateCMSSignatureInput"/>
+			<output message="tns:CreateCMSSignatureOutput"/>
+			<fault name="MOAFault" message="tns:MOAFault"/>
+		</operation>
+	</portType>
+	<portType name="SignatureVerificationPortType">
+		<operation name="verifyCMSSignature">
+			<input message="tns:VerifyCMSSignatureInput"/>
+			<output message="tns:VerifyCMSSignatureOutput"/>
+			<fault name="MOAFault" message="tns:MOAFault"/>
+		</operation>
+		<operation name="verifyXMLSignature">
+			<input message="tns:VerifyXMLSignatureInput"/>
+			<output message="tns:VerifyXMLSignatureOutput"/>
+			<fault name="MOAFault" message="tns:MOAFault"/>
+		</operation>
+	</portType>
+	<binding name="SignatureCreationBinding" type="tns:SignatureCreationPortType">
+		<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+		<operation name="createXMLSignature">
+			<soap:operation soapAction="urn:CreateXMLSignatureAction"/>
+			<input>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</input>
+			<output>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</output>
+			<fault name="MOAFault">
+				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</fault>
+		</operation>
+		<operation name="createCMSSignature">
+			<soap:operation soapAction="urn:CreateCMSSignatureAction"/>
+			<input>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</input>
+			<output>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</output>
+			<fault name="MOAFault">
+				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</fault>
+		</operation>
+	</binding>
+	<binding name="SignatureVerificationBinding" type="tns:SignatureVerificationPortType">
+		<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+		<operation name="verifyCMSSignature">
+			<soap:operation soapAction="urn:VerifyCMSSignatureAction"/>
+			<input>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</input>
+			<output>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</output>
+			<fault name="MOAFault">
+				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</fault>
+		</operation>
+		<operation name="verifyXMLSignature">
+			<soap:operation soapAction="urn:VerifyXMLSignatureAction"/>
+			<input>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</input>
+			<output>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</output>
+			<fault name="MOAFault">
+				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</fault>
+		</operation>
+	</binding>
+	<service name="SignatureCreationService">
+		<port name="SignatureCreationPort" binding="tns:SignatureCreationBinding">
+			<!--
+        Please note that the location URL must be adapted to the actual service URL.
+      <soap:address location="http://localhost/moa-spss/services/SignatureCreation"/>
+      -->
+		</port>
+	</service>
+	<service name="SignatureVerificationService">
+		<port name="SignatureVerificationPort" binding="tns:SignatureVerificationBinding">
+			<!--
+        Please note that the location URL must be adapted to the actual service URL.
+      <soap:address location="http://localhost/moa-spss/services/SignatureVerification"/>
+      -->
+		</port>
+	</service>
+</definitions>
diff --git a/spss/server/serverws/resources/wsdl/MOA-SPSS-2.0.0.xsd b/spss/server/serverws/resources/wsdl/MOA-SPSS-2.0.0.xsd
new file mode 100644
index 000000000..cc0a7c882
--- /dev/null
+++ b/spss/server/serverws/resources/wsdl/MOA-SPSS-2.0.0.xsd
@@ -0,0 +1,564 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  MOA SP/SS 2.0.0 Schema
+-->
+<xsd:schema xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.2">
+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+	<xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
+	<!--########## Create CMS Signature ###-->
+	<!--### Create CMS Signature Request ###-->
+	<xsd:element name="CreateCMSSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="CreateCMSSignatureRequestType"/>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="CreateCMSSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
+			<xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="DataObjectInfo">
+							<xsd:complexType>
+								<xsd:complexContent>
+									<xsd:extension base="CMSDataObjectInfoType"/>
+								</xsd:complexContent>
+							</xsd:complexType>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Create CMS Signature Response ###-->
+	<xsd:element name="CreateCMSSignatureResponse" type="CreateCMSSignatureResponseType"/>
+	<xsd:complexType name="CreateCMSSignatureResponseType">
+		<xsd:choice maxOccurs="unbounded">
+			<xsd:annotation>
+				<xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element name="CMSSignature" type="xsd:base64Binary">
+				<xsd:annotation>
+					<xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element ref="ErrorResponse"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<!--########## Create XML Signature ###-->
+	<!--### Create XML Signature Request ###-->
+	<xsd:element name="CreateXMLSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="CreateXMLSignatureRequestType"/>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="CreateXMLSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
+			<xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="DataObjectInfo" maxOccurs="unbounded">
+							<xsd:complexType>
+								<xsd:complexContent>
+									<xsd:extension base="DataObjectInfoType">
+										<xsd:attribute name="ChildOfManifest" type="xsd:boolean" use="optional" default="false"/>
+									</xsd:extension>
+								</xsd:complexContent>
+							</xsd:complexType>
+						</xsd:element>
+						<xsd:element name="CreateSignatureInfo" minOccurs="0">
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element name="CreateSignatureEnvironment" type="ContentOptionalRefType"/>
+									<xsd:choice>
+										<xsd:annotation>
+											<xsd:documentation>Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil</xsd:documentation>
+										</xsd:annotation>
+										<xsd:element ref="CreateSignatureEnvironmentProfile"/>
+										<xsd:element name="CreateSignatureEnvironmentProfileID" type="ProfileIdentifierType"/>
+									</xsd:choice>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Create XML Signature Response ###-->
+	<xsd:complexType name="CreateXMLSignatureResponseType">
+		<xsd:choice maxOccurs="unbounded">
+			<xsd:annotation>
+				<xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element name="SignatureEnvironment">
+				<xsd:annotation>
+					<xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:any namespace="##any" processContents="lax"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element ref="ErrorResponse"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:element name="CreateXMLSignatureResponse" type="CreateXMLSignatureResponseType"/>
+	<!--########## Verify CMS Signature ###-->
+	<!--### Verifiy CMS Signature Request ###-->
+	<xsd:element name="VerifyCMSSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="VerifyCMSSignatureRequestType">
+					<xsd:attribute name="Signatories" type="SignatoriesType" use="optional" default="1"/>
+				</xsd:extension>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="VerifyCMSSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+			<xsd:element name="CMSSignature" type="xsd:base64Binary"/>
+			<xsd:element name="DataObject" type="CMSDataObjectOptionalMetaType" minOccurs="0"/>
+			<xsd:element name="TrustProfileID" type="xsd:token">
+				<xsd:annotation>
+					<xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Verify CMS Signature Response ###-->
+	<xsd:element name="VerifyCMSSignatureResponse" type="VerifyCMSSignatureResponseType"/>
+	<xsd:complexType name="VerifyCMSSignatureResponseType">
+		<xsd:sequence maxOccurs="unbounded">
+			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+				<xsd:annotation>
+					<xsd:documentation>only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="SignatureCheck" type="CheckResultType"/>
+			<xsd:element name="CertificateCheck" type="CheckResultType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--########## Verify XML Signature ###-->
+	<!--### Verify XML Signature Request ###-->
+	<xsd:element name="VerifyXMLSignatureRequest" type="VerifyXMLSignatureRequestType"/>
+	<xsd:complexType name="VerifyXMLSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+			<xsd:element name="VerifySignatureInfo">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="VerifySignatureEnvironment" type="ContentOptionalRefType"/>
+						<xsd:element name="VerifySignatureLocation" type="xsd:token"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:choice minOccurs="0" maxOccurs="unbounded">
+				<xsd:element ref="SupplementProfile"/>
+				<xsd:element name="SupplementProfileID" type="xsd:string"/>
+			</xsd:choice>
+			<xsd:element name="SignatureManifestCheckParams" minOccurs="0">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ReferenceInfo" type="VerifyTransformsDataType" maxOccurs="unbounded">
+							<xsd:annotation>
+								<xsd:documentation>Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur.</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="ReturnReferenceInputData" type="xsd:boolean" use="optional" default="true"/>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="ReturnHashInputData" minOccurs="0"/>
+			<xsd:element name="TrustProfileID" type="xsd:token">
+				<xsd:annotation>
+					<xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Verify XML Signature Response ###-->
+	<xsd:element name="VerifyXMLSignatureResponse" type="VerifyXMLSignatureResponseType"/>
+	<xsd:complexType name="VerifyXMLSignatureResponseType">
+		<xsd:sequence>
+			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+				<xsd:annotation>
+					<xsd:documentation>only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="HashInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="ReferenceInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="SignatureCheck" type="ReferencesCheckResultType"/>
+			<xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" minOccurs="0"/>
+			<xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="CertificateCheck" type="CheckResultType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:simpleType name="ProfileIdentifierType">
+		<xsd:restriction base="xsd:token"/>
+	</xsd:simpleType>
+	<xsd:complexType name="InputDataType">
+		<xsd:complexContent>
+			<xsd:extension base="ContentExLocRefBaseType">
+				<xsd:attribute name="PartOf" use="optional" default="SignedInfo">
+					<xsd:simpleType>
+						<xsd:restriction base="xsd:token">
+							<xsd:enumeration value="SignedInfo"/>
+							<xsd:enumeration value="XMLDSIGManifest"/>
+						</xsd:restriction>
+					</xsd:simpleType>
+				</xsd:attribute>
+				<xsd:attribute name="ReferringSigReference" type="xsd:nonNegativeInteger" use="optional"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="MetaInfoType">
+		<xsd:sequence>
+			<xsd:element name="MimeType" type="MimeTypeType"/>
+			<xsd:element name="Description" type="xsd:anyURI" minOccurs="0"/>
