From 2e54605e4b6b828137ae92ac91564b833bdb8a14 Mon Sep 17 00:00:00 2001
From: kstranacher_eGovL
 <kstranacher_eGovL@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Thu, 3 Jan 2013 15:19:51 +0000
Subject: =?UTF-8?q?Updates=20f=C3=BCr=20bPK=20Berechnung=20Organwalter?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1305 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 spss/server/.settings/org.eclipse.jdt.core.prefs |   8 +-
 spss/server/serverws/.classpath                  | 148 ++++++++++++++++++-----
 spss/server/serverws/.project                    |  85 ++++++++-----
 3 files changed, 177 insertions(+), 64 deletions(-)

(limited to 'spss/server')

diff --git a/spss/server/.settings/org.eclipse.jdt.core.prefs b/spss/server/.settings/org.eclipse.jdt.core.prefs
index 02fbf27fb..638b39a15 100644
--- a/spss/server/.settings/org.eclipse.jdt.core.prefs
+++ b/spss/server/.settings/org.eclipse.jdt.core.prefs
@@ -1,5 +1,7 @@
-#Tue Jul 07 16:07:22 CEST 2009
+#Thu Jan 03 11:06:02 CET 2013
 eclipse.preferences.version=1
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.2
 org.eclipse.jdt.core.compiler.compliance=1.4
-org.eclipse.jdt.core.compiler.source=1.4
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=warning
+org.eclipse.jdt.core.compiler.problem.enumIdentifier=warning
+org.eclipse.jdt.core.compiler.source=1.3
diff --git a/spss/server/serverws/.classpath b/spss/server/serverws/.classpath
index a734c5415..330efc0e1 100644
--- a/spss/server/serverws/.classpath
+++ b/spss/server/serverws/.classpath
@@ -1,30 +1,122 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <classpath>
-  <classpathentry kind="output" path="target/classes"/>
-  <classpathentry kind="var" path="M2_REPO/javax/activation/activation/1.1/activation-1.1.jar"/>
-  <classpathentry kind="var" path="M2_REPO/javax/mail/mail/1.4/mail-1.4.jar"/>
-  <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
-  <classpathentry kind="src" path="/moa-spss-lib"/>
-  <classpathentry kind="var" path="M2_REPO/axis/axis/1.0_IAIK/axis-1.0_IAIK.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/apache/axis/axis-jaxrpc/1.4/axis-jaxrpc-1.4.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/apache/axis/axis-saaj/1.4/axis-saaj-1.4.jar"/>
-  <classpathentry kind="var" path="M2_REPO/axis/axis-wsdl4j/1.5.1/axis-wsdl4j-1.5.1.jar"/>
-  <classpathentry kind="var" path="M2_REPO/commons-discovery/commons-discovery/0.2/commons-discovery-0.2.jar"/>
-  <classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar"/>
-  <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
-  <classpathentry kind="var" path="M2_REPO/postgresql/postgresql/7.2/postgresql-7.2.jar"/>
-  <classpathentry kind="var" path="M2_REPO/xalan-bin-dist/xalan/2.7.0/xalan-2.7.0.jar"/>
-  <classpathentry kind="var" path="M2_REPO/xerces/xercesImpl/2.7.1/xercesImpl-2.7.1.jar"/>
-  <classpathentry kind="var" path="M2_REPO/xalan-bin-dist/xml-apis/2.7.0/xml-apis-2.7.0.jar"/>
-  <classpathentry kind="var" path="M2_REPO/xalan-bin-dist/serializer/2.7.0/serializer-2.7.0.jar"/>
-  <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar"/>
-  <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_ixsil/1.2.2.5/iaik_ixsil-1.2.2.5.jar"/>
-  <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.jar"/>
-  <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_ecc/2.19/iaik_ecc-2.19.jar"/>
-  <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.jar"/>
-  <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_Pkcs11Provider/1.2.4/iaik_Pkcs11Provider-1.2.4.jar"/>
-  <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_Pkcs11Wrapper/1.2.17/iaik_Pkcs11Wrapper-1.2.17.jar"/>
-  <classpathentry kind="src" path="/moa-common"/>
-  <classpathentry kind="var" path="M2_REPO/jaxen/jaxen/1.0-FCS/jaxen-1.0-FCS.jar"/>
-  <classpathentry kind="var" path="M2_REPO/saxpath/saxpath/1.0-FCS/saxpath-1.0-FCS.jar"/>
-</classpath>
\ No newline at end of file
+	<classpathentry kind="var" path="M2_REPO/javax/activation/activation/1.1/activation-1.1.jar">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="var" path="M2_REPO/javax/mail/mail/1.4/mail-1.4.jar">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
+	<classpathentry kind="src" path="/moa-spss-lib"/>
+	<classpathentry kind="var" path="M2_REPO/axis/axis/1.0_IAIK/axis-1.0_IAIK.jar">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="var" path="M2_REPO/org/apache/axis/axis-jaxrpc/1.4/axis-jaxrpc-1.4.jar">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="var" path="M2_REPO/org/apache/axis/axis-saaj/1.4/axis-saaj-1.4.jar">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="var" path="M2_REPO/axis/axis-wsdl4j/1.5.1/axis-wsdl4j-1.5.1.jar">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="var" path="M2_REPO/commons-discovery/commons-discovery/0.2/commons-discovery-0.2.jar">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="var" path="M2_REPO/postgresql/postgresql/7.2/postgresql-7.2.jar">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="var" path="M2_REPO/xalan-bin-dist/xalan/2.7.0/xalan-2.7.0.jar">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="var" path="M2_REPO/xerces/xercesImpl/2.7.1/xercesImpl-2.7.1.jar">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="var" path="M2_REPO/xalan-bin-dist/xml-apis/2.7.0/xml-apis-2.7.0.jar">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="var" path="M2_REPO/xalan-bin-dist/serializer/2.7.0/serializer-2.7.0.jar">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_ixsil/1.2.2.5/iaik_ixsil-1.2.2.5.jar">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.jar">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_ecc/2.19/iaik_ecc-2.19.jar">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.jar">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_Pkcs11Provider/1.2.4/iaik_Pkcs11Provider-1.2.4.jar">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_Pkcs11Wrapper/1.2.17/iaik_Pkcs11Wrapper-1.2.17.jar">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="src" path="/moa-common"/>
+	<classpathentry kind="var" path="M2_REPO/jaxen/jaxen/1.0-FCS/jaxen-1.0-FCS.jar">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="var" path="M2_REPO/saxpath/saxpath/1.0-FCS/saxpath-1.0-FCS.jar">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/spss/server/serverws/.project b/spss/server/serverws/.project
index dd934fd1a..ddf2e7061 100644
--- a/spss/server/serverws/.project
+++ b/spss/server/serverws/.project
@@ -1,35 +1,54 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <projectDescription>
-  <name>moa-spss-ws</name>
-  <comment>NO_M2ECLIPSE_SUPPORT: Project files created with the maven-eclipse-plugin are not supported in M2Eclipse.</comment>
-  <projects>
-    <project>moa-spss-lib</project>
-    <project>moa-common</project>
-  </projects>
-  <buildSpec>
-    <buildCommand>
-      <name>org.eclipse.jdt.core.javabuilder</name>
-    </buildCommand>
-    <buildCommand>
-      <name>org.eclipse.wst.common.project.facet.core.builder</name>
-    </buildCommand>
-    <buildCommand>
-      <name>org.eclipse.wst.validation.validationbuilder</name>
-    </buildCommand>
-    <buildCommand>
-      <name>org.eclipse.m2e.core.maven2Builder</name>
-    </buildCommand>
-    <buildCommand>
-      <name>org.maven.ide.eclipse.maven2Builder</name>
-    </buildCommand>
-  </buildSpec>
-  <natures>
-    <nature>org.eclipse.m2e.core.maven2Nature</nature>
-    <nature>org.eclipse.jdt.core.javanature</nature>
-    <nature>org.maven.ide.eclipse.maven2Nature</nature>
-    <nature>org.eclipse.wst.common.project.facet.core.nature</nature>
-    <nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
-    <nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
-    <nature>org.eclipse.wst.jsdt.core.jsNature</nature>
-  </natures>
-</projectDescription>
\ No newline at end of file
+	<name>moa-spss-ws</name>
+	<comment>NO_M2ECLIPSE_SUPPORT: Project files created with the maven-eclipse-plugin are not supported in M2Eclipse.</comment>
+	<projects>
+		<project>moa-spss-lib</project>
+		<project>moa-common</project>
+		<project>moa-spss-tools</project>
+		<project>MOA</project>
+		<project>TestTimerTask</project>
+		<project>moa-spss-handbook-apiClient</project>
+		<project>stork-saml-engine</project>
+		<project>moa-spss</project>
+		<project>spss</project>
+		<project>moa-spss-handbook-webserviceClient</project>
+		<project>moa-id-lib</project>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.wst.common.project.facet.core.builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.wst.validation.validationbuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.m2e.core.maven2Builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.maven.ide.eclipse.maven2Builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.m2e.core.maven2Nature</nature>
+		<nature>org.eclipse.jdt.core.javanature</nature>
+		<nature>org.maven.ide.eclipse.maven2Nature</nature>
+		<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
+		<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
+		<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
+		<nature>org.eclipse.wst.jsdt.core.jsNature</nature>
+	</natures>
+</projectDescription>
-- 
cgit v1.2.3


From 1ad814ccbbe4f65f430ac738104e3f3c8256c229 Mon Sep 17 00:00:00 2001
From: Klaus Stranacher <kstranacher@iaik.tugraz.at>
Date: Tue, 16 Apr 2013 14:44:08 +0200
Subject: Update digest algorithm, XAdES version, whitelisting

---
 .../.settings/org.eclipse.wst.common.component     |   6 +-
 .../server/config/ConfigurationPartsBuilder.java   | 103 +++++++++++++-
 .../spss/server/config/ConfigurationProvider.java  |  35 ++++-
 .../moa/spss/server/config/KeyGroup.java           |  16 ++-
 .../xmlsign/XMLSignatureCreationProfileImpl.java   | 156 +++++++++++++++++----
 .../invoke/XMLSignatureCreationProfileFactory.java |  89 ++++++++++--
 .../moa/spss/util/ExternalURIVerifier.java         |  45 +++++-
 .../properties/spss_messages_de.properties         |   6 +-
 spss/server/serverws/.classpath                    | 115 ++-------------
 spss/server/serverws/.project                      |  13 +-
 .../serverws/.settings/org.eclipse.jdt.core.prefs  |  14 +-
 .../.settings/org.eclipse.wst.common.component     |  12 +-
 .../org.eclipse.wst.common.project.facet.core.xml  |   4 +-
 spss/server/tools/.project                         |   6 +-
 14 files changed, 427 insertions(+), 193 deletions(-)

(limited to 'spss/server')

diff --git a/spss/server/serverlib/.settings/org.eclipse.wst.common.component b/spss/server/serverlib/.settings/org.eclipse.wst.common.component
index feb12899a..ee24ef8ba 100644
--- a/spss/server/serverlib/.settings/org.eclipse.wst.common.component
+++ b/spss/server/serverlib/.settings/org.eclipse.wst.common.component
@@ -1,10 +1,6 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project-modules id="moduleCoreId" project-version="1.5.0">
+<?xml version="1.0" encoding="UTF-8"?><project-modules id="moduleCoreId" project-version="1.5.0">
   <wb-module deploy-name="moa-spss-lib">
     <wb-resource deploy-path="/" source-path="src/main/java"/>
     <wb-resource deploy-path="/" source-path="src/main/resources"/>
-        <wb-resource deploy-path="/" source-path="/src/test/java"/>
-        <wb-resource deploy-path="/" source-path="/src/main/java"/>
-        <wb-resource deploy-path="/" source-path="/src/main/resources"/>
   </wb-module>
 </project-modules>
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 09f496c74..e335139aa 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -101,6 +101,10 @@ public class ConfigurationPartsBuilder {
     ROOT + CONF + "SignatureCreation/" 
     + CONF + "XMLDSig/" 
     + CONF + "DigestMethodAlgorithm";
+  private static final String XADES_VERSION_XPATH =
+		    ROOT + CONF + "SignatureCreation/" 
+		    + CONF + "XAdES/" 
+		    + CONF + "Version";
   private static final String C14N_ALGORITHM_XPATH =
     ROOT + CONF + "SignatureCreation/" 
     + CONF + "XMLDSig/" 
@@ -115,6 +119,13 @@ public class ConfigurationPartsBuilder {
 	    ROOT + CONF + "Common/"
 	    + CONF + "PermitExternalUris/"
 	    + CONF + "BlackListUri";
+  private static final String FORBID_EXTERNAL_URIS_XPATH =
+		    ROOT + CONF + "Common/"
+		    + CONF + "ForbidExternalUris";
+  private static final String WHITE_LIST_URIS_XPATH =
+		    ROOT + CONF + "Common/"
+		    + CONF + "ForbidExternalUris/"
+		    + CONF + "WhiteListUri";
   
   private static final String HARDWARE_KEY_XPATH =
     ROOT + CONF + "SignatureCreation/" 
@@ -263,15 +274,19 @@ public class ConfigurationPartsBuilder {
 
   /** The accepted digest method algorithm URIs, as an array */
   private static final String[] ACCEPTED_DIGEST_ALGORITHMS_ARRAY =
-    { Constants.SHA1_URI };
+    { Constants.SHA1_URI,
+	  Constants.SHA256_URI,
+	  Constants.SHA384_URI,
+	  Constants.SHA512_URI};
 
   /** The accepted digest method algorithm URIs, as a Set */
   private static final Set ACCEPTED_DIGEST_ALGORITHMS =
     new HashSet(Arrays.asList(ACCEPTED_DIGEST_ALGORITHMS_ARRAY));
-
+  
+  
   /** Default digest algorithm URI, if none/illegal has been configured */
   private static final String DIGEST_ALGORITHM_DEFAULT = Constants.SHA1_URI;
-
+  
   /** The root element of the MOA configuration */
   private Element configElem;
   
@@ -333,7 +348,7 @@ public class ConfigurationPartsBuilder {
   public String getDigestMethodAlgorithmName() 
   {
     String digestMethod = getElementValue(getConfigElem(), DIGEST_METHOD_XPATH, null);
-
+    
     if (digestMethod == null || !ACCEPTED_DIGEST_ALGORITHMS.contains(digestMethod))
     {
       info(
@@ -344,7 +359,20 @@ public class ConfigurationPartsBuilder {
 
     return digestMethod;
   }
-
+  
+  /**
+   * Returns the digest method algorithm name.
+   * 
+   * @return The digest method algorithm name from the configuration.
+   */
+  public String getXAdESVersion() 
+  {
+    String xadesVersion = getElementValue(getConfigElem(), XADES_VERSION_XPATH, null);
+    
+    return xadesVersion;
+  }
+  
+  
   /**
    * Returns the canonicalization algorithm name.
    * 
@@ -409,6 +437,7 @@ public class ConfigurationPartsBuilder {
 	  }
   }
   
+  
   /**
    * 
    * @return
@@ -448,10 +477,12 @@ public class ConfigurationPartsBuilder {
 	      array[1] = port;
 	      blacklist.add(array);
 	      
-	    }
+	  }
+	  
 	  
 	  // set blacklist for iaik-moa
 	  ExternalReferenceChecker.setBlacklist(blackListIaikMoa);
+
 	  
 	  if(blacklist.isEmpty()) // no blacklisted uris given
 		  info("config.36", null);
@@ -459,7 +490,64 @@ public class ConfigurationPartsBuilder {
 	  
 	  return blacklist;
   }
+  
+  /**
+   * 
+   * @return
+   */
+  public List buildForbidExternalUris() {
+	    
+	  //info("config.47", null);
+	  
+	  List whitelist = new ArrayList();
+	  List whiteListIaikMoa = new ArrayList();
+	  
+	  NodeIterator forbidExtIter = XPathUtils.selectNodeIterator(
+			  getConfigElem(),
+			  WHITE_LIST_URIS_XPATH);
+	  
+	  Element permitExtElem = null;
+	  while ((permitExtElem = (Element) forbidExtIter.nextNode()) != null) {
+	      String host = getElementValue(permitExtElem, CONF + "IP", null);
+	      String port = getElementValue(permitExtElem, CONF + "Port", null);
+	      
+	      // TODO WhiteListeEntry
+//	      WhiteListEntry entry =null;
+	      if (port == null) {
+//	    	  entry = new WhiteListEntry(host, -1);
+	    	  info("config.49", new Object[]{host});
+      }
+	      else {	    	  
+//	    	  entry = new WhiteListEntry(host, new Integer(port).intValue());
+	    	  info("config.49", new Object[]{host + ":" + port});
+	      }
+//	      
+//	      // add entry to iaik-moa whitelist	      
+//	      whiteListIaikMoa.add(entry);
+	      	       
+	      
+	      String array[] = new String[2];
+	      array[0] = host;
+	      array[1] = port;
+	      whitelist.add(array);
+	      
+	  }
+	  
+	  
+	  // set whitelist for iaik-moa
+	  // TODO 
+//	  ExternalReferenceChecker.setWhitelist(whiteListIaikMoa);
+
+	  
+	  if(whitelist.isEmpty()) // no whitelisted uris given
+		  info("config.48", null);
+		  
+	  
+	  return whitelist;
+  }
 
+ 
+  
   /**
    * Build the configured hardware keys. 
    * 
@@ -573,9 +661,10 @@ public class ConfigurationPartsBuilder {
     while ((keyGroupElem = (Element) kgIter.nextNode()) != null) 
     {
       String keyGroupId = getElementValue(keyGroupElem, CONF + "Id", null);
+      String keyGroupDigestMethodAlgorithm = getElementValue(keyGroupElem, CONF + "DigestMethodAlgorithm", null);
       Set keyGroupEntries =
         buildKeyGroupEntries(keyGroupId, keyModuleIds, keyGroupElem);
-      KeyGroup keyGroup = new KeyGroup(keyGroupId, keyGroupEntries);
+      KeyGroup keyGroup = new KeyGroup(keyGroupId, keyGroupEntries, keyGroupDigestMethodAlgorithm);
 
       if (keyGroups.containsKey(keyGroupId)) 
       {
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
index 25fa0d6ad..b40a6bfa5 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
@@ -99,7 +99,10 @@ public class ConfigurationProvider
 
   /** The default canonicalization algorithm name */
   private String canonicalizationAlgorithmName;
-
+  
+  /** The XAdES version used for signature creation */
+  private String xadesVersion;
+  
   /** 
    * A <code>List</code> of <code>HardwareCryptoModule</code> objects for 
    * configuring hardware modules.
@@ -251,6 +254,11 @@ public class ConfigurationProvider
    */
   private List blackListedUris_;
   
+  /**
+   * A <code>List</code> of white listed URIs (host and port)
+   */
+  private List whiteListedUris_;
+  
   /**
    * A <code>TSLConfiguration</code> that represents the global TSL configuration
    */
@@ -351,6 +359,8 @@ public class ConfigurationProvider
       keyGroups = builder.buildKeyGroups(allKeyModules);
       keyGroupMappings =
         builder.buildKeyGroupMappings(keyGroups, ANONYMOUS_ISSUER_SERIAL);
+      
+      xadesVersion = builder.getXAdESVersion();
       defaultChainingMode = builder.getDefaultChainingMode();
       chainingModes = builder.buildChainingModes();
       useAuthorityInfoAccess_ = builder.getUseAuthorityInfoAccess();
@@ -382,11 +392,14 @@ public class ConfigurationProvider
 
       allowExternalUris_= builder.allowExternalUris();
       
-      if (allowExternalUris_) 
+      if (allowExternalUris_) { 
     	  blackListedUris_ = builder.buildPermitExternalUris();
+    	  whiteListedUris_ = null;
+      }
       else {
     	  info("config.35", null);
     	  blackListedUris_ = null;
+    	  whiteListedUris_ = builder.buildForbidExternalUris();
       }
     	
       
@@ -457,6 +470,16 @@ public class ConfigurationProvider
     return digestMethodAlgorithmName;
   }
   
+  /**
+   * Return the XAdES version used for signature creation.
+   * 
+   * @return The XAdES version used for signature creation, or an empty <code>String</code>,
+   * if none has been configured.
+   */
+  public String getXAdESVersion() {
+    return xadesVersion;
+  }
+ 
   public boolean getAllowExternalUris() {
 	  return this.allowExternalUris_;
   }
@@ -464,6 +487,9 @@ public class ConfigurationProvider
   public List getBlackListedUris() {
 	  return this.blackListedUris_;
   }
+  public List getWhiteListedUris() {
+	  return this.whiteListedUris_;
+  }
   
   /**
    * Return the name of the canonicalization algorithm used during signature
@@ -515,6 +541,11 @@ public class ConfigurationProvider
   public Map getKeyGroups() {
     return keyGroups;
   }
+  
+  public KeyGroup getKeyGroup(String keyGroupId) {	  
+	  KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId);
+	  return keyGroup;
+  }
 
   /**
    * Return the set of <code>KeyGroupEntry</code>s of a given key group, which a
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java
index 22ed8ae83..c2490f9a3 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java
@@ -40,16 +40,20 @@ public class KeyGroup {
   private Set keyGroupEntries;
   /** The key group ID. */
   private String id;
+  /** The digest method algorithm for the key group */
+  private String digestMethodAlgorithm;
 
   /**
    * Create a <code>KeyGroup</code>.
    * 
    * @param id The ID of this <code>KeyGroup</code>.
    * @param keyGroupEntries The keys belonging to this <code>KeyGroup</code>.
+   * @param digestMethodAlgorithm The signature algorithm used for this key group
    */
-  public KeyGroup(String id, Set keyGroupEntries) {
+  public KeyGroup(String id, Set keyGroupEntries, String digestMethodAlgorithm) {
     this.id = id;
     this.keyGroupEntries = keyGroupEntries;
+    this.digestMethodAlgorithm = digestMethodAlgorithm; 
   }
 
   /**
@@ -60,6 +64,14 @@ public class KeyGroup {
   public Set getKeyGroupEntries() {
     return keyGroupEntries;
   }
+  
+  /**
+   * Returnd the digest method algorithm used for this key group
+   * @return The digest method signature algorithm used for this key group
+   */
+  public String getDigestMethodAlgorithm() {
+	  return digestMethodAlgorithm;
+  }
 
   /**
    * Return the ID of this <code>KeyGroup</code>.
@@ -87,7 +99,7 @@ public class KeyGroup {
         sb.append(" " + i.next());
       }
     }
-    return "(KeyGroup - ID:" + id + " " + sb.toString() + ")";
+    return "(KeyGroup - ID:" + id + " " + sb.toString() + ")" + "DigestMethodAlgorithm: " + digestMethodAlgorithm;
   }
 
 }
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
index 9b5dce883..479f0aac9 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
@@ -24,9 +24,6 @@
 
 package at.gv.egovernment.moa.spss.server.iaik.xmlsign;
 
-import java.util.List;
-import java.util.Set;
-
 import iaik.server.modules.algorithms.SignatureAlgorithms;
 import iaik.server.modules.keys.AlgorithmUnavailableException;
 import iaik.server.modules.keys.KeyEntryID;
@@ -37,6 +34,10 @@ import iaik.server.modules.xml.Canonicalization;
 import iaik.server.modules.xmlsign.XMLSignatureCreationProfile;
 import iaik.server.modules.xmlsign.XMLSignatureInsertionLocation;
 
+import java.util.List;
+import java.util.Set;
+
+import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.spss.server.logging.TransactionId;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
@@ -75,7 +76,10 @@ public class XMLSignatureCreationProfileImpl
   private IdGenerator dsigManifestIDGenerator;
   /** The ID generator for signed property IDs. */
   private IdGenerator propertyIDGenerator;
-
+  /** The selected digest method algorithm if XAdES 1.4.2 is used   */
+  private String digestMethodXAdES142;
+  
+  
   /**
    * Create a new <code>XMLSignatureCreationProfileImpl</code>.
    * 
@@ -86,7 +90,8 @@ public class XMLSignatureCreationProfileImpl
    */
   public XMLSignatureCreationProfileImpl(
     int createProfileCount,
-    Set reservedIDs) {
+    Set reservedIDs,
+    String digestMethodXAdES142) {
     signatureIDGenerator =
       new IdGenerator("signature-" + createProfileCount, reservedIDs);
     manifestIDGenerator =
@@ -95,6 +100,7 @@ public class XMLSignatureCreationProfileImpl
       new IdGenerator("dsig-manifest-" + createProfileCount, reservedIDs);
     propertyIDGenerator =
       new IdGenerator("etsi-signed-" + createProfileCount, reservedIDs);
+    this.digestMethodXAdES142 = digestMethodXAdES142;
   }
 
   /**
@@ -168,27 +174,127 @@ public class XMLSignatureCreationProfileImpl
         e,
         null);
     }
-
-    if (algorithms.contains(SignatureAlgorithms.MD2_WITH_RSA)  // TODO retournierten Algorithmus abhängig von der Schlüssellänge machen (bei längeren Schlüsseln SHA256 statt SHA1)
-      || algorithms.contains(SignatureAlgorithms.MD5_WITH_RSA)
-      || algorithms.contains(SignatureAlgorithms.RIPEMD128_WITH_RSA)
-      || algorithms.contains(SignatureAlgorithms.RIPEMD160_WITH_RSA)
-      || algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)
-      || algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) {
-
-      return SignatureAlgorithms.SHA1_WITH_RSA;
-    } else if (
-      algorithms.contains(SignatureAlgorithms.ECDSA)) {
-      return SignatureAlgorithms.ECDSA;
-    } else if (
-      algorithms.contains(SignatureAlgorithms.DSA)) {
-      return SignatureAlgorithms.DSA; 
-    } else {
-      throw new AlgorithmUnavailableException(
-        "No algorithm for key entry: " + selectedKeyID,
-        null,
-        null);
+    
+    if (digestMethodXAdES142 == null) {
+    	// XAdES 1.4.2 not enabled - legacy MOA
+        if (algorithms.contains(SignatureAlgorithms.MD2_WITH_RSA)  
+        		|| algorithms.contains(SignatureAlgorithms.MD5_WITH_RSA)
+        		|| algorithms.contains(SignatureAlgorithms.RIPEMD128_WITH_RSA)
+        		|| algorithms.contains(SignatureAlgorithms.RIPEMD160_WITH_RSA)
+        		|| algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)
+        		|| algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) {
+
+        	return SignatureAlgorithms.SHA1_WITH_RSA;
+        } else if (
+        		algorithms.contains(SignatureAlgorithms.ECDSA)) {
+        	return SignatureAlgorithms.ECDSA;
+        } else if (
+        		algorithms.contains(SignatureAlgorithms.DSA)) {
+        	return SignatureAlgorithms.DSA; 
+        } else {
+        	throw new AlgorithmUnavailableException(
+        			"No algorithm for key entry: " + selectedKeyID,
+        			null,
+        	        null);
+        }
+    }
+    else {
+    	// XAdES 1.4.2 is enabled: select signature algorithm according to selected digest method
+    	if (digestMethodXAdES142.compareTo("SHA-1") == 0) {
+    		Logger.warn("XAdES version 1.4.2 is enabled, but SHA-1 is configured as digest algorithm. Please revise a use a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)");
+    		if (algorithms.contains(SignatureAlgorithms.MD2_WITH_RSA)
+             		|| algorithms.contains(SignatureAlgorithms.MD5_WITH_RSA)
+             		|| algorithms.contains(SignatureAlgorithms.RIPEMD128_WITH_RSA) //?
+             		|| algorithms.contains(SignatureAlgorithms.RIPEMD160_WITH_RSA) //?
+             		|| algorithms.contains(SignatureAlgorithms.RIPEMD160_WITH_RSA_OLD) //?
+             		|| algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)
+             		|| algorithms.contains(SignatureAlgorithms.WHIRLPOOL_WITH_RSA)) { //?
+
+             	return SignatureAlgorithms.SHA1_WITH_RSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.ECDSA)
+            		|| algorithms.contains(SignatureAlgorithms.RIPEMD160_WITH_ECDSA)
+            		|| algorithms.contains(SignatureAlgorithms.RIPEMD160_WITH_ECDSA_PLAIN)
+            		|| algorithms.contains(SignatureAlgorithms.WHIRLPOOL_WITH_ECDSA)
+            		|| algorithms.contains(SignatureAlgorithms.SHA1_WITH_ECDSA_PLAIN)) {
+             	return SignatureAlgorithms.ECDSA;
+             } else if (
+             		algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA; 
+             } else {
+             	throw new AlgorithmUnavailableException(
+             			"No algorithm for key entry: " + selectedKeyID,
+             			null,
+             	        null);
+             }
+    	} else if (digestMethodXAdES142.compareTo("SHA-256") == 0) {
+    		if (algorithms.contains(SignatureAlgorithms.SHA224_WITH_RSA)
+             		|| algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) { 
+
+             	return SignatureAlgorithms.SHA256_WITH_RSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.SHA224_WITH_ECDSA)
+            		|| algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)
+            		|| algorithms.contains(SignatureAlgorithms.SHA224_WITH_ECDSA_PLAIN)
+            		|| algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA_PLAIN)) {
+             	return SignatureAlgorithms.SHA256_WITH_ECDSA;
+             	
+             } else if (
+             		algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA; 
+             } else {
+             	throw new AlgorithmUnavailableException(
+             			"No algorithm for key entry: " + selectedKeyID,
+             			null,
+             	        null);
+             }
+    	} else if (digestMethodXAdES142.compareTo("SHA-384") == 0) {
+    		if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) { 
+
+             	return SignatureAlgorithms.SHA384_WITH_RSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)
+            		|| algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA_PLAIN)) {
+             	return SignatureAlgorithms.SHA384_WITH_ECDSA;
+             	
+             } else if (
+             		algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA; 
+             } else {
+             	throw new AlgorithmUnavailableException(
+             			"No algorithm for key entry: " + selectedKeyID,
+             			null,
+             	        null);
+             }
+    	} else if (digestMethodXAdES142.compareTo("SHA-512") == 0) {
+    		if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) { 
+
+             	return SignatureAlgorithms.SHA512_WITH_RSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)
+            		|| algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA_PLAIN)) {
+             	return SignatureAlgorithms.SHA512_WITH_ECDSA;
+             	
+             } else if (
+             		algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA; 
+             } else {
+             	throw new AlgorithmUnavailableException(
+             			"No algorithm for key entry: " + selectedKeyID,
+             			null,
+             	        null);
+             }
+    	}	
+    	else {
+         	throw new AlgorithmUnavailableException(
+         			"No signature algorithm found for digest algorithm '" + digestMethodXAdES142,
+         			null,
+         	        null);
+         }
+    	
     }
+    
+
   }
 
   /**
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
index 5c4a2c76a..d1281c1f1 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
@@ -56,6 +56,7 @@ import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest;
 import at.gv.egovernment.moa.spss.api.xmlsign.DataObjectInfo;
 import at.gv.egovernment.moa.spss.api.xmlsign.SingleSignatureInfo;
 import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.config.KeyGroup;
 import at.gv.egovernment.moa.spss.server.config.KeyGroupEntry;
 import at.gv.egovernment.moa.spss.server.iaik.xml.CanonicalizationImpl;
 import at.gv.egovernment.moa.spss.server.iaik.xmlsign.DataObjectTreatmentImpl;
@@ -83,6 +84,9 @@ public class XMLSignatureCreationProfileFactory {
   static {
     HASH_ALGORITHM_MAPPING = new HashMap();
     HASH_ALGORITHM_MAPPING.put(Constants.SHA1_URI, HashAlgorithms.SHA1);
+    HASH_ALGORITHM_MAPPING.put(Constants.SHA256_URI, HashAlgorithms.SHA256);
+    HASH_ALGORITHM_MAPPING.put(Constants.SHA384_URI, HashAlgorithms.SHA384);
+    HASH_ALGORITHM_MAPPING.put(Constants.SHA512_URI, HashAlgorithms.SHA512);
   }
 
   /** The <code>CreateXMLSignatureRequest</code> for which to create the
@@ -129,18 +133,62 @@ public class XMLSignatureCreationProfileFactory {
     HashSet allReservedIDs = new HashSet(reserved);
     allReservedIDs.addAll(sigInfoReservedIDs);
 
-    XMLSignatureCreationProfileImpl profile =
-      new XMLSignatureCreationProfileImpl(createProfileCount, allReservedIDs);
     TransactionContext context =
       TransactionContextManager.getInstance().getTransactionContext();
     ConfigurationProvider config = context.getConfiguration();
     CanonicalizationImpl canonicalization;
     List dataObjectTreatmentList;
-    String keyGroupID;
     Set keySet;
     List transformationSupplements;
     List createTransformsProfiles;
 
+    // get the key group id
+    String keyGroupID = request.getKeyIdentifier();
+    // get digest method on key group level (if configured)
+    String configDigestMethodKG = config.getKeyGroup(keyGroupID).getDigestMethodAlgorithm();
+    // get default digest method (if configured)
+    String configDigestMethod = config.getDigestMethodAlgorithmName();
+    
+    String xadesVersion = config.getXAdESVersion();
+    
+    String digestMethodXAdES142 = null;
+    boolean isXAdES142 = false;
+    // if XAdES Version 1.4.2 is configured
+    if (xadesVersion != null && xadesVersion.compareTo("1.4.2") == 0) {
+    	isXAdES142 = true;
+    	Logger.debug("XAdES version '" + xadesVersion + "' used");
+    }
+    	
+    if (isXAdES142) {
+    	if (configDigestMethodKG != null) {
+    		// if KG specific digest method is configured
+    		digestMethodXAdES142 = (String) HASH_ALGORITHM_MAPPING.get(configDigestMethodKG);
+    		if (digestMethodXAdES142 == null) {
+    			error(
+    					"config.17",
+    					new Object[] { configDigestMethodKG});
+    			throw new MOASystemException("2900", null);    			
+    		}
+    		Logger.debug("Digest algorithm: " + digestMethodXAdES142 + "(configured in KeyGroup)");
+    	}	    	
+    	else {
+    		// else get default configured digest method
+    		digestMethodXAdES142 = (String) HASH_ALGORITHM_MAPPING.get(configDigestMethod);
+    		if (digestMethodXAdES142 == null) {
+    			error(
+    					"config.17",
+    					new Object[] { configDigestMethod});
+    			throw new MOASystemException("2900", null);	
+    		}
+    		Logger.debug("Digest algorithm: " + digestMethodXAdES142 + "(default)");
+    		
+    	}
+    }
+    
+    XMLSignatureCreationProfileImpl profile =
+    	      new XMLSignatureCreationProfileImpl(createProfileCount, allReservedIDs, digestMethodXAdES142);
+
+    
     // build the transformation supplements
     createTransformsProfiles =
       getCreateTransformsInfoProfiles(singleSignatureInfo);
@@ -153,11 +201,11 @@ public class XMLSignatureCreationProfileFactory {
         singleSignatureInfo,
         createTransformsProfiles,
         transformationSupplements,
-        allReservedIDs);
+        allReservedIDs, 
+        digestMethodXAdES142);
     profile.setDataObjectTreatmentList(dataObjectTreatmentList);
 
     // set the key set
-    keyGroupID = request.getKeyIdentifier();
     keySet = buildKeySet(keyGroupID);
     if (keySet == null) {
       throw new MOAApplicationException("2231", null);
@@ -184,7 +232,7 @@ public class XMLSignatureCreationProfileFactory {
     canonicalization =
       new CanonicalizationImpl(config.getCanonicalizationAlgorithmName());
     profile.setSignedInfoCanonicalization(canonicalization);
-
+    
     // set the signed properties
     profile.setSignedProperties(Collections.EMPTY_LIST);
 
@@ -299,7 +347,8 @@ public class XMLSignatureCreationProfileFactory {
     SingleSignatureInfo singleSignatureInfo,
     List createTransformsInfoProfiles,
     List transformationSupplements,
-    Set reservedIDs)
+    Set reservedIDs,
+    String digestMethodXAdES142)
     throws MOASystemException, MOAApplicationException {
 
     TransactionContext context =
@@ -329,15 +378,25 @@ public class XMLSignatureCreationProfileFactory {
       treatment.setTransformationList(buildTransformationList(profile));
       treatment.setReferenceInManifest(dataObjInfo.isChildOfManifest());
 
-      hashAlgorithmName =
-        (String) HASH_ALGORITHM_MAPPING.get(
-          config.getDigestMethodAlgorithmName());
-      if (hashAlgorithmName == null) {
-        error(
-          "config.17",
-          new Object[] { config.getDigestMethodAlgorithmName()});
-        throw new MOASystemException("2900", null);
+      // if XAdES version is 1.4.2
+      if (digestMethodXAdES142 != null) {
+    	  // use configured digest algorithm
+    	  hashAlgorithmName = digestMethodXAdES142;
+      }
+      else {
+    	  // stay as it is
+    	  hashAlgorithmName = (String) HASH_ALGORITHM_MAPPING.get(
+    		          config.getDigestMethodAlgorithmName());
+    	  if (hashAlgorithmName == null) {
+    	        error(
+    	          "config.17",
+    	          new Object[] { config.getDigestMethodAlgorithmName()});
+    	        throw new MOASystemException("2900", null);
+    	      }
       }
+      
+      
+      
 
       treatment.setHashAlgorithmName(hashAlgorithmName);
       treatment.setIncludedInSignature(
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java
index dafb89f16..219bb7cdf 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java
@@ -26,12 +26,14 @@ public class ExternalURIVerifier {
 				
 				boolean allowExternalUris = config.getAllowExternalUris();
 				List blacklist = config.getBlackListedUris();
+				List whitelist = config.getWhiteListedUris();
 				
 				InetAddress hostInetAddress = InetAddress.getByName(host);
 				String ip = hostInetAddress.getHostAddress();
 				
 				
 				if (allowExternalUris) {
+					// external URIs are allowed - check blacklist
 					Iterator it = blacklist.iterator();
 					while (it.hasNext()) {
 						String[] array = (String[])it.next();
@@ -55,9 +57,46 @@ public class ExternalURIVerifier {
 						}
 					}
 				}
-				else {					
-					Logger.debug(new LogMsg("No external URIs allowed (" + host + ")"));
-					throw new MOAApplicationException("4001", new Object[]{host});					
+				else {	
+					// external uris are forbidden - check whitelist
+					Iterator it = whitelist.iterator();
+					boolean allowed = false;
+					while (it.hasNext()) {
+						String[] array = (String[])it.next();
+						String bhost = array[0];
+						String bport = array[1];
+						if (bport == null || port == -1) {
+							// check only host
+							if (ip.startsWith(bhost)) {
+								Logger.debug(new LogMsg("Whitelist check: " + host + " (" + ip + ") whitelisted"));
+								allowed = true;
+								//throw new MOAApplicationException("4002", new Object[]{host + "(" + ip + ")"});
+							}
+						}
+						else {
+							// check host and port
+							int iport = new Integer(bport).intValue();
+							if (ip.startsWith(bhost) && (iport == port)) {
+								Logger.debug(new LogMsg("Whitelist check: " + host + ":" + port + " (" + ip + ":" + port + " whitelisted"));
+								//throw new MOAApplicationException("4002", new Object[]{host + ":" + port + " (" + ip + ":" + port + ")"});
+								allowed = true;
+							}
+								
+						}
+					}
+					
+					if (!allowed) {
+						if (port != -1) {
+							Logger.debug(new LogMsg("No external URIs allowed (" + host + ")"));
+							throw new MOAApplicationException("4001", new Object[]{host + "(" + ip + ")"});
+						}							
+						else {
+							Logger.debug(new LogMsg("No external URIs allowed (" + host + ":" + port + ")"));
+							throw new MOAApplicationException("4001", new Object[]{host + ":" + port + " (" + ip + ":" + port + ")"});
+						}
+							
+					}
+					
 				}
 				
 				Logger.debug(new LogMsg("URI allowed: " + ip + ":" + port));
diff --git a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
index 645ff9f6d..5919cebbc 100644
--- a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
+++ b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
@@ -89,7 +89,7 @@
 3202=Supplement für Signaturumgebung kann nicht geladen werden (Reference="{0}", LocRef-URI="{1}")
 3203=Signaturumgebung kann nicht geladen werden (Reference="{0}", LocRef-URI="{1}")
 
-4001=Externe URI {0} darf nicht geladen werden (externe URIs generell verboten)
+4001=Externe URI {0} darf nicht geladen werden (externe sind URIs verboten und URI befindet sich nicht auf der Whitelist)
 4002=Externe URI {0} befindet sich auf der Blacklist und darf nicht geladen werden
 4003=IP-Adresse für {0} konnte nicht ermitteln werden 
  
@@ -142,7 +142,7 @@ config.31=Fehler in der Konfiguration der KeyGroup mit id={0}: Der Schl
 config.32=Fehler in der Konfiguration: Verzeichnisangabe für den Zertifikatsspeicher ist ungültig ({0}).
 config.33=External URIs are allowed. Maybe a URI blacklist exists.
 config.34=Blacklisted URI: {0}.
-config.35=External URIs not allowed.
+config.35=External URIs not allowed. Maybe a URI whitelist exists.
 config.36=No blacklisted URIs given.
 config.37=Fehler beim Erstellen der TSL Konfiguration: Name des TSL Arbeits-Verzeichnisses konnte nicht in eine URL umgewandet werden (Wert="{0}")
 config.38=Fehler beim Erstellen der TSL Konfiguration: Das TSL Arbeits-Verzeichnis ist kein Verzeichnis (Wert="{0}")
@@ -154,6 +154,8 @@ config.43=Update truststore with id "{0}"
 config.44=Retrieve certificates from TSL
 config.45=Create store updater
 config.46=Start periodical TSL update task at {0} and then every {1} milliseconds
+config.48=No whitelisted URIs given.
+config.49=Whitelisted URI: {0}.
 
 handler.00=Starte neue Transaktion: TID={0}, Service={1}
 handler.01=Aufruf von Adresse={0}
diff --git a/spss/server/serverws/.classpath b/spss/server/serverws/.classpath
index 330efc0e1..767a2a2de 100644
--- a/spss/server/serverws/.classpath
+++ b/spss/server/serverws/.classpath
@@ -1,120 +1,25 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <classpath>
-	<classpathentry kind="var" path="M2_REPO/javax/activation/activation/1.1/activation-1.1.jar">
+	<classpathentry kind="src" output="target/classes" path="src/main/java">
 		<attributes>
-			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="var" path="M2_REPO/javax/mail/mail/1.4/mail-1.4.jar">
-		<attributes>
-			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
-	<classpathentry kind="src" path="/moa-spss-lib"/>
-	<classpathentry kind="var" path="M2_REPO/axis/axis/1.0_IAIK/axis-1.0_IAIK.jar">
-		<attributes>
-			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="var" path="M2_REPO/org/apache/axis/axis-jaxrpc/1.4/axis-jaxrpc-1.4.jar">
-		<attributes>
-			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="var" path="M2_REPO/org/apache/axis/axis-saaj/1.4/axis-saaj-1.4.jar">
-		<attributes>
-			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="var" path="M2_REPO/axis/axis-wsdl4j/1.5.1/axis-wsdl4j-1.5.1.jar">
-		<attributes>
-			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="var" path="M2_REPO/commons-discovery/commons-discovery/0.2/commons-discovery-0.2.jar">
-		<attributes>
-			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar">
-		<attributes>
-			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar">
-		<attributes>
-			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="var" path="M2_REPO/postgresql/postgresql/7.2/postgresql-7.2.jar">
-		<attributes>
-			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+			<attribute name="optional" value="true"/>
+			<attribute name="maven.pomderived" value="true"/>
 		</attributes>
 	</classpathentry>
-	<classpathentry kind="var" path="M2_REPO/xalan-bin-dist/xalan/2.7.0/xalan-2.7.0.jar">
+	<classpathentry kind="src" output="target/test-classes" path="src/test/java">
 		<attributes>
-			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+			<attribute name="optional" value="true"/>
+			<attribute name="maven.pomderived" value="true"/>
 		</attributes>
 	</classpathentry>
-	<classpathentry kind="var" path="M2_REPO/xerces/xercesImpl/2.7.1/xercesImpl-2.7.1.jar">
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5">
 		<attributes>
-			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="var" path="M2_REPO/xalan-bin-dist/xml-apis/2.7.0/xml-apis-2.7.0.jar">
-		<attributes>
-			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="var" path="M2_REPO/xalan-bin-dist/serializer/2.7.0/serializer-2.7.0.jar">
-		<attributes>
-			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar">
-		<attributes>
-			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_ixsil/1.2.2.5/iaik_ixsil-1.2.2.5.jar">
-		<attributes>
-			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.jar">
-		<attributes>
-			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_ecc/2.19/iaik_ecc-2.19.jar">
-		<attributes>
-			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.jar">
-		<attributes>
-			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_Pkcs11Provider/1.2.4/iaik_Pkcs11Provider-1.2.4.jar">
-		<attributes>
-			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_Pkcs11Wrapper/1.2.17/iaik_Pkcs11Wrapper-1.2.17.jar">
-		<attributes>
-			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="src" path="/moa-common"/>
-	<classpathentry kind="var" path="M2_REPO/jaxen/jaxen/1.0-FCS/jaxen-1.0-FCS.jar">
-		<attributes>
-			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+			<attribute name="maven.pomderived" value="true"/>
 		</attributes>
 	</classpathentry>
-	<classpathentry kind="var" path="M2_REPO/saxpath/saxpath/1.0-FCS/saxpath-1.0-FCS.jar">
+	<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
 		<attributes>
+			<attribute name="maven.pomderived" value="true"/>
 			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
 		</attributes>
 	</classpathentry>
diff --git a/spss/server/serverws/.project b/spss/server/serverws/.project
index ddf2e7061..fa2286335 100644
--- a/spss/server/serverws/.project
+++ b/spss/server/serverws/.project
@@ -5,15 +5,6 @@
 	<projects>
 		<project>moa-spss-lib</project>
 		<project>moa-common</project>
-		<project>moa-spss-tools</project>
-		<project>MOA</project>
-		<project>TestTimerTask</project>
-		<project>moa-spss-handbook-apiClient</project>
-		<project>stork-saml-engine</project>
-		<project>moa-spss</project>
-		<project>spss</project>
-		<project>moa-spss-handbook-webserviceClient</project>
-		<project>moa-id-lib</project>
 	</projects>
 	<buildSpec>
 		<buildCommand>
@@ -32,12 +23,12 @@
 			</arguments>
 		</buildCommand>
 		<buildCommand>
-			<name>org.eclipse.m2e.core.maven2Builder</name>
+			<name>org.maven.ide.eclipse.maven2Builder</name>
 			<arguments>
 			</arguments>
 		</buildCommand>
 		<buildCommand>
-			<name>org.maven.ide.eclipse.maven2Builder</name>
+			<name>org.eclipse.m2e.core.maven2Builder</name>
 			<arguments>
 			</arguments>
 		</buildCommand>
diff --git a/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs b/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs
index 0e32dbb18..cbb750c06 100644
--- a/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs
+++ b/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs
@@ -1,8 +1,12 @@
-#Thu Dec 27 15:45:22 CET 2012
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve
+org.eclipse.jdt.core.compiler.compliance=1.5
+org.eclipse.jdt.core.compiler.debug.lineNumber=generate
+org.eclipse.jdt.core.compiler.debug.localVariable=generate
+org.eclipse.jdt.core.compiler.debug.sourceFile=generate
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
 org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
 org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
-eclipse.preferences.version=1
 org.eclipse.jdt.core.compiler.source=1.5
-org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
-org.eclipse.jdt.core.compiler.compliance=1.5
diff --git a/spss/server/serverws/.settings/org.eclipse.wst.common.component b/spss/server/serverws/.settings/org.eclipse.wst.common.component
index b8a1c3877..c325a5007 100644
--- a/spss/server/serverws/.settings/org.eclipse.wst.common.component
+++ b/spss/server/serverws/.settings/org.eclipse.wst.common.component
@@ -1,14 +1,14 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project-modules id="moduleCoreId" project-version="1.5.0">
+<?xml version="1.0" encoding="UTF-8"?><project-modules id="moduleCoreId" project-version="1.5.0">
   <wb-module deploy-name="moa-spss-ws">
-        <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
-        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
+        <dependent-module archiveName="moa-spss-lib-1.5.2.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
             <dependency-type>uses</dependency-type>
         </dependent-module>
-        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
+        <dependent-module archiveName="moa-common-1.5.2.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
             <dependency-type>uses</dependency-type>
         </dependent-module>
-    <property name="context-root" value="moa-spss-ws"/>
+        <wb-resource deploy-path="/" source-path="/target/m2e-wtp/web-resources"/>
+        <wb-resource deploy-path="/" source-path="/src/main/webapp" tag="defaultRootSource"/>
     <property name="java-output-path" value="/target/classes"/>
+        <property name="context-root" value="moa-spss"/>
   </wb-module>
 </project-modules>
diff --git a/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml b/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml
index 564572b10..ac59587b0 100644
--- a/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml
+++ b/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml
@@ -2,6 +2,6 @@
 <faceted-project>
   <fixed facet="jst.java"/>
   <fixed facet="jst.web"/>
-  <installed facet="jst.web" version="2.4"/>
   <installed facet="jst.java" version="5.0"/>
-</faceted-project>
\ No newline at end of file
+  <installed facet="jst.web" version="2.3"/>
+</faceted-project>
diff --git a/spss/server/tools/.project b/spss/server/tools/.project
index ca7797d46..21f65b370 100644
--- a/spss/server/tools/.project
+++ b/spss/server/tools/.project
@@ -10,15 +10,15 @@
     <buildCommand>
       <name>org.eclipse.jdt.core.javabuilder</name>
     </buildCommand>
-    <buildCommand>
-      <name>org.eclipse.m2e.core.maven2Builder</name>
-    </buildCommand>
     <buildCommand>
       <name>org.eclipse.wst.validation.validationbuilder</name>
     </buildCommand>
     <buildCommand>
       <name>org.maven.ide.eclipse.maven2Builder</name>
     </buildCommand>
+    <buildCommand>
+      <name>org.eclipse.m2e.core.maven2Builder</name>
+    </buildCommand>
   </buildSpec>
   <natures>
     <nature>org.eclipse.m2e.core.maven2Nature</nature>
-- 
cgit v1.2.3


From dcaa12f3f801363bf6034a48b80fab60cfe9a39f Mon Sep 17 00:00:00 2001
From: Klaus Stranacher <kstranacher@iaik.tugraz.at>
Date: Tue, 23 Apr 2013 12:07:03 +0200
Subject: Update textkeys and testcertificates Update signature algorithm
 selection Update repository Updates documentation

---
 .../.settings/org.eclipse.wst.common.component     |  2 +
 spss/server/serverlib/pom.xml                      |  6 +-
 .../server/config/ConfigurationPartsBuilder.java   | 26 ++++++--
 .../spss/server/config/ConfigurationProvider.java  | 11 ++++
 .../xmlsign/XMLSignatureCreationProfileImpl.java   | 77 +++++++++-------------
 .../server/invoke/XMLSignatureCreationInvoker.java | 33 +++++++---
 6 files changed, 91 insertions(+), 64 deletions(-)

(limited to 'spss/server')

diff --git a/spss/server/serverlib/.settings/org.eclipse.wst.common.component b/spss/server/serverlib/.settings/org.eclipse.wst.common.component
index ee24ef8ba..fe4fd3290 100644
--- a/spss/server/serverlib/.settings/org.eclipse.wst.common.component
+++ b/spss/server/serverlib/.settings/org.eclipse.wst.common.component
@@ -2,5 +2,7 @@
   <wb-module deploy-name="moa-spss-lib">
     <wb-resource deploy-path="/" source-path="src/main/java"/>
     <wb-resource deploy-path="/" source-path="src/main/resources"/>
+        <wb-resource deploy-path="/" source-path="/src/main/java"/>
+        <wb-resource deploy-path="/" source-path="/src/main/resources"/>
   </wb-module>
 </project-modules>
diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml
index d425edb83..2a6fd382f 100644
--- a/spss/server/serverlib/pom.xml
+++ b/spss/server/serverlib/pom.xml
@@ -22,11 +22,11 @@
 			<artifactId>axis</artifactId>
 		</dependency>
 		<dependency>
-			<groupId>axis</groupId>
+			<groupId>org.apache.axis</groupId>
 			<artifactId>axis-jaxrpc</artifactId>
 		</dependency>
 		<dependency>
-			<groupId>axis</groupId>
+			<groupId>org.apache.axis</groupId>
 			<artifactId>axis-saaj</artifactId>
 		</dependency>
 		<dependency>
@@ -64,7 +64,7 @@
 		<dependency>
 			<groupId>javax.servlet</groupId>
 			<artifactId>servlet-api</artifactId>
-			<scope>provided</scope>
+			<scope>compile</scope>
 		</dependency>
 		<dependency>
 			<groupId>xalan-bin-dist</groupId>
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index e335139aa..bc53ca4f9 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -284,8 +284,11 @@ public class ConfigurationPartsBuilder {
     new HashSet(Arrays.asList(ACCEPTED_DIGEST_ALGORITHMS_ARRAY));
   
   
-  /** Default digest algorithm URI, if none/illegal has been configured */
-  private static final String DIGEST_ALGORITHM_DEFAULT = Constants.SHA1_URI;
+  /** Default digest algorithm URI, if none/illegal has been configured (for XAdES 1.1.1) */
+  private static final String DIGEST_ALGORITHM_DEFAULT_XADES_1_1_1 = Constants.SHA1_URI;
+  
+  /** Default digest algorithm URI, if none/illegal has been configured (for XAdES 1.4.2) */
+  private static final String DIGEST_ALGORITHM_DEFAULT_XADES_1_4_2 = Constants.SHA256_URI;
   
   /** The root element of the MOA configuration */
   private Element configElem;
@@ -351,10 +354,21 @@ public class ConfigurationPartsBuilder {
     
     if (digestMethod == null || !ACCEPTED_DIGEST_ALGORITHMS.contains(digestMethod))
     {
-      info(
-        "config.23",
-        new Object[] { "DigestMethodAlgorithm", DIGEST_ALGORITHM_DEFAULT });
-      digestMethod = DIGEST_ALGORITHM_DEFAULT;
+    	String xadesVersion = this.getXAdESVersion();
+    	if (xadesVersion == null) {
+    		info(
+    		        "config.23",
+    		        new Object[] { "DigestMethodAlgorithm", DIGEST_ALGORITHM_DEFAULT_XADES_1_1_1 });
+    		      digestMethod = DIGEST_ALGORITHM_DEFAULT_XADES_1_1_1;	
+    	}
+    	else {
+    		info(
+    		        "config.23",
+    		        new Object[] { "DigestMethodAlgorithm", DIGEST_ALGORITHM_DEFAULT_XADES_1_4_2 });
+    		      digestMethod = DIGEST_ALGORITHM_DEFAULT_XADES_1_4_2;
+    	}
+    	
+      
     }
 
     return digestMethod;
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
index b40a6bfa5..08478b717 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
@@ -41,6 +41,7 @@ import java.util.Collections;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.Map.Entry;
 import java.util.Set;
 
 import org.w3c.dom.Element;
@@ -573,6 +574,16 @@ public class ConfigurationProvider
       issuerAndSerial = new IssuerAndSerial(issuer, serial);
     }
 
+//    System.out.println("Issuer: " + issuer);
+//    System.out.println("serial: " + serial);
+//    
+//    Iterator entries = keyGroupMappings.entrySet().iterator();
+//    while (entries.hasNext()) {
+//      Entry thisEntry = (Entry) entries.next();
+//      System.out.println("Entry: " + thisEntry.getKey());
+//      System.out.println("Value: " + thisEntry.getValue());
+//    }      
+    
     mapping = (Map) keyGroupMappings.get(issuerAndSerial);
     if (mapping != null) {
       KeyGroup keyGroup = (KeyGroup) mapping.get(keyGroupId);
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
index 479f0aac9..edc3922e2 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
@@ -202,46 +202,33 @@ public class XMLSignatureCreationProfileImpl
     	// XAdES 1.4.2 is enabled: select signature algorithm according to selected digest method
     	if (digestMethodXAdES142.compareTo("SHA-1") == 0) {
     		Logger.warn("XAdES version 1.4.2 is enabled, but SHA-1 is configured as digest algorithm. Please revise a use a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)");
-    		if (algorithms.contains(SignatureAlgorithms.MD2_WITH_RSA)
-             		|| algorithms.contains(SignatureAlgorithms.MD5_WITH_RSA)
-             		|| algorithms.contains(SignatureAlgorithms.RIPEMD128_WITH_RSA) //?
-             		|| algorithms.contains(SignatureAlgorithms.RIPEMD160_WITH_RSA) //?
-             		|| algorithms.contains(SignatureAlgorithms.RIPEMD160_WITH_RSA_OLD) //?
-             		|| algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)
-             		|| algorithms.contains(SignatureAlgorithms.WHIRLPOOL_WITH_RSA)) { //?
-
-             	return SignatureAlgorithms.SHA1_WITH_RSA;
-             	
-             } else if (algorithms.contains(SignatureAlgorithms.ECDSA)
-            		|| algorithms.contains(SignatureAlgorithms.RIPEMD160_WITH_ECDSA)
-            		|| algorithms.contains(SignatureAlgorithms.RIPEMD160_WITH_ECDSA_PLAIN)
-            		|| algorithms.contains(SignatureAlgorithms.WHIRLPOOL_WITH_ECDSA)
-            		|| algorithms.contains(SignatureAlgorithms.SHA1_WITH_ECDSA_PLAIN)) {
-             	return SignatureAlgorithms.ECDSA;
-             } else if (
-             		algorithms.contains(SignatureAlgorithms.DSA)) {
-             	return SignatureAlgorithms.DSA; 
-             } else {
-             	throw new AlgorithmUnavailableException(
-             			"No algorithm for key entry: " + selectedKeyID,
-             			null,
-             	        null);
+    		
+    		if  (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) {
+                  return SignatureAlgorithms.SHA1_WITH_RSA;
+                  
+    		} else if (algorithms.contains(SignatureAlgorithms.ECDSA)) {
+                  return SignatureAlgorithms.ECDSA;
+                  
+    		} else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+    			return SignatureAlgorithms.DSA;
+    			
+    		} else {
+    			throw new AlgorithmUnavailableException(
+    					"No algorithm for key entry: " + selectedKeyID,
+                         null,
+                         null);
              }
+    		
     	} else if (digestMethodXAdES142.compareTo("SHA-256") == 0) {
-    		if (algorithms.contains(SignatureAlgorithms.SHA224_WITH_RSA)
-             		|| algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) { 
-
+    		if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) { 
              	return SignatureAlgorithms.SHA256_WITH_RSA;
              	
-             } else if (algorithms.contains(SignatureAlgorithms.SHA224_WITH_ECDSA)
-            		|| algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)
-            		|| algorithms.contains(SignatureAlgorithms.SHA224_WITH_ECDSA_PLAIN)
-            		|| algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA_PLAIN)) {
+    		} else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)) {
              	return SignatureAlgorithms.SHA256_WITH_ECDSA;
              	
-             } else if (
-             		algorithms.contains(SignatureAlgorithms.DSA)) {
-             	return SignatureAlgorithms.DSA; 
+             } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA;
+             	
              } else {
              	throw new AlgorithmUnavailableException(
              			"No algorithm for key entry: " + selectedKeyID,
@@ -249,17 +236,15 @@ public class XMLSignatureCreationProfileImpl
              	        null);
              }
     	} else if (digestMethodXAdES142.compareTo("SHA-384") == 0) {
-    		if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) { 
-
+    		if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) {
              	return SignatureAlgorithms.SHA384_WITH_RSA;
              	
-             } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)
-            		|| algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA_PLAIN)) {
+             } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)) {
              	return SignatureAlgorithms.SHA384_WITH_ECDSA;
              	
-             } else if (
-             		algorithms.contains(SignatureAlgorithms.DSA)) {
-             	return SignatureAlgorithms.DSA; 
+             } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA;
+             	
              } else {
              	throw new AlgorithmUnavailableException(
              			"No algorithm for key entry: " + selectedKeyID,
@@ -267,17 +252,15 @@ public class XMLSignatureCreationProfileImpl
              	        null);
              }
     	} else if (digestMethodXAdES142.compareTo("SHA-512") == 0) {
-    		if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) { 
-
+    		if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
              	return SignatureAlgorithms.SHA512_WITH_RSA;
              	
-             } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)
-            		|| algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA_PLAIN)) {
+             } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)) {
              	return SignatureAlgorithms.SHA512_WITH_ECDSA;
              	
-             } else if (
-             		algorithms.contains(SignatureAlgorithms.DSA)) {
+             } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
              	return SignatureAlgorithms.DSA; 
+             	
              } else {
              	throw new AlgorithmUnavailableException(
              			"No algorithm for key entry: " + selectedKeyID,
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java
index 759af813c..8bebff974 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java
@@ -243,14 +243,31 @@ public class XMLSignatureCreationInvoker {
         }
 
         try {
-          // create the signature
-          signature =
-            module.createSignature(
-              dataObjectList,
-              profile,
-              additionalSignedProperties,
-              signatureParent,
-              new TransactionId(context.getTransactionID()));
+        	ConfigurationProvider config = context.getConfiguration();
+        	String xadesVersion = config.getXAdESVersion();
+
+        	if (xadesVersion!= null && xadesVersion.compareTo(XMLSignatureCreationModule.XADES_VERSION_1_4_2) == 0) {
+                // create the signature (XAdES 1.4.2)
+                signature =
+                  module.createSignature(
+                    dataObjectList,
+                    profile,
+                    additionalSignedProperties,
+                    signatureParent,
+                    XMLSignatureCreationModule.XADES_VERSION_1_4_2,
+                    new TransactionId(context.getTransactionID()));
+        	}
+        	else {
+                // create the signature (XAdES 1.1.1 = default)
+                signature =
+                  module.createSignature(
+                    dataObjectList,
+                    profile,
+                    additionalSignedProperties,
+                    signatureParent,
+                    XMLSignatureCreationModule.XADES_VERSION_1_1_1,
+                    new TransactionId(context.getTransactionID()));
+        	}
 
           // insert the result into the response
           if (signatureParent != null) {
-- 
cgit v1.2.3


From 76ee7b768603988e4a6ca59011eee2b7dd33fa21 Mon Sep 17 00:00:00 2001
From: Klaus Stranacher <kstranacher@iaik.tugraz.at>
Date: Wed, 24 Apr 2013 16:46:35 +0200
Subject: Update Dokumentation

---
 .../resources/data/deploy/tomcat/server.mod_jk.xml | 166 --------------------
 .../resources/data/deploy/tomcat/server.xml        | 169 ---------------------
 2 files changed, 335 deletions(-)
 delete mode 100644 spss/server/serverlib/resources/data/deploy/tomcat/server.mod_jk.xml
 delete mode 100644 spss/server/serverlib/resources/data/deploy/tomcat/server.xml