+			<xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="FinalDataMetaInfoType">
+		<xsd:complexContent>
+			<xsd:extension base="MetaInfoType">
+				<xsd:sequence>
+					<xsd:element name="Type" type="xsd:anyURI" minOccurs="0"/>
+				</xsd:sequence>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="DataObjectInfoType">
+		<xsd:sequence>
+			<xsd:element name="DataObject">
+				<xsd:complexType>
+					<xsd:complexContent>
+						<xsd:extension base="ContentOptionalRefType"/>
+					</xsd:complexContent>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:choice>
+				<xsd:annotation>
+					<xsd:documentation>Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil</xsd:documentation>
+				</xsd:annotation>
+				<xsd:element ref="CreateTransformsInfoProfile"/>
+				<xsd:element name="CreateTransformsInfoProfileID" type="ProfileIdentifierType"/>
+			</xsd:choice>
+		</xsd:sequence>
+		<xsd:attribute name="Structure" use="required">
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="detached"/>
+					<xsd:enumeration value="enveloping"/>
+				</xsd:restriction>
+			</xsd:simpleType>
+		</xsd:attribute>
+	</xsd:complexType>
+	<xsd:complexType name="CMSDataObjectInfoType">
+		<xsd:sequence>
+			<xsd:element name="DataObject">
+				<xsd:complexType>
+					<xsd:complexContent>
+						<xsd:extension base="CMSDataObjectRequiredMetaType"/>
+					</xsd:complexContent>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+		<xsd:attribute name="Structure" use="required">
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="detached"/>
+					<xsd:enumeration value="enveloping"/>
+				</xsd:restriction>
+			</xsd:simpleType>
+		</xsd:attribute>
+	</xsd:complexType>
+	<xsd:complexType name="TransformsInfoType">
+		<xsd:sequence>
+			<xsd:element ref="dsig:Transforms" minOccurs="0"/>
+			<xsd:element name="FinalDataMetaInfo" type="FinalDataMetaInfoType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="XMLDataObjectAssociationType">
+		<xsd:sequence>
+			<xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
+			<xsd:element name="Content" type="ContentRequiredRefType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="CMSDataObjectOptionalMetaType">
+		<xsd:sequence>
+			<xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
+			<xsd:element name="Content" type="CMSContentBaseType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="CMSDataObjectRequiredMetaType">
+		<xsd:sequence>
+			<xsd:element name="MetaInfo" type="MetaInfoType"/>
+			<xsd:element name="Content" type="CMSContentBaseType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="CMSContentBaseType">
+		<xsd:complexContent>
+			<xsd:restriction base="ContentOptionalRefType">
+				<xsd:choice minOccurs="0">
+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+				</xsd:choice>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="CheckResultType">
+		<xsd:sequence>
+			<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+			<xsd:element name="Info" type="AnyChildrenType" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="ReferencesCheckResultType">
+		<xsd:complexContent>
+			<xsd:restriction base="CheckResultType">
+				<xsd:sequence>
+					<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+					<xsd:element name="Info" type="ReferencesCheckResultInfoType" minOccurs="0"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ReferencesCheckResultInfoType" mixed="true">
+		<xsd:complexContent>
+			<xsd:restriction base="AnyChildrenType">
+				<xsd:sequence>
+					<xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+					<xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ManifestRefsCheckResultType">
+		<xsd:complexContent>
+			<xsd:restriction base="CheckResultType">
+				<xsd:sequence>
+					<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+					<xsd:element name="Info" type="ManifestRefsCheckResultInfoType"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ManifestRefsCheckResultInfoType" mixed="true">
+		<xsd:complexContent>
+			<xsd:restriction base="AnyChildrenType">
+				<xsd:sequence>
+					<xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+					<xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
+					<xsd:element name="ReferringSigReference" type="xsd:positiveInteger"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<!--########## Error Response ###-->
+	<xsd:element name="ErrorResponse" type="ErrorResponseType">
+		<xsd:annotation>
+			<xsd:documentation>Resultat, falls die Signaturerstellung gescheitert ist</xsd:documentation>
+		</xsd:annotation>
+	</xsd:element>
+	<xsd:complexType name="ErrorResponseType">
+		<xsd:sequence>
+			<xsd:element name="ErrorCode" type="xsd:integer"/>
+			<xsd:element name="Info" type="xsd:string"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--########## Auxiliary Types ###-->
+	<xsd:simpleType name="KeyIdentifierType">
+		<xsd:restriction base="xsd:string"/>
+	</xsd:simpleType>
+	<xsd:simpleType name="KeyStorageType">
+		<xsd:restriction base="xsd:string">
+			<xsd:enumeration value="Software"/>
+			<xsd:enumeration value="Hardware"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:simpleType name="MimeTypeType">
+		<xsd:restriction base="xsd:token"/>
+	</xsd:simpleType>
+	<xsd:complexType name="AnyChildrenType" mixed="true">
+		<xsd:sequence>
+			<xsd:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="XMLContentType" mixed="true">
+		<xsd:complexContent>
+			<xsd:extension base="AnyChildrenType">
+				<xsd:attribute ref="xml:space" use="optional"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ContentBaseType">
+		<xsd:choice minOccurs="0">
+			<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+			<xsd:element name="XMLContent" type="XMLContentType"/>
+			<xsd:element name="LocRefContent" type="xsd:anyURI"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:complexType name="ContentExLocRefBaseType">
+		<xsd:complexContent>
+			<xsd:restriction base="ContentBaseType">
+				<xsd:choice minOccurs="0">
+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+					<xsd:element name="XMLContent" type="XMLContentType"/>
+				</xsd:choice>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ContentOptionalRefType">
+		<xsd:complexContent>
+			<xsd:extension base="ContentBaseType">
+				<xsd:attribute name="Reference" type="xsd:anyURI" use="optional"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ContentRequiredRefType">
+		<xsd:complexContent>
+			<xsd:restriction base="ContentOptionalRefType">
+				<xsd:choice minOccurs="0">
+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+					<xsd:element name="XMLContent" type="XMLContentType"/>
+					<xsd:element name="LocRefContent" type="xsd:anyURI"/>
+				</xsd:choice>
+				<xsd:attribute name="Reference" type="xsd:anyURI" use="required"/>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="VerifyTransformsDataType">
+		<xsd:choice maxOccurs="unbounded">
+			<xsd:annotation>
+				<xsd:documentation>Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen.</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element ref="VerifyTransformsInfoProfile"/>
+			<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string">
+				<xsd:annotation>
+					<xsd:documentation>Profilbezeichner für einen Transformationsweg</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:element name="QualifiedCertificate">
+		<xsd:complexType>
+			<xsd:attribute name="source" use="optional">
+				<xsd:simpleType>
+					<xsd:restriction base="xsd:token">
+						<xsd:enumeration value="TSL"/>
+						<xsd:enumeration value="Certificate"/>
+					</xsd:restriction>
+				</xsd:simpleType>
+			</xsd:attribute>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="SecureSignatureCreationDevice">
+		<xsd:complexType>
+			<xsd:attribute name="source" use="optional">
+				<xsd:simpleType>
+					<xsd:restriction base="xsd:token">
+						<xsd:enumeration value="TSL"/>
+						<xsd:enumeration value="Certificate"/>
+					</xsd:restriction>
+				</xsd:simpleType>
+			</xsd:attribute>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="IssuingCountry" type="xsd:token"/>
+	<xsd:element name="PublicAuthority" type="PublicAuthorityType"/>
+	<xsd:complexType name="PublicAuthorityType">
+		<xsd:sequence>
+			<xsd:element name="Code" type="xsd:string" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:simpleType name="SignatoriesType">
+		<xsd:union memberTypes="AllSignatoriesType">
+			<xsd:simpleType>
+				<xsd:list itemType="xsd:positiveInteger"/>
+			</xsd:simpleType>
+		</xsd:union>
+	</xsd:simpleType>
+	<xsd:simpleType name="AllSignatoriesType">
+		<xsd:restriction base="xsd:string">
+			<xsd:enumeration value="all"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:complexType name="CreateSignatureLocationType">
+		<xsd:simpleContent>
+			<xsd:extension base="xsd:token">
+				<xsd:attribute name="Index" type="xsd:integer" use="required"/>
+			</xsd:extension>
+		</xsd:simpleContent>
+	</xsd:complexType>
+	<xsd:complexType name="TransformParameterType">
+		<xsd:choice minOccurs="0">
+			<xsd:annotation>
+				<xsd:documentation>Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann.</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element name="Base64Content" type="xsd:base64Binary">
+				<xsd:annotation>
+					<xsd:documentation>Der Transformationsparameter explizit angegeben.</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="Hash">
+				<xsd:annotation>
+					<xsd:documentation>Der Hashwert des Transformationsparameters.</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element ref="dsig:DigestMethod"/>
+						<xsd:element ref="dsig:DigestValue"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:choice>
+		<xsd:attribute name="URI" type="xsd:anyURI" use="required"/>
+	</xsd:complexType>
+	<xsd:element name="CreateSignatureEnvironmentProfile">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="CreateSignatureLocation" type="CreateSignatureLocationType"/>
+				<xsd:element name="Supplement" type="XMLDataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="VerifyTransformsInfoProfile">
+		<xsd:annotation>
+			<xsd:documentation>Explizite Angabe des Transformationswegs</xsd:documentation>
+		</xsd:annotation>
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element ref="dsig:Transforms" minOccurs="0"/>
+				<xsd:element name="TransformParameter" type="TransformParameterType" minOccurs="0" maxOccurs="unbounded">
+					<xsd:annotation>
+						<xsd:documentation>Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird.</xsd:documentation>
+					</xsd:annotation>
+				</xsd:element>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="Supplement" type="XMLDataObjectAssociationType"/>
+	<xsd:element name="SupplementProfile" type="XMLDataObjectAssociationType"/>
+	<xsd:element name="CreateTransformsInfoProfile">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="CreateTransformsInfo" type="TransformsInfoType"/>
+				<xsd:element ref="Supplement" minOccurs="0" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+</xsd:schema>
-- 
cgit v1.2.3