(limited to 'spss/server')

diff --git a/spss/server/serverlib/resources/data/deploy/tomcat/server.mod_jk.xml b/spss/server/serverlib/resources/data/deploy/tomcat/server.mod_jk.xml
deleted file mode 100644
index e6035b8be..000000000
--- a/spss/server/serverlib/resources/data/deploy/tomcat/server.mod_jk.xml
+++ /dev/null
@@ -1,166 +0,0 @@
-<!-- Alternate Example-less Configuration File -->
-<!-- Note that component elements are nested corresponding to their
-     parent-child relationships with each other -->
-
-<!-- A "Server" is a singleton element that represents the entire JVM,
-     which may contain one or more "Service" instances.  The Server
-     listens for a shutdown command on the indicated port.
-
-     Note:  A "Server" is not itself a "Container", so you may not
-     define subcomponents such as "Valves" or "Loggers" at this level.
- -->
-
-<Server port="8005" shutdown="SHUTDOWN" debug="0">
-
-
-  <!-- Uncomment this entry to enable JMX MBeans support -->
-<!--
-  <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
-                debug="0" port="-1" login="admin" password="admin"/>
--->
-
-
-  <!-- A "Service" is a collection of one or more "Connectors" that share
-       a single "Container" (and therefore the web applications visible
-       within that Container).  Normally, that Container is an "Engine",
-       but this is not required.
-
-       Note:  A "Service" is not itself a "Container", so you may not
-       define subcomponents such as "Valves" or "Loggers" at this level.
-   -->
-
-  <!-- Define the Tomcat Stand-Alone Service -->
-  <Service name="Tomcat-Standalone">
-
-    <!-- A "Connector" represents an endpoint by which requests are received
-         and responses are returned.  Each Connector passes requests on to the
-         associated "Container" (normally an Engine) for processing.
-
-         By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
-         You can also enable an SSL HTTP/1.1 Connector on port 8443 by
-         following the instructions below and uncommenting the second Connector
-         entry.  SSL support requires the following steps (see the SSL Config
-         HOWTO in the Tomcat 4.0 documentation bundle for more detailed
-         instructions):
-         * Download and install JSSE 1.0.2 or later, and put the JAR files
-           into "$JAVA_HOME/jre/lib/ext".
-         * Execute:
-             %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
-             $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA  (Unix)
-           with a password value of "changeit" for both the certificate and
-           the keystore itself.
-
-         By default, DNS lookups are enabled when a web application calls
-         request.getRemoteHost().  This can have an adverse impact on
-         performance, so you can disable it by setting the
-         "enableLookups" attribute to "false".  When DNS lookups are disabled,
-         request.getRemoteHost() will return the String version of the
-         IP address of the remote client.
-    -->
-
-    <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
-    <!--
-    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
-               port="8009" minProcessors="5" maxProcessors="75"
-               enableLookups="true" redirectPort="8443"
-               acceptCount="10" debug="0" connectionTimeout="0"
-               useURIValidationHack="false"
-               protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>
-    -->
-    
-    <!-- Define an AJP 1.3 Connector on port 8009 -->
-    <Connector className="org.apache.ajp.tomcat4.Ajp13Connector"
-               port="8009" minProcessors="5" maxProcessors="75"
-               acceptCount="10" debug="0"/>
-
-    <!-- An Engine represents the entry point (within Catalina) that processes
-         every request.  The Engine implementation for Tomcat stand alone
-         analyzes the HTTP headers included with the request, and passes them
-         on to the appropriate Host (virtual host). -->
-
-    <!-- Define the top level container in our container hierarchy -->
-    <Engine name="Standalone" defaultHost="localhost" debug="0">
-
-      <!-- The request dumper valve dumps useful debugging information about
-           the request headers and cookies that were received, and the response
-           headers and cookies that were sent, for all requests received by
-           this instance of Tomcat.  If you care only about requests to a
-           particular virtual host, or a particular application, nest this
-           element inside the corresponding <Host> or <Context> entry instead.
-
-           For a similar mechanism that is portable to all Servlet 2.3
-           containers, check out the "RequestDumperFilter" Filter in the
-           example application (the source for this filter may be found in
-           "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
-
-           Request dumping is disabled by default.  Uncomment the following
-           element to enable it. -->
-      <!--
-      <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
-      -->
-
-      <!-- Global logger unless overridden at lower levels -->
-      <Logger className="org.apache.catalina.logger.FileLogger"
-              prefix="catalina_log." suffix=".txt"
-              timestamp="true"/>
-
-      <!-- Because this Realm is here, an instance will be shared globally -->
-
-      <Realm className="org.apache.catalina.realm.MemoryRealm" />
-
-      <!-- Replace the above Realm with one of the following to get a Realm
-           stored in a database and accessed via JDBC -->
-
-      <!-- Define the default virtual host -->
-      <Host name="localhost" debug="0" appBase="webapps" 
-       unpackWARs="true" autoDeploy="true">
-
-        <!-- Normally, users must authenticate themselves to each web app
-             individually.  Uncomment the following entry if you would like
-             a user to be authenticated the first time they encounter a
-             resource protected by a security constraint, and then have that
-             user identity maintained across *all* web applications contained
-             in this virtual host. -->
-        <!--
-        <Valve className="org.apache.catalina.authenticator.SingleSignOn"
-                   debug="0"/>
-        -->
-
-        <!-- Access log processes all requests for this virtual host.  By
-             default, log files are created in the "logs" directory relative to
-             $CATALINA_HOME.  If you wish, you can specify a different
-             directory with the "directory" attribute.  Specify either a relative
-             (to $CATALINA_HOME) or absolute path to the desired directory.
-        -->
-        <Valve className="org.apache.catalina.valves.AccessLogValve"
-                 directory="logs"  prefix="localhost_access_log." suffix=".txt"
-                 pattern="common"/>
-
-        <!-- Logger shared by all Contexts related to this virtual host.  By
-             default (when using FileLogger), log files are created in the "logs"
-             directory relative to $CATALINA_HOME.  If you wish, you can specify
-             a different directory with the "directory" attribute.  Specify either a
-             relative (to $CATALINA_HOME) or absolute path to the desired
-             directory.-->
-        <Logger className="org.apache.catalina.logger.FileLogger"
-                 directory="logs"  prefix="localhost_log." suffix=".txt"
-	        timestamp="true"/>
-
-        <!-- Define properties for each web application.  This is only needed
-             if you want to set non-default properties, or have web application
-             document roots in places other than the virtual host's appBase
-             directory.  -->
-
-        <!-- Tomcat Root Context -->
-        <!--
-          <Context path="" docBase="ROOT" debug="0"/>
-        -->
-
-      </Host>
-
-    </Engine>
-
-  </Service>
-
-</Server>
-
diff --git a/spss/server/serverlib/resources/data/deploy/tomcat/server.xml b/spss/server/serverlib/resources/data/deploy/tomcat/server.xml
deleted file mode 100644
index 3e5966ca9..000000000
--- a/spss/server/serverlib/resources/data/deploy/tomcat/server.xml
+++ /dev/null
@@ -1,169 +0,0 @@
-<!-- Alternate Example-less Configuration File -->
-<!-- Note that component elements are nested corresponding to their
-     parent-child relationships with each other -->
-
-<!-- A "Server" is a singleton element that represents the entire JVM,
-     which may contain one or more "Service" instances.  The Server
-     listens for a shutdown command on the indicated port.
-
-     Note:  A "Server" is not itself a "Container", so you may not
-     define subcomponents such as "Valves" or "Loggers" at this level.
- -->
-
-<Server port="8005" shutdown="SHUTDOWN" debug="0">
-
-
-  <!-- Uncomment this entry to enable JMX MBeans support -->
-<!--
-  <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
-                debug="0" port="-1" login="admin" password="admin"/>
--->
-
-
-  <!-- A "Service" is a collection of one or more "Connectors" that share
-       a single "Container" (and therefore the web applications visible
-       within that Container).  Normally, that Container is an "Engine",
-       but this is not required.
-
-       Note:  A "Service" is not itself a "Container", so you may not
-       define subcomponents such as "Valves" or "Loggers" at this level.
-   -->
-
-  <!-- Define the Tomcat Stand-Alone Service -->
-  <Service name="Tomcat-Standalone">
-
-    <!-- A "Connector" represents an endpoint by which requests are received
-         and responses are returned.  Each Connector passes requests on to the
-         associated "Container" (normally an Engine) for processing.
-
-         By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
-         You can also enable an SSL HTTP/1.1 Connector on port 8443 by
-         following the instructions below and uncommenting the second Connector
-         entry.  SSL support requires the following steps (see the SSL Config
-         HOWTO in the Tomcat 4.0 documentation bundle for more detailed
-         instructions):
-         * Download and install JSSE 1.0.2 or later, and put the JAR files
-           into "$JAVA_HOME/jre/lib/ext".
-         * Execute:
-             %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
-             $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA  (Unix)
-           with a password value of "changeit" for both the certificate and
-           the keystore itself.
-
-         By default, DNS lookups are enabled when a web application calls
-         request.getRemoteHost().  This can have an adverse impact on
-         performance, so you can disable it by setting the
-         "enableLookups" attribute to "false".  When DNS lookups are disabled,
-         request.getRemoteHost() will return the String version of the
-         IP address of the remote client.
-    -->
-
-    <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
-    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
-               port="8080" minProcessors="5" maxProcessors="75"
-               enableLookups="true" redirectPort="8443"
-               acceptCount="100" debug="0" connectionTimeout="20000"
-               useURIValidationHack="false" disableUploadTimeout="true" />
-    <!-- Note : To disable connection timeouts, set connectionTimeout value 
-     to -1 -->
-
-    <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
-    <!--
-    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
-               port="8443" minProcessors="5" maxProcessors="75"
-               enableLookups="uri"
-	       acceptCount="100" debug="0" scheme="https" secure="true"
-               useURIValidationHack="false" disableUploadTimeout="true">
-      <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
-               clientAuth="false" protocol="TLS"/>
-    </Connector>
-    -->
-
-    <!-- An Engine represents the entry point (within Catalina) that processes
-         every request.  The Engine implementation for Tomcat stand alone
-         analyzes the HTTP headers included with the request, and passes them
-         on to the appropriate Host (virtual host). -->
-
-    <!-- Define the top level container in our container hierarchy -->
-    <Engine name="Standalone" defaultHost="localhost" debug="0">
-
-      <!-- The request dumper valve dumps useful debugging information about
-           the request headers and cookies that were received, and the response
-           headers and cookies that were sent, for all requests received by
-           this instance of Tomcat.  If you care only about requests to a
-           particular virtual host, or a particular application, nest this
-           element inside the corresponding <Host> or <Context> entry instead.
-
-           For a similar mechanism that is portable to all Servlet 2.3
-           containers, check out the "RequestDumperFilter" Filter in the
-           example application (the source for this filter may be found in
-           "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
-
-           Request dumping is disabled by default.  Uncomment the following
-           element to enable it. -->
-      <!--
-      <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
-      -->
-
-      <!-- Global logger unless overridden at lower levels -->
-      <Logger className="org.apache.catalina.logger.FileLogger"
-              prefix="catalina_log." suffix=".txt"
-              timestamp="true"/>
-
-      <!-- Because this Realm is here, an instance will be shared globally -->
-
-      <Realm className="org.apache.catalina.realm.MemoryRealm" />
-
-      <!-- Define the default virtual host -->
-      <Host name="localhost" debug="0" appBase="webapps" 
-       unpackWARs="true" autoDeploy="true">
-
-        <!-- Normally, users must authenticate themselves to each web app
-             individually.  Uncomment the following entry if you would like
-             a user to be authenticated the first time they encounter a
-             resource protected by a security constraint, and then have that
-             user identity maintained across *all* web applications contained
-             in this virtual host. -->
-        <!--
-        <Valve className="org.apache.catalina.authenticator.SingleSignOn"
-                   debug="0"/>
-        -->
-
-        <!-- Access log processes all requests for this virtual host.  By
-             default, log files are created in the "logs" directory relative to
-             $CATALINA_HOME.  If you wish, you can specify a different
-             directory with the "directory" attribute.  Specify either a relative
-             (to $CATALINA_HOME) or absolute path to the desired directory.
-        -->
-        <Valve className="org.apache.catalina.valves.AccessLogValve"
-                 directory="logs"  prefix="localhost_access_log." suffix=".txt"
-                 pattern="common"/>
-
-        <!-- Logger shared by all Contexts related to this virtual host.  By
-             default (when using FileLogger), log files are created in the "logs"
-             directory relative to $CATALINA_HOME.  If you wish, you can specify
-             a different directory with the "directory" attribute.  Specify either a
-             relative (to $CATALINA_HOME) or absolute path to the desired
-             directory.-->
-        <Logger className="org.apache.catalina.logger.FileLogger"
-                 directory="logs"  prefix="localhost_log." suffix=".txt"
-	        timestamp="true"/>
-
-        <!-- Define properties for each web application.  This is only needed
-             if you want to set non-default properties, or have web application
-             document roots in places other than the virtual host's appBase
-             directory.  -->
-
-        <!-- Tomcat Root Context -->
-        <!--
-          <Context path="" docBase="ROOT" debug="0"/>
-        -->
-
-      </Host>
-
-    </Engine>
-
-  </Service>
-
-</Server>
-
-- 
cgit v1.2.3


From a544afcf4ad581ab7b76e85dc597ccf5643cd55a Mon Sep 17 00:00:00 2001
From: Klaus Stranacher <kstranacher@iaik.tugraz.at>
Date: Mon, 6 May 2013 21:43:00 +0200
Subject: - Update MOA-SS Interface (CreateCMSignatureRequest) - Whitelisting
 in MOA-SPSS

---
 .../serverlib/.settings/org.eclipse.jdt.core.prefs |   5 -
 .../org.eclipse.wst.common.project.facet.core.xml  |   4 +-
 .../gv/egovernment/moa/spss/api/SPSSFactory.java   |  87 ++++
 .../moa/spss/api/cmssign/CMSSignatureResponse.java |  41 ++
 .../api/cmssign/CreateCMSSignatureRequest.java     |  49 ++
 .../api/cmssign/CreateCMSSignatureResponse.java    |  42 ++
 .../cmssign/CreateCMSSignatureResponseElement.java |  51 ++
 .../moa/spss/api/cmssign/DataObjectInfo.java       |  58 +++
 .../moa/spss/api/cmssign/SingleSignatureInfo.java  |  51 ++
 .../spss/api/impl/CMSSignatureResponseImpl.java    |  64 +++
 .../api/impl/CreateCMSSignatureRequestImpl.java    |  77 +++
 .../api/impl/CreateCMSSignatureResponseImpl.java   |  60 +++
 .../moa/spss/api/impl/DataObjectInfoCMSImpl.java   |  69 +++
 .../moa/spss/api/impl/SPSSFactoryImpl.java         |  49 ++
 .../spss/api/impl/SingleSignatureInfoCMSImpl.java  |  62 +++
 .../xmlbind/CreateCMSSignatureRequestParser.java   | 247 +++++++++
 .../xmlbind/CreateCMSSignatureResponseBuilder.java | 145 ++++++
 .../server/config/ConfigurationPartsBuilder.java   |   3 +-
 .../cmssign/CMSSignatureCreationProfileImpl.java   | 249 ++++++++++
 .../xmlsign/XMLSignatureCreationProfileImpl.java   |   2 +-
 .../server/invoke/CMSSignatureCreationInvoker.java | 396 +++++++++++++++
 .../invoke/CMSSignatureVerificationInvoker.java    |   3 +-
 .../invoke/CreateCMSSignatureResponseBuilder.java  |  93 ++++
 .../spss/server/invoke/IaikExceptionMapper.java    |   3 +-
 .../invoke/VerifyCMSSignatureResponseBuilder.java  |   5 +-
 .../moa/spss/server/service/AxisHandler.java       |   3 +-
 .../server/service/SignatureCreationService.java   |  88 ++++
 .../properties/spss_messages_de.properties         |   2 +
 .../resources/resources/wsdl/MOA-SPSS-1.3.wsdl     | 105 ----
 .../main/resources/resources/wsdl/MOA-SPSS-1.3.xsd | 469 ------------------
 .../resources/resources/wsdl/MOA-SPSS-1.5.2.wsdl   | 128 +++++
 .../resources/resources/wsdl/MOA-SPSS-1.5.2.xsd    | 471 ++++++++++++++++++
 spss/server/serverws/.classpath                    |   1 +
 spss/server/serverws/.project                      |   9 +-
 .../serverws/.settings/org.eclipse.jdt.core.prefs  |  14 +-
 .../.settings/org.eclipse.wst.common.component     |   3 +
 spss/server/serverws/pom.xml                       |   3 +-
 .../serverws/resources/wsdl/MOA-SPSS-1.3.wsdl      | 105 ----
 .../serverws/resources/wsdl/MOA-SPSS-1.3.xsd       | 469 ------------------
 .../serverws/resources/wsdl/MOA-SPSS-1.5.2.wsdl    | 128 +++++
 .../serverws/resources/wsdl/MOA-SPSS-1.5.2.xsd     | 551 +++++++++++++++++++++
 .../src/main/webapp/WEB-INF/server-config.wsdd     |   9 +-
 spss/server/tools/.classpath                       |  24 +-
 .../tools/.settings/org.eclipse.jdt.core.prefs     |  12 +-
 44 files changed, 3309 insertions(+), 1200 deletions(-)
 create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CMSSignatureResponse.java
 create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureRequest.java
 create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponse.java
 create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponseElement.java
 create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/DataObjectInfo.java
 create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java
 create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSSignatureResponseImpl.java
 create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureRequestImpl.java
 create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureResponseImpl.java
 create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/DataObjectInfoCMSImpl.java
 create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java
 create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java
 create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java
 create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
 create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
 create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java
 delete mode 100644 spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.3.wsdl
 delete mode 100644 spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.3.xsd
 create mode 100644 spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.5.2.wsdl
 create mode 100644 spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.5.2.xsd
 delete mode 100644 spss/server/serverws/resources/wsdl/MOA-SPSS-1.3.wsdl
 delete mode 100644 spss/server/serverws/resources/wsdl/MOA-SPSS-1.3.xsd
 create mode 100644 spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.wsdl
 create mode 100644 spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.xsd

(limited to 'spss/server')

diff --git a/spss/server/serverlib/.settings/org.eclipse.jdt.core.prefs b/spss/server/serverlib/.settings/org.eclipse.jdt.core.prefs
index 81f1dbf57..dc0892a32 100644
--- a/spss/server/serverlib/.settings/org.eclipse.jdt.core.prefs
+++ b/spss/server/serverlib/.settings/org.eclipse.jdt.core.prefs
@@ -1,12 +1,7 @@
-#Thu Dec 27 13:40:40 CET 2012
 eclipse.preferences.version=1
 org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
 org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
-org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve
 org.eclipse.jdt.core.compiler.compliance=1.5
-org.eclipse.jdt.core.compiler.debug.lineNumber=generate
-org.eclipse.jdt.core.compiler.debug.localVariable=generate
-org.eclipse.jdt.core.compiler.debug.sourceFile=generate
 org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
 org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
 org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
diff --git a/spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml b/spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml
index 656f15b87..69dc9cc0f 100644
--- a/spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml
+++ b/spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml
@@ -3,5 +3,5 @@
   <fixed facet="jst.java"/>
   <fixed facet="jst.utility"/>
   <installed facet="jst.utility" version="1.0"/>
-  <installed facet="jst.java" version="5.0"/>
-</faceted-project>
\ No newline at end of file
+  <installed facet="jst.java" version="1.5"/>
+</faceted-project>
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
index fbf40be88..26cce1a82 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
@@ -35,6 +35,9 @@ import org.apache.commons.discovery.tools.DiscoverClass;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 
+import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse;
 import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
 import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
@@ -137,6 +140,26 @@ public abstract class SPSSFactory {
     String keyIdentifier,
     List singleSignatureInfos);
 
+  /**
+   * Create a new <code>CreateCMSSignatureRequest</code> object.
+   * 
+   * @param keyIdentifier The identifier for the key group to use for signing.
+   * @param singleSignatureInfos A <code>List</code> of 
+   * <code>SingleSignatureInfo</code> objects containing information about a
+   * single signature to be created.
+   * @return The <code>CreateCMSSignatureRequest</code> containing the above
+   * data.
+   * 
+   * @pre keyIdentifier != null && keyIdentifier.length() > 0
+   * @pre singleSignatureInfos != null
+   * @pre forall Object o in singleSignatureInfos | 
+   *        o instanceof at.gv.egovernment.moa.spss.api.common.SingleSignatureInfo 
+   * @post return != null
+   */
+  public abstract CreateCMSSignatureRequest createCreateCMSSignatureRequest(
+    String keyIdentifier,
+    List singleSignatureInfos);
+  
   /**
    * Create a new <code>SingleSignatureInfo</code> object.
    * 
@@ -156,6 +179,23 @@ public abstract class SPSSFactory {
   public abstract SingleSignatureInfo createSingleSignatureInfo(
     List dataObjectInfos,
     CreateSignatureInfo createSignatureInfo, boolean securityLayerConform);
+  
+  /**
+   * Create a new <code>SingleSignatureInfo</code> object.
+   * 
+   * @param dataObjectInfo The data object that will be signed.
+   * @param securityLayerConform If <code>true</code>, a Security Layer conform
+   * signature manifest is created, otherwise not.
+   * @return The <code>SingleSignatureInfo</code> containing the above data.
+   * 
+   * @post return != null
+   */
+  public abstract at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo createSingleSignatureInfoCMS(	
+    at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo,
+    boolean securityLayerConform);
+  
+
+  
 
   /**
    * Create a new <code>DataObjectInfo</code> object.
@@ -181,6 +221,22 @@ public abstract class SPSSFactory {
     Content dataObject,
     CreateTransformsInfoProfile createTransformsInfoProfile);
 
+  /**
+   * Create a new <code>DataObjectInfo</code> object.
+   * 
+   * @param structure The type of signature to create.
+   * @param dataObject The data object that will be signed.
+   * @return The <code>DataObjectInfo</code> containing the above data.
+   * 
+   * @pre DataObjectInfo.STRUCTURE_DETACHED.equals(structure) ||
+   *      DataObjectInfo.STRUCTURE_ENVELOPING.equals(structure)
+   * @pre dataObject != null
+   * @post return != null
+   */
+  public abstract at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo createDataObjectInfo(
+    String structure,
+    CMSDataObject dataObject);
+  
   /**
    * Create a new <code>CreateTransformsInfoProfile</code> object containing a
    * reference to a locally stored profile.
@@ -321,6 +377,37 @@ public abstract class SPSSFactory {
    */
   public abstract CreateXMLSignatureResponse createCreateXMLSignatureResponse(List responseElements);
 
+  
+  /**
+   * Create a new <code>CreateCMSSignatureResponse</code> object.
+   * 
+   * @param responseElements The elements of the response, either 
+   * <code>CMSSignatureResponse</code> objects, or 
+   * <code>ErrorResponse</code> objects.
+   * @return The new <code>CreateCMSSignatureResponse</code> containing the
+   * above data.
+   * 
+   * @pre responseElements != null && responseElements.size() > 0
+   * @pre forall Object o in responseElements | 
+   *        o instanceof at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse
+   * @post return != null
+   */
+  public abstract CreateCMSSignatureResponse createCreateCMSSignatureResponse(List responseElements);
+  
+  
+  /**
+   * Create a new <code>SignatureEnvironmentResponse</code> object.
+   * 
+   * @param signatureEnvironment The signature environment containing the
+   * signature.
+   * @return The <code>SignatureEnvironmentResponse</code> containing the
+   * <code>signatureEnvironment</code>.
+   * 
+   * @pre signatureEnvironment != null
+   * @post return != null
+   */
+  public abstract CMSSignatureResponse createCMSSignatureResponse(String base64value);
+  
   /**
    * Create a new <code>SignatureEnvironmentResponse</code> object.
    * 
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CMSSignatureResponse.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CMSSignatureResponse.java
new file mode 100644
index 000000000..10db67627
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CMSSignatureResponse.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmssign;
+
+
+/**
+ * Contains the signature if the signature creation was successful.
+ *  
+ * @version $Id$
+ */
+public interface CMSSignatureResponse
+  extends CreateCMSSignatureResponseElement {
+  /** 
+   * Gets the CMS signature (Base64 encoded).
+   * 
+   * @return The CMS signature
+   */
+  public String getCMSSignature();
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureRequest.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureRequest.java
new file mode 100644
index 000000000..9d5cd7a0d
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureRequest.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmssign;
+
+import java.util.List;
+
+
+/**
+ * Object that encapsulates a request to create a CMS Signature.
+ * 
+ * 
+ * @version $Id$
+ */
+public interface CreateCMSSignatureRequest {
+  /**
+   * Gets the identifier for the keys to be used for the signature.
+   * 
+   * @return The identifier for the keys to be used.
+   */
+  public String getKeyIdentifier();
+  /**
+   * Gets the information of the singleSignatureInfo elements. 
+   * 
+   * @return The information of singleSignatureInfo elements.
+   */
+  public List getSingleSignatureInfos();
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponse.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponse.java
new file mode 100644
index 000000000..6062a1162
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponse.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmssign;
+
+import java.util.List;
+
+/**
+ * Object that encapsulates the response on to a 
+ * <code>CreateCMSSignatureRequest</code> to create an XML signature.
+ * 
+ * @version $Id$
+ */
+public interface CreateCMSSignatureResponse {
+  /**
+   * Gets the response elements.
+   * 
+   * @return The response elements.
+   */
+  public List getResponseElements();
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponseElement.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponseElement.java
new file mode 100644
index 000000000..8e4e61145
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponseElement.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmssign;
+
+/**
+ * Base class for <code>CMSSignature</code> and 
+ * <code>ErrorResponse</code> elements in a 
+ * <code>CreateXMLSignatureResponse</code>.
+ * 
+ * @version $Id$
+ */
+public interface CreateCMSSignatureResponseElement {
+  /**
+   * Indicates that this object contains a <code>CMSSignature</code>.
+   */
+  public static final int CMS_SIGNATURE = 0;
+  /**
+   * Indicates that this objet contains an <code>ErrorResponse</code>.
+   */
+  public static final int ERROR_RESPONSE = 1;
+  
+  /**
+   * Gets the type of response object.
+   * 
+   * @return The type of response object, either 
+   * <code>CMS_SIGNATURE</code> or <code>ERROR_RESPONSE</code>.
+   */
+  public int getResponseType();
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/DataObjectInfo.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/DataObjectInfo.java
new file mode 100644
index 000000000..b9f363061
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/DataObjectInfo.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmssign;
+
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
+
+/**
+ * Encapsulates information required to create a single signature.
+ * 
+ * @version $Id$
+ */
+public interface DataObjectInfo {
+  /**
+   * Indicates that a detached signature will be created.
+   */
+  public static final String STRUCTURE_DETACHED = "detached"; 
+  /**
+   * Indicates that an enveloping signature will be created.
+   */
+  public static final String STRUCTURE_ENVELOPING = "enveloping";
+
+  /**
+   * Gets the structure of the signature.
+   * 
+   * @return The structure of the signature.
+   */
+  public String getStructure();
+
+  /**
+   * Gets information related to a single data object.
+   * 
+   * @return Information related to a single data object.
+   */
+  public CMSDataObject getDataObject();
+  
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java
new file mode 100644
index 000000000..1f87a50ca
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmssign;
+
+
+
+/**
+ * Encapsulates data to create a single signature.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface SingleSignatureInfo {
+  /**
+   * Gets the dataObjectInfo information.
+   * 
+   * @return The dataObjectInfo information.
+   */
+  public DataObjectInfo getDataObjectInfo();
+  
+  /**
+   * Check whether a Security Layer conform signature manifest will be created.
+   * 
+   * @return <code>true</code>, if a Security Layer conform signature manifest 
+   * will be created, <code>false</code> otherwise.
+   */
+  public boolean isSecurityLayerConform();
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSSignatureResponseImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSSignatureResponseImpl.java
new file mode 100644
index 000000000..b512dd0bd
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSSignatureResponseImpl.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse;
+
+/**
+ * Default implementation of <code>CMSSignatureResponse</code>.
+ * 
+ * @version $Id$
+ */
+public class CMSSignatureResponseImpl
+  implements CMSSignatureResponse {
+
+  /** The base64 value of the CMS signature. */
+  private String cmsSignature;
+
+  /** 
+   * Sets the CMS signature.
+   * 
+   * @param cmsSignature The Base64 encoded value CMS signature.
+   */
+  public void setCMSSignature(String cmsSignature) {
+    this.cmsSignature = cmsSignature;
+  }
+
+  public String getCMSSignature() {
+    return cmsSignature;
+  }
+
+  /**
+   * Gets the type of <code>CreateCMSSignatureResponseElement</code>.
+   * 
+   * @return CMS_SIGNATURE
+   */
+  public int getResponseType() {
+    return CMS_SIGNATURE;
+  }
+
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureRequestImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureRequestImpl.java
new file mode 100644
index 000000000..e8408bc55
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureRequestImpl.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest;
+
+/**
+ * Default implementation of <code>CreateCMSSignatureRequest</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class CreateCMSSignatureRequestImpl
+  implements CreateCMSSignatureRequest {
+
+  /** The identifier for selecting the private keys for creating the signature.*/
+  private String keyIdentifier;
+  /** Information for creating a single signature. */
+  private List singleSignatureInfos = new ArrayList();
+
+  /**
+   * Sets the identifier for selecting the private keys for creating the 
+   * signature.
+   * 
+   * @param keyIdentifier The identifier for selecting the private keys.
+   */
+  public void setKeyIdentifier(String keyIdentifier) {
+    this.keyIdentifier = keyIdentifier;
+  }
+
+  public String getKeyIdentifier() {
+    return keyIdentifier;
+  }
+
+  /**
+   * Sets the information for creating single signatures.
+   * 
+   * @param singleSignaureInfos The information for creating single signatures.
+   */
+  public void setSingleSignatureInfos(List singleSignaureInfos) {
+    this.singleSignatureInfos =
+      singleSignaureInfos != null
+        ? Collections.unmodifiableList(new ArrayList(singleSignaureInfos))
+        : null;
+  }
+
+  public List getSingleSignatureInfos() {
+    return singleSignatureInfos;
+  }
+
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureResponseImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureResponseImpl.java
new file mode 100644
index 000000000..d596058c6
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureResponseImpl.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse;
+
+/**
+ * Default implementation of <code>CreateCMSSignatureResponse</code>.
+ * 
+ * @version $Id$
+ */
+public class CreateCMSSignatureResponseImpl
+  implements CreateCMSSignatureResponse {
+
+  /** The elements contained in the response. */
+  private List responseElements = new ArrayList();
+
+  /**
+   * Sets the elements contained in the response.
+   * 
+   * @param responseElements The response elements.
+   */
+  public void setResponseElements(List responseElements) {
+    this.responseElements =
+      responseElements != null
+        ? Collections.unmodifiableList(new ArrayList(responseElements))
+        : null;
+  }
+
+  public List getResponseElements() {
+    return responseElements;
+  }
+
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/DataObjectInfoCMSImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/DataObjectInfoCMSImpl.java
new file mode 100644
index 000000000..702086b6f
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/DataObjectInfoCMSImpl.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
+
+/**
+ * Default implementation of <code>DataObjectInfo</code> for CMS.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class DataObjectInfoCMSImpl implements DataObjectInfo {
+  /** The signature structure type. */
+  private String stucture;
+  /** The data object to be signed. */
+  private CMSDataObject dataObject;
+
+  /**
+   * Sets the signature structure type.
+   * 
+   * @param structure The signature structure type.
+   */
+  public void setStructure(String structure) {
+    this.stucture = structure;
+  }
+
+  public String getStructure() {
+    return stucture;
+  }
+
+
+  /**
+   * Sets the data object to be signed.
+   * 
+   * @param dataObject The data object to be signed.
+   */
+  public void setDataObject(CMSDataObject dataObject) {
+    this.dataObject = dataObject;
+  }
+
+  public CMSDataObject getDataObject() {
+    return dataObject;
+  }
+
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
index a23a1d98f..7c1208e8f 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
@@ -25,6 +25,7 @@
 package at.gv.egovernment.moa.spss.api.impl;
 
 import java.io.InputStream;
+
 import java.math.BigInteger;
 import java.security.cert.X509Certificate;
 import java.util.Date;
@@ -35,6 +36,9 @@ import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 
 import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse;
 import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
 import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
@@ -90,6 +94,32 @@ public class SPSSFactoryImpl extends SPSSFactory {
     createXMLSignatureRequest.setSingleSignatureInfos(singleSignatureInfos);
     return createXMLSignatureRequest;
   }
+  
+  public CreateCMSSignatureRequest createCreateCMSSignatureRequest(
+    String keyIdentifier,
+    List singleSignatureInfos) {
+	  CreateCMSSignatureRequestImpl createCMSSignatureRequest =
+		      new CreateCMSSignatureRequestImpl();
+	  createCMSSignatureRequest.setKeyIdentifier(keyIdentifier);
+	  createCMSSignatureRequest.setSingleSignatureInfos(singleSignatureInfos);
+	  return createCMSSignatureRequest;
+	  
+  }
+  
+  public CreateCMSSignatureResponse createCreateCMSSignatureResponse(List responseElements) {
+	  CreateCMSSignatureResponseImpl createCMSSignatureResponse = new CreateCMSSignatureResponseImpl();
+	  createCMSSignatureResponse.setResponseElements(responseElements);
+	  return createCMSSignatureResponse;
+  }
+  
+  
+  public CMSSignatureResponse createCMSSignatureResponse(String base64value) {
+	  CMSSignatureResponseImpl cmsSignatureResponse = new CMSSignatureResponseImpl();
+	  cmsSignatureResponse.setCMSSignature(base64value);
+	  
+	  return cmsSignatureResponse;
+  }
+  
 
   public SingleSignatureInfo createSingleSignatureInfo(
     List dataObjectInfos,
@@ -101,6 +131,16 @@ public class SPSSFactoryImpl extends SPSSFactory {
     singleSignatureInfo.setSecurityLayerConform(securityLayerConform);
     return singleSignatureInfo;
   }
+  
+  public at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo createSingleSignatureInfoCMS(
+		  at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo,		    
+		    boolean securityLayerConform) {
+		    SingleSignatureInfoCMSImpl singleSignatureInfo = new SingleSignatureInfoCMSImpl();
+		    singleSignatureInfo.setDataObjectInfo(dataObjectInfo);
+		    singleSignatureInfo.setSecurityLayerConform(securityLayerConform);
+		    return singleSignatureInfo;
+		  }
+  
   public DataObjectInfo createDataObjectInfo(
     String structure,
     boolean childOfManifest,
@@ -113,6 +153,15 @@ public class SPSSFactoryImpl extends SPSSFactory {
     dataObjectInfo.setCreateTransformsInfoProfile(createTransformsInfoProfile);
     return dataObjectInfo;
   }
+  
+  public at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo createDataObjectInfo(
+		    String structure,
+		    CMSDataObject dataObject) {
+		    DataObjectInfoCMSImpl dataObjectInfo = new DataObjectInfoCMSImpl();
+		    dataObjectInfo.setStructure(structure);
+		    dataObjectInfo.setDataObject(dataObject);
+		    return dataObjectInfo;
+		  }
 
   public CreateTransformsInfoProfile createCreateTransformsInfoProfile(String profileID) {
 
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java
new file mode 100644
index 000000000..cb3651587
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo;
+import at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo;
+
+/**
+ * @version $Id$
+ */
+public class SingleSignatureInfoCMSImpl implements SingleSignatureInfo {
+
+  private DataObjectInfo dataObjectInfo = null;
+
+
+  private boolean securityLayerConform = true;
+
+  public void setDataObjectInfo(DataObjectInfo dataObjectInfo) {
+    this.dataObjectInfo = dataObjectInfo;
+  }
+
+  public DataObjectInfo getDataObjectInfo() {
+    return dataObjectInfo;
+  }
+
+
+
+  public void setSecurityLayerConform(boolean securityLayerConform) {
+    this.securityLayerConform = securityLayerConform;
+  }
+
+  public boolean isSecurityLayerConform() {
+    return securityLayerConform;
+  }
+
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java
new file mode 100644
index 000000000..737915ecd
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java
@@ -0,0 +1,247 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlbind;
+
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.traversal.NodeIterator;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo;
+import at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * A parser to parse <code>CreateCMSSignatureRequest</code> DOM trees into
+ * <code>CreateCMSSignatureRequest</code> API objects.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CreateCMSSignatureRequestParser {
+
+  //
+  // XPath expresssions to select elements in the CreateCMSSignatureRequest
+  //
+  private static final String MOA = Constants.MOA_PREFIX + ":";
+  private static final String KEY_IDENTIFIER_XPATH =
+    "/" + MOA + "CreateCMSSignatureRequest/" + MOA + "KeyIdentifier";
+  private static final String SINGLE_SIGNATURE_INFO_XPATH =
+    "/" + MOA + "CreateCMSSignatureRequest/" + MOA + "SingleSignatureInfo";
+  private static final String DATA_OBJECT_INFO_XPATH = MOA + "DataObjectInfo";
+  private static final String DATA_OBJECT_XPATH = MOA + "DataObject";
+  
+  private static final String SL_CONFORM_ATTR_NAME = "SecurityLayerConformity";
+
+  private static final String META_INFO_XPATH = MOA + "MetaInfo";
+  private static final String CONTENT_XPATH = MOA + "Content";
+  private static final String BASE64_CONTENT_XPATH = MOA + "Base64Content";
+
+  
+  /** The factory to create API objects. */
+  private SPSSFactory factory;
+
+  /**
+   * Create a new <code>CreateCMSSignatureRequestParser</code>.
+   */
+  public CreateCMSSignatureRequestParser() {
+    this.factory = SPSSFactory.getInstance();
+  }
+
+  /**
+   * Parse a <code>CreateCMSSignatureRequest</code> DOM element, as defined
+   * by the MOA schema.
+   * 
+   * @param requestElem The <code>CreateCMSSignatureRequest</code> to parse. The
+   * request must have been successfully parsed against the schema for this
+   * method to succeed.
+   * @return A <code>CreateCMSSignatureRequest</code> API object containing
+   * the data from the DOM element.
+   * @throws MOAApplicationException An error occurred parsing the request.
+   */
+  public CreateCMSSignatureRequest parse(Element requestElem)
+    throws MOAApplicationException {
+
+    List singleSignatureInfos = parseSingleSignatureInfos(requestElem);
+    String keyIdentifier =
+      XPathUtils.getElementValue(requestElem, KEY_IDENTIFIER_XPATH, null);
+
+    return factory.createCreateCMSSignatureRequest(
+      keyIdentifier,
+      singleSignatureInfos);
+  }
+
+  /**
+   * Parse all <code>SingleSignatureInfo</code> elements of the 
+   * <code>CreateCMSSignatureRequest</code>.
+   * 
+   * @param requestElem The <code>CreateCMSSignatureRequest</code> to parse.
+   * @return A <code>List</code> of <code>SingleSignatureInfo</code> API 
+   * objects.
+   * @throws MOAApplicationException An error occurred parsing on of the 
+   * <code>SingleSignatureInfo</code> elements.
+   */
+  private List parseSingleSignatureInfos(Element requestElem)
+    throws MOAApplicationException {
+
+    List singleSignatureInfos = new ArrayList();
+    NodeIterator sigInfoElems =
+      XPathUtils.selectNodeIterator(requestElem, SINGLE_SIGNATURE_INFO_XPATH);
+    Element sigInfoElem;
+
+    while ((sigInfoElem = (Element) sigInfoElems.nextNode()) != null) {
+      singleSignatureInfos.add(parseSingleSignatureInfo(sigInfoElem));
+    }
+
+    return singleSignatureInfos;
+  }
+
+  /**
+   * Parse a <code>SingleSignatureInfo</code> DOM element.
+   * 
+   * @param sigInfoElem The <code>SingleSignatureInfo</code> DOM element to 
+   * parse.
+   * @return A <code>SingleSignatureInfo</code> API object containing the 
+   * information of <code>sigInfoElem</code>.
+   * @throws MOAApplicationException An error occurred parsing the 
+   * <code>SingleSignatureInfo</code>.
+   */
+  private SingleSignatureInfo parseSingleSignatureInfo(Element sigInfoElem)
+    throws MOAApplicationException {
+
+    DataObjectInfo dataObjectInfo = parseDataObjectInfo(sigInfoElem);
+    boolean securityLayerConform;
+
+    if (sigInfoElem.hasAttribute(SL_CONFORM_ATTR_NAME)) {
+      securityLayerConform =
+        BoolUtils.valueOf(sigInfoElem.getAttribute(SL_CONFORM_ATTR_NAME));
+    } else {
+      securityLayerConform = true;
+    }
+
+    return factory.createSingleSignatureInfoCMS(
+      dataObjectInfo,
+      securityLayerConform);
+  }
+
+  /**
+   * Parse the <code>DataObjectInfo</code> DOM elements contained in the given
+   * <code>SingleSignatureInfo</code> DOM element.
+   * 
+   * @param sigInfoElem The  <code>SingleSignatureInfo</code> DOM element
+   * whose <code>DataObjectInfo</code>s to parse.
+   * @return A <code>List</code> of <code>DataObjectInfo</code> API objects
+   * containing the data from the <code>DataObjectInfo</code> DOM elements.
+   * @throws MOAApplicationException An error occurred parsing one of the
+   * <code>DataObjectInfo</code>s.
+   */
+  private DataObjectInfo parseDataObjectInfo(Element sigInfoElem)
+    throws MOAApplicationException {
+
+	  Element dataObjInfoElem = (Element)XPathUtils.selectSingleNode(sigInfoElem, DATA_OBJECT_INFO_XPATH);
+	  
+	  String structure = dataObjInfoElem.getAttribute("Structure");
+	    Element dataObjectElem =
+	      (Element) XPathUtils.selectSingleNode(dataObjInfoElem, DATA_OBJECT_XPATH);
+	  
+	    CMSDataObject dataObject = parseDataObject(dataObjectElem);
+
+	    return factory.createDataObjectInfo(
+	      structure,
+	      dataObject);
+	    
+  }
+  
+ 
+
+ 
+
+  /**
+   * Parse a the <code>DataObject</code> DOM element contained in a given 
+   * <code>CreateCMSSignatureRequest</code> DOM element.
+   * 
+   * @param requestElem The DataObject DOM element of the <code>VerifyCMSSignatureRequest</code> 
+   * to parse.
+   * @return The <code>CMSDataObject</code> API object containing the data
+   * from the <code>DataObject</code> DOM element.
+   */
+  private CMSDataObject parseDataObject(Element dataObjectElem) {
+
+    if (dataObjectElem != null) {
+      Element metaInfoElem = (Element) XPathUtils.selectSingleNode(dataObjectElem, META_INFO_XPATH);
+      MetaInfo metaInfo = null;
+      Element contentElem = (Element) XPathUtils.selectSingleNode(dataObjectElem, CONTENT_XPATH);
+      CMSContent content = parseContent(contentElem);
+
+      if (metaInfoElem != null) {
+        metaInfo = RequestParserUtils.parseMetaInfo(metaInfoElem);
+      }
+
+      return factory.createCMSDataObject(metaInfo, content);
+    } 
+    else {
+      return null;
+    }
+  }
+
+    
+
+    /**
+     * Parse the content contained in a <code>CMSContentBaseType</code> kind of
+     * DOM element.
+     * 
+     * @param contentElem The <code>CMSContentBaseType</code> kind of element to
+     * parse.
+     * @return A <code>CMSDataObject</code> API object containing the data
+     * from the given DOM element.
+     */
+    private CMSContent parseContent(Element contentElem) {
+      Element base64ContentElem =
+        (Element) XPathUtils.selectSingleNode(contentElem, BASE64_CONTENT_XPATH);
+
+      if (base64ContentElem != null) {
+        String base64Str = DOMUtils.getText(base64ContentElem);
+        InputStream binaryContent = Base64Utils.decodeToStream(base64Str, true);
+        return factory.createCMSContent(binaryContent);
+      } else {
+        return factory.createCMSContent(
+          contentElem.getAttribute("Reference"));
+      }
+    } 
+
+}
\ No newline at end of file
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java
new file mode 100644
index 000000000..907f90d32
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java
@@ -0,0 +1,145 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlbind;
+
+import java.io.IOException;
+import java.util.Iterator;
+
+import javax.xml.transform.TransformerException;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponseElement;
+import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.SignatureEnvironmentResponse;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+/**
+ * Convert a <code>CreateCMSSignatureResponse</code> API object into its
+ * XML representation, according to the MOA XML schema.
+ * 
+ * @version $Id$
+ */
+public class CreateCMSSignatureResponseBuilder {
+  private static final String MOA_NS_URI = Constants.MOA_NS_URI;
+
+  /** The XML document containing the response element. */
+  private Document responseDoc;
+  /** The response <code>CreateCMSSignatureResponse</code> DOM element. */
+  private Element responseElem;
+
+  /**
+   * Create a new <code>CreateCMSSignatureResponseBuilder</code>:
+   * 
+   * @throws MOASystemException An error occurred setting up the resulting
+   * XML document.
+   */
+  public CreateCMSSignatureResponseBuilder() throws MOASystemException {
+    responseDoc =
+      ResponseBuilderUtils.createResponse("CreateCMSSignatureResponse");
+    responseElem = responseDoc.getDocumentElement();
+  }
+
+  /**
+   * Build a document containing a <code>CreateCMSSignatureResponse</code>
+   * DOM element being the XML representation of the given 
+   * <code>CreateCMSSignatureResponse</code> API object.
+   * 
+   * @param response The <code>CreateCMSSignatureResponse</code> to convert
+   * to XML.
+   * @return A document containing the <code>CreateCMSSignatureResponse</code>
+   * DOM element.
+   */
+  public Document build(CreateCMSSignatureResponse response) {
+    Iterator iter;
+
+        
+    for (iter = response.getResponseElements().iterator(); iter.hasNext();) {
+      CreateCMSSignatureResponseElement responseElement =
+        (CreateCMSSignatureResponseElement) iter.next();
+      
+      switch (responseElement.getResponseType()) {
+        case CreateCMSSignatureResponseElement.CMS_SIGNATURE :
+        	CMSSignatureResponse cmsSignatureResponse = (CMSSignatureResponse) responseElement;
+        	addCMSSignature(cmsSignatureResponse);
+          break;
+
+        case CreateCMSSignatureResponseElement.ERROR_RESPONSE :
+          ErrorResponse errorResponse = (ErrorResponse) responseElement;
+          addErrorResponse(errorResponse);
+          break;
+      }
+
+    }
+
+    return responseDoc;
+  }
+
+
+
+  /**
+   * Add a <code>CMSSignature</code> element to the response.
+   * 
+   * @param cmsSignatureResponse The content to put under the
+   * <code>CMSSignature</code> element.
+   */
+  private void addCMSSignature(CMSSignatureResponse cmsSignatureResponse) {
+	  String base64Value = cmsSignatureResponse.getCMSSignature();
+	  
+	  Element cmsSignature = responseDoc.createElementNS(MOA_NS_URI, "CMSSignature");	  
+	  cmsSignature.setTextContent(base64Value);
+	  
+	  responseElem.appendChild(cmsSignature);
+	  
+}
+  
+  /**
+   * Add a <code>ErrorResponse</code> element to the response.
+   *  
+   * @param errorResponse The API object containing the information to put into
+   * the <code>ErrorResponse</code> DOM element.
+   */
+  private void addErrorResponse(ErrorResponse errorResponse) {
+    Element errorElem =
+      responseDoc.createElementNS(MOA_NS_URI, "ErrorResponse");
+    Element errorCodeElem =
+      responseDoc.createElementNS(MOA_NS_URI, "ErrorCode");
+    Element infoElem = responseDoc.createElementNS(MOA_NS_URI, "Info");
+    String errorCodeStr = Integer.toString(errorResponse.getErrorCode());
+
+    errorCodeElem.appendChild(responseDoc.createTextNode(errorCodeStr));
+    errorElem.appendChild(errorCodeElem);
+    infoElem.appendChild(responseDoc.createTextNode(errorResponse.getInfo()));
+    errorElem.appendChild(errorCodeElem);
+    errorElem.appendChild(infoElem);
+    responseElem.appendChild(errorElem);
+  }
+
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index bc53ca4f9..4fcc5daa9 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -548,8 +548,7 @@ public class ConfigurationPartsBuilder {
 	  }
 	  
 	  
-	  // set whitelist for iaik-moa
-	  // TODO 
+	  // TODO set whitelist for iaik-moa
 //	  ExternalReferenceChecker.setWhitelist(whiteListIaikMoa);
 
 	  
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
new file mode 100644
index 000000000..49e5ecc10
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
@@ -0,0 +1,249 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.cmssign;
+
+import iaik.server.modules.algorithms.SignatureAlgorithms;
+import iaik.server.modules.cmssign.CMSSignatureCreationProfile;
+import iaik.server.modules.keys.AlgorithmUnavailableException;
+import iaik.server.modules.keys.KeyEntryID;
+import iaik.server.modules.keys.KeyModule;
+import iaik.server.modules.keys.KeyModuleFactory;
+import iaik.server.modules.keys.UnknownKeyException;
+
+import java.util.List;
+import java.util.Set;
+
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+
+/**
+ * An object providing auxiliary information for creating a CMS signature.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CMSSignatureCreationProfileImpl
+  implements CMSSignatureCreationProfile {
+
+  /** The set of keys available to the signing process. */
+  private Set keySet;
+  /** The MIME type of the data to be signed*/
+  private String mimeType;
+  /** Whether the created signature is to be Security Layer conform. */ 
+  private boolean securityLayerConform;
+  /** Properties to be signed during signature creation. */ 
+  private List signedProperties;
+  /** Specifies whether the content data shall be included in the CMS SignedData or shall be not included. */
+  private boolean includeData;
+  /** Digest Method algorithm  */
+  private String digestMethod;
+  
+  
+  /**
+   * Create a new <code>XMLSignatureCreationProfileImpl</code>.
+   * 
+   * @param createProfileCount Provides external information about the 
+   * number of calls to the signature creation module, using the same request.
+   * @param reservedIDs The set of IDs that must not be used while generating
+   * new IDs.
+   */
+  public CMSSignatureCreationProfileImpl(
+    Set keySet,
+    String digestMethod,
+    List signedProperties,
+    boolean securityLayerConform,
+    boolean includeData,
+    String mimeType) {
+	  this.keySet = keySet;
+	  this.signedProperties = signedProperties;
+	  this.securityLayerConform = securityLayerConform;
+	  this.includeData = includeData;
+	  this.mimeType = mimeType;
+	  this.digestMethod = digestMethod;
+
+  }
+
+  
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getKeySet()
+   */
+  public Set getKeySet() {
+    return keySet;
+  }
+
+  /**
+   * Set the set of <code>KeyEntryID</code>s which may be used for signature
+   * creation.
+   * 
+   * @param keySet The set of <code>KeyEntryID</code>s to set.
+   */
+  public void setKeySet(Set keySet) {
+    this.keySet = keySet;
+  }
+
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureAlgorithmName(KeyEntryID)
+   */
+  public String getSignatureAlgorithmName(KeyEntryID selectedKeyID)
+    throws AlgorithmUnavailableException {
+
+	  
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    TransactionId tid = new TransactionId(context.getTransactionID());
+    KeyModule module = KeyModuleFactory.getInstance(tid);
+    Set algorithms;
+
+    try {
+      algorithms = module.getSupportedSignatureAlgorithms(selectedKeyID);
+    } catch (UnknownKeyException e) {
+      throw new AlgorithmUnavailableException(
+        "Unknown key entry: " + selectedKeyID,
+        e,
+        null);
+    }
+    
+      	if (digestMethod.compareTo("SHA-1") == 0) {
+    		Logger.warn("SHA-1 is configured as digest algorithm. Please revise a use of a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)");
+    		
+    		if  (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) {
+                  return SignatureAlgorithms.SHA1_WITH_RSA;
+                  
+    		} else if (algorithms.contains(SignatureAlgorithms.ECDSA)) {
+                  return SignatureAlgorithms.ECDSA;
+                  
+    		} else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+    			return SignatureAlgorithms.DSA;
+    			
+    		} else {
+    			throw new AlgorithmUnavailableException(
+    					"No algorithm for key entry: " + selectedKeyID,
+                         null,
+                         null);
+             }
+    		
+    	} else if (digestMethod.compareTo("SHA-256") == 0) {
+    		if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) { 
+             	return SignatureAlgorithms.SHA256_WITH_RSA;
+             	
+    		} else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)) {
+             	return SignatureAlgorithms.SHA256_WITH_ECDSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA;
+             	
+             } else {
+             	throw new AlgorithmUnavailableException(
+             			"No algorithm for key entry: " + selectedKeyID,
+             			null,
+             	        null);
+             }
+    	} else if (digestMethod.compareTo("SHA-384") == 0) {
+    		if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) {
+             	return SignatureAlgorithms.SHA384_WITH_RSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)) {
+             	return SignatureAlgorithms.SHA384_WITH_ECDSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA;
+             	
+             } else {
+             	throw new AlgorithmUnavailableException(
+             			"No algorithm for key entry: " + selectedKeyID,
+             			null,
+             	        null);
+             }
+    	} else if (digestMethod.compareTo("SHA-512") == 0) {
+    		if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
+             	return SignatureAlgorithms.SHA512_WITH_RSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)) {
+             	return SignatureAlgorithms.SHA512_WITH_ECDSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA; 
+             	
+             } else {
+             	throw new AlgorithmUnavailableException(
+             			"No algorithm for key entry: " + selectedKeyID,
+             			null,
+             	        null);
+             }
+    	}	
+    	else {
+         	throw new AlgorithmUnavailableException(
+         			"No signature algorithm found for digest algorithm '" + digestMethod,
+         			null,
+         	        null);
+         }
+  
+
+  }
+
+
+ 
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedProperties()
+   */
+  public List getSignedProperties() {
+    return signedProperties;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#isSecurityLayerConform()
+   */
+  public boolean isSecurityLayerConform() {
+    return securityLayerConform;
+  }
+
+  /**
+   * Sets the security layer conformity.
+   * 
+   * @param securityLayerConform <code>true</code>, if the created signature
+   * is to be conform to the Security Layer specification.
+   */
+  public void setSecurityLayerConform(boolean securityLayerConform) {
+    this.securityLayerConform = securityLayerConform;
+  }
+
+ 
+  public void setDigestMethod(String digestMethod) {
+	  this.digestMethod = digestMethod;
+  }
+ 
+
+  public String getMimeType() {
+	  return mimeType;
+  }
+
+  public boolean includeData() {
+	return this.includeData;
+  }
+
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
index edc3922e2..7d0c5a062 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
@@ -201,7 +201,7 @@ public class XMLSignatureCreationProfileImpl
     else {
     	// XAdES 1.4.2 is enabled: select signature algorithm according to selected digest method
     	if (digestMethodXAdES142.compareTo("SHA-1") == 0) {
-    		Logger.warn("XAdES version 1.4.2 is enabled, but SHA-1 is configured as digest algorithm. Please revise a use a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)");
+    		Logger.warn("XAdES version 1.4.2 is enabled, but SHA-1 is configured as digest algorithm. Please revise a use of a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)");
     		
     		if  (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) {
                   return SignatureAlgorithms.SHA1_WITH_RSA;
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
new file mode 100644
index 000000000..e058c8a4b
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
@@ -0,0 +1,396 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import iaik.server.modules.algorithms.HashAlgorithms;
+import iaik.server.modules.cmssign.CMSSignature;
+import iaik.server.modules.cmssign.CMSSignatureCreationException;
+import iaik.server.modules.cmssign.CMSSignatureCreationModule;
+import iaik.server.modules.cmssign.CMSSignatureCreationModuleFactory;
+import iaik.server.modules.cmssign.CMSSignatureCreationProfile;
+import iaik.server.modules.keys.KeyEntryID;
+import iaik.server.modules.keys.KeyModule;
+import iaik.server.modules.keys.KeyModuleFactory;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.math.BigInteger;
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.logging.LoggingContext;
+import at.gv.egovernment.moa.logging.LoggingContextManager;
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo;
+import at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentExcplicit;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentReference;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+import at.gv.egovernment.moa.spss.api.impl.CreateCMSSignatureResponseImpl;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.config.KeyGroupEntry;
+import at.gv.egovernment.moa.spss.server.iaik.cmssign.CMSSignatureCreationProfileImpl;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * A class providing an API based interface to the
+ * <code>CMSSignatureCreationModule</code>.
+ * 
+ * This class performs the invocation of the 
+ * <code>iaik.server.modules.cmssign.CMSSignatureCreationModule</code> from a
+ * <code>CreateCMSSignatureRequest</code> given as an API object. The result of
+ * the invocation is integrated into a <code>CreateCMSSignatureResponse</code>
+ * and returned.
+ * 
+ * @version $Id$
+ */
+public class CMSSignatureCreationInvoker {
+	
+	 private static Map HASH_ALGORITHM_MAPPING;
+
+	  static {
+	    HASH_ALGORITHM_MAPPING = new HashMap();
+	    HASH_ALGORITHM_MAPPING.put(Constants.SHA1_URI, HashAlgorithms.SHA1);
+	    HASH_ALGORITHM_MAPPING.put(Constants.SHA256_URI, HashAlgorithms.SHA256);
+	    HASH_ALGORITHM_MAPPING.put(Constants.SHA384_URI, HashAlgorithms.SHA384);
+	    HASH_ALGORITHM_MAPPING.put(Constants.SHA512_URI, HashAlgorithms.SHA512);
+	  }
+	  
+
+  /** The single instance of this class. */
+  private static CMSSignatureCreationInvoker instance = null;
+
+  /**
+   * Get the only instance of this class.
+   * 
+   * @return The only instance of this class.
+   */
+  public static synchronized CMSSignatureCreationInvoker getInstance() {
+    if (instance == null) {
+      instance = new CMSSignatureCreationInvoker();
+    }
+    return instance;
+  }
+
+  /**
+   * Create a new <code>CMSSignatureCreationInvoker</code>.
+   * 
+   * Protected to disallow multiple instances.
+   */
+  protected CMSSignatureCreationInvoker() {
+  }
+  
+ 
+
+  /**
+   * Process the <code>CreateCMSSignatureRequest<code> message and invoke the
+   * <code>XMLSignatureCreationModule</code> for every
+   * <code>SingleSignatureInfo</code> contained in the request.
+   * 
+   * @param request A <code>CreateCMSSignatureRequest<code> API object
+   * containing the information for creating the signature(s).
+   * @param reserved A <code>Set</code> of reserved object IDs.
+   * 
+   * @return A <code>CreateCMSSignatureResponse</code> API object containing
+   * the created signature(s). The response contains either a
+   * <code>SignatureEnvironment</code> or a <code>ErrorResponse</code>
+   * for each <code>SingleSignatureInfo</code> in the request.
+   * @throws MOAException An error occurred during signature creation. 
+   */
+  public CreateCMSSignatureResponse createCMSSignature(
+    CreateCMSSignatureRequest request,
+    Set reserved)
+    throws MOAException {
+
+	  TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();	  
+	  //LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext();
+
+	  CreateCMSSignatureResponseBuilder responseBuilder = new CreateCMSSignatureResponseBuilder();
+	  CreateCMSSignatureResponse response = new CreateCMSSignatureResponseImpl();
+
+	  boolean isSecurityLayerConform = false;
+	  String structure = null;
+	  String mimetype = null;
+	  
+	  // select the SingleSignatureInfo elements
+	  Iterator singleSignatureInfoIter = request.getSingleSignatureInfos().iterator();
+
+    // iterate over all the SingleSignatureInfo elements in the request
+	  while (singleSignatureInfoIter.hasNext()) {
+		  SingleSignatureInfo singleSignatureInfo = (SingleSignatureInfo) singleSignatureInfoIter.next();
+		  isSecurityLayerConform = singleSignatureInfo.isSecurityLayerConform();
+		  
+		  
+		  DataObjectInfo dataObjectInfo = singleSignatureInfo.getDataObjectInfo();
+		  structure = dataObjectInfo.getStructure();
+		  
+		  CMSDataObject dataobject = dataObjectInfo.getDataObject();
+		  MetaInfo metainfo = dataobject.getMetaInfo();
+		  mimetype = metainfo.getMimeType();
+			  
+		  CMSContent content = dataobject.getContent();
+		  InputStream contentIs = null;
+		  // build the content data
+		  switch (content.getContentType()) {
+		  	case CMSContent.EXPLICIT_CONTENT :			    	  
+		  		contentIs = ((CMSContentExcplicit) content).getBinaryContent();
+		  		break;
+		  	case CMSContent.REFERENCE_CONTENT :
+		  		String reference = ((CMSContentReference) content).getReference();
+		  		if (!"".equals(reference)) {
+		  			ExternalURIResolver resolver = new ExternalURIResolver();
+		  			contentIs = resolver.resolve(reference);
+		  		} else {
+		  			throw new MOAApplicationException("2301", null);
+		  		}
+			    break;
+		  	default : {
+		  		throw new MOAApplicationException("2301", null);
+		  	}
+		  }
+			
+		  // create CMSSignatureCreationModuleFactory
+		  CMSSignatureCreationModule module = CMSSignatureCreationModuleFactory.getInstance();			    
+			    
+		  List signedProperties = null;
+		  boolean includeData = true;
+		  if (structure.compareTo("enveloping") == 0)
+			  includeData = true;
+		  if (structure.compareTo("detached") == 0)
+			  includeData = false;
+			    
+		  ConfigurationProvider config = context.getConfiguration();
+			    
+		  // get the key group id
+		  String keyGroupID = request.getKeyIdentifier();
+		  // set the key set
+		  Set keySet = buildKeySet(keyGroupID);
+		  if (keySet == null) {
+			  throw new MOAApplicationException("2231", null);
+		  } else if (keySet.size() == 0) {
+			  throw new MOAApplicationException("2232", null);
+		  }
+			    
+		  // get digest algorithm
+		  String digestAlgorithm = getDigestAlgorithm(config, keyGroupID);
+			    
+		  // create CMSSignatureCreation profile:			    
+		  CMSSignatureCreationProfile profile = new CMSSignatureCreationProfileImpl(
+				  keySet,
+				  digestAlgorithm, 
+				  signedProperties,
+				  isSecurityLayerConform, 
+				  includeData, 
+				  mimetype);
+		  
+		  // create CMSSignature from the CMSSignatureCreationModule
+		  // build the additionalSignedProperties
+		  List additionalSignedProperties = buildAdditionalSignedProperties();
+		  TransactionId tid = new TransactionId(context.getTransactionID());
+		  try {
+			  CMSSignature signature = module.createSignature(profile, additionalSignedProperties, tid);
+			  ByteArrayOutputStream out = new ByteArrayOutputStream();
+			  // get CMS SignedData output stream from the CMSSignature and wrap it around out
+			  boolean base64 = true;
+			  OutputStream  signedDataStream = signature.getSignature(out, base64);
+					 
+			  // now write the data to be signed to the signedDataStream
+			  byte[] buf = new byte[4096];
+			  int bytesRead;
+			  while ((bytesRead = contentIs.read(buf)) >= 0) {
+				  signedDataStream.write(buf, 0, bytesRead);
+			  } 
+					 
+			  // finish SignedData processing by closing signedDataStream
+			  signedDataStream.close();
+			  String base64value = out.toString();
+					 
+			  responseBuilder.addCMSSignature(base64value);
+					
+					
+		  } catch (CMSSignatureCreationException e) {
+			  MOAException moaException = IaikExceptionMapper.getInstance().map(e);
+
+	          responseBuilder.addError(
+	            moaException.getMessageId(),
+	            moaException.getMessage());
+	          Logger.warn(moaException.getMessage(), e);
+	          
+		  } 
+		  catch (IOException e) {
+			  throw new MOAApplicationException("2301", null, e);			  
+		  }
+			
+	  }
+	  
+
+    return responseBuilder.getResponse();
+  }
+
+  
+  private String getDigestAlgorithm(ConfigurationProvider config, String keyGroupID) throws MOASystemException {
+	// get digest method on key group level (if configured)
+	    String configDigestMethodKG = config.getKeyGroup(keyGroupID).getDigestMethodAlgorithm();
+	    // get default digest method (if configured)
+	    String configDigestMethod = config.getDigestMethodAlgorithmName();
+	    
+	    
+	    String digestMethod = null;
+	    if (configDigestMethodKG != null) {
+	    	// if KG specific digest method is configured
+	    	digestMethod = (String) HASH_ALGORITHM_MAPPING.get(configDigestMethodKG);
+	    	if (digestMethod == null) {
+	    		error(
+	    				"config.17",
+	    				new Object[] { configDigestMethodKG});
+	    		throw new MOASystemException("2900", null);    			
+	    	}
+	    	Logger.debug("Digest algorithm: " + digestMethod + "(configured in KeyGroup)");
+	    }	    	
+	    else {
+	    	// else get default configured digest method
+	    	digestMethod = (String) HASH_ALGORITHM_MAPPING.get(configDigestMethod);
+	    	if (digestMethod == null) {
+	    		error(
+	    				"config.17",
+	    				new Object[] { configDigestMethod});
+	    		throw new MOASystemException("2900", null);	
+	    	}
+	    	Logger.debug("Digest algorithm: " + digestMethod + "(default)");
+	    	
+	    }
+		return digestMethod;
+  }
+  
+  /**
+   * Utility function to issue an error message to the log.
+   * 
+   * @param messageId The ID of the message to log.
+   * @param parameters Additional message parameters.
+   */
+  private static void error(String messageId, Object[] parameters) {
+    MessageProvider msg = MessageProvider.getInstance();
+
+    Logger.error(new LogMsg(msg.getMessage(messageId, parameters)));
+  }
+  
+  /**
+   * Build the set of <code>KeyEntryID</code>s available to the given
+   * <code>keyGroupID</code>.
+   * 
+   * @param keyGroupID The keygroup ID for which the available keys should be
+   * returned.
+   * @return The <code>Set</code> of <code>KeyEntryID</code>s
+   * identifying the available keys.
+   */
+  private Set buildKeySet(String keyGroupID) {
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    Set keyGroupEntries;
+
+    // get the KeyGroup entries from the configuration
+    if (context.getClientCertificate() != null) {
+      X509Certificate cert = context.getClientCertificate()[0];
+      Principal issuer = cert.getIssuerDN();
+      BigInteger serialNumber = cert.getSerialNumber();
+
+      keyGroupEntries =
+        config.getKeyGroupEntries(issuer, serialNumber, keyGroupID);
+    } else {
+      keyGroupEntries = config.getKeyGroupEntries(null, null, keyGroupID);
+    }
+
+    // map the KeyGroup entries to a set of KeyEntryIDs
+    if (keyGroupEntries == null) {
+      return null;
+    } else if (keyGroupEntries.size() == 0) {
+      return Collections.EMPTY_SET;
+    } else {
+      KeyModule module =
+        KeyModuleFactory.getInstance(
+          new TransactionId(context.getTransactionID()));
+      Set keyEntryIDs = module.getPrivateKeyEntryIDs();
+      Set keySet = new HashSet();
+      Iterator iter;
+
+      // filter out the keys that do not exist in the IAIK configuration
+      // by walking through the key entries and checking if the exist in the
+      // keyGroupEntries
+      for (iter = keyEntryIDs.iterator(); iter.hasNext();) {
+        KeyEntryID entryID = (KeyEntryID) iter.next();
+        KeyGroupEntry entry =
+          new KeyGroupEntry(
+            entryID.getModuleID(),
+            entryID.getCertificateIssuer(),
+            entryID.getCertificateSerialNumber());
+        if (keyGroupEntries.contains(entry)) {
+          keySet.add(entryID);
+        }
+      }
+      return keySet;
+    }
+  }
+
+  /**
+   * Build the list of additional signed properties.
+   * 
+   * Based on the generic configuration setting
+   * <code>ConfigurationProvider.TEST_SIGNING_TIME_PROPERTY</code>, a
+   * constant <code>SigningTime</code> will be added to the properties.
+   * 
+   * @return The <code>List</code> of additional signed properties.
+   */
+  private List buildAdditionalSignedProperties() {
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    List additionalSignedProperties = Collections.EMPTY_LIST;
+
+    return additionalSignedProperties;
+  }
+
+}
\ No newline at end of file
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index 2c4bbd4eb..c979d8407 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -136,7 +136,7 @@ public class CMSSignatureVerificationInvoker {
     try {
       // get the signed content
       signedContent = getSignedContent(request);
-
+      
       // build the profile
       profile = profileFactory.createProfile();
 