From def91ef4b2e19c18aa1f17de391fe08f165292a8 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 30 Oct 2014 14:40:28 +0100
Subject: fix problems with non-admin user

---
 .../moa/id/configuration/struts/action/BasicOAAction.java        | 9 ++++++---
 .../moa/id/configuration/struts/action/EditOAAction.java         | 5 ++++-
 id/ConfigWebTool/src/main/resources/struts.xml                   | 2 +-
 id/ConfigWebTool/src/main/webapp/jsp/openadminrequests.jsp       | 4 +++-
 4 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
index 9c1cb90e0..415e1c957 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
@@ -401,9 +401,7 @@ public class BasicOAAction extends BasicAction {
     		form.store(dboa, authUser, request);
     	
         try {
-            if (dboa.isIsNew()) {
-                ConfigurationDBUtils.save(dboa);
-
+            if (dboa.isIsNew()) {              
                 if (!authUser.isAdmin()) {
                     UserDatabase user = ConfigurationDBRead.getUserWithID(authUser.getUserID());
 
@@ -412,7 +410,12 @@ public class BasicOAAction extends BasicAction {
 
                     useroas.add(dboa);
                     ConfigurationDBUtils.saveOrUpdate(user);
+                    
+                } else {
+                	ConfigurationDBUtils.save(dboa);
+                	
                 }
+                
             } else
                 ConfigurationDBUtils.saveOrUpdate(dboa);
 
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
index 1893b0f60..4cd556b75 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
@@ -346,8 +346,11 @@ public class EditOAAction extends BasicOAAction {
 					ConfigurationDBUtils.saveOrUpdate(moaconfig);
 	
 				}
+			} catch (NullPointerException e) { 
+				log.debug("Found no MetadataURL in OA-Databaseconfig");
+				
 			} catch (Throwable e) {
-				log.info("Found no MetadataURL in OA-Databaseconfig!", e);
+				log.info("Set metadata refresh flag FAILED.", e);
 			}
 	
 			if (ConfigurationDBUtils.delete(onlineapplication)) {
diff --git a/id/ConfigWebTool/src/main/resources/struts.xml b/id/ConfigWebTool/src/main/resources/struts.xml
index 31f3889de..39c38ae43 100644
--- a/id/ConfigWebTool/src/main/resources/struts.xml
+++ b/id/ConfigWebTool/src/main/resources/struts.xml
@@ -155,7 +155,7 @@
  		  
  		<action name="newOA" method="newOA" class="at.gv.egovernment.moa.id.configuration.struts.action.EditOAAction">
 			<result name="editOA">/jsp/editOAGeneral.jsp</result>
-			<result name="success" type="chain">main</result>
+			<result name="success">/jsp/mainpage.jsp</result>
 			<result name="error">/error.jsp</result>
 			<result name="reauthentication" type="redirectAction">
 	          <param name="actionName">logout</param>
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/openadminrequests.jsp b/id/ConfigWebTool/src/main/webapp/jsp/openadminrequests.jsp
index 954bf9b8b..0cd861884 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/openadminrequests.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/openadminrequests.jsp
@@ -38,7 +38,9 @@
 
 				<div class="oa_config_block">
 					<h3><%=LanguageHelper.getGUIString("webpages.openadminrequests.oas.header", request) %></h3>
-					<jsp:include page="snippets/oas_list.jsp"></jsp:include>
+					<s:include value="snippets/oas_list.jsp">
+						<s:param name="editAction">loadOA</s:param>
+					</s:include>
 				</div>
 
 			</s:if>
-- 
cgit v1.2.3


From f875f9fbca20f5be3ec5a18ef905ae6e68091b7d Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 30 Oct 2014 14:40:58 +0100
Subject: update PVPRole to ECRole mapping

---
 .../resources/resources/properties/pvp-stork_role_mapping.properties    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_role_mapping.properties b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_role_mapping.properties
index 91a19f272..295d381cd 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_role_mapping.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_role_mapping.properties
@@ -1,2 +1,2 @@
 viewer=CIRCABC/viewer
-CIRCABC/viewer=CIRCABC/viewer
\ No newline at end of file
+CIRCABC-viewer=CIRCABC/viewer
\ No newline at end of file
-- 
cgit v1.2.3


From 0a2bc8013cc6dc737bd653a4ec8a221d35d9538f Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 30 Oct 2014 16:46:31 +0100
Subject: update log messages

---
 .../at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java   |  3 +--
 .../moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java |  4 ++--
 .../pvp2x/builder/assertion/PVP2AssertionBuilder.java       | 13 +++++++++++++
 3 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
index a2570ed7e..063d7d8e4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
@@ -277,11 +277,10 @@ public class BPKBuilder {
             MessageDigest md = MessageDigest.getInstance("SHA-1");
             byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1"));
             String hashBase64 = Base64Utils.encode(hash);
-            Logger.debug("STORK identification defined as: " + hashBase64);
             return hashBase64;
             
         } catch (Exception ex) {
-            throw new BuildException("builder.00", new Object[]{"storkid", ex.toString()}, ex);
+            throw new BuildException("builder.00", new Object[]{"bPK/wbPK", ex.toString()}, ex);
         }
     	
     }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
index 8b6e71e6b..3d8661143 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
@@ -150,14 +150,14 @@ public class PVPAttributeBuilder {
 	}
 	
 	public static Attribute buildAttribute(String name, OAAuthParameter oaParam,
-			IAuthData authData) throws PVP2Exception {
+			IAuthData authData) throws PVP2Exception, AttributeException {
 		if (builders.containsKey(name)) {
 			try {
 				return builders.get(name).build(oaParam, authData, generator);
 			}
 			catch (AttributeException e) {
 				if (e instanceof UnavailableAttributeException) {
-					throw new UnprovideableAttributeException(((UnavailableAttributeException) e).getAttributeName());
+					throw e;
 				} else if (e instanceof InvalidDateFormatAttributeException) {
 					throw new InvalidDateFormatException();
 				} else if (e instanceof NoMandateDataAttributeException) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 3b01e91ad..7c2476b3d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -70,6 +70,8 @@ import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
@@ -251,6 +253,17 @@ public class PVP2AssertionBuilder implements PVPConstants {
 						} else {
 							attrList.add(attr);
 						}
+					
+					} catch (UnavailableAttributeException e) {
+						Logger.info(
+								"Attribute generation for "
+										+ reqAttribut.getFriendlyName() + " not possible.");
+						if (reqAttribut.isRequired()) {
+							throw new UnprovideableAttributeException(
+									reqAttribut.getName());
+						}
+						
+					
 					} catch (PVP2Exception e) {
 						Logger.error(
 								"Attribute generation failed! for "
-- 
cgit v1.2.3


From 5202dc81fd956baac83e0b6551faa455e3de0797 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 30 Oct 2014 16:48:14 +0100
Subject: fix dependency problems

---
 id/server/idserverlib/pom.xml                      |  12 ++++++++++++
 .../protocols/saml1/SAML1AuthenticationServer.java |  18 ++++++++----------
 .../at/gv/util/egovutils/2.0.0/egovutils-2.0.0.jar | Bin 3869909 -> 3879829 bytes
 3 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 32c8f5705..52e064d3f 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -75,6 +75,10 @@
 					<artifactId>axis-wsdl4j</artifactId>
 					<groupId>axis</groupId>
 				</exclusion>
+				<exclusion>
+					<artifactId>jaxb-impl</artifactId>
+					<groupId>com.sun.xml.bind</groupId>
+				</exclusion>
 			</exclusions>
 		</dependency>
 		<dependency>
@@ -115,6 +119,14 @@
                 	<artifactId>bcprov-jdk16</artifactId>
                 	<groupId>bouncycastle</groupId>
                 </exclusion>
+                <exclusion>
+                	<artifactId>jaxb-impl</artifactId>
+                	<groupId>com.sun.xml.bind</groupId>
+                </exclusion>
+                <exclusion>
+                	<artifactId>jaxb-core</artifactId>
+                	<groupId>com.sun.xml.bind</groupId>
+                </exclusion>
             </exclusions>
         </dependency>
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 7d3c72630..65e520cc3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -36,8 +36,6 @@ import javax.xml.transform.TransformerException;
 import org.w3c.dom.Element;
 import org.xml.sax.SAXException;
 
-import com.sun.xml.bind.marshaller.NamespacePrefixMapper;
-
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
@@ -235,14 +233,14 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 				Marshaller m = jc.createMarshaller();
 				m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
 				
-				m.setProperty("com.sun.xml.bind.namespacePrefixMapper", new NamespacePrefixMapper() {
-		            public String getPreferredPrefix(String arg0, String arg1, boolean arg2) {
-		            	if (Constants.PD_NS_URI.equals(arg0))
-		            		return Constants.PD_PREFIX;
-		            	else
-		            		return arg1;
-		            }
-		        });
+//				m.setProperty("com.sun.xml.bind.namespacePrefixMapper", new NamespacePrefixMapper() {
+//		            public String getPreferredPrefix(String arg0, String arg1, boolean arg2) {
+//		            	if (Constants.PD_NS_URI.equals(arg0))
+//		            		return Constants.PD_PREFIX;
+//		            	else
+//		            		return arg1;
+//		            }
+//		        });
 				
 				ByteArrayOutputStream stream = new ByteArrayOutputStream();
 				m.marshal(
diff --git a/repository/at/gv/util/egovutils/2.0.0/egovutils-2.0.0.jar b/repository/at/gv/util/egovutils/2.0.0/egovutils-2.0.0.jar
index c045d89a3..29ce1fcbf 100644
Binary files a/repository/at/gv/util/egovutils/2.0.0/egovutils-2.0.0.jar and b/repository/at/gv/util/egovutils/2.0.0/egovutils-2.0.0.jar differ
-- 
cgit v1.2.3