@@ -159,6 +159,7 @@ public class CMSSignatureVerificationInvoker {
       while (input.read(buf) > 0);
       results = module.verifySignature(signingTime);
       
+      
     } catch (IAIKException e) {
       MOAException moaException = IaikExceptionMapper.getInstance().map(e);
       throw moaException;
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java
new file mode 100644
index 000000000..aa52fe09a
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse;
+
+/**
+ * A class to build a <code>CreateCMSSignatureResponse</code>.
+ * 
+ * <p>The methods <code>addSignature()</code> and <code>addError()</code> may be
+ * called in any combination to add <code>CMSignature</code> and
+ * <code>ErrorResponse</code> elements to the response. One of these functions
+ * must be called at least once to produce a 
+ * <code>CreateCMSSignatureResponse</code>.</p>
+ * 
+ * <p>The <code>getResponseElement()</code> method then returns the
+ * <code>CreateXMLSignatureResponse</code> built so far.</p>
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CreateCMSSignatureResponseBuilder {
+
+  /** The <code>SPSSFactory</code> for creating API objects. */
+  private SPSSFactory factory = SPSSFactory.getInstance();
+  /** The elements to add to the response. */
+  private List responseElements = new ArrayList();
+
+  /**
+   * Get the <code>CreateCMSSignatureResponse</code> built so far.
+   * 
+   * @return The <code>CreateCMSSignatureResponse</code> built so far.
+   */
+  public CreateCMSSignatureResponse getResponse() {
+    return factory.createCreateCMSSignatureResponse(responseElements);
+  }
+
+  /**
+   * Add a <code>SignatureEnvironment</code> element to the response.
+   * 
+   * @param signatureEnvironment The content to put under the
+   * <code>SignatureEnvironment</code> element. This should either be a
+   * <code>dsig:Signature</code> element (in case of a detached signature) or
+   * the signature environment containing the signature (in case of
+   * an enveloping signature).
+   */
+  public void addCMSSignature(String base64value) {
+    CMSSignatureResponse responseElement = 
+      factory.createCMSSignatureResponse(base64value);
+    responseElements.add(responseElement);
+  }
+
+  /**
+   * Add a <code>ErrorResponse</code> element to the response.
+   *  
+   * @param errorCode The error code.
+   * @param info Additional information about the error.
+   */
+  public void addError(String errorCode, String info) {
+    ErrorResponse errorResponse = 
+      factory.createErrorResponse(Integer.parseInt(errorCode), info);
+    responseElements.add(errorResponse);
+  }
+
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java
index 869cfefa1..348cb84aa 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java
@@ -85,7 +85,8 @@ public class IaikExceptionMapper {
       { iaik.server.modules.xmlverify.TransformationException.class, "2265", MOAApplicationException.class },
       { iaik.server.modules.xmlverify.TransformationParsingException.class, "2269", MOAApplicationException.class },
       { iaik.xml.crypto.tsl.ex.TSLEngineDiedException.class, "2290", MOAApplicationException.class },
-      { iaik.xml.crypto.tsl.ex.TSLSearchException.class, "2290", MOAApplicationException.class }
+      { iaik.xml.crypto.tsl.ex.TSLSearchException.class, "2290", MOAApplicationException.class } ,
+      { iaik.server.modules.cmssign.CMSSignatureCreationException.class, "2300", MOAApplicationException.class } ,
       
       
   };
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
index 3b82c6caf..605716d5b 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
@@ -80,6 +80,7 @@ public class VerifyCMSSignatureResponseBuilder {
   public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQCFromTSL, boolean checkSSCDFromTSL)
     throws MOAException {
 
+	  
     CertificateValidationResult certResult =
       result.getCertificateValidationResult();
     int signatureCheckCode =
@@ -90,8 +91,7 @@ public class VerifyCMSSignatureResponseBuilder {
     SignerInfo signerInfo;
     CheckResult signatureCheck;
     CheckResult certificateCheck;
-    
-    
+
     boolean qualifiedCertificate = false;
     
     // verify qualified certificate checks (certificate or TSL)
@@ -112,6 +112,7 @@ public class VerifyCMSSignatureResponseBuilder {
         certResult.isPublicAuthorityCertificate(),
         certResult.getPublicAuthorityID(),
         checkSSCDFromTSL);
+    
 
     // add SignatureCheck element
     signatureCheck = factory.createCheckResult(signatureCheckCode, null);
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
index 6bf2317b4..591e26ac2 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
@@ -393,6 +393,7 @@ public class AxisHandler extends BasicHandler {
 
     try {
       String filename = MOA_SPSS_WSDL_RESOURCE_;
+      
       File file = new File(filename);
       if (file.exists()) {
         //if this resolves to a file, load it
@@ -400,7 +401,7 @@ public class AxisHandler extends BasicHandler {
       } else {
         //else load a named resource in our classloader. 
         instream = this.getClass().getResourceAsStream(filename);
-        if (instream == null) {
+        if (instream == null) {        	
           String errorText = Messages.getMessage("wsdlFileMissing", filename);
           throw new AxisFault(errorText);
         }
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java
index 7a7bb88bb..e5b12bd8c 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java
@@ -35,10 +35,15 @@ import org.w3c.dom.Element;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.spss.MOAException;
 import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.xmlbind.CreateCMSSignatureRequestParser;
+import at.gv.egovernment.moa.spss.api.xmlbind.CreateCMSSignatureResponseBuilder;
 import at.gv.egovernment.moa.spss.api.xmlbind.CreateXMLSignatureRequestParser;
 import at.gv.egovernment.moa.spss.api.xmlbind.CreateXMLSignatureResponseBuilder;
 import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest;
 import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureCreationInvoker;
 import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureCreationInvoker;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
@@ -52,6 +57,89 @@ import at.gv.egovernment.moa.util.StreamUtils;
  * @version $Id$
  */
 public class SignatureCreationService {
+	
+	 /**
+	   * Handle a <code>CreateXMLSignatureRequest</code>.
+	   * 
+	   * @param request The <code>CreateXMLSignatureRequest</code> to work on
+	   * (contained in the 0th element of the array).
+	   * @return A <code>CreateXMLSignatureResponse</code> as the only element of
+	   * the <code>Element</code> array.
+	   * @throws AxisFault An error occurred during handling of the message.
+	   */
+	  public Element[] CreateCMSSignatureRequest(Element[] request)
+	    throws AxisFault {
+		  Logger.trace("---- Entering SignatureCreationService");
+	    CMSSignatureCreationInvoker invoker =
+	      CMSSignatureCreationInvoker.getInstance();
+	    Element[] response = new Element[1];
+
+	    // check that we have a CreateXMLSignatureRequest; if not, create an
+	    // AxisFault, just like the org.apache.axis.providers.java.MsgProvider
+	    if (!Constants.MOA_SPSS_CREATE_CMS_REQUEST.equals(request[0].getLocalName()) ||
+	      !Constants.MOA_NS_URI.equals(request[0].getNamespaceURI()))
+	    {
+	      QName qname =
+	        new QName(request[0].getNamespaceURI(), request[0].getLocalName());
+	      throw new AxisFault(
+	        Messages.getMessage("noOperationForQName", qname.toString())); // TODO GK Operation name does not make it into the error repsonse
+	    }
+
+	    // handle the request
+	    try {
+	        
+	      // create a parser and builder for binding API objects to/from XML
+	      CreateCMSSignatureRequestParser requestParser =
+	        new CreateCMSSignatureRequestParser();
+	      CreateCMSSignatureResponseBuilder responseBuilder =
+	        new CreateCMSSignatureResponseBuilder();
+	      Element reparsedReq;
+	      CreateCMSSignatureRequest requestObj;
+	      CreateCMSSignatureResponse responseObj;
+
+	      //since Axis (1.1 ff) has problem with namespaces we take the raw request stored by the Axishandler.
+	      TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+	  
+	      // validate the request
+	      reparsedReq = ServiceUtils.reparseRequest(request[0]);//context.getRequest());
+
+	      // convert to API objects
+		  Logger.trace(">>> preparsing Request");
+	      requestObj = requestParser.parse(reparsedReq);
+		  Logger.trace("<<< preparsed Request");
+	      
+		  Logger.trace(">>> creating Signature");
+	      // invoke the core logic
+	      responseObj = invoker.createCMSSignature(requestObj, Collections.EMPTY_SET);
+		  Logger.trace("<<< created Signature");
+
+		  Logger.trace(">>> building Response");
+	      // map back to XML
+	      response[0] = responseBuilder.build(responseObj).getDocumentElement();
+		  Logger.trace("<<< built Response");
+	      
+	      // save response in transaction
+	      context.setResponse(response[0]);
+		  Logger.trace("---- Leaving SignatureCreationService");
+		  
+
+	    } catch (MOAException e) {
+	      AxisFault fault = AxisFault.makeFault(e);
+	      fault.setFaultDetail(new Element[] { e.toErrorResponse()});
+	      Logger.debug("Anfrage zur Signaturerstellung wurde nicht erfolgreich beendet:" 
+	        + System.getProperty("line.separator") + StreamUtils.getStackTraceAsString(e));
+	      throw fault;
+	    } catch (Throwable t) {
+	      MOASystemException e = new MOASystemException("2900", null, t);
+	      AxisFault fault = AxisFault.makeFault(e);
+	      fault.setFaultDetail(new Element[] { e.toErrorResponse()});
+	      Logger.debug("Anfrage zur Signaturerstellung wurde nicht erfolgreich beendet:" 
+	        + System.getProperty("line.separator") + StreamUtils.getStackTraceAsString(e));
+	      throw fault;
+	    }
+
+	    return response;
+	  }
 
   /**
    * Handle a <code>CreateXMLSignatureRequest</code>.
diff --git a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
index 5919cebbc..1a6e54089 100644
--- a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
+++ b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
@@ -81,6 +81,8 @@
 2281=XML-Supplement kann nicht serialisiert werden (Reference="{0}")
 2282=Datenobjekt mit der URI={0} wurde dem Request nicht bereit gestellt
 2290=Fehler bei der QC bzw. SSCD Prüfung via TSL
+2300=Fehler bei der Erstellen der CMS Signatur
+2301=Fehler beim Lesen des zu signierenden Datenobjekts
 