From e0d39d0b27baf321aa93fa6fbfc5a3f9a266e47c Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 30 Oct 2014 16:48:38 +0100
Subject: change version in handbook and mainpage

---
 id/server/auth/src/main/webapp/index.html | 2 +-
 id/server/doc/handbook/index.html         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html
index 968f211bc..391195def 100644
--- a/id/server/auth/src/main/webapp/index.html
+++ b/id/server/auth/src/main/webapp/index.html
@@ -14,7 +14,7 @@
     </tr>
   </table>
   <hr/> 
-  <p class="title">MOA-ID 2.1.1</p> 
+  <p class="title">MOA-ID 2.1.2</p> 
 <hr/>
   <h1>Inhalt</h1>
   <ol>
diff --git a/id/server/doc/handbook/index.html b/id/server/doc/handbook/index.html
index 892a82484..c3b25b390 100644
--- a/id/server/doc/handbook/index.html
+++ b/id/server/doc/handbook/index.html
@@ -15,7 +15,7 @@
   </table>
   <hr/> 
   <p class="title">MOA-ID (Identifikation) </p> 
-  <p class="subtitle">&Uuml;bersicht zur Dokumentation der Version 2.1.1 </p> 
+  <p class="subtitle">&Uuml;bersicht zur Dokumentation der Version 2.1.2 </p> 
   <hr/>
   <dl>
     <dt><a href="./intro/intro.html">Einf&uuml;hrung</a></dt>
-- 
cgit v1.2.3


From b04fbacb74bfcf4addaf16d72a819afd7161fd6f Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 31 Oct 2014 07:10:11 +0100
Subject: add .gitignore files

---
 .gitignore                                      | 5 +++++
 DocumentService/.gitignore                      | 1 +
 common/.gitignore                               | 1 +
 id/ConfigWebTool/.gitignore                     | 2 ++
 id/oa/.gitignore                                | 2 ++
 id/server/auth/.gitignore                       | 2 ++
 id/server/idserverlib/.gitignore                | 1 +
 id/server/idserverlib/bin/.gitignore            | 2 ++
 id/server/moa-id-commons/.gitignore             | 1 +
 id/server/proxy/.gitignore                      | 2 ++
 id/server/stork2-commons/.gitignore             | 1 +
 id/server/stork2-saml-engine/.gitignore         | 1 +
 spss/handbook/clients/api/.gitignore            | 2 ++
 spss/handbook/clients/referencedData/.gitignore | 2 ++
 spss/handbook/clients/webservice/.gitignore     | 2 ++
 spss/server/serverlib/.gitignore                | 1 +
 spss/server/serverws/.gitignore                 | 2 ++
 spss/server/tools/.gitignore                    | 1 +
 18 files changed, 31 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 DocumentService/.gitignore
 create mode 100644 common/.gitignore
 create mode 100644 id/ConfigWebTool/.gitignore
 create mode 100644 id/oa/.gitignore
 create mode 100644 id/server/auth/.gitignore
 create mode 100644 id/server/idserverlib/.gitignore
 create mode 100644 id/server/idserverlib/bin/.gitignore
 create mode 100644 id/server/moa-id-commons/.gitignore
 create mode 100644 id/server/proxy/.gitignore
 create mode 100644 id/server/stork2-commons/.gitignore
 create mode 100644 id/server/stork2-saml-engine/.gitignore
 create mode 100644 spss/handbook/clients/api/.gitignore
 create mode 100644 spss/handbook/clients/referencedData/.gitignore
 create mode 100644 spss/handbook/clients/webservice/.gitignore
 create mode 100644 spss/server/serverlib/.gitignore
 create mode 100644 spss/server/serverws/.gitignore
 create mode 100644 spss/server/tools/.gitignore

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 000000000..bb7e57f31
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,5 @@
+/target
+/bin
+.settings
+.project
+.classpath
\ No newline at end of file
diff --git a/DocumentService/.gitignore b/DocumentService/.gitignore
new file mode 100644
index 000000000..ea8c4bf7f
--- /dev/null
+++ b/DocumentService/.gitignore
@@ -0,0 +1 @@
+/target
diff --git a/common/.gitignore b/common/.gitignore
new file mode 100644
index 000000000..ea8c4bf7f
--- /dev/null
+++ b/common/.gitignore
@@ -0,0 +1 @@
+/target
diff --git a/id/ConfigWebTool/.gitignore b/id/ConfigWebTool/.gitignore
new file mode 100644
index 000000000..4dc009173
--- /dev/null
+++ b/id/ConfigWebTool/.gitignore
@@ -0,0 +1,2 @@
+/target
+/bin
diff --git a/id/oa/.gitignore b/id/oa/.gitignore
new file mode 100644
index 000000000..4dc009173
--- /dev/null
+++ b/id/oa/.gitignore
@@ -0,0 +1,2 @@
+/target
+/bin
diff --git a/id/server/auth/.gitignore b/id/server/auth/.gitignore
new file mode 100644
index 000000000..4dc009173
--- /dev/null
+++ b/id/server/auth/.gitignore
@@ -0,0 +1,2 @@
+/target
+/bin
diff --git a/id/server/idserverlib/.gitignore b/id/server/idserverlib/.gitignore
new file mode 100644
index 000000000..ea8c4bf7f
--- /dev/null
+++ b/id/server/idserverlib/.gitignore
@@ -0,0 +1 @@
+/target
diff --git a/id/server/idserverlib/bin/.gitignore b/id/server/idserverlib/bin/.gitignore
new file mode 100644
index 000000000..e2c1dc811
--- /dev/null
+++ b/id/server/idserverlib/bin/.gitignore
@@ -0,0 +1,2 @@
+/src
+/src
diff --git a/id/server/moa-id-commons/.gitignore b/id/server/moa-id-commons/.gitignore
new file mode 100644
index 000000000..ea8c4bf7f
--- /dev/null
+++ b/id/server/moa-id-commons/.gitignore
@@ -0,0 +1 @@
+/target
diff --git a/id/server/proxy/.gitignore b/id/server/proxy/.gitignore
new file mode 100644
index 000000000..4dc009173
--- /dev/null
+++ b/id/server/proxy/.gitignore
@@ -0,0 +1,2 @@
+/target
+/bin
diff --git a/id/server/stork2-commons/.gitignore b/id/server/stork2-commons/.gitignore
new file mode 100644
index 000000000..ea8c4bf7f
--- /dev/null
+++ b/id/server/stork2-commons/.gitignore
@@ -0,0 +1 @@
+/target
diff --git a/id/server/stork2-saml-engine/.gitignore b/id/server/stork2-saml-engine/.gitignore
new file mode 100644
index 000000000..ea8c4bf7f
--- /dev/null
+++ b/id/server/stork2-saml-engine/.gitignore
@@ -0,0 +1 @@
+/target
diff --git a/spss/handbook/clients/api/.gitignore b/spss/handbook/clients/api/.gitignore
new file mode 100644
index 000000000..934e0e06f
--- /dev/null
+++ b/spss/handbook/clients/api/.gitignore
@@ -0,0 +1,2 @@
+/bin
+/target
diff --git a/spss/handbook/clients/referencedData/.gitignore b/spss/handbook/clients/referencedData/.gitignore
new file mode 100644
index 000000000..934e0e06f
--- /dev/null
+++ b/spss/handbook/clients/referencedData/.gitignore
@@ -0,0 +1,2 @@
+/bin
+/target
diff --git a/spss/handbook/clients/webservice/.gitignore b/spss/handbook/clients/webservice/.gitignore
new file mode 100644
index 000000000..934e0e06f
--- /dev/null
+++ b/spss/handbook/clients/webservice/.gitignore
@@ -0,0 +1,2 @@
+/bin
+/target
diff --git a/spss/server/serverlib/.gitignore b/spss/server/serverlib/.gitignore
new file mode 100644
index 000000000..ea8c4bf7f
--- /dev/null
+++ b/spss/server/serverlib/.gitignore
@@ -0,0 +1 @@
+/target
diff --git a/spss/server/serverws/.gitignore b/spss/server/serverws/.gitignore
new file mode 100644
index 000000000..4dc009173
--- /dev/null
+++ b/spss/server/serverws/.gitignore
@@ -0,0 +1,2 @@
+/target
+/bin
diff --git a/spss/server/tools/.gitignore b/spss/server/tools/.gitignore
new file mode 100644
index 000000000..ea8c4bf7f
--- /dev/null
+++ b/spss/server/tools/.gitignore
@@ -0,0 +1 @@
+/target
-- 
cgit v1.2.3


From bf13ac04e47f615ac0de207ee991c241d310419d Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 31 Oct 2014 08:56:43 +0100
Subject: add SZR Client configuration to handbook and default config

---
 .../data/deploy/conf/moa-id/moa-id.properties      |  28 +++++
 id/server/doc/handbook/config/config.html          | 124 +++++++++++++++++++++
 2 files changed, 152 insertions(+)

diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties
index 4290b1985..9d1e931e9 100644
--- a/id/server/data/deploy/conf/moa-id/moa-id.properties
+++ b/id/server/data/deploy/conf/moa-id/moa-id.properties
@@ -125,3 +125,31 @@ advancedlogging.hibernate.c3p0.timeout=300
 advancedlogging.hibernate.c3p0.max_size=20
 advancedlogging.hibernate.c3p0.max_statements=0
 advancedlogging.hibernate.c3p0.min_size=3
+
+
+################SZR Client configuration####################################
+##  The SZR client is only required if MOA-ID-Auth should be 
+##  use as STORK <-> PVP Gateway. 
+########
+service.egovutil.szr.test=true
+service.egovutil.szr.test.url=https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services-T/services/SZR
+service.egovutil.szr.prod.url=https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services/services/SZR
+service.egovutil.szr.token.version=1.8
+service.egovutil.szr.token.participantid=
+service.egovutil.szr.token.gvoudomain=
+service.egovutil.szr.token.userid=
+service.egovutil.szr.token.cn=
+service.egovutil.szr.token.gvouid=
+service.egovutil.szr.token.ou=
+service.egovutil.szr.token.gvsecclass=
+service.egovutil.szr.token.gvfunction=
+service.egovutil.szr.token.gvgid=
+service.egovutil.szr.roles=
+service.egovutil.szr.ssl.keystore.file=
+service.egovutil.szr.ssl.keystore.password=
+service.egovutil.szr.ssl.keystore.type=
+service.egovutil.szr.ssl.truststore.file=
+service.egovutil.szr.ssl.truststore.password=
+service.egovutil.szr.ssl.truststore.type=
+service.egovutil.szr.ssl.trustall=false
+service.egovutil.szr.ssl.laxhostnameverification=false    
\ No newline at end of file
diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html
index 2d2709bcc..9b4190035 100644
--- a/id/server/doc/handbook/config/config.html
+++ b/id/server/doc/handbook/config/config.html
@@ -74,6 +74,7 @@
   </ol>
     </li>
   <li>  <a href="#basisconfig_moa_id_auth_param_testing">Testing</a></li>
+  <li><a href="#basisconfig_moa_id_auth_szrclient">SZR Client f&uuml;r STORK &lt;-&gt; PVP Gateway Betrieb</a></li>
 </ol>
 </li>
           </ol>
@@ -904,7 +905,130 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
       <p><strong>Defaultwert:</strong> true</p></td>
     </tr>
   </table>
+  <h4><a name="basisconfig_moa_id_auth_szrclient" id="uebersicht_bekanntmachung16"></a>2.2.2.6 SZR Client f&uuml;r STORK &lt;-&gt; PVP Gateway Betrieb</h4>
+  <p>Die Konfiguration des Stammzahlenregister (SZR) Clients ist nur erforderlich wenn das Modul MOA-ID-Auth als STORK &lt;-&gt; PVP Gateway betrieben wird. Da in diesem Fall die Benutzerin oder der Benutzer &uuml;ber ein PVP Stammportal authentifiziert wird ist eine direkte Generierung der STORK eID w&auml;hrend des Anmeldevorgangs nicht m&ouml;glich. Somit erfolgt f&uuml;r diese Personen einen Stammzahlenregisterabfrage zur Bestimmung der STORK eID.</p>
+  <p>F&uuml;r den in MOA-ID-Auth verwendeten SZR Client sind folgende Konfigurationsparameter erforderlich.</p>
+  <table width="1247" border="1">
+    <tr>
+      <th width="281" scope="col">Name</th>
+      <th width="261" scope="col">Beispielwert</th>
+      <th width="683" scope="col">Beschreibung</th>
+    </tr>
+    <tr>
+      <td>service.egovutil.szr.test</td>
+      <td>false</td>
+      <td>Definiert ob das Produktivsystem oder das Testsystem des SZR Webservice verwendet werden soll</td>
+    </tr>
+    <tr>
+      <td>service.egovutil.szr.test.url</td>
+      <td>&nbsp;</td>
+      <td>URL auf das Test SZR Webservice</td>
+    </tr>
+    <tr>
+      <td>service.egovutil.szr.prod.url</td>
+      <td>&nbsp;</td>
+      <td>URL auf das produktive SZR Webservice</td>
+    </tr>
+    <tr>
+      <td>service.egovutil.szr.token.version</td>
+      <td>1.8</td>
+      <td><p>Verwendete PVP Version</p>
+      <p><strong>Hinweis: </strong>der Client implementiert die PVP Version 1.8</p></td>
+    </tr>
+    <tr>
+      <td>service.egovutil.szr.token.participantid</td>
+      <td>&nbsp;</td>
+      <td>Org-ID des Portalverbund-Teilnehmers bei dem der Benutzer registriert ist.</td>
+    </tr>
+    <tr>
+      <td>service.egovutil.szr.token.gvoudomain</td>
+      <td>&nbsp;</td>
+      <td>Organisations-Dom&auml;ne des Benutzers</td>
+    </tr>
+    <tr>
+      <td>service.egovutil.szr.token.userid</td>
+      <td>&nbsp;</td>
+      <td>UserID, mit dem der Benutzer am Stammportal authentifiziert ist</td>
+    </tr>
+    <tr>
+      <td>service.egovutil.szr.token.cn</td>
+      <td>&nbsp;</td>
+      <td>Name des Benutzers oder des System-Principals in der Form Anwendung.Subsystem</td>
+    </tr>
+    <tr>
+      <td>service.egovutil.szr.token.gvouid</td>
+      <td>&nbsp;</td>
+      <td>Stammdienststelle: Eindeutige Kennung f&uuml;r die Organisation des Benutzers</td>
+    </tr>
+    <tr>
+      <td>service.egovutil.szr.token.ou</td>
+      <td>&nbsp;</td>
+      <td>Stammdienststelle: Verwaltungskennzeichen der mit gvouid bezeichneten Organisation</td>
+    </tr>
+    <tr>
+      <td>service.egovutil.szr.token.gvsecclass</td>
+      <td>&nbsp;</td>
+      <td>Sicherheitsklasse</td>
+    </tr>
+    <tr>
+      <td>service.egovutil.szr.token.gvfunction</td>
+      <td>&nbsp;</td>
+      <td>Entspricht Funktion in gvPersonenFunktion.</td>
+    </tr>
+    <tr>
+      <td>service.egovutil.szr.token.gvgid</td>
+      <td>&nbsp;</td>
+      <td>Globaler Identifier des Benutzers</td>
+    </tr>
+    <tr>
+      <td>service.egovutil.szr.roles</td>
+      <td>szr-bpk-abfrage,szr-stammzahl-abfrage</td>
+      <td><p>PVP Rolle f&uuml;r den Zugriff auf das SZR</p>
+      <p>Hinweis: mehrere Rollen werden mittels ',' getrennt. </p></td>
+    </tr>
+    <tr>
+      <td>service.egovutil.szr.ssl.keystore.file</td>
+      <td>keys/szr-key.p12</td>
+      <td>Dateiname des Java Keystore oder PKCS12 Keystore zur Authentifizierung mittels Client Zertifikat am SZR Webservice.</td>
+    </tr>
+    <tr>
+      <td>service.egovutil.szr.ssl.keystore.password</td>
+      <td>password</td>
+      <td>Passwort f&uuml;r den Keystore mit dem Client Zertifikat</td>
+    </tr>
+    <tr>
+      <td>service.egovutil.szr.ssl.keystore.type</td>
+      <td>PKCS12</td>
+      <td>Typ des Keystore mit dem Client Zertifikat (PKCS12 oder JKS)</td>
+    </tr>
+    <tr>
+      <td>service.egovutil.szr.ssl.truststore.file</td>
+      <td>keys/truststore.jks</td>
+      <td>Dateiname des Truststores zur Validierung von SSL Servicerzertifikaten</td>
+    </tr>
+    <tr>
+      <td>service.egovutil.szr.ssl.truststore.password</td>
+      <td>password</td>
+      <td>Passwort f&uuml;r den Truststore</td>
+    </tr>
+    <tr>
+      <td>service.egovutil.szr.ssl.truststore.type</td>
+      <td>JKS</td>
+      <td>Typ des TrustStore (PKCS12 oder JKS)</td>
+    </tr>
+    <tr>
+      <td>service.egovutil.szr.ssl.trustall</td>
+      <td>false</td>
+      <td>Deaktiviert die SSL Serverzertifikatsvalidierung</td>
+    </tr>
+    <tr>
+      <td>service.egovutil.szr.ssl.laxhostnameverification</td>
+      <td>false</td>
+      <td>Deaktiviert die Validierung des Hostname mit dem SSL Serverzertifikat</td>
+    </tr>
+  </table>
   <p>&nbsp;</p>
+  <p><strong>Hinweis:</strong> Detaillierte Informationen zu den einzelnen PVP spezifischen Konfigurationsparametern finden Sie in der entsprechenden PVP Spezifikation.</p>
 <h2><a name="uebersicht_logging" id="uebersicht_logging"></a>2.3 Konfiguration des Loggings</h2>
   <p>Die Module MOA-ID-Auth und MOA-ID-Configuration verwendet als Framework f&uuml;r Logging-Information die Open Source Software <code>log4j</code>. Die Konfiguration der Logging-Information erfolgt  nicht direkt durch die einzelnen Module, sondern &uuml;ber eine eigene Konfigurationsdatei, die der <span class="term">Java Virtual Machine</span> durch eine <span class="term">System Property </span>  mitgeteilt wird. Der Name der <span class="term">System Property </span>  lautet <code>log4j.configuration</code>; als Wert der <span class="term">System Property </span>  ist eine URL anzugeben, die auf die <code>log4j</code>-Konfigurationsdatei verweist, z.B.  </p>
 <pre>log4j.configuration=file:/C:/Programme/apache/tomcat-4.1.30/conf/moa-id/log4j.properties</pre>
-- 
cgit v1.2.3