 
 2900=Interner Server-Fehler
diff --git a/spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.3.wsdl b/spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.3.wsdl
deleted file mode 100644
index c5cd8fc0f..000000000
--- a/spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.3.wsdl
+++ /dev/null
@@ -1,105 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- 
-  Web Service Description for MOA SP/SS 1.4
--->
-<definitions name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-  <import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="../resources/schemas/MOA-SPSS-1.3.xsd"/>
-  <message name="CreateXMLSignatureInput">
-    <part name="body" element="moa:CreateXMLSignatureRequest"/>
-  </message>
-  <message name="CreateXMLSignatureOutput">
-    <part name="body" element="moa:CreateXMLSignatureResponse"/>
-  </message>
-  <message name="VerifyCMSSignatureInput">
-    <part name="body" element="moa:VerifyCMSSignatureRequest"/>
-  </message>
-  <message name="VerifyCMSSignatureOutput">
-    <part name="body" element="moa:VerifyCMSSignatureResponse"/>
-  </message>
-  <message name="VerifyXMLSignatureInput">
-    <part name="body" element="moa:VerifyXMLSignatureRequest"/>
-  </message>
-  <message name="VerifyXMLSignatureOutput">
-    <part name="body" element="moa:VerifyXMLSignatureResponse"/>
-  </message>
-  <message name="MOAFault">
-    <part name="body" element="moa:ErrorResponse"/>
-  </message>
-  <portType name="SignatureCreationPortType">
-    <operation name="createXMLSignature">
-      <input message="tns:CreateXMLSignatureInput"/>
-      <output message="tns:CreateXMLSignatureOutput"/>
-      <fault name="MOAFault" message="tns:MOAFault"/>
-    </operation>
-  </portType>
-  <portType name="SignatureVerificationPortType">
-    <operation name="verifyCMSSignature">
-      <input message="tns:VerifyCMSSignatureInput"/>
-      <output message="tns:VerifyCMSSignatureOutput"/>
-      <fault name="MOAFault" message="tns:MOAFault"/>
-    </operation>
-    <operation name="verifyXMLSignature">
-      <input message="tns:VerifyXMLSignatureInput"/>
-      <output message="tns:VerifyXMLSignatureOutput"/>
-      <fault name="MOAFault" message="tns:MOAFault"/>
-    </operation>
-  </portType>
-  <binding name="SignatureCreationBinding" type="tns:SignatureCreationPortType">
-    <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
-    <operation name="createXMLSignature">
-      <soap:operation soapAction="urn:CreateXMLSignatureAction"/>
-      <input>
-        <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-      </input>
-      <output>
-        <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-      </output>
-      <fault name="MOAFault">
-        <soap:fault use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-      </fault>
-    </operation>
-  </binding>
-  <binding name="SignatureVerificationBinding" type="tns:SignatureVerificationPortType">
-    <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
-    <operation name="verifyCMSSignature">
-      <soap:operation soapAction="urn:VerifyCMSSignatureAction"/>
-      <input>
-        <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-      </input>
-      <output>
-        <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-      </output>
-      <fault name="MOAFault">
-        <soap:fault use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-      </fault>
-    </operation>
-    <operation name="verifyXMLSignature">
-      <soap:operation soapAction="urn:VerifyXMLSignatureAction"/>
-      <input>
-        <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-      </input>
-      <output>
-        <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-      </output>
-      <fault name="MOAFault">
-        <soap:fault use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-      </fault>
-    </operation>
-  </binding>
-  <service name="SignatureCreationService">
-    <port name="SignatureCreationPort" binding="tns:SignatureCreationBinding">
-      <!--
-        Please note that the location URL must be adapted to the actual service URL.
-      <soap:address location="http://localhost/moa-spss/services/SignatureCreation"/>
-      -->
-    </port>
-  </service>
-  <service name="SignatureVerificationService">
-    <port name="SignatureVerificationPort" binding="tns:SignatureVerificationBinding">
-      <!--
-        Please note that the location URL must be adapted to the actual service URL.
-      <soap:address location="http://localhost/moa-spss/services/SignatureVerification"/>
-      -->
-    </port>
-  </service>
-</definitions>
diff --git a/spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.3.xsd b/spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.3.xsd
deleted file mode 100644
index 756b51279..000000000
--- a/spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.3.xsd
+++ /dev/null
@@ -1,469 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  MOA SP/SS 1.3 Schema
--->
-<xsd:schema targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.2" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
-  <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
-  <xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
-  <!--########## Create XML Signature ###-->
-  <!--### Create XML Signature Request ###-->
-  <xsd:element name="CreateXMLSignatureRequest">
-    <xsd:complexType>
-      <xsd:complexContent>
-        <xsd:extension base="CreateXMLSignatureRequestType"/>
-      </xsd:complexContent>
-    </xsd:complexType>
-  </xsd:element>
-  <xsd:complexType name="CreateXMLSignatureRequestType">
-    <xsd:sequence>
-      <xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
-      <xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
-        <xsd:annotation>
-          <xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation>
-        </xsd:annotation>
-        <xsd:complexType>
-          <xsd:sequence>
-            <xsd:element name="DataObjectInfo" maxOccurs="unbounded">
-              <xsd:complexType>
-                <xsd:complexContent>
-                  <xsd:extension base="DataObjectInfoType">
-                    <xsd:attribute name="ChildOfManifest" type="xsd:boolean" use="optional" default="false"/>
-                  </xsd:extension>
-                </xsd:complexContent>
-              </xsd:complexType>
-            </xsd:element>
-            <xsd:element name="CreateSignatureInfo" minOccurs="0">
-              <xsd:complexType>
-                <xsd:sequence>
-                  <xsd:element name="CreateSignatureEnvironment" type="ContentOptionalRefType"/>
-                  <xsd:choice>
-                    <xsd:annotation>
-                      <xsd:documentation>Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil</xsd:documentation>
-                    </xsd:annotation>
-                    <xsd:element ref="CreateSignatureEnvironmentProfile"/>
-                    <xsd:element name="CreateSignatureEnvironmentProfileID" type="ProfileIdentifierType"/>
-                  </xsd:choice>
-                </xsd:sequence>
-              </xsd:complexType>
-            </xsd:element>
-          </xsd:sequence>
-          <xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>
-        </xsd:complexType>
-      </xsd:element>
-    </xsd:sequence>
-  </xsd:complexType>
-  <!--### Create XML Signature Response ###-->
-  <xsd:complexType name="CreateXMLSignatureResponseType">
-    <xsd:choice maxOccurs="unbounded">
-      <xsd:annotation>
-        <xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage</xsd:documentation>
-      </xsd:annotation>
-      <xsd:element name="SignatureEnvironment">
-        <xsd:annotation>
-          <xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation>
-        </xsd:annotation>
-        <xsd:complexType>
-          <xsd:sequence>
-            <xsd:any namespace="##any" processContents="lax"/>
-          </xsd:sequence>
-        </xsd:complexType>
-      </xsd:element>
-      <xsd:element ref="ErrorResponse"/>
-    </xsd:choice>
-  </xsd:complexType>
-  <xsd:element name="CreateXMLSignatureResponse" type="CreateXMLSignatureResponseType"/>
-  <!--########## Verify CMS Signature ###-->
-  <!--### Verifiy CMS Signature Request ###-->
-  <xsd:element name="VerifyCMSSignatureRequest">
-    <xsd:complexType>
-      <xsd:complexContent>
-        <xsd:extension base="VerifyCMSSignatureRequestType">
-          <xsd:attribute name="Signatories" type="SignatoriesType" use="optional" default="1"/>
-        </xsd:extension>
-      </xsd:complexContent>
-    </xsd:complexType>
-  </xsd:element>
-  <xsd:complexType name="VerifyCMSSignatureRequestType">
-    <xsd:sequence>
-      <xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
-      <xsd:element name="CMSSignature" type="xsd:base64Binary"/>
-      <xsd:element name="DataObject" type="CMSDataObjectOptionalMetaType" minOccurs="0"/>
-      <xsd:element name="TrustProfileID" type="xsd:token">
-        <xsd:annotation>
-          <xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
-        </xsd:annotation>
-      </xsd:element>
-    </xsd:sequence>
-  </xsd:complexType>
-  <!--### Verify CMS Signature Response ###-->
-  <xsd:element name="VerifyCMSSignatureResponse" type="VerifyCMSSignatureResponseType"/>
-  <xsd:complexType name="VerifyCMSSignatureResponseType">
-    <xsd:sequence maxOccurs="unbounded">
-      <xsd:element name="SignerInfo" type="dsig:KeyInfoType">
-        <xsd:annotation>
-          <xsd:documentation>only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any</xsd:documentation>
-        </xsd:annotation>
-      </xsd:element>
-      <xsd:element name="SignatureCheck" type="CheckResultType"/>
-      <xsd:element name="CertificateCheck" type="CheckResultType"/>
-    </xsd:sequence>
-  </xsd:complexType>
-  <!--########## Verify XML Signature ###-->
-  <!--### Verify XML Signature Request ###-->
-  <xsd:element name="VerifyXMLSignatureRequest" type="VerifyXMLSignatureRequestType"/>
-  <xsd:complexType name="VerifyXMLSignatureRequestType">
-    <xsd:sequence>
-      <xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
-      <xsd:element name="VerifySignatureInfo">
-        <xsd:complexType>
-          <xsd:sequence>
-            <xsd:element name="VerifySignatureEnvironment" type="ContentOptionalRefType"/>
-            <xsd:element name="VerifySignatureLocation" type="xsd:token"/>
-          </xsd:sequence>
-        </xsd:complexType>
-      </xsd:element>
-      <xsd:choice minOccurs="0" maxOccurs="unbounded">
-        <xsd:element ref="SupplementProfile"/>
-        <xsd:element name="SupplementProfileID" type="xsd:string"/>
-      </xsd:choice>
-      <xsd:element name="SignatureManifestCheckParams" minOccurs="0">
-        <xsd:complexType>
-          <xsd:sequence>
-            <xsd:element name="ReferenceInfo" type="VerifyTransformsDataType" maxOccurs="unbounded">
-              <xsd:annotation>
-                <xsd:documentation>Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur.</xsd:documentation>
-              </xsd:annotation>
-            </xsd:element>
-          </xsd:sequence>
-          <xsd:attribute name="ReturnReferenceInputData" type="xsd:boolean" use="optional" default="true"/>
-        </xsd:complexType>
-      </xsd:element>
-      <xsd:element name="ReturnHashInputData" minOccurs="0"/>
-      <xsd:element name="TrustProfileID" type="xsd:token">
-        <xsd:annotation>
-          <xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
-        </xsd:annotation>
-      </xsd:element>
-    </xsd:sequence>
-  </xsd:complexType>
-  <!--### Verify XML Signature Response ###-->
-  <xsd:element name="VerifyXMLSignatureResponse" type="VerifyXMLSignatureResponseType"/>
-  <xsd:complexType name="VerifyXMLSignatureResponseType">
-    <xsd:sequence>
-      <xsd:element name="SignerInfo" type="dsig:KeyInfoType">
-        <xsd:annotation>
-          <xsd:documentation>only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any</xsd:documentation>
-        </xsd:annotation>
-      </xsd:element>
-      <xsd:element name="HashInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
-      <xsd:element name="ReferenceInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
-      <xsd:element name="SignatureCheck" type="ReferencesCheckResultType"/>
-      <xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" minOccurs="0"/>
-      <xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/>
-      <xsd:element name="CertificateCheck" type="CheckResultType"/>
-    </xsd:sequence>
-  </xsd:complexType>
-  <xsd:simpleType name="ProfileIdentifierType">
-    <xsd:restriction base="xsd:token"/>
-  </xsd:simpleType>
-  <xsd:complexType name="InputDataType">
-    <xsd:complexContent>
-      <xsd:extension base="ContentExLocRefBaseType">
-        <xsd:attribute name="PartOf" use="optional" default="SignedInfo">
-          <xsd:simpleType>
-            <xsd:restriction base="xsd:token">
-              <xsd:enumeration value="SignedInfo"/>
-              <xsd:enumeration value="XMLDSIGManifest"/>
-            </xsd:restriction>
-          </xsd:simpleType>
-        </xsd:attribute>
-        <xsd:attribute name="ReferringSigReference" type="xsd:nonNegativeInteger" use="optional"/>
-      </xsd:extension>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <xsd:complexType name="MetaInfoType">
-    <xsd:sequence>
-      <xsd:element name="MimeType" type="MimeTypeType"/>
-      <xsd:element name="Description" type="xsd:anyURI" minOccurs="0"/>
-      <xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
-    </xsd:sequence>
-  </xsd:complexType>
-  <xsd:complexType name="FinalDataMetaInfoType">
-    <xsd:complexContent>
-      <xsd:extension base="MetaInfoType">
-        <xsd:sequence>
-          <xsd:element name="Type" type="xsd:anyURI" minOccurs="0"/>
-        </xsd:sequence>
-      </xsd:extension>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <xsd:complexType name="DataObjectInfoType">
-    <xsd:sequence>
-      <xsd:element name="DataObject">
-        <xsd:complexType>
-          <xsd:complexContent>
-            <xsd:extension base="ContentOptionalRefType"/>
-          </xsd:complexContent>
-        </xsd:complexType>
-      </xsd:element>
-      <xsd:choice>
-        <xsd:annotation>
-          <xsd:documentation>Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil</xsd:documentation>
-        </xsd:annotation>
-        <xsd:element ref="CreateTransformsInfoProfile"/>
-        <xsd:element name="CreateTransformsInfoProfileID" type="ProfileIdentifierType"/>
-      </xsd:choice>
-    </xsd:sequence>
-    <xsd:attribute name="Structure" use="required">
-      <xsd:simpleType>
-        <xsd:restriction base="xsd:string">
-          <xsd:enumeration value="detached"/>
-          <xsd:enumeration value="enveloping"/>
-        </xsd:restriction>
-      </xsd:simpleType>
-    </xsd:attribute>
-  </xsd:complexType>
-  <xsd:complexType name="TransformsInfoType">
-    <xsd:sequence>
-      <xsd:element ref="dsig:Transforms" minOccurs="0"/>
-      <xsd:element name="FinalDataMetaInfo" type="FinalDataMetaInfoType"/>
-    </xsd:sequence>
-  </xsd:complexType>
-  <xsd:complexType name="XMLDataObjectAssociationType">
-    <xsd:sequence>
-      <xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
-      <xsd:element name="Content" type="ContentRequiredRefType"/>
-    </xsd:sequence>
-  </xsd:complexType>
-  <xsd:complexType name="CMSDataObjectOptionalMetaType">
-    <xsd:sequence>
-      <xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
-      <xsd:element name="Content" type="CMSContentBaseType"/>
-    </xsd:sequence>
-  </xsd:complexType>
-  <xsd:complexType name="CMSContentBaseType">
-    <xsd:complexContent>
-      <xsd:restriction base="ContentOptionalRefType">
-        <xsd:choice minOccurs="0">
-          <xsd:element name="Base64Content" type="xsd:base64Binary"/>
-        </xsd:choice>
-      </xsd:restriction>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <xsd:complexType name="CheckResultType">
-    <xsd:sequence>
-      <xsd:element name="Code" type="xsd:nonNegativeInteger"/>
-      <xsd:element name="Info" type="AnyChildrenType" minOccurs="0"/>
-    </xsd:sequence>
-  </xsd:complexType>
-  <xsd:complexType name="ReferencesCheckResultType">
-    <xsd:complexContent>
-      <xsd:restriction base="CheckResultType">
-        <xsd:sequence>
-          <xsd:element name="Code" type="xsd:nonNegativeInteger"/>
-          <xsd:element name="Info" type="ReferencesCheckResultInfoType" minOccurs="0"/>
-        </xsd:sequence>
-      </xsd:restriction>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <xsd:complexType name="ReferencesCheckResultInfoType" mixed="true">
-    <xsd:complexContent mixed="true">
-      <xsd:restriction base="AnyChildrenType">
-        <xsd:sequence>
-          <xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
-          <xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
-        </xsd:sequence>
-      </xsd:restriction>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <xsd:complexType name="ManifestRefsCheckResultType">
-    <xsd:complexContent>
-      <xsd:restriction base="CheckResultType">
-        <xsd:sequence>
-          <xsd:element name="Code" type="xsd:nonNegativeInteger"/>
-          <xsd:element name="Info" type="ManifestRefsCheckResultInfoType"/>
-        </xsd:sequence>
-      </xsd:restriction>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <xsd:complexType name="ManifestRefsCheckResultInfoType" mixed="true">
-    <xsd:complexContent mixed="true">
-      <xsd:restriction base="AnyChildrenType">
-        <xsd:sequence>
-          <xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
-          <xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
-          <xsd:element name="ReferringSigReference" type="xsd:positiveInteger"/>
-        </xsd:sequence>
-      </xsd:restriction>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <!--########## Error Response ###-->
-  <xsd:element name="ErrorResponse" type="ErrorResponseType">
-    <xsd:annotation>
-      <xsd:documentation>Resultat, falls die Signaturerstellung gescheitert ist</xsd:documentation>
-    </xsd:annotation>
-  </xsd:element>
-  <xsd:complexType name="ErrorResponseType">
-    <xsd:sequence>
-      <xsd:element name="ErrorCode" type="xsd:integer"/>
-      <xsd:element name="Info" type="xsd:string"/>
-    </xsd:sequence>
-  </xsd:complexType>
-  <!--########## Auxiliary Types ###-->
-  <xsd:simpleType name="KeyIdentifierType">
-    <xsd:restriction base="xsd:string"/>
-  </xsd:simpleType>
-  <xsd:simpleType name="KeyStorageType">
-    <xsd:restriction base="xsd:string">
-      <xsd:enumeration value="Software"/>
-      <xsd:enumeration value="Hardware"/>
-    </xsd:restriction>
-  </xsd:simpleType>
-  <xsd:simpleType name="MimeTypeType">
-    <xsd:restriction base="xsd:token"/>
-  </xsd:simpleType>
-  <xsd:complexType name="AnyChildrenType" mixed="true">
-    <xsd:sequence>
-      <xsd:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
-    </xsd:sequence>
-  </xsd:complexType>
-  <xsd:complexType name="XMLContentType" mixed="true">
-    <xsd:complexContent mixed="true">
-      <xsd:extension base="AnyChildrenType">
-        <xsd:attribute ref="xml:space" use="optional"/>
-      </xsd:extension>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <xsd:complexType name="ContentBaseType">
-    <xsd:choice minOccurs="0">
-      <xsd:element name="Base64Content" type="xsd:base64Binary"/>
-      <xsd:element name="XMLContent" type="XMLContentType"/>
-      <xsd:element name="LocRefContent" type="xsd:anyURI"/>
-    </xsd:choice>
-  </xsd:complexType>
-  <xsd:complexType name="ContentExLocRefBaseType">
-    <xsd:complexContent>
-      <xsd:restriction base="ContentBaseType">
-        <xsd:choice minOccurs="0">
-          <xsd:element name="Base64Content" type="xsd:base64Binary"/>
-          <xsd:element name="XMLContent" type="XMLContentType"/>
-        </xsd:choice>
-      </xsd:restriction>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <xsd:complexType name="ContentOptionalRefType">
-    <xsd:complexContent>
-      <xsd:extension base="ContentBaseType">
-        <xsd:attribute name="Reference" type="xsd:anyURI" use="optional"/>
-      </xsd:extension>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <xsd:complexType name="ContentRequiredRefType">
-    <xsd:complexContent>
-      <xsd:restriction base="ContentOptionalRefType">
-        <xsd:choice minOccurs="0">
-          <xsd:element name="Base64Content" type="xsd:base64Binary"/>
-          <xsd:element name="XMLContent" type="XMLContentType"/>
-          <xsd:element name="LocRefContent" type="xsd:anyURI"/>
-        </xsd:choice>
-        <xsd:attribute name="Reference" type="xsd:anyURI" use="required"/>
-      </xsd:restriction>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <xsd:complexType name="VerifyTransformsDataType">
-    <xsd:choice maxOccurs="unbounded">
-      <xsd:annotation>
-        <xsd:documentation>Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen.</xsd:documentation>
-      </xsd:annotation>
-      <xsd:element ref="VerifyTransformsInfoProfile"/>
-      <xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string">
-        <xsd:annotation>
-          <xsd:documentation>Profilbezeichner für einen Transformationsweg</xsd:documentation>
-        </xsd:annotation>
-      </xsd:element>
-    </xsd:choice>
-  </xsd:complexType>
-  <xsd:element name="QualifiedCertificate"/>
-  <xsd:element name="PublicAuthority" type="PublicAuthorityType"/>
-  <xsd:complexType name="PublicAuthorityType">
-    <xsd:sequence>
-      <xsd:element name="Code" type="xsd:string" minOccurs="0"/>
-    </xsd:sequence>
-  </xsd:complexType>
-  <xsd:simpleType name="SignatoriesType">
-    <xsd:union memberTypes="AllSignatoriesType">
-      <xsd:simpleType>
-        <xsd:list itemType="xsd:positiveInteger"/>
-      </xsd:simpleType>
-    </xsd:union>
-  </xsd:simpleType>
-  <xsd:simpleType name="AllSignatoriesType">
-    <xsd:restriction base="xsd:string">
-      <xsd:enumeration value="all"/>
-    </xsd:restriction>
-  </xsd:simpleType>
-  <xsd:complexType name="CreateSignatureLocationType">
-    <xsd:simpleContent>
-      <xsd:extension base="xsd:token">
-        <xsd:attribute name="Index" type="xsd:integer" use="required"/>
-      </xsd:extension>
-    </xsd:simpleContent>
-  </xsd:complexType>
-  <xsd:complexType name="TransformParameterType">
-    <xsd:choice minOccurs="0">
-      <xsd:annotation>
-        <xsd:documentation>Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann.</xsd:documentation>
-      </xsd:annotation>
-      <xsd:element name="Base64Content" type="xsd:base64Binary">
-        <xsd:annotation>
-          <xsd:documentation>Der Transformationsparameter explizit angegeben.</xsd:documentation>
-        </xsd:annotation>
-      </xsd:element>
-      <xsd:element name="Hash">
-        <xsd:annotation>
-          <xsd:documentation>Der Hashwert des Transformationsparameters.</xsd:documentation>
-        </xsd:annotation>
-        <xsd:complexType>
-          <xsd:sequence>
-            <xsd:element ref="dsig:DigestMethod"/>
-            <xsd:element ref="dsig:DigestValue"/>
-          </xsd:sequence>
-        </xsd:complexType>
-      </xsd:element>
-    </xsd:choice>
-    <xsd:attribute name="URI" type="xsd:anyURI" use="required"/>
-  </xsd:complexType>
-  <xsd:element name="CreateSignatureEnvironmentProfile">
-    <xsd:complexType>
-      <xsd:sequence>
-        <xsd:element name="CreateSignatureLocation" type="CreateSignatureLocationType"/>
-        <xsd:element name="Supplement" type="XMLDataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/>
-      </xsd:sequence>
-    </xsd:complexType>
-  </xsd:element>
-  <xsd:element name="VerifyTransformsInfoProfile">
-    <xsd:annotation>
-      <xsd:documentation>Explizite Angabe des Transformationswegs</xsd:documentation>
-    </xsd:annotation>
-    <xsd:complexType>
-      <xsd:sequence>
-        <xsd:element ref="dsig:Transforms" minOccurs="0"/>
-        <xsd:element name="TransformParameter" type="TransformParameterType" minOccurs="0" maxOccurs="unbounded">
-          <xsd:annotation>
-            <xsd:documentation>Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird.</xsd:documentation>
-          </xsd:annotation>
-        </xsd:element>
-      </xsd:sequence>
-    </xsd:complexType>
-  </xsd:element>
-  <xsd:element name="Supplement" type="XMLDataObjectAssociationType"/>
-  <xsd:element name="SupplementProfile" type="XMLDataObjectAssociationType"/>
-  <xsd:element name="CreateTransformsInfoProfile">
-    <xsd:complexType>
-      <xsd:sequence>
-        <xsd:element name="CreateTransformsInfo" type="TransformsInfoType"/>
-        <xsd:element ref="Supplement" minOccurs="0" maxOccurs="unbounded"/>
-      </xsd:sequence>
-    </xsd:complexType>
-  </xsd:element>
-</xsd:schema>
diff --git a/spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.5.2.wsdl b/spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.5.2.wsdl
new file mode 100644
index 000000000..be40c110d
--- /dev/null
+++ b/spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.5.2.wsdl
@@ -0,0 +1,128 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- 
+  Web Service Description for MOA SP/SS 1.4
+-->
+<definitions xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+	<import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="../resources/schemas/MOA-SPSS-1.5.2.xsd"/>
+	<message name="CreateCMSSignatureInput">
+		<part name="body" element="moa:CreateCMSSignatureRequest"/>
+	</message>
+	<message name="CreateCMSSignatureOutput">
+		<part name="body" element="moa:CreateCMSSignatureResponse"/>
+	</message>
+	<message name="CreateXMLSignatureInput">
+		<part name="body" element="moa:CreateXMLSignatureRequest"/>
+	</message>
+	<message name="CreateXMLSignatureOutput">
+		<part name="body" element="moa:CreateXMLSignatureResponse"/>
+	</message>
+	<message name="VerifyCMSSignatureInput">
+		<part name="body" element="moa:VerifyCMSSignatureRequest"/>
+	</message>
+	<message name="VerifyCMSSignatureOutput">
+		<part name="body" element="moa:VerifyCMSSignatureResponse"/>
+	</message>
+	<message name="VerifyXMLSignatureInput">
+		<part name="body" element="moa:VerifyXMLSignatureRequest"/>
+	</message>
+	<message name="VerifyXMLSignatureOutput">
+		<part name="body" element="moa:VerifyXMLSignatureResponse"/>
+	</message>
+	<message name="MOAFault">
+		<part name="body" element="moa:ErrorResponse"/>
+	</message>
+	<portType name="SignatureCreationPortType">
+		<operation name="createXMLSignature">
+			<input message="tns:CreateXMLSignatureInput"/>
+			<output message="tns:CreateXMLSignatureOutput"/>
+			<fault name="MOAFault" message="tns:MOAFault"/>
+		</operation>
+		<operation name="createCMSSignature">
+			<input message="tns:CreateCMSSignatureInput"/>
+			<output message="tns:CreateCMSSignatureOutput"/>
+			<fault name="MOAFault" message="tns:MOAFault"/>
+		</operation>
+	</portType>
+	<portType name="SignatureVerificationPortType">
+		<operation name="verifyCMSSignature">
+			<input message="tns:VerifyCMSSignatureInput"/>
+			<output message="tns:VerifyCMSSignatureOutput"/>
+			<fault name="MOAFault" message="tns:MOAFault"/>
+		</operation>
+		<operation name="verifyXMLSignature">
+			<input message="tns:VerifyXMLSignatureInput"/>
+			<output message="tns:VerifyXMLSignatureOutput"/>
+			<fault name="MOAFault" message="tns:MOAFault"/>
+		</operation>
+	</portType>
+	<binding name="SignatureCreationBinding" type="tns:SignatureCreationPortType">
+		<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+		<operation name="createXMLSignature">
+			<soap:operation soapAction="urn:CreateXMLSignatureAction"/>
+			<input>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</input>
+			<output>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</output>
+			<fault name="MOAFault">
+				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</fault>
+		</operation>
+		<operation name="createCMSSignature">
+			<soap:operation soapAction="urn:CreateCMSSignatureAction"/>
+			<input>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</input>
+			<output>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</output>
+			<fault name="MOAFault">
+				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</fault>
+		</operation>
+	</binding>
+	<binding name="SignatureVerificationBinding" type="tns:SignatureVerificationPortType">
+		<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+		<operation name="verifyCMSSignature">
+			<soap:operation soapAction="urn:VerifyCMSSignatureAction"/>
+			<input>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</input>
+			<output>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</output>
+			<fault name="MOAFault">
+				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</fault>
+		</operation>
+		<operation name="verifyXMLSignature">
+			<soap:operation soapAction="urn:VerifyXMLSignatureAction"/>
+			<input>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</input>
+			<output>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</output>
+			<fault name="MOAFault">
+				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</fault>
+		</operation>
+	</binding>
+	<service name="SignatureCreationService">
+		<port name="SignatureCreationPort" binding="tns:SignatureCreationBinding">
+			<!--
+        Please note that the location URL must be adapted to the actual service URL.
+      <soap:address location="http://localhost/moa-spss/services/SignatureCreation"/>
+      -->
+		</port>
+	</service>
+	<service name="SignatureVerificationService">
+		<port name="SignatureVerificationPort" binding="tns:SignatureVerificationBinding">
+			<!--
+        Please note that the location URL must be adapted to the actual service URL.
+      <soap:address location="http://localhost/moa-spss/services/SignatureVerification"/>
+      -->
+		</port>
+	</service>
+</definitions>
diff --git a/spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.5.2.xsd b/spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.5.2.xsd
new file mode 100644
index 000000000..4ae327ab3
--- /dev/null
+++ b/spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.5.2.xsd
@@ -0,0 +1,471 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v2004 rel. 4 U (http://www.xmlspy.com) by Klaus Stranacher (ORiON) -->
+<!--
+  MOA SP/SS 1.3 Schema
+-->
+<xsd:schema targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.2" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+	<xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
+	<!--########## Create XML Signature ###-->
+	<!--### Create XML Signature Request ###-->
+	<xsd:element name="CreateXMLSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="CreateXMLSignatureRequestType"/>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="CreateXMLSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
+			<xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="DataObjectInfo" maxOccurs="unbounded">
+							<xsd:complexType>
+								<xsd:complexContent>
+									<xsd:extension base="DataObjectInfoType">
+										<xsd:attribute name="ChildOfManifest" type="xsd:boolean" use="optional" default="false"/>
+									</xsd:extension>
+								</xsd:complexContent>
+							</xsd:complexType>
+						</xsd:element>
+						<xsd:element name="CreateSignatureInfo" minOccurs="0">
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element name="CreateSignatureEnvironment" type="ContentOptionalRefType"/>
+									<xsd:choice>
+										<xsd:annotation>
+											<xsd:documentation>Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil</xsd:documentation>
+										</xsd:annotation>
+										<xsd:element ref="CreateSignatureEnvironmentProfile"/>
+										<xsd:element name="CreateSignatureEnvironmentProfileID" type="ProfileIdentifierType"/>
+									</xsd:choice>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Create XML Signature Response ###-->
+	<xsd:complexType name="CreateXMLSignatureResponseType">
+		<xsd:choice maxOccurs="unbounded">
+			<xsd:annotation>
+				<xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element name="SignatureEnvironment">
+				<xsd:annotation>
+					<xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:any namespace="##any" processContents="lax"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element ref="ErrorResponse"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:element name="CreateXMLSignatureResponse" type="CreateXMLSignatureResponseType"/>
+	<!--########## Verify CMS Signature ###-->
+	<!--### Verifiy CMS Signature Request ###-->
+	<xsd:element name="VerifyCMSSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="VerifyCMSSignatureRequestType">
+					<xsd:attribute name="Signatories" type="SignatoriesType" use="optional" default="1"/>
+				</xsd:extension>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="VerifyCMSSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+			<xsd:element name="CMSSignature" type="xsd:base64Binary"/>
+			<xsd:element name="DataObject" type="CMSDataObjectOptionalMetaType" minOccurs="0"/>
+			<xsd:element name="TrustProfileID" type="xsd:token">
+				<xsd:annotation>
+					<xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Verify CMS Signature Response ###-->
+	<xsd:element name="VerifyCMSSignatureResponse" type="VerifyCMSSignatureResponseType"/>
+	<xsd:complexType name="VerifyCMSSignatureResponseType">
+		<xsd:sequence maxOccurs="unbounded">
+			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+				<xsd:annotation>
+					<xsd:documentation>only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="SignatureCheck" type="CheckResultType"/>
+			<xsd:element name="CertificateCheck" type="CheckResultType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--########## Verify XML Signature ###-->
+	<!--### Verify XML Signature Request ###-->
+	<xsd:element name="VerifyXMLSignatureRequest" type="VerifyXMLSignatureRequestType"/>
+	<xsd:complexType name="VerifyXMLSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+			<xsd:element name="VerifySignatureInfo">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="VerifySignatureEnvironment" type="ContentOptionalRefType"/>
+						<xsd:element name="VerifySignatureLocation" type="xsd:token"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:choice minOccurs="0" maxOccurs="unbounded">
+				<xsd:element ref="SupplementProfile"/>
+				<xsd:element name="SupplementProfileID" type="xsd:string"/>
+			</xsd:choice>
+			<xsd:element name="SignatureManifestCheckParams" minOccurs="0">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ReferenceInfo" type="VerifyTransformsDataType" maxOccurs="unbounded">
+							<xsd:annotation>
+								<xsd:documentation>Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur.</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="ReturnReferenceInputData" type="xsd:boolean" use="optional" default="true"/>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="ReturnHashInputData" minOccurs="0"/>
+			<xsd:element name="TrustProfileID" type="xsd:token">
+				<xsd:annotation>
+					<xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Verify XML Signature Response ###-->
+	<xsd:element name="VerifyXMLSignatureResponse" type="VerifyXMLSignatureResponseType"/>
+	<xsd:complexType name="VerifyXMLSignatureResponseType">
+		<xsd:sequence>
+			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+				<xsd:annotation>
+					<xsd:documentation>only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="HashInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="ReferenceInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="SignatureCheck" type="ReferencesCheckResultType"/>
+			<xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" minOccurs="0"/>
+			<xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="CertificateCheck" type="CheckResultType"/>			
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:simpleType name="ProfileIdentifierType">
+		<xsd:restriction base="xsd:token"/>
+	</xsd:simpleType>
+	<xsd:complexType name="InputDataType">
+		<xsd:complexContent>
+			<xsd:extension base="ContentExLocRefBaseType">
+				<xsd:attribute name="PartOf" use="optional" default="SignedInfo">
+					<xsd:simpleType>
+						<xsd:restriction base="xsd:token">
+							<xsd:enumeration value="SignedInfo"/>
+							<xsd:enumeration value="XMLDSIGManifest"/>
+						</xsd:restriction>
+					</xsd:simpleType>
+				</xsd:attribute>
+				<xsd:attribute name="ReferringSigReference" type="xsd:nonNegativeInteger" use="optional"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="MetaInfoType">
+		<xsd:sequence>
+			<xsd:element name="MimeType" type="MimeTypeType"/>
+			<xsd:element name="Description" type="xsd:anyURI" minOccurs="0"/>
+			<xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="FinalDataMetaInfoType">
+		<xsd:complexContent>
+			<xsd:extension base="MetaInfoType">
+				<xsd:sequence>
+					<xsd:element name="Type" type="xsd:anyURI" minOccurs="0"/>
+				</xsd:sequence>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="DataObjectInfoType">
+		<xsd:sequence>
+			<xsd:element name="DataObject">
+				<xsd:complexType>
+					<xsd:complexContent>
+						<xsd:extension base="ContentOptionalRefType"/>
+					</xsd:complexContent>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:choice>
+				<xsd:annotation>
+					<xsd:documentation>Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil</xsd:documentation>
+				</xsd:annotation>
+				<xsd:element ref="CreateTransformsInfoProfile"/>
+				<xsd:element name="CreateTransformsInfoProfileID" type="ProfileIdentifierType"/>
+			</xsd:choice>
+		</xsd:sequence>
+		<xsd:attribute name="Structure" use="required">
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="detached"/>
+					<xsd:enumeration value="enveloping"/>
+				</xsd:restriction>
+			</xsd:simpleType>
+		</xsd:attribute>
+	</xsd:complexType>
+	<xsd:complexType name="TransformsInfoType">
+		<xsd:sequence>
+			<xsd:element ref="dsig:Transforms" minOccurs="0"/>
+			<xsd:element name="FinalDataMetaInfo" type="FinalDataMetaInfoType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="XMLDataObjectAssociationType">
+		<xsd:sequence>
+			<xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
+			<xsd:element name="Content" type="ContentRequiredRefType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="CMSDataObjectOptionalMetaType">
+		<xsd:sequence>
+			<xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
+			<xsd:element name="Content" type="CMSContentBaseType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="CMSContentBaseType">
+		<xsd:complexContent>
+			<xsd:restriction base="ContentOptionalRefType">
+				<xsd:choice minOccurs="0">
+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+				</xsd:choice>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="CheckResultType">
+		<xsd:sequence>
+			<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+			<xsd:element name="Info" type="AnyChildrenType" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="ReferencesCheckResultType">
+		<xsd:complexContent>
+			<xsd:restriction base="CheckResultType">
+				<xsd:sequence>
+					<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+					<xsd:element name="Info" type="ReferencesCheckResultInfoType" minOccurs="0"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ReferencesCheckResultInfoType" mixed="true">
+		<xsd:complexContent mixed="true">
+			<xsd:restriction base="AnyChildrenType">
+				<xsd:sequence>
+					<xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+					<xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ManifestRefsCheckResultType">
+		<xsd:complexContent>
+			<xsd:restriction base="CheckResultType">
+				<xsd:sequence>
+					<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+					<xsd:element name="Info" type="ManifestRefsCheckResultInfoType"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ManifestRefsCheckResultInfoType" mixed="true">
+		<xsd:complexContent mixed="true">
+			<xsd:restriction base="AnyChildrenType">
+				<xsd:sequence>
+					<xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+					<xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
+					<xsd:element name="ReferringSigReference" type="xsd:positiveInteger"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<!--########## Error Response ###-->
+	<xsd:element name="ErrorResponse" type="ErrorResponseType">
+		<xsd:annotation>
+			<xsd:documentation>Resultat, falls die Signaturerstellung gescheitert ist</xsd:documentation>
+		</xsd:annotation>
+	</xsd:element>
+	<xsd:complexType name="ErrorResponseType">
+		<xsd:sequence>
+			<xsd:element name="ErrorCode" type="xsd:integer"/>
+			<xsd:element name="Info" type="xsd:string"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--########## Auxiliary Types ###-->
+	<xsd:simpleType name="KeyIdentifierType">
+		<xsd:restriction base="xsd:string"/>
+	</xsd:simpleType>
+	<xsd:simpleType name="KeyStorageType">
+		<xsd:restriction base="xsd:string">
+			<xsd:enumeration value="Software"/>
+			<xsd:enumeration value="Hardware"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:simpleType name="MimeTypeType">
+		<xsd:restriction base="xsd:token"/>
+	</xsd:simpleType>
+	<xsd:complexType name="AnyChildrenType" mixed="true">
+		<xsd:sequence>
+			<xsd:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="XMLContentType" mixed="true">
+		<xsd:complexContent mixed="true">
+			<xsd:extension base="AnyChildrenType">
+				<xsd:attribute ref="xml:space" use="optional"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ContentBaseType">
+		<xsd:choice minOccurs="0">
+			<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+			<xsd:element name="XMLContent" type="XMLContentType"/>
+			<xsd:element name="LocRefContent" type="xsd:anyURI"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:complexType name="ContentExLocRefBaseType">
+		<xsd:complexContent>
+			<xsd:restriction base="ContentBaseType">
+				<xsd:choice minOccurs="0">
+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+					<xsd:element name="XMLContent" type="XMLContentType"/>
+				</xsd:choice>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ContentOptionalRefType">
+		<xsd:complexContent>
+			<xsd:extension base="ContentBaseType">
+				<xsd:attribute name="Reference" type="xsd:anyURI" use="optional"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ContentRequiredRefType">
+		<xsd:complexContent>
+			<xsd:restriction base="ContentOptionalRefType">
+				<xsd:choice minOccurs="0">
+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+					<xsd:element name="XMLContent" type="XMLContentType"/>
+					<xsd:element name="LocRefContent" type="xsd:anyURI"/>
+				</xsd:choice>
+				<xsd:attribute name="Reference" type="xsd:anyURI" use="required"/>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="VerifyTransformsDataType">
+		<xsd:choice maxOccurs="unbounded">
+			<xsd:annotation>
+				<xsd:documentation>Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen.</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element ref="VerifyTransformsInfoProfile"/>
+			<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string">
+				<xsd:annotation>
+					<xsd:documentation>Profilbezeichner für einen Transformationsweg</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:element name="QualifiedCertificate"/>
+	<xsd:element name="SecureSignatureCreationDevice"/>
+	<xsd:element name="PublicAuthority" type="PublicAuthorityType"/>
+	<xsd:complexType name="PublicAuthorityType">
+		<xsd:sequence>
+			<xsd:element name="Code" type="xsd:string" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:simpleType name="SignatoriesType">
+		<xsd:union memberTypes="AllSignatoriesType">
+			<xsd:simpleType>
+				<xsd:list itemType="xsd:positiveInteger"/>
+			</xsd:simpleType>
+		</xsd:union>
+	</xsd:simpleType>
+	<xsd:simpleType name="AllSignatoriesType">
+		<xsd:restriction base="xsd:string">
+			<xsd:enumeration value="all"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:complexType name="CreateSignatureLocationType">
+		<xsd:simpleContent>
+			<xsd:extension base="xsd:token">
+				<xsd:attribute name="Index" type="xsd:integer" use="required"/>
+			</xsd:extension>
+		</xsd:simpleContent>
+	</xsd:complexType>
+	<xsd:complexType name="TransformParameterType">
+		<xsd:choice minOccurs="0">
+			<xsd:annotation>
+				<xsd:documentation>Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann.</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element name="Base64Content" type="xsd:base64Binary">
+				<xsd:annotation>
+					<xsd:documentation>Der Transformationsparameter explizit angegeben.</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="Hash">
+				<xsd:annotation>
+					<xsd:documentation>Der Hashwert des Transformationsparameters.</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element ref="dsig:DigestMethod"/>
+						<xsd:element ref="dsig:DigestValue"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:choice>
+		<xsd:attribute name="URI" type="xsd:anyURI" use="required"/>
+	</xsd:complexType>
+	<xsd:element name="CreateSignatureEnvironmentProfile">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="CreateSignatureLocation" type="CreateSignatureLocationType"/>
+				<xsd:element name="Supplement" type="XMLDataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="VerifyTransformsInfoProfile">
+		<xsd:annotation>
+			<xsd:documentation>Explizite Angabe des Transformationswegs</xsd:documentation>
+		</xsd:annotation>
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element ref="dsig:Transforms" minOccurs="0"/>
+				<xsd:element name="TransformParameter" type="TransformParameterType" minOccurs="0" maxOccurs="unbounded">
+					<xsd:annotation>
+						<xsd:documentation>Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird.</xsd:documentation>
+					</xsd:annotation>
+				</xsd:element>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="Supplement" type="XMLDataObjectAssociationType"/>
+	<xsd:element name="SupplementProfile" type="XMLDataObjectAssociationType"/>
+	<xsd:element name="CreateTransformsInfoProfile">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="CreateTransformsInfo" type="TransformsInfoType"/>
+				<xsd:element ref="Supplement" minOccurs="0" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+</xsd:schema>
diff --git a/spss/server/serverws/.classpath b/spss/server/serverws/.classpath
index 767a2a2de..a0edd58fe 100644
--- a/spss/server/serverws/.classpath
+++ b/spss/server/serverws/.classpath
@@ -6,6 +6,7 @@
 			<attribute name="maven.pomderived" value="true"/>
 		</attributes>
 	</classpathentry>
+	<classpathentry kind="src" path="resources"/>
 	<classpathentry kind="src" output="target/test-classes" path="src/test/java">
 		<attributes>
 			<attribute name="optional" value="true"/>
diff --git a/spss/server/serverws/.project b/spss/server/serverws/.project
index fa2286335..7b8e89662 100644
--- a/spss/server/serverws/.project
+++ b/spss/server/serverws/.project
@@ -22,11 +22,6 @@
 			<arguments>
 			</arguments>
 		</buildCommand>
-		<buildCommand>
-			<name>org.maven.ide.eclipse.maven2Builder</name>
-			<arguments>
-			</arguments>
-		</buildCommand>
 		<buildCommand>
 			<name>org.eclipse.m2e.core.maven2Builder</name>
 			<arguments>
@@ -35,11 +30,9 @@
 	</buildSpec>
 	<natures>
 		<nature>org.eclipse.m2e.core.maven2Nature</nature>
-		<nature>org.eclipse.jdt.core.javanature</nature>
-		<nature>org.maven.ide.eclipse.maven2Nature</nature>
 		<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
+		<nature>org.eclipse.jdt.core.javanature</nature>
 		<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
 		<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
-		<nature>org.eclipse.wst.jsdt.core.jsNature</nature>
 	</natures>
 </projectDescription>
diff --git a/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs b/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs
index cbb750c06..9ab0af09b 100644
--- a/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs
+++ b/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs
@@ -1,12 +1,6 @@
-eclipse.preferences.version=1
-org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
-org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve
-org.eclipse.jdt.core.compiler.compliance=1.5
-org.eclipse.jdt.core.compiler.debug.lineNumber=generate
-org.eclipse.jdt.core.compiler.debug.localVariable=generate
-org.eclipse.jdt.core.compiler.debug.sourceFile=generate
-org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
-org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
+#Mon Apr 29 14:25:29 CEST 2013
 org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+eclipse.preferences.version=1
 org.eclipse.jdt.core.compiler.source=1.5
+org.eclipse.jdt.core.compiler.compliance=1.5
diff --git a/spss/server/serverws/.settings/org.eclipse.wst.common.component b/spss/server/serverws/.settings/org.eclipse.wst.common.component
index c325a5007..82f65bee6 100644
--- a/spss/server/serverws/.settings/org.eclipse.wst.common.component
+++ b/spss/server/serverws/.settings/org.eclipse.wst.common.component
@@ -8,6 +8,9 @@
         </dependent-module>
         <wb-resource deploy-path="/" source-path="/target/m2e-wtp/web-resources"/>
         <wb-resource deploy-path="/" source-path="/src/main/webapp" tag="defaultRootSource"/>
+        <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/test/java"/>
+        <wb-resource deploy-path="/WEB-INF/classes" source-path="/resources"/>
+        <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/java"/>
     <property name="java-output-path" value="/target/classes"/>
         <property name="context-root" value="moa-spss"/>
   </wb-module>
diff --git a/spss/server/serverws/pom.xml b/spss/server/serverws/pom.xml
index dd0027df6..c61d1ae2b 100644
--- a/spss/server/serverws/pom.xml
+++ b/spss/server/serverws/pom.xml
@@ -22,7 +22,8 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-war-plugin</artifactId>
-                <version>2.0.2</version>
+                <version>2.1.1</version>
+                <!-- <version>2.0.2</version>-->
                 <configuration>
                     <archive>
                         <manifest>
diff --git a/spss/server/serverws/resources/wsdl/MOA-SPSS-1.3.wsdl b/spss/server/serverws/resources/wsdl/MOA-SPSS-1.3.wsdl
deleted file mode 100644
index 68c3d0ebd..000000000
--- a/spss/server/serverws/resources/wsdl/MOA-SPSS-1.3.wsdl
+++ /dev/null
@@ -1,105 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- 
-  Web Service Description for MOA SP/SS 1.4
--->
-<definitions name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-  <import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="MOA-SPSS-1.3.xsd"/>
-  <message name="CreateXMLSignatureInput">
-    <part name="body" element="moa:CreateXMLSignatureRequest"/>
-  </message>
-  <message name="CreateXMLSignatureOutput">
-    <part name="body" element="moa:CreateXMLSignatureResponse"/>
-  </message>
-  <message name="VerifyCMSSignatureInput">
-    <part name="body" element="moa:VerifyCMSSignatureRequest"/>
-  </message>
-  <message name="VerifyCMSSignatureOutput">
-    <part name="body" element="moa:VerifyCMSSignatureResponse"/>
-  </message>
-  <message name="VerifyXMLSignatureInput">
-    <part name="body" element="moa:VerifyXMLSignatureRequest"/>
-  </message>
-  <message name="VerifyXMLSignatureOutput">
-    <part name="body" element="moa:VerifyXMLSignatureResponse"/>
-  </message>
-  <message name="MOAFault">
-    <part name="body" element="moa:ErrorResponse"/>
-  </message>
-  <portType name="SignatureCreationPortType">
-    <operation name="createXMLSignature">
-      <input message="tns:CreateXMLSignatureInput"/>
-      <output message="tns:CreateXMLSignatureOutput"/>
-      <fault name="MOAFault" message="tns:MOAFault"/>
-    </operation>
-  </portType>
-  <portType name="SignatureVerificationPortType">
-    <operation name="verifyCMSSignature">
-      <input message="tns:VerifyCMSSignatureInput"/>
-      <output message="tns:VerifyCMSSignatureOutput"/>
-      <fault name="MOAFault" message="tns:MOAFault"/>
-    </operation>
-    <operation name="verifyXMLSignature">
-      <input message="tns:VerifyXMLSignatureInput"/>
-      <output message="tns:VerifyXMLSignatureOutput"/>
-      <fault name="MOAFault" message="tns:MOAFault"/>
-    </operation>
-  </portType>
-  <binding name="SignatureCreationBinding" type="tns:SignatureCreationPortType">
-    <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
-    <operation name="createXMLSignature">
-      <soap:operation soapAction="urn:CreateXMLSignatureAction"/>
-      <input>
-        <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-      </input>
-      <output>
-        <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-      </output>
-      <fault name="MOAFault">
-        <soap:fault use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-      </fault>
-    </operation>
-  </binding>
-  <binding name="SignatureVerificationBinding" type="tns:SignatureVerificationPortType">
-    <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
-    <operation name="verifyCMSSignature">
-      <soap:operation soapAction="urn:VerifyCMSSignatureAction"/>
-      <input>
-        <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-      </input>
-      <output>
-        <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-      </output>
-      <fault name="MOAFault">
-        <soap:fault use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-      </fault>
-    </operation>
-    <operation name="verifyXMLSignature">
-      <soap:operation soapAction="urn:VerifyXMLSignatureAction"/>
-      <input>
-        <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-      </input>
-      <output>
-        <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-      </output>
-      <fault name="MOAFault">
-        <soap:fault use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-      </fault>
-    </operation>
-  </binding>
-  <service name="SignatureCreationService">
-    <port name="SignatureCreationPort" binding="tns:SignatureCreationBinding">
-      <!--
-        Please note that the location URL must be adapted to the actual service URL.
-      <soap:address location="http://localhost/moa-spss/services/SignatureCreation"/>
-      -->
-    </port>
-  </service>
-  <service name="SignatureVerificationService">
-    <port name="SignatureVerificationPort" binding="tns:SignatureVerificationBinding">
-      <!--
-        Please note that the location URL must be adapted to the actual service URL.
-      <soap:address location="http://localhost/moa-spss/services/SignatureVerification"/>
-      -->
-    </port>
-  </service>
-</definitions>
diff --git a/spss/server/serverws/resources/wsdl/MOA-SPSS-1.3.xsd b/spss/server/serverws/resources/wsdl/MOA-SPSS-1.3.xsd
deleted file mode 100644
index 756b51279..000000000
--- a/spss/server/serverws/resources/wsdl/MOA-SPSS-1.3.xsd
+++ /dev/null
@@ -1,469 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  MOA SP/SS 1.3 Schema
--->
-<xsd:schema targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.2" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
-  <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
-  <xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
-  <!--########## Create XML Signature ###-->
-  <!--### Create XML Signature Request ###-->
-  <xsd:element name="CreateXMLSignatureRequest">
-    <xsd:complexType>
-      <xsd:complexContent>
-        <xsd:extension base="CreateXMLSignatureRequestType"/>
-      </xsd:complexContent>
-    </xsd:complexType>
-  </xsd:element>
-  <xsd:complexType name="CreateXMLSignatureRequestType">
-    <xsd:sequence>
-      <xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
-      <xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
-        <xsd:annotation>
-          <xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation>
-        </xsd:annotation>
-        <xsd:complexType>
-          <xsd:sequence>
-            <xsd:element name="DataObjectInfo" maxOccurs="unbounded">
-              <xsd:complexType>
-                <xsd:complexContent>
-                  <xsd:extension base="DataObjectInfoType">
-                    <xsd:attribute name="ChildOfManifest" type="xsd:boolean" use="optional" default="false"/>
-                  </xsd:extension>
-                </xsd:complexContent>
-              </xsd:complexType>
-            </xsd:element>
-            <xsd:element name="CreateSignatureInfo" minOccurs="0">
-              <xsd:complexType>
-                <xsd:sequence>
-                  <xsd:element name="CreateSignatureEnvironment" type="ContentOptionalRefType"/>
-                  <xsd:choice>
-                    <xsd:annotation>
-                      <xsd:documentation>Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil</xsd:documentation>
-                    </xsd:annotation>
-                    <xsd:element ref="CreateSignatureEnvironmentProfile"/>
-                    <xsd:element name="CreateSignatureEnvironmentProfileID" type="ProfileIdentifierType"/>
-                  </xsd:choice>
-                </xsd:sequence>
-              </xsd:complexType>
-            </xsd:element>
-          </xsd:sequence>
-          <xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>
-        </xsd:complexType>
-      </xsd:element>
-    </xsd:sequence>
-  </xsd:complexType>
-  <!--### Create XML Signature Response ###-->
-  <xsd:complexType name="CreateXMLSignatureResponseType">
-    <xsd:choice maxOccurs="unbounded">
-      <xsd:annotation>
-        <xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage</xsd:documentation>
-      </xsd:annotation>
-      <xsd:element name="SignatureEnvironment">
-        <xsd:annotation>
-          <xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation>
-        </xsd:annotation>
-        <xsd:complexType>
-          <xsd:sequence>
-            <xsd:any namespace="##any" processContents="lax"/>
-          </xsd:sequence>
-        </xsd:complexType>
-      </xsd:element>
-      <xsd:element ref="ErrorResponse"/>
-    </xsd:choice>
-  </xsd:complexType>
-  <xsd:element name="CreateXMLSignatureResponse" type="CreateXMLSignatureResponseType"/>
-  <!--########## Verify CMS Signature ###-->
-  <!--### Verifiy CMS Signature Request ###-->
-  <xsd:element name="VerifyCMSSignatureRequest">
-    <xsd:complexType>
-      <xsd:complexContent>
-        <xsd:extension base="VerifyCMSSignatureRequestType">
-          <xsd:attribute name="Signatories" type="SignatoriesType" use="optional" default="1"/>
-        </xsd:extension>
-      </xsd:complexContent>
-    </xsd:complexType>
-  </xsd:element>
-  <xsd:complexType name="VerifyCMSSignatureRequestType">
-    <xsd:sequence>
-      <xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
-      <xsd:element name="CMSSignature" type="xsd:base64Binary"/>
-      <xsd:element name="DataObject" type="CMSDataObjectOptionalMetaType" minOccurs="0"/>
-      <xsd:element name="TrustProfileID" type="xsd:token">
-        <xsd:annotation>
-          <xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
-        </xsd:annotation>
-      </xsd:element>
-    </xsd:sequence>
-  </xsd:complexType>
-  <!--### Verify CMS Signature Response ###-->
-  <xsd:element name="VerifyCMSSignatureResponse" type="VerifyCMSSignatureResponseType"/>
-  <xsd:complexType name="VerifyCMSSignatureResponseType">
-    <xsd:sequence maxOccurs="unbounded">
-      <xsd:element name="SignerInfo" type="dsig:KeyInfoType">
-        <xsd:annotation>
-          <xsd:documentation>only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any</xsd:documentation>
-        </xsd:annotation>
-      </xsd:element>
-      <xsd:element name="SignatureCheck" type="CheckResultType"/>
-      <xsd:element name="CertificateCheck" type="CheckResultType"/>
-    </xsd:sequence>
-  </xsd:complexType>
-  <!--########## Verify XML Signature ###-->
-  <!--### Verify XML Signature Request ###-->
-  <xsd:element name="VerifyXMLSignatureRequest" type="VerifyXMLSignatureRequestType"/>
-  <xsd:complexType name="VerifyXMLSignatureRequestType">
-    <xsd:sequence>
-      <xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
-      <xsd:element name="VerifySignatureInfo">
-        <xsd:complexType>
-          <xsd:sequence>
-            <xsd:element name="VerifySignatureEnvironment" type="ContentOptionalRefType"/>
-            <xsd:element name="VerifySignatureLocation" type="xsd:token"/>
-          </xsd:sequence>
-        </xsd:complexType>
-      </xsd:element>
-      <xsd:choice minOccurs="0" maxOccurs="unbounded">
-        <xsd:element ref="SupplementProfile"/>
-        <xsd:element name="SupplementProfileID" type="xsd:string"/>
-      </xsd:choice>
-      <xsd:element name="SignatureManifestCheckParams" minOccurs="0">
-        <xsd:complexType>
-          <xsd:sequence>
-            <xsd:element name="ReferenceInfo" type="VerifyTransformsDataType" maxOccurs="unbounded">
-              <xsd:annotation>
-                <xsd:documentation>Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur.</xsd:documentation>
-              </xsd:annotation>
-            </xsd:element>
-          </xsd:sequence>
-          <xsd:attribute name="ReturnReferenceInputData" type="xsd:boolean" use="optional" default="true"/>
-        </xsd:complexType>
-      </xsd:element>
-      <xsd:element name="ReturnHashInputData" minOccurs="0"/>
-      <xsd:element name="TrustProfileID" type="xsd:token">
-        <xsd:annotation>
-          <xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
-        </xsd:annotation>
-      </xsd:element>
-    </xsd:sequence>
-  </xsd:complexType>
-  <!--### Verify XML Signature Response ###-->
-  <xsd:element name="VerifyXMLSignatureResponse" type="VerifyXMLSignatureResponseType"/>
-  <xsd:complexType name="VerifyXMLSignatureResponseType">
-    <xsd:sequence>
-      <xsd:element name="SignerInfo" type="dsig:KeyInfoType">
-        <xsd:annotation>
-          <xsd:documentation>only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any</xsd:documentation>
-        </xsd:annotation>
-      </xsd:element>
-      <xsd:element name="HashInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
-      <xsd:element name="ReferenceInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
-      <xsd:element name="SignatureCheck" type="ReferencesCheckResultType"/>
-      <xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" minOccurs="0"/>
-      <xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/>
-      <xsd:element name="CertificateCheck" type="CheckResultType"/>
-    </xsd:sequence>
-  </xsd:complexType>
-  <xsd:simpleType name="ProfileIdentifierType">
-    <xsd:restriction base="xsd:token"/>
-  </xsd:simpleType>
-  <xsd:complexType name="InputDataType">
-    <xsd:complexContent>
-      <xsd:extension base="ContentExLocRefBaseType">
-        <xsd:attribute name="PartOf" use="optional" default="SignedInfo">
-          <xsd:simpleType>
-            <xsd:restriction base="xsd:token">
-              <xsd:enumeration value="SignedInfo"/>
-              <xsd:enumeration value="XMLDSIGManifest"/>
-            </xsd:restriction>
-          </xsd:simpleType>
-        </xsd:attribute>
-        <xsd:attribute name="ReferringSigReference" type="xsd:nonNegativeInteger" use="optional"/>
-      </xsd:extension>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <xsd:complexType name="MetaInfoType">
-    <xsd:sequence>
-      <xsd:element name="MimeType" type="MimeTypeType"/>
-      <xsd:element name="Description" type="xsd:anyURI" minOccurs="0"/>
-      <xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
-    </xsd:sequence>
-  </xsd:complexType>
-  <xsd:complexType name="FinalDataMetaInfoType">
-    <xsd:complexContent>
-      <xsd:extension base="MetaInfoType">
-        <xsd:sequence>
-          <xsd:element name="Type" type="xsd:anyURI" minOccurs="0"/>
-        </xsd:sequence>
-      </xsd:extension>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <xsd:complexType name="DataObjectInfoType">
-    <xsd:sequence>
-      <xsd:element name="DataObject">
-        <xsd:complexType>
-          <xsd:complexContent>
-            <xsd:extension base="ContentOptionalRefType"/>
-          </xsd:complexContent>
-        </xsd:complexType>
-      </xsd:element>
-      <xsd:choice>
-        <xsd:annotation>
-          <xsd:documentation>Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil</xsd:documentation>
-        </xsd:annotation>
-        <xsd:element ref="CreateTransformsInfoProfile"/>
-        <xsd:element name="CreateTransformsInfoProfileID" type="ProfileIdentifierType"/>
-      </xsd:choice>
-    </xsd:sequence>
-    <xsd:attribute name="Structure" use="required">
-      <xsd:simpleType>
-        <xsd:restriction base="xsd:string">
-          <xsd:enumeration value="detached"/>
-          <xsd:enumeration value="enveloping"/>
-        </xsd:restriction>
-      </xsd:simpleType>
-    </xsd:attribute>
-  </xsd:complexType>
-  <xsd:complexType name="TransformsInfoType">
-    <xsd:sequence>
-      <xsd:element ref="dsig:Transforms" minOccurs="0"/>
-      <xsd:element name="FinalDataMetaInfo" type="FinalDataMetaInfoType"/>
-    </xsd:sequence>
-  </xsd:complexType>
-  <xsd:complexType name="XMLDataObjectAssociationType">
-    <xsd:sequence>
-      <xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
-      <xsd:element name="Content" type="ContentRequiredRefType"/>
-    </xsd:sequence>
-  </xsd:complexType>
-  <xsd:complexType name="CMSDataObjectOptionalMetaType">
-    <xsd:sequence>
-      <xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
-      <xsd:element name="Content" type="CMSContentBaseType"/>
-    </xsd:sequence>
-  </xsd:complexType>
-  <xsd:complexType name="CMSContentBaseType">
-    <xsd:complexContent>
-      <xsd:restriction base="ContentOptionalRefType">
-        <xsd:choice minOccurs="0">
-          <xsd:element name="Base64Content" type="xsd:base64Binary"/>
-        </xsd:choice>
-      </xsd:restriction>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <xsd:complexType name="CheckResultType">
-    <xsd:sequence>
-      <xsd:element name="Code" type="xsd:nonNegativeInteger"/>
-      <xsd:element name="Info" type="AnyChildrenType" minOccurs="0"/>
-    </xsd:sequence>
-  </xsd:complexType>
-  <xsd:complexType name="ReferencesCheckResultType">
-    <xsd:complexContent>
-      <xsd:restriction base="CheckResultType">
-        <xsd:sequence>
-          <xsd:element name="Code" type="xsd:nonNegativeInteger"/>
-          <xsd:element name="Info" type="ReferencesCheckResultInfoType" minOccurs="0"/>
-        </xsd:sequence>
-      </xsd:restriction>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <xsd:complexType name="ReferencesCheckResultInfoType" mixed="true">
-    <xsd:complexContent mixed="true">
-      <xsd:restriction base="AnyChildrenType">
-        <xsd:sequence>
-          <xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
-          <xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
-        </xsd:sequence>
-      </xsd:restriction>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <xsd:complexType name="ManifestRefsCheckResultType">
-    <xsd:complexContent>
-      <xsd:restriction base="CheckResultType">
-        <xsd:sequence>
-          <xsd:element name="Code" type="xsd:nonNegativeInteger"/>
-          <xsd:element name="Info" type="ManifestRefsCheckResultInfoType"/>
-        </xsd:sequence>
-      </xsd:restriction>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <xsd:complexType name="ManifestRefsCheckResultInfoType" mixed="true">
-    <xsd:complexContent mixed="true">
-      <xsd:restriction base="AnyChildrenType">
-        <xsd:sequence>
-          <xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
-          <xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
-          <xsd:element name="ReferringSigReference" type="xsd:positiveInteger"/>
-        </xsd:sequence>
-      </xsd:restriction>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <!--########## Error Response ###-->
-  <xsd:element name="ErrorResponse" type="ErrorResponseType">
-    <xsd:annotation>
-      <xsd:documentation>Resultat, falls die Signaturerstellung gescheitert ist</xsd:documentation>
-    </xsd:annotation>
-  </xsd:element>
-  <xsd:complexType name="ErrorResponseType">
-    <xsd:sequence>
-      <xsd:element name="ErrorCode" type="xsd:integer"/>
-      <xsd:element name="Info" type="xsd:string"/>
-    </xsd:sequence>
-  </xsd:complexType>
-  <!--########## Auxiliary Types ###-->
-  <xsd:simpleType name="KeyIdentifierType">
-    <xsd:restriction base="xsd:string"/>
-  </xsd:simpleType>
-  <xsd:simpleType name="KeyStorageType">
-    <xsd:restriction base="xsd:string">
-      <xsd:enumeration value="Software"/>
-      <xsd:enumeration value="Hardware"/>
-    </xsd:restriction>
-  </xsd:simpleType>
-  <xsd:simpleType name="MimeTypeType">
-    <xsd:restriction base="xsd:token"/>
-  </xsd:simpleType>
-  <xsd:complexType name="AnyChildrenType" mixed="true">
-    <xsd:sequence>
-      <xsd:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
-    </xsd:sequence>
-  </xsd:complexType>
-  <xsd:complexType name="XMLContentType" mixed="true">
-    <xsd:complexContent mixed="true">
-      <xsd:extension base="AnyChildrenType">
-        <xsd:attribute ref="xml:space" use="optional"/>
-      </xsd:extension>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <xsd:complexType name="ContentBaseType">
-    <xsd:choice minOccurs="0">
-      <xsd:element name="Base64Content" type="xsd:base64Binary"/>
-      <xsd:element name="XMLContent" type="XMLContentType"/>
-      <xsd:element name="LocRefContent" type="xsd:anyURI"/>
-    </xsd:choice>
-  </xsd:complexType>
-  <xsd:complexType name="ContentExLocRefBaseType">
-    <xsd:complexContent>
-      <xsd:restriction base="ContentBaseType">
-        <xsd:choice minOccurs="0">
-          <xsd:element name="Base64Content" type="xsd:base64Binary"/>
-          <xsd:element name="XMLContent" type="XMLContentType"/>
-        </xsd:choice>
-      </xsd:restriction>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <xsd:complexType name="ContentOptionalRefType">
-    <xsd:complexContent>
-      <xsd:extension base="ContentBaseType">
-        <xsd:attribute name="Reference" type="xsd:anyURI" use="optional"/>
-      </xsd:extension>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <xsd:complexType name="ContentRequiredRefType">
-    <xsd:complexContent>
-      <xsd:restriction base="ContentOptionalRefType">
-        <xsd:choice minOccurs="0">
-          <xsd:element name="Base64Content" type="xsd:base64Binary"/>
-          <xsd:element name="XMLContent" type="XMLContentType"/>
-          <xsd:element name="LocRefContent" type="xsd:anyURI"/>
-        </xsd:choice>
-        <xsd:attribute name="Reference" type="xsd:anyURI" use="required"/>
-      </xsd:restriction>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <xsd:complexType name="VerifyTransformsDataType">
-    <xsd:choice maxOccurs="unbounded">
-      <xsd:annotation>
-        <xsd:documentation>Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen.</xsd:documentation>
-      </xsd:annotation>
-      <xsd:element ref="VerifyTransformsInfoProfile"/>
-      <xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string">
-        <xsd:annotation>
-          <xsd:documentation>Profilbezeichner für einen Transformationsweg</xsd:documentation>
-        </xsd:annotation>
-      </xsd:element>
-    </xsd:choice>
-  </xsd:complexType>
-  <xsd:element name="QualifiedCertificate"/>
-  <xsd:element name="PublicAuthority" type="PublicAuthorityType"/>
-  <xsd:complexType name="PublicAuthorityType">
-    <xsd:sequence>
-      <xsd:element name="Code" type="xsd:string" minOccurs="0"/>
-    </xsd:sequence>
-  </xsd:complexType>
-  <xsd:simpleType name="SignatoriesType">
-    <xsd:union memberTypes="AllSignatoriesType">
-      <xsd:simpleType>
-        <xsd:list itemType="xsd:positiveInteger"/>
-      </xsd:simpleType>
-    </xsd:union>
-  </xsd:simpleType>
-  <xsd:simpleType name="AllSignatoriesType">
-    <xsd:restriction base="xsd:string">
-      <xsd:enumeration value="all"/>
-    </xsd:restriction>
-  </xsd:simpleType>
-  <xsd:complexType name="CreateSignatureLocationType">
-    <xsd:simpleContent>
-      <xsd:extension base="xsd:token">
-        <xsd:attribute name="Index" type="xsd:integer" use="required"/>
-      </xsd:extension>
-    </xsd:simpleContent>
-  </xsd:complexType>
-  <xsd:complexType name="TransformParameterType">
-    <xsd:choice minOccurs="0">
-      <xsd:annotation>
-        <xsd:documentation>Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann.</xsd:documentation>
-      </xsd:annotation>
-      <xsd:element name="Base64Content" type="xsd:base64Binary">
-        <xsd:annotation>
-          <xsd:documentation>Der Transformationsparameter explizit angegeben.</xsd:documentation>
-        </xsd:annotation>
-      </xsd:element>
-      <xsd:element name="Hash">
-        <xsd:annotation>
-          <xsd:documentation>Der Hashwert des Transformationsparameters.</xsd:documentation>
-        </xsd:annotation>
-        <xsd:complexType>
-          <xsd:sequence>
-            <xsd:element ref="dsig:DigestMethod"/>
-            <xsd:element ref="dsig:DigestValue"/>
-          </xsd:sequence>
-        </xsd:complexType>
-      </xsd:element>
-    </xsd:choice>
-    <xsd:attribute name="URI" type="xsd:anyURI" use="required"/>
-  </xsd:complexType>
-  <xsd:element name="CreateSignatureEnvironmentProfile">
-    <xsd:complexType>
-      <xsd:sequence>
-        <xsd:element name="CreateSignatureLocation" type="CreateSignatureLocationType"/>
-        <xsd:element name="Supplement" type="XMLDataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/>
-      </xsd:sequence>
-    </xsd:complexType>
-  </xsd:element>
-  <xsd:element name="VerifyTransformsInfoProfile">
-    <xsd:annotation>
-      <xsd:documentation>Explizite Angabe des Transformationswegs</xsd:documentation>
-    </xsd:annotation>
-    <xsd:complexType>
-      <xsd:sequence>
-        <xsd:element ref="dsig:Transforms" minOccurs="0"/>
-        <xsd:element name="TransformParameter" type="TransformParameterType" minOccurs="0" maxOccurs="unbounded">
-          <xsd:annotation>
-            <xsd:documentation>Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird.</xsd:documentation>
-          </xsd:annotation>
-        </xsd:element>
-      </xsd:sequence>
-    </xsd:complexType>
-  </xsd:element>
-  <xsd:element name="Supplement" type="XMLDataObjectAssociationType"/>
-  <xsd:element name="SupplementProfile" type="XMLDataObjectAssociationType"/>
-  <xsd:element name="CreateTransformsInfoProfile">
-    <xsd:complexType>
-      <xsd:sequence>
-        <xsd:element name="CreateTransformsInfo" type="TransformsInfoType"/>
-        <xsd:element ref="Supplement" minOccurs="0" maxOccurs="unbounded"/>
-      </xsd:sequence>
-    </xsd:complexType>
-  </xsd:element>
-</xsd:schema>
diff --git a/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.wsdl b/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.wsdl
new file mode 100644
index 000000000..135f26f68
--- /dev/null
+++ b/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.wsdl
@@ -0,0 +1,128 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- 
+  Web Service Description for MOA SP/SS 1.4
+-->
+<definitions xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+	<import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="../resources/schemas/MOA-SPSS-1.5.2.xsd"/>
+	<message name="CreateCMSSignatureInput">
+		<part name="body" element="moa:CreateCMSSignatureRequest"/>
+	</message>
+	<message name="CreateCMSSignatureOutput">
+		<part name="body" element="moa:CreateCMSSignatureResponse"/>
+	</message>
+	<message name="CreateXMLSignatureInput">
+		<part name="body" element="moa:CreateXMLSignatureRequest"/>
+	</message>
+	<message name="CreateXMLSignatureOutput">
+		<part name="body" element="moa:CreateXMLSignatureResponse"/>
+	</message>
+	<message name="VerifyCMSSignatureInput">
+		<part name="body" element="moa:VerifyCMSSignatureRequest"/>
+	</message>
+	<message name="VerifyCMSSignatureOutput">
+		<part name="body" element="moa:VerifyCMSSignatureResponse"/>
+	</message>
+	<message name="VerifyXMLSignatureInput">
+		<part name="body" element="moa:VerifyXMLSignatureRequest"/>
+	</message>
+	<message name="VerifyXMLSignatureOutput">
+		<part name="body" element="moa:VerifyXMLSignatureResponse"/>
+	</message>
+	<message name="MOAFault">
+		<part name="body" element="moa:ErrorResponse"/>
+	</message>
+	<portType name="SignatureCreationPortType">
+		<operation name="createXMLSignature">
+			<input message="tns:CreateXMLSignatureInput"/>
+			<output message="tns:CreateXMLSignatureOutput"/>
+			<fault name="MOAFault" message="tns:MOAFault"/>
+		</operation>
+		<operation name="createCMSSignature">
+			<input message="tns:CreateCMSSignatureInput"/>
+			<output message="tns:CreateCMSSignatureOutput"/>
+			<fault name="MOAFault" message="tns:MOAFault"/>
+		</operation>
+	</portType>
+	<portType name="SignatureVerificationPortType">
+		<operation name="verifyCMSSignature">
+			<input message="tns:VerifyCMSSignatureInput"/>
+			<output message="tns:VerifyCMSSignatureOutput"/>
+			<fault name="MOAFault" message="tns:MOAFault"/>
+		</operation>
+		<operation name="verifyXMLSignature">
+			<input message="tns:VerifyXMLSignatureInput"/>
+			<output message="tns:VerifyXMLSignatureOutput"/>
+			<fault name="MOAFault" message="tns:MOAFault"/>
+		</operation>
+	</portType>
+	<binding name="SignatureCreationBinding" type="tns:SignatureCreationPortType">
+		<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+		<operation name="createXMLSignature">
+			<soap:operation soapAction="urn:CreateXMLSignatureAction"/>
+			<input>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</input>
+			<output>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</output>
+			<fault name="MOAFault">
+				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</fault>
+		</operation>
+		<operation name="createCMSSignature">
+			<soap:operation soapAction="urn:CreateCMSSignatureAction"/>
+			<input>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</input>
+			<output>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</output>
+			<fault name="MOAFault">
+				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</fault>
+		</operation>
+	</binding>
+	<binding name="SignatureVerificationBinding" type="tns:SignatureVerificationPortType">
+		<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+		<operation name="verifyCMSSignature">
+			<soap:operation soapAction="urn:VerifyCMSSignatureAction"/>
+			<input>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</input>
+			<output>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</output>
+			<fault name="MOAFault">
+				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</fault>
+		</operation>
+		<operation name="verifyXMLSignature">
+			<soap:operation soapAction="urn:VerifyXMLSignatureAction"/>
+			<input>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</input>
+			<output>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</output>
+			<fault name="MOAFault">
+				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</fault>
+		</operation>
+	</binding>
+	<service name="SignatureCreationService">
+		<port name="SignatureCreationPort" binding="tns:SignatureCreationBinding">
+			<!--
+        Please note that the location URL must be adapted to the actual service URL.
+      <soap:address location="http://localhost/moa-spss/services/SignatureCreation"/>
+      -->
+		</port>
+	</service>
+	<service name="SignatureVerificationService">
+		<port name="SignatureVerificationPort" binding="tns:SignatureVerificationBinding">
+			<!--
+        Please note that the location URL must be adapted to the actual service URL.
+      <soap:address location="http://localhost/moa-spss/services/SignatureVerification"/>
+      -->
+		</port>
+	</service>
+</definitions>
diff --git a/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.xsd b/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.xsd
new file mode 100644
index 000000000..06232f189
--- /dev/null
+++ b/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.xsd
@@ -0,0 +1,551 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  MOA SP/SS 1.5.2 Schema
+-->
+<xsd:schema xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.2">
+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+	<xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
+	<!--########## Create CMS Signature ###-->
+	<!--### Create CMS Signature Request ###-->
+	<xsd:element name="CreateCMSSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="CreateCMSSignatureRequestType"/>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="CreateCMSSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
+			<xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="DataObjectInfo" maxOccurs="unbounded">
+							<xsd:complexType>
+								<xsd:complexContent>
+									<xsd:extension base="CMSDataObjectInfoType"/>
+								</xsd:complexContent>
+							</xsd:complexType>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Create CMS Signature Response ###-->
+	<xsd:element name="CreateCMSSignatureResponse" type="CreateCMSSignatureResponseType"/>
+	<xsd:complexType name="CreateCMSSignatureResponseType">
+		<xsd:choice maxOccurs="unbounded">
+			<xsd:annotation>
+				<xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element name="CMSSignature" type="xsd:base64Binary">
+				<xsd:annotation>
+					<xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element ref="ErrorResponse"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<!--########## Create XML Signature ###-->
+	<!--### Create XML Signature Request ###-->
+	<xsd:element name="CreateXMLSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="CreateXMLSignatureRequestType"/>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="CreateXMLSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
+			<xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="DataObjectInfo" maxOccurs="unbounded">
+							<xsd:complexType>
+								<xsd:complexContent>
+									<xsd:extension base="DataObjectInfoType">
+										<xsd:attribute name="ChildOfManifest" type="xsd:boolean" use="optional" default="false"/>
+									</xsd:extension>
+								</xsd:complexContent>
+							</xsd:complexType>
+						</xsd:element>
+						<xsd:element name="CreateSignatureInfo" minOccurs="0">
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element name="CreateSignatureEnvironment" type="ContentOptionalRefType"/>
+									<xsd:choice>
+										<xsd:annotation>
+											<xsd:documentation>Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil</xsd:documentation>
+										</xsd:annotation>
+										<xsd:element ref="CreateSignatureEnvironmentProfile"/>
+										<xsd:element name="CreateSignatureEnvironmentProfileID" type="ProfileIdentifierType"/>
+									</xsd:choice>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Create XML Signature Response ###-->
+	<xsd:complexType name="CreateXMLSignatureResponseType">
+		<xsd:choice maxOccurs="unbounded">
+			<xsd:annotation>
+				<xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element name="SignatureEnvironment">
+				<xsd:annotation>
+					<xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:any namespace="##any" processContents="lax"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element ref="ErrorResponse"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:element name="CreateXMLSignatureResponse" type="CreateXMLSignatureResponseType"/>
+	<!--########## Verify CMS Signature ###-->
+	<!--### Verifiy CMS Signature Request ###-->
+	<xsd:element name="VerifyCMSSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="VerifyCMSSignatureRequestType">
+					<xsd:attribute name="Signatories" type="SignatoriesType" use="optional" default="1"/>
+				</xsd:extension>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="VerifyCMSSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+			<xsd:element name="CMSSignature" type="xsd:base64Binary"/>
+			<xsd:element name="DataObject" type="CMSDataObjectOptionalMetaType" minOccurs="0"/>
+			<xsd:element name="TrustProfileID" type="xsd:token">
+				<xsd:annotation>
+					<xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Verify CMS Signature Response ###-->
+	<xsd:element name="VerifyCMSSignatureResponse" type="VerifyCMSSignatureResponseType"/>
+	<xsd:complexType name="VerifyCMSSignatureResponseType">
+		<xsd:sequence maxOccurs="unbounded">
+			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+				<xsd:annotation>
+					<xsd:documentation>only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="SignatureCheck" type="CheckResultType"/>
+			<xsd:element name="CertificateCheck" type="CheckResultType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--########## Verify XML Signature ###-->
+	<!--### Verify XML Signature Request ###-->
+	<xsd:element name="VerifyXMLSignatureRequest" type="VerifyXMLSignatureRequestType"/>
+	<xsd:complexType name="VerifyXMLSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+			<xsd:element name="VerifySignatureInfo">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="VerifySignatureEnvironment" type="ContentOptionalRefType"/>
+						<xsd:element name="VerifySignatureLocation" type="xsd:token"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:choice minOccurs="0" maxOccurs="unbounded">
+				<xsd:element ref="SupplementProfile"/>
+				<xsd:element name="SupplementProfileID" type="xsd:string"/>
+			</xsd:choice>
+			<xsd:element name="SignatureManifestCheckParams" minOccurs="0">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ReferenceInfo" type="VerifyTransformsDataType" maxOccurs="unbounded">
+							<xsd:annotation>
+								<xsd:documentation>Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur.</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="ReturnReferenceInputData" type="xsd:boolean" use="optional" default="true"/>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="ReturnHashInputData" minOccurs="0"/>
+			<xsd:element name="TrustProfileID" type="xsd:token">
+				<xsd:annotation>
+					<xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Verify XML Signature Response ###-->
+	<xsd:element name="VerifyXMLSignatureResponse" type="VerifyXMLSignatureResponseType"/>
+	<xsd:complexType name="VerifyXMLSignatureResponseType">
+		<xsd:sequence>
+			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+				<xsd:annotation>
+					<xsd:documentation>only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="HashInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="ReferenceInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="SignatureCheck" type="ReferencesCheckResultType"/>
+			<xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" minOccurs="0"/>
+			<xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="CertificateCheck" type="CheckResultType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:simpleType name="ProfileIdentifierType">
+		<xsd:restriction base="xsd:token"/>
+	</xsd:simpleType>
+	<xsd:complexType name="InputDataType">
+		<xsd:complexContent>
+			<xsd:extension base="ContentExLocRefBaseType">
+				<xsd:attribute name="PartOf" use="optional" default="SignedInfo">
+					<xsd:simpleType>
+						<xsd:restriction base="xsd:token">
+							<xsd:enumeration value="SignedInfo"/>
+							<xsd:enumeration value="XMLDSIGManifest"/>
+						</xsd:restriction>
+					</xsd:simpleType>
+				</xsd:attribute>
+				<xsd:attribute name="ReferringSigReference" type="xsd:nonNegativeInteger" use="optional"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="MetaInfoType">
+		<xsd:sequence>
+			<xsd:element name="MimeType" type="MimeTypeType"/>
+			<xsd:element name="Description" type="xsd:anyURI" minOccurs="0"/>
+			<xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="FinalDataMetaInfoType">
+		<xsd:complexContent>
+			<xsd:extension base="MetaInfoType">
+				<xsd:sequence>
+					<xsd:element name="Type" type="xsd:anyURI" minOccurs="0"/>
+				</xsd:sequence>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="DataObjectInfoType">
+		<xsd:sequence>
+			<xsd:element name="DataObject">
+				<xsd:complexType>
+					<xsd:complexContent>
+						<xsd:extension base="ContentOptionalRefType"/>
+					</xsd:complexContent>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:choice>
+				<xsd:annotation>
+					<xsd:documentation>Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil</xsd:documentation>
+				</xsd:annotation>
+				<xsd:element ref="CreateTransformsInfoProfile"/>
+				<xsd:element name="CreateTransformsInfoProfileID" type="ProfileIdentifierType"/>
+			</xsd:choice>
+		</xsd:sequence>
+		<xsd:attribute name="Structure" use="required">
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="detached"/>
+					<xsd:enumeration value="enveloping"/>
+				</xsd:restriction>
+			</xsd:simpleType>
+		</xsd:attribute>
+	</xsd:complexType>
+	<xsd:complexType name="CMSDataObjectInfoType">
+		<xsd:sequence>
+			<xsd:element name="DataObject">
+				<xsd:complexType>
+					<xsd:complexContent>
+						<xsd:extension base="CMSDataObjectRequiredMetaType"/>
+					</xsd:complexContent>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+		<xsd:attribute name="Structure" use="required">
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="detached"/>
+					<xsd:enumeration value="enveloping"/>
+				</xsd:restriction>
+			</xsd:simpleType>
+		</xsd:attribute>
+	</xsd:complexType>
+	<xsd:complexType name="TransformsInfoType">
+		<xsd:sequence>
+			<xsd:element ref="dsig:Transforms" minOccurs="0"/>
+			<xsd:element name="FinalDataMetaInfo" type="FinalDataMetaInfoType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="XMLDataObjectAssociationType">
+		<xsd:sequence>
+			<xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
+			<xsd:element name="Content" type="ContentRequiredRefType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="CMSDataObjectOptionalMetaType">
+		<xsd:sequence>
+			<xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
+			<xsd:element name="Content" type="CMSContentBaseType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="CMSDataObjectRequiredMetaType">
+		<xsd:sequence>
+			<xsd:element name="MetaInfo" type="MetaInfoType"/>
+			<xsd:element name="Content" type="CMSContentBaseTypeLocRef"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="CMSContentBaseType">
+		<xsd:complexContent>
+			<xsd:restriction base="ContentOptionalRefType">
+				<xsd:choice minOccurs="0">
+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+				</xsd:choice>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="CMSContentBaseTypeLocRef">
+		<xsd:complexContent>
+			<xsd:restriction base="ContentOptionalRefType">
+				<xsd:choice minOccurs="0">
+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+					<xsd:element name="LocRefContent" type="xsd:anyURI"/>
+				</xsd:choice>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="CheckResultType">
+		<xsd:sequence>
+			<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+			<xsd:element name="Info" type="AnyChildrenType" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="ReferencesCheckResultType">
+		<xsd:complexContent>
+			<xsd:restriction base="CheckResultType">
+				<xsd:sequence>
+					<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+					<xsd:element name="Info" type="ReferencesCheckResultInfoType" minOccurs="0"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ReferencesCheckResultInfoType" mixed="true">
+		<xsd:complexContent>
+			<xsd:restriction base="AnyChildrenType">
+				<xsd:sequence>
+					<xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+					<xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ManifestRefsCheckResultType">
+		<xsd:complexContent>
+			<xsd:restriction base="CheckResultType">
+				<xsd:sequence>
+					<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+					<xsd:element name="Info" type="ManifestRefsCheckResultInfoType"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ManifestRefsCheckResultInfoType" mixed="true">
+		<xsd:complexContent>
+			<xsd:restriction base="AnyChildrenType">
+				<xsd:sequence>
+					<xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+					<xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
+					<xsd:element name="ReferringSigReference" type="xsd:positiveInteger"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<!--########## Error Response ###-->
+	<xsd:element name="ErrorResponse" type="ErrorResponseType">
+		<xsd:annotation>
+			<xsd:documentation>Resultat, falls die Signaturerstellung gescheitert ist</xsd:documentation>
+		</xsd:annotation>
+	</xsd:element>
+	<xsd:complexType name="ErrorResponseType">
+		<xsd:sequence>
+			<xsd:element name="ErrorCode" type="xsd:integer"/>
+			<xsd:element name="Info" type="xsd:string"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--########## Auxiliary Types ###-->
+	<xsd:simpleType name="KeyIdentifierType">
+		<xsd:restriction base="xsd:string"/>
+	</xsd:simpleType>
+	<xsd:simpleType name="KeyStorageType">
+		<xsd:restriction base="xsd:string">
+			<xsd:enumeration value="Software"/>
+			<xsd:enumeration value="Hardware"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:simpleType name="MimeTypeType">
+		<xsd:restriction base="xsd:token"/>
+	</xsd:simpleType>
+	<xsd:complexType name="AnyChildrenType" mixed="true">
+		<xsd:sequence>
+			<xsd:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="XMLContentType" mixed="true">
+		<xsd:complexContent>
+			<xsd:extension base="AnyChildrenType">
+				<xsd:attribute ref="xml:space" use="optional"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ContentBaseType">
+		<xsd:choice minOccurs="0">
+			<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+			<xsd:element name="XMLContent" type="XMLContentType"/>
+			<xsd:element name="LocRefContent" type="xsd:anyURI"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:complexType name="ContentExLocRefBaseType">
+		<xsd:complexContent>
+			<xsd:restriction base="ContentBaseType">
+				<xsd:choice minOccurs="0">
+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+					<xsd:element name="XMLContent" type="XMLContentType"/>
+				</xsd:choice>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ContentOptionalRefType">
+		<xsd:complexContent>
+			<xsd:extension base="ContentBaseType">
+				<xsd:attribute name="Reference" type="xsd:anyURI" use="optional"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ContentRequiredRefType">
+		<xsd:complexContent>
+			<xsd:restriction base="ContentOptionalRefType">
+				<xsd:choice minOccurs="0">
+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+					<xsd:element name="XMLContent" type="XMLContentType"/>
+					<xsd:element name="LocRefContent" type="xsd:anyURI"/>
+				</xsd:choice>
+				<xsd:attribute name="Reference" type="xsd:anyURI" use="required"/>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="VerifyTransformsDataType">
+		<xsd:choice maxOccurs="unbounded">
+			<xsd:annotation>
+				<xsd:documentation>Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen.</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element ref="VerifyTransformsInfoProfile"/>
+			<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string">
+				<xsd:annotation>
+					<xsd:documentation>Profilbezeichner für einen Transformationsweg</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:element name="QualifiedCertificate"/>
+	<xsd:element name="SecureSignatureCreationDevice"/>
+	<xsd:element name="PublicAuthority" type="PublicAuthorityType"/>
+	<xsd:complexType name="PublicAuthorityType">
+		<xsd:sequence>
+			<xsd:element name="Code" type="xsd:string" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:simpleType name="SignatoriesType">
+		<xsd:union memberTypes="AllSignatoriesType">
+			<xsd:simpleType>
+				<xsd:list itemType="xsd:positiveInteger"/>
+			</xsd:simpleType>
+		</xsd:union>
+	</xsd:simpleType>
+	<xsd:simpleType name="AllSignatoriesType">
+		<xsd:restriction base="xsd:string">
+			<xsd:enumeration value="all"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:complexType name="CreateSignatureLocationType">
+		<xsd:simpleContent>
+			<xsd:extension base="xsd:token">
+				<xsd:attribute name="Index" type="xsd:integer" use="required"/>
+			</xsd:extension>
+		</xsd:simpleContent>
+	</xsd:complexType>
+	<xsd:complexType name="TransformParameterType">
+		<xsd:choice minOccurs="0">
+			<xsd:annotation>
+				<xsd:documentation>Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann.</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element name="Base64Content" type="xsd:base64Binary">
+				<xsd:annotation>
+					<xsd:documentation>Der Transformationsparameter explizit angegeben.</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="Hash">
+				<xsd:annotation>
+					<xsd:documentation>Der Hashwert des Transformationsparameters.</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element ref="dsig:DigestMethod"/>
+						<xsd:element ref="dsig:DigestValue"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:choice>
+		<xsd:attribute name="URI" type="xsd:anyURI" use="required"/>
+	</xsd:complexType>
+	<xsd:element name="CreateSignatureEnvironmentProfile">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="CreateSignatureLocation" type="CreateSignatureLocationType"/>
+				<xsd:element name="Supplement" type="XMLDataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="VerifyTransformsInfoProfile">
+		<xsd:annotation>
+			<xsd:documentation>Explizite Angabe des Transformationswegs</xsd:documentation>
+		</xsd:annotation>
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element ref="dsig:Transforms" minOccurs="0"/>
+				<xsd:element name="TransformParameter" type="TransformParameterType" minOccurs="0" maxOccurs="unbounded">
+					<xsd:annotation>
+						<xsd:documentation>Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird.</xsd:documentation>
+					</xsd:annotation>
+				</xsd:element>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="Supplement" type="XMLDataObjectAssociationType"/>
+	<xsd:element name="SupplementProfile" type="XMLDataObjectAssociationType"/>
+	<xsd:element name="CreateTransformsInfoProfile">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="CreateTransformsInfo" type="TransformsInfoType"/>
+				<xsd:element ref="Supplement" minOccurs="0" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+</xsd:schema>
diff --git a/spss/server/serverws/src/main/webapp/WEB-INF/server-config.wsdd b/spss/server/serverws/src/main/webapp/WEB-INF/server-config.wsdd
index 088fe76fd..eaa50865d 100644
--- a/spss/server/serverws/src/main/webapp/WEB-INF/server-config.wsdd
+++ b/spss/server/serverws/src/main/webapp/WEB-INF/server-config.wsdd
@@ -14,9 +14,12 @@
 