From a3f530aa7637f3be6c67653f63fbedb4d6bd16d3 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 31 Oct 2014 09:42:48 +0100
Subject: add depentency jaxrpc-impl for MOA-SPSS API calls

---
 id/server/idserverlib/pom.xml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 52e064d3f..65004490b 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -135,6 +135,14 @@
     		<artifactId>jaxb-api</artifactId>
 		</dependency>
 		
+		<!-- Required for MOA-SPSS API access -->
+		<dependency>
+			<groupId>com.sun.xml.rpc</groupId>
+			<artifactId>jaxrpc-impl</artifactId>
+			<version>1.1.3_01</version>
+		</dependency>
+		
+		
 		<dependency>
 			<groupId>javax.mail</groupId>
 			<artifactId>mail</artifactId>
@@ -382,6 +390,10 @@
 					<artifactId>bcprov-jdk16</artifactId>
 					<groupId>org.bouncycastle</groupId>
 				</exclusion>
+				<exclusion>
+					<artifactId>jaxws-tools</artifactId>
+					<groupId>com.sun.xml.ws</groupId>
+				</exclusion>
 			</exclusions>
 		</dependency>
 	</dependencies>
-- 
cgit v1.2.3


From 1d17cc2cb30c5ad9f419b7d619805e3823283acc Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 31 Oct 2014 10:23:40 +0100
Subject: fix STORK DateFormat

---
 .../main/java/at/gv/egovernment/moa/util/DateTimeUtils.java   |  1 +
 .../moa/id/protocols/stork2/MOAAttributeProvider.java         | 11 +++++++++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java
index dbc9faba6..a2e0965d4 100644
--- a/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java
+++ b/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java
@@ -491,6 +491,7 @@ public class DateTimeUtils {
 			fmt = DateTimeFormat.forPattern("yyyyMMdd");
 			break;
 		default:
+			fmt = DateTimeFormat.forPattern("yyyy-MM-dd");
 			break;
 		}	
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
index 021eaee37..88c0e3245 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
@@ -36,12 +36,17 @@ import eu.stork.peps.auth.commons.STORKStatusCode;
 
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import org.joda.time.format.DateTimeFormat;
+import org.joda.time.format.DateTimeFormatter;
+
 import javassist.expr.Instanceof;
 
 /**
@@ -132,9 +137,11 @@ public class MOAAttributeProvider {
     }
 
     private String getFormatedDateOfBirth() {
-    	if (authData.getDateOfBirth() != null)
-    		return authData.getFormatedDateOfBirth();
+		if (authData.getDateOfBirth() != null) {
+			DateFormat fmt = new SimpleDateFormat("yyyyMMdd");
+    		return  fmt.format(authData.getDateOfBirth());
     		
+		}
    		else
    			return null;
     	
-- 
cgit v1.2.3


From a12bbb135540bd2b62e4a8d6f4614dd1dbe5ea12 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 31 Oct 2014 10:36:06 +0100
Subject: change PVP attribute provider logging

---
 .../id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 7c2476b3d..b301b6e5e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -265,9 +265,9 @@ public class PVP2AssertionBuilder implements PVPConstants {
 						