   <service name="SignatureCreation" provider="java:MSG">
     <namespace>http://reference.e-government.gv.at/namespace/moa/20020822#</namespace>
-    <parameter name="allowedMethods" value="CreateXMLSignatureRequest"/>
+    <parameter name="allowedMethods" value="CreateCMSSignatureRequest CreateXMLSignatureRequest"/>
     <parameter name="className" value="at.gv.egovernment.moa.spss.server.service.SignatureCreationService"/>
-    <wsdlFile>/resources/wsdl/MOA-SPSS-1.3.wsdl</wsdlFile>
+    <!-- TODO -->
+    <wsdlFile>C:\eclipse_workspaces\MOA_Git01\moa-idspss\spss\server\serverws\resources\wsdl\MOA-SPSS-1.5.2.wsdl</wsdlFile>
+    
+    <!-- <wsdlFile>/resources/wsdl/MOA-SPSS-1.5.2.wsdl</wsdlFile>-->
     <requestFlow>
       <handler type="MOAHandler"/>
     </requestFlow>
@@ -29,7 +32,7 @@
     <namespace>http://reference.e-government.gv.at/namespace/moa/20020822#</namespace>
     <parameter name="allowedMethods" value="VerifyCMSSignatureRequest VerifyXMLSignatureRequest"/>
     <parameter name="className" value="at.gv.egovernment.moa.spss.server.service.SignatureVerificationService"/>
-    <wsdlFile>/resources/wsdl/MOA-SPSS-1.3.wsdl</wsdlFile>
+    <wsdlFile>/resources/wsdl/MOA-SPSS-1.5.2.wsdl</wsdlFile>
     <requestFlow>
       <handler type="MOAHandler"/>
     </requestFlow>
diff --git a/spss/server/tools/.classpath b/spss/server/tools/.classpath
index 65abf443d..21bdbd0bc 100644
--- a/spss/server/tools/.classpath
+++ b/spss/server/tools/.classpath
@@ -1,12 +1,16 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <classpath>
-  <classpathentry kind="src" path="src/main/java" including="**/*.java"/>
-  <classpathentry kind="src" path="src/main/resources" excluding="**/*.java"/>
-  <classpathentry kind="output" path="target/classes"/>
-  <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
-  <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar"/>
-  <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.jar"/>
-  <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_ecc/2.19/iaik_ecc-2.19.jar"/>
-  <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
-  <classpathentry kind="var" path="M2_REPO/xalan-bin-dist/xalan/2.7.0/xalan-2.7.0.jar"/>
-</classpath>
\ No newline at end of file
+	<classpathentry including="**/*.java" kind="src" path="src/main/java"/>
+	<classpathentry excluding="**/*.java" kind="src" path="src/main/resources"/>
+	<classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar"/>
+	<classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.jar"/>
+	<classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_ecc/2.19/iaik_ecc-2.19.jar"/>
+	<classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
+	<classpathentry kind="var" path="M2_REPO/xalan-bin-dist/xalan/2.7.0/xalan-2.7.0.jar"/>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.7">
+		<attributes>
+			<attribute name="owner.project.facets" value="java"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/spss/server/tools/.settings/org.eclipse.jdt.core.prefs b/spss/server/tools/.settings/org.eclipse.jdt.core.prefs
index 3bfb290ea..c788ee346 100644
--- a/spss/server/tools/.settings/org.eclipse.jdt.core.prefs
+++ b/spss/server/tools/.settings/org.eclipse.jdt.core.prefs
@@ -1,6 +1,8 @@
-#Thu Dec 27 15:45:21 CET 2012
-org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
 eclipse.preferences.version=1
-org.eclipse.jdt.core.compiler.source=1.5
-org.eclipse.jdt.core.compiler.compliance=1.5
+org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.7
+org.eclipse.jdt.core.compiler.compliance=1.7
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
+org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
+org.eclipse.jdt.core.compiler.source=1.7
-- 
cgit v1.2.3