 					
 					} catch (PVP2Exception e) {
-						Logger.error(
+						Logger.warn(
 								"Attribute generation failed! for "
-										+ reqAttribut.getFriendlyName(), e);
+										+ reqAttribut.getFriendlyName());
 						if (reqAttribut.isRequired()) {
 							throw new UnprovideableAttributeException(
 									reqAttribut.getName());
-- 
cgit v1.2.3


From d624a3ec33b8e3a4e80aa64f05caa8df5d1fcb42 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 31 Oct 2014 11:11:29 +0100
Subject: fix MOA-IDP stored twince

---
 .../moa/id/configuration/struts/action/BasicOAAction.java    | 12 +++++++-----
 .../moa/id/configuration/struts/action/EditOAAction.java     |  2 +-
 .../struts/action/InterfederationIDPAction.java              |  2 +-
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
index 415e1c957..5a9787069 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
@@ -142,7 +142,7 @@ public class BasicOAAction extends BasicAction {
         session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, null);
     }
     
-    protected OnlineApplication postProcessSaveOnlineApplication(OnlineApplication onlineapplication ) throws BasicOAActionException {
+    protected OnlineApplication postProcessSaveOnlineApplication(OnlineApplication onlineapplication, boolean persistOA) throws BasicOAActionException {
     	 if (onlineapplication == null) {
              onlineapplication = new OnlineApplication();
              onlineapplication.setIsNew(true);
@@ -186,7 +186,7 @@ public class BasicOAAction extends BasicAction {
          }
 
          //save OA configuration
-         String error = saveOAConfigToDatabase(onlineapplication);
+         String error = saveOAConfigToDatabase(onlineapplication, persistOA);
          if (MiscUtil.isNotEmpty(error)) {
              log.warn("OA configuration can not be stored!");
              addActionError(error);
@@ -395,7 +395,7 @@ public class BasicOAAction extends BasicAction {
     	}
     }
     
-    private String saveOAConfigToDatabase(OnlineApplication dboa) {
+    private String saveOAConfigToDatabase(OnlineApplication dboa, boolean persistOA) {
     	
     	for (IOnlineApplicationData form : formList.values())
     		form.store(dboa, authUser, request);
@@ -412,12 +412,14 @@ public class BasicOAAction extends BasicAction {
                     ConfigurationDBUtils.saveOrUpdate(user);
                     
                 } else {
-                	ConfigurationDBUtils.save(dboa);
+                	if (persistOA)
+                		ConfigurationDBUtils.save(dboa);
                 	
                 }
                 
             } else
-                ConfigurationDBUtils.saveOrUpdate(dboa);
+            	if (persistOA)
+            		ConfigurationDBUtils.saveOrUpdate(dboa);
 
         } catch (MOADatabaseException e) {
             log.warn("Online-Application can not be stored.", e);
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
index 4cd556b75..1da948eec 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
@@ -217,7 +217,7 @@ public class EditOAAction extends BasicOAAction {
 	
 			} else {
 				try {
-					onlineapplication = postProcessSaveOnlineApplication(onlineapplication);
+					onlineapplication = postProcessSaveOnlineApplication(onlineapplication, true);
 	
 				} catch (BasicOAActionException e) {
 					addActionError(e.getStrutsError());
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
index 89dce3200..b92b17217 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
@@ -265,7 +265,7 @@ public class InterfederationIDPAction extends BasicOAAction {
 	            return Constants.STRUTS_ERROR_VALIDATION;
 
 	        } else {	        		        	
-				onlineapplication = postProcessSaveOnlineApplication(onlineapplication);
+				onlineapplication = postProcessSaveOnlineApplication(onlineapplication, false);
 				
 	        	//set default Target interfederated nameID caluclation
 				if (getPvp2OA() != null) {
-- 
cgit v1.2.3


From b42d6aae70054772610da6b2d8d11d3377bed340 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 31 Oct 2014 12:10:53 +0100
Subject: fix problem with MOA-IDP database updates

---
 .../moa/id/configuration/struts/action/InterfederationIDPAction.java | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
index b92b17217..eead280be 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
@@ -263,9 +263,10 @@ public class InterfederationIDPAction extends BasicOAAction {
 	            formID = Random.nextRandom();
 	            session.setAttribute(Constants.SESSION_FORMID, formID);
 	            return Constants.STRUTS_ERROR_VALIDATION;
-
+	            
 	        } else {	        		        	
-				onlineapplication = postProcessSaveOnlineApplication(onlineapplication, false);
+				onlineapplication = postProcessSaveOnlineApplication(onlineapplication, 
+						!(this instanceof MOAIDPAction));
 				
 	        	//set default Target interfederated nameID caluclation
 				if (getPvp2OA() != null) {
-- 
cgit v1.2.3


From 13de12ab236a552e40a5b429d584d1e928d98fea Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 31 Oct 2014 12:49:46 +0100
Subject: exclude log4j-over-slf4j

---
 id/oa/pom.xml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/id/oa/pom.xml b/id/oa/pom.xml
index d5b3de522..93993c8a4 100644
--- a/id/oa/pom.xml
+++ b/id/oa/pom.xml
@@ -79,10 +79,22 @@
 			<dependency>
   			<groupId>org.opensaml</groupId>
   			<artifactId>opensaml</artifactId>
+  			<exclusions>
+  				<exclusion>
+						<groupId>org.slf4j</groupId>
+						<artifactId>log4j-over-slf4j</artifactId>
+					</exclusion>
+  			</exclusions>
   			</dependency>  		
 			<dependency>
 				<groupId>org.opensaml</groupId>
 				<artifactId>xmltooling</artifactId>
+  			<exclusions>
+  				<exclusion>
+						<groupId>org.slf4j</groupId>
+						<artifactId>log4j-over-slf4j</artifactId>
+					</exclusion>
+  			</exclusions>				
 				</dependency>
         <dependency>
             <groupId>javax.servlet</groupId>
-- 
cgit v1.2.3


From c669d1660fc96dd797929daeb23ec5dd9c44ee3c Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 31 Oct 2014 13:01:56 +0100
Subject: remove debug code

---
 .../at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
index 88c0e3245..5dcff3707 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
@@ -121,7 +121,7 @@ public class MOAAttributeProvider {
     private List<String> getECApplicationRole() {    	
     	List<String> storkRoles = null;
     	    	
-    	if (true || authData.getAuthenticationRoles() != null 
+    	if (authData.getAuthenticationRoles() != null 
     			&& authData.getAuthenticationRoles().size() > 0) {
 
     		storkRoles = new ArrayList<String>();
-- 
cgit v1.2.3


From 2886006ba2ca141377e66a330df5fc52797c2755 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 31 Oct 2014 13:56:47 +0100
Subject: fix STORK dateOfBirth attribute

---
 .../at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
index 5dcff3707..aaded0ce6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
@@ -70,7 +70,7 @@ public class MOAAttributeProvider {
         Map<String, String> tempFunctionMap = new HashMap<String, String>();
         tempFunctionMap.put("eIdentifier", "geteIdentifier");
         tempFunctionMap.put("ECApplicationRole","getECApplicationRole");
-        tempSimpleMap.put("dateOfBirth", "getFormatedDateOfBirth");
+        tempFunctionMap.put("dateOfBirth", "getFormatedDateOfBirth");
         storkAttributeFunctionMapping = Collections.unmodifiableMap(tempFunctionMap);
     }
 
-- 
cgit v1.2.3