From fe75121d894e86d29a2804f44438ed594c717097 Mon Sep 17 00:00:00 2001
From: Klaus Stranacher <kstranacher@iaik.tugraz.at>
Date: Wed, 15 May 2013 15:19:21 +0200
Subject: Update iaik libraries: iaik-moa and jce Update iaik-moa exception
 import whitelisting activated in iaik-moa

---
 .../spss/server/config/ConfigurationPartsBuilder.java | 19 ++++++++++---------
 .../invoke/CMSSignatureVerificationInvoker.java       |  4 ++--
 .../moa/spss/server/invoke/IaikExceptionMapper.java   |  8 ++++----
 .../server/invoke/XMLSignatureCreationInvoker.java    |  4 ++--
 .../invoke/XMLSignatureVerificationInvoker.java       |  4 ++--
 5 files changed, 20 insertions(+), 19 deletions(-)

(limited to 'spss/server')

diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 4fcc5daa9..2dcffa014 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -30,6 +30,7 @@ import iaik.pki.pathvalidation.ChainingModes;
 import iaik.pki.revocation.RevocationSourceTypes;
 import iaik.server.modules.xml.BlackListEntry;
 import iaik.server.modules.xml.ExternalReferenceChecker;
+import iaik.server.modules.xml.WhiteListEntry;
 import iaik.utils.RFC2253NameParser;
 import iaik.utils.RFC2253NameParserException;
 
@@ -525,19 +526,19 @@ public class ConfigurationPartsBuilder {
 	      String host = getElementValue(permitExtElem, CONF + "IP", null);
 	      String port = getElementValue(permitExtElem, CONF + "Port", null);
 	      
-	      // TODO WhiteListeEntry
-//	      WhiteListEntry entry =null;
+	      // WhiteListeEntry
+	      WhiteListEntry entry =null;
 	      if (port == null) {
-//	    	  entry = new WhiteListEntry(host, -1);
+	    	  entry = new WhiteListEntry(host, -1);
 	    	  info("config.49", new Object[]{host});
       }
 	      else {	    	  
-//	    	  entry = new WhiteListEntry(host, new Integer(port).intValue());
+	    	  entry = new WhiteListEntry(host, new Integer(port).intValue());
 	    	  info("config.49", new Object[]{host + ":" + port});
 	      }
-//	      
-//	      // add entry to iaik-moa whitelist	      
-//	      whiteListIaikMoa.add(entry);
+	      
+	      // add entry to iaik-moa whitelist	      
+	      whiteListIaikMoa.add(entry);
 	      	       
 	      
 	      String array[] = new String[2];
@@ -548,8 +549,8 @@ public class ConfigurationPartsBuilder {
 	  }
 	  
 	  
-	  // TODO set whitelist for iaik-moa
-//	  ExternalReferenceChecker.setWhitelist(whiteListIaikMoa);
+	  // set whitelist for iaik-moa
+	  ExternalReferenceChecker.setWhitelist(whiteListIaikMoa);
 
 	  
 	  if(whitelist.isEmpty()) // no whitelisted uris given
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index c979d8407..00f96f205 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -24,8 +24,8 @@
 
 package at.gv.egovernment.moa.spss.server.invoke;
 
-import iaik.IAIKException;
-import iaik.IAIKRuntimeException;
+import iaik.server.modules.IAIKException;
+import iaik.server.modules.IAIKRuntimeException;
 import iaik.server.modules.cmsverify.CMSSignatureVerificationModule;
 import iaik.server.modules.cmsverify.CMSSignatureVerificationModuleFactory;
 import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile;
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java
index 348cb84aa..1136ff2f8 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java
@@ -24,8 +24,8 @@
 
 package at.gv.egovernment.moa.spss.server.invoke;
 
-import iaik.IAIKException;
-import iaik.IAIKRuntimeException;
+import iaik.server.modules.IAIKException;
+import iaik.server.modules.IAIKRuntimeException;
 
 import java.lang.reflect.Constructor;
 import java.util.HashMap;
@@ -51,8 +51,8 @@ public class IaikExceptionMapper {
   /** The exception mapping, as an array. */
   private static final Object[][] MESSAGES =
     {
-      { iaik.IAIKException.class, "9900", MOASystemException.class },
-      { iaik.IAIKRuntimeException.class, "9901", MOASystemException.class },
+      { iaik.server.modules.IAIKException.class, "9900", MOASystemException.class },
+      { iaik.server.modules.IAIKRuntimeException.class, "9901", MOASystemException.class },
       { iaik.server.modules.xmlsign.XMLSignatureCreationException.class, "2220", MOAApplicationException.class },
       { iaik.server.modules.xmlsign.XMLSignatureCreationRuntimeException.class, "2220", MOAApplicationException.class },
       { iaik.server.modules.xmlsign.InvalidKeyException.class, "2221", MOAApplicationException.class }, 
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java
index 8bebff974..7debb7b3a 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java
@@ -24,8 +24,8 @@
 
 package at.gv.egovernment.moa.spss.server.invoke;
 
-import iaik.IAIKException;
-import iaik.IAIKRuntimeException;
+import iaik.server.modules.IAIKException;
+import iaik.server.modules.IAIKRuntimeException;
 import iaik.server.modules.xml.DataObject;
 import iaik.server.modules.xml.XMLDataObject;
 import iaik.server.modules.xml.XMLSignature;
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
index 8a5b6f5b7..f3ac72520 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
@@ -24,10 +24,10 @@
 
 package at.gv.egovernment.moa.spss.server.invoke;
 
-import iaik.IAIKException;
-import iaik.IAIKRuntimeException;
 import iaik.ixsil.exceptions.URIException;
 import iaik.ixsil.util.URI;
+import iaik.server.modules.IAIKException;
+import iaik.server.modules.IAIKRuntimeException;
 import iaik.server.modules.xml.DataObject;
 import iaik.server.modules.xml.XMLDataObject;
 import iaik.server.modules.xml.XMLSignature;
-- 
cgit v1.2.3


From 1d918b4e05d06ed39f6215fd70ce375a38a300b8 Mon Sep 17 00:00:00 2001
From: Klaus Stranacher <kstranacher@iaik.tugraz.at>
Date: Thu, 16 May 2013 09:35:16 +0200
Subject: New design MOA-ID and MOA-SPSS documentation

---
 spss/server/serverws/.classpath                                 | 1 -
 spss/server/serverws/.settings/org.eclipse.wst.common.component | 9 ++++-----
 2 files changed, 4 insertions(+), 6 deletions(-)

(limited to 'spss/server')

diff --git a/spss/server/serverws/.classpath b/spss/server/serverws/.classpath
index a0edd58fe..767a2a2de 100644
--- a/spss/server/serverws/.classpath
+++ b/spss/server/serverws/.classpath
@@ -6,7 +6,6 @@
 			<attribute name="maven.pomderived" value="true"/>
 		</attributes>
 	</classpathentry>
-	<classpathentry kind="src" path="resources"/>
 	<classpathentry kind="src" output="target/test-classes" path="src/test/java">
 		<attributes>
 			<attribute name="optional" value="true"/>
diff --git a/spss/server/serverws/.settings/org.eclipse.wst.common.component b/spss/server/serverws/.settings/org.eclipse.wst.common.component
index 82f65bee6..1b3789e29 100644
--- a/spss/server/serverws/.settings/org.eclipse.wst.common.component
+++ b/spss/server/serverws/.settings/org.eclipse.wst.common.component
@@ -6,12 +6,11 @@
         <dependent-module archiveName="moa-common-1.5.2.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
             <dependency-type>uses</dependency-type>
         </dependent-module>
-        <wb-resource deploy-path="/" source-path="/target/m2e-wtp/web-resources"/>
-        <wb-resource deploy-path="/" source-path="/src/main/webapp" tag="defaultRootSource"/>
-        <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/test/java"/>
-        <wb-resource deploy-path="/WEB-INF/classes" source-path="/resources"/>
-        <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/java"/>
     <property name="java-output-path" value="/target/classes"/>
         <property name="context-root" value="moa-spss"/>
+    <wb-resource deploy-path="/WEB-INF/classes" source-path="src/main/java"/>
+        <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/java"/>
+        <wb-resource deploy-path="/" source-path="/target/m2e-wtp/web-resources"/>
+        <wb-resource deploy-path="/" source-path="/src/main/webapp" tag="defaultRootSource"/>
   </wb-module>
 </project-modules>
-- 
cgit v1.2.3


From 8591e43ef7f8e1eb0be50a0726d507904b26b9f5 Mon Sep 17 00:00:00 2001
From: Klaus Stranacher <kstranacher@iaik.tugraz.at>
Date: Thu, 16 May 2013 13:01:02 +0200
Subject: Minor documentation updates

---
 spss/server/history.txt                                        |  9 +++++----
 spss/server/readme.update.txt                                  | 10 +++++-----
 .../serverlib/.settings/org.eclipse.wst.common.component       |  3 +--
 3 files changed, 11 insertions(+), 11 deletions(-)

(limited to 'spss/server')

diff --git a/spss/server/history.txt b/spss/server/history.txt
index 7d1d3d323..0062376b4 100644
--- a/spss/server/history.txt
+++ b/spss/server/history.txt
@@ -2,12 +2,13 @@
 1.5.2
 ##############
 
+- Signaturerstelltung:
+  - Unterstützung von XAdES Version 1.4.2
+  - Unterstützung von CMS/CAdES Signaturen Version 2.2.1
 - TSL Unterstützung                                                  
 - Libraries aktualisiert bzw. hinzugefügt:
-	iaik-moa:           Version 1.32 ?
-	iaik-ixsil:			Version 1.2.2.5 ? 
-	Axis:				Version 1.0_IAIK ?
-	iaik-tsl			Versio x.x
+	iaik-moa:           Version 1.5
+	iaik-tsl			Versio x.x @TODO
 
 
 ##############
diff --git a/spss/server/readme.update.txt b/spss/server/readme.update.txt
index c2f58b6e7..435de382c 100644
--- a/spss/server/readme.update.txt
+++ b/spss/server/readme.update.txt
@@ -1,11 +1,11 @@
 
 ======================================================================
-  Update einer bestehenden MOA-SPSS-Installation auf Version 1.5.1
+  Update einer bestehenden MOA-SPSS-Installation auf Version 1.5.2
 ======================================================================
 
 Es gibt zwei Möglichkeiten (im Folgenden als "Update Variante A" und 
 "Update Variante B" bezeichnet), das Update von MOA-SPSS auf Version
-1.5.1 durchzuführen. Update Variante A geht dabei den Weg über eine 
+1.5.2 durchzuführen. Update Variante A geht dabei den Weg über eine 
 vorangestellte Neuinstallation, während Variante B direkt eine  
 bestehende Installation aktualisiert.
 
@@ -16,7 +16,7 @@ JAVA_HOME bezeichnet das Wurzelverzeichnis der JDK-Installation
 CATALINA_HOME bezeichnet das Wurzelverzeichnis der Tomcat-Installation
 
 MOA_SPSS_INST bezeichnet das Verzeichnis, in das Sie die Datei
-moa-spss-1.5.1.zip entpackt haben.
+moa-spss-1.5.2.zip entpackt haben.
 
 =================
 Update Variante A 
@@ -53,13 +53,13 @@ Update Variante B
 1.)	Erstellen Sie eine Sicherungskopie des kompletten Tomcat-Verzeichnisses
 	Ihrer MOA-SPSS-Installation.
 	
-2.)	Entpacken Sie die Datei "moa-spss-1.5.1.zip" in das Verzeichnis MOA_SPSS_INST.
+2.)	Entpacken Sie die Datei "moa-spss-1.5.2.zip" in das Verzeichnis MOA_SPSS_INST.
 
 3.)	Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
 	JAVA_HOME\jre\lib\ext und löschen Sie diese Dateien danach.
 	
 4.)	Kopieren Sie alle Dateien aus dem Verzeichnis MOA_SPSS_INST\ext in das 
-  	Verzeichnis	JAVA_HOME\jre\lib\ext (Achtung: Java 1.3.x wird nicht mehr 
+  	Verzeichnis	JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr 
   	unterstützt).
 	
 5.)	Kopieren Sie die Dateien aus dem Verzeichnis MOA_SPSS_INST\endorsed
diff --git a/spss/server/serverlib/.settings/org.eclipse.wst.common.component b/spss/server/serverlib/.settings/org.eclipse.wst.common.component
index fe4fd3290..7170b56ac 100644
--- a/spss/server/serverlib/.settings/org.eclipse.wst.common.component
+++ b/spss/server/serverlib/.settings/org.eclipse.wst.common.component
@@ -2,7 +2,6 @@
   <wb-module deploy-name="moa-spss-lib">
     <wb-resource deploy-path="/" source-path="src/main/java"/>
     <wb-resource deploy-path="/" source-path="src/main/resources"/>
-        <wb-resource deploy-path="/" source-path="/src/main/java"/>
-        <wb-resource deploy-path="/" source-path="/src/main/resources"/>
+        <wb-resource deploy-path="/" source-path="/"/>
   </wb-module>
 </project-modules>
-- 
cgit v1.2.3


From a52d3300d20837b12b45a0d4fb2b0ee520f6e641 Mon Sep 17 00:00:00 2001
From: Klaus Stranacher <kstranacher@iaik.tugraz.at>
Date: Wed, 14 Aug 2013 16:36:40 +0200
Subject: TSL integration updates: - Setting of hashcache parameter in MOA -
 Update MOA-SP Response (Source attribute in QualifiedCertificate and
 SecureSignatureCreationDevice element) - Hidden truststores (for TSL enabled
 truststore: given certificates are copied to hidden truststore, where TSL
 certificates are copied) - Update of QC and SSCD detection - Update MOA-SPSS
 config: EU TSL URL can be set via configuration

---
 .../.settings/org.eclipse.wst.common.component     |   1 -
 .../org.eclipse.wst.common.project.facet.core.xml  |   4 +-
 .../gv/egovernment/moa/spss/api/SPSSFactory.java   |   8 +-
 .../moa/spss/api/common/SignerInfo.java            |  11 ++
 .../moa/spss/api/common/TSLConfiguration.java      |   7 ++
 .../moa/spss/api/impl/SPSSFactoryImpl.java         |   6 +-
 .../moa/spss/api/impl/SignerInfoImpl.java          |  31 +++++-
 .../moa/spss/api/impl/TSLConfigurationImpl.java    |  23 +++-
 .../moa/spss/api/xmlbind/ResponseBuilderUtils.java |   6 +-
 .../xmlbind/VerifyCMSSignatureResponseBuilder.java |   5 +-
 .../xmlbind/VerifyXMLSignatureResponseBuilder.java |   4 +-
 .../server/config/ConfigurationPartsBuilder.java   |  91 ++++++++++++++--
 .../spss/server/config/ConfigurationProvider.java  |   6 +-
 .../moa/spss/server/config/TrustProfile.java       |  29 +++---
 .../moa/spss/server/init/SystemInitializer.java    |   8 +-
 .../invoke/CMSSignatureVerificationInvoker.java    | 116 +++++++++++++++++++--
 .../invoke/VerifyCMSSignatureResponseBuilder.java  |  27 ++---
 .../invoke/VerifyXMLSignatureResponseBuilder.java  |  30 +++---
 .../invoke/XMLSignatureVerificationInvoker.java    |  65 ++++++++++--
 .../moa/spss/tsl/connector/TSLConnector.java       |  27 +++--
 .../moa/spss/tsl/timer/TSLUpdaterTimerTask.java    |  26 +++--
 .../properties/spss_messages_de.properties         |   1 +
 .../.settings/org.eclipse.wst.common.component     |   6 +-
 spss/server/serverws/pom.xml                       |  36 +++++++
 spss/server/tools/.classpath                       |  26 +++--
 .../tools/.settings/org.eclipse.jdt.core.prefs     |  11 +-
 26 files changed, 472 insertions(+), 139 deletions(-)

(limited to 'spss/server')

diff --git a/spss/server/serverlib/.settings/org.eclipse.wst.common.component b/spss/server/serverlib/.settings/org.eclipse.wst.common.component
index 7170b56ac..ee24ef8ba 100644
--- a/spss/server/serverlib/.settings/org.eclipse.wst.common.component
+++ b/spss/server/serverlib/.settings/org.eclipse.wst.common.component
@@ -2,6 +2,5 @@
   <wb-module deploy-name="moa-spss-lib">
     <wb-resource deploy-path="/" source-path="src/main/java"/>
     <wb-resource deploy-path="/" source-path="src/main/resources"/>
-        <wb-resource deploy-path="/" source-path="/"/>
   </wb-module>
 </project-modules>
diff --git a/spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml b/spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml
index 69dc9cc0f..656f15b87 100644
--- a/spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml
+++ b/spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml
@@ -3,5 +3,5 @@
   <fixed facet="jst.java"/>
   <fixed facet="jst.utility"/>
   <installed facet="jst.utility" version="1.0"/>
-  <installed facet="jst.java" version="1.5"/>
-</faceted-project>
+  <installed facet="jst.java" version="5.0"/>
+</faceted-project>
\ No newline at end of file
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
index 26cce1a82..80f996b36 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
@@ -1090,6 +1090,8 @@ public abstract class SPSSFactory {
    * @param signerCertificate The signer certificate in binary form.
    * @param qualifiedCertificate <code>true</code>, if the signer certificate is
    * a qualified certificate, otherwise <code>false</code>.
+   * @param qcSourceTSL <code>true</code>, if the QC information comes from the TSL, 
+   * 		otherwise <code>false</code>.
    * @param publicAuthority <code>true</code>, if the signer certificate is a
    * public authority certificate, otherwise <code>false</code>.
    * @param publicAuthorityID The identification of the public authority
@@ -1097,6 +1099,8 @@ public abstract class SPSSFactory {
    * <code>null</code>.
    * @param sscd <code>true</code>, if the TSL check verifies the 
    * 		signature based on a SSDC, otherwise <code>false</code>.
+   * @param sscdSourceTSL <code>true</code>, if the SSCD information comes from the TSL, 
+   * 		otherwise <code>false</code>.
    * @return The <code>SignerInfo</code> containing the above data.
    * 
    * @pre signerCertSubjectName != null
@@ -1106,9 +1110,11 @@ public abstract class SPSSFactory {
   public abstract SignerInfo createSignerInfo(
     X509Certificate signerCertificate,
     boolean qualifiedCertificate,
+    boolean qcSourceTSL,
     boolean publicAuthority,
     String publicAuthorityID,
-    boolean sscd);
+    boolean sscd,
+    boolean sscdSourceTSL);
   
   /**
    * Create a new <code>X509IssuerSerial</code> object.
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/SignerInfo.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/SignerInfo.java
index 7a1942214..337f775bf 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/SignerInfo.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/SignerInfo.java
@@ -58,6 +58,17 @@ public interface SignerInfo {
    */
   public boolean isSSCD();
   
+  /**
+   * Returns the source of the SSCD check (TSL or Certificate)   * 
+   */
+  public String getSSCDSource();
+
+  /**
+   * Returns the source of the QC check (TSL or Certificate)   * 
+   */
+  public String getQCSource();
+
+  
   /**
    * Checks, whether the certificate contained in this object is a 
    * public authority certificate.
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/TSLConfiguration.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/TSLConfiguration.java
index fd7d38217..29529322c 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/TSLConfiguration.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/TSLConfiguration.java
@@ -24,6 +24,8 @@
 
 package at.gv.egovernment.moa.spss.api.common;
 
+import iaik.ixsil.util.URI;
+
 import java.util.Date;
 
 
@@ -70,5 +72,10 @@ public interface TSLConfiguration {
    */
   public String getWorkingDirectory();
   
+  /**
+   * 
+   * @return
+   */
+  public URI getWorkingDirectoryAsURI();
 
 }
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
index 7c1208e8f..74f65cb70 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
@@ -622,15 +622,19 @@ public class SPSSFactoryImpl extends SPSSFactory {
   public SignerInfo createSignerInfo(
     X509Certificate signerCertificate,
     boolean qualifiedCertificate,
+    boolean qcSourceTSL,
     boolean publicAuthority,
     String publicAuthorityID, 
-    boolean sscd) {
+    boolean sscd,
+    boolean sscdSourceTSL) {
     SignerInfoImpl signerInfo = new SignerInfoImpl();
     signerInfo.setSignerCertificate(signerCertificate);
     signerInfo.setQualifiedCertificate(qualifiedCertificate);
+    signerInfo.setQCSourceTSL(qcSourceTSL);
     signerInfo.setPublicAuthority(publicAuthority);
     signerInfo.setPublicAuhtorityID(publicAuthorityID);
     signerInfo.setSSCD(sscd);
+    signerInfo.setSSCDSourceTSL(sscdSourceTSL);
     return signerInfo;
   }
 
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java
index 56a9004fc..5d26397c5 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java
@@ -49,6 +49,13 @@ public class SignerInfoImpl implements SignerInfo {
 
   /** Determines, whether the signature is based on an SSCD */
   private boolean sscd;
+  
+  /** Determines, if the SSCD check bases upon on TSL */
+  private boolean sscdSourceTSL;
+  
+  /** Determines, if the QC check bases upon on TSL */
+  private boolean qcSourceTSL;
+  
   /**
   * Sets the signer certificate.
   * 
@@ -87,7 +94,29 @@ public class SignerInfoImpl implements SignerInfo {
   }
   public boolean isSSCD() {
 	    return sscd;
-	  }
+  }
+  
+  public void setSSCDSourceTSL(boolean sscdSourceTSL) {
+	  this.sscdSourceTSL = sscdSourceTSL;
+  }
+  
+  public String getSSCDSource() {
+	  if (sscdSourceTSL)
+		  return "TSL";
+	  else
+		  return "Certificate";
+  }
+  
+  public void setQCSourceTSL(boolean qcSourceTSL) {
+	  this.qcSourceTSL = qcSourceTSL;
+  }
+  
+  public String getQCSource() {
+	  if (qcSourceTSL)
+		  return "TSL";
+	  else
+		  return "Certificate";
+  }
   
   /**
    * Sets, whether the certificate contained in this object is an 
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TSLConfigurationImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TSLConfigurationImpl.java
index 15d66614e..87314e1f7 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TSLConfigurationImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TSLConfigurationImpl.java
@@ -24,6 +24,8 @@
 
 package at.gv.egovernment.moa.spss.api.impl;
 
+import iaik.ixsil.util.URI;
+
 import java.util.Date;
 
 import at.gv.egovernment.moa.spss.api.common.TSLConfiguration;
@@ -38,7 +40,7 @@ public class TSLConfigurationImpl implements TSLConfiguration {
 	
 	
 	/** The EU TSL URL. */
-//	private String euTSLUrl;
+	private String euTSLUrl;
 
 	/** update period in milliseconds */
 	private long updateSchedulePeriod;
@@ -48,9 +50,12 @@ public class TSLConfigurationImpl implements TSLConfiguration {
   
 	/** Working directory */
 	private String workingDirectory;
+	
+	/** Working directory */
+	private URI workingDirectoryAsURI;
   
   public String getEuTSLUrl() {
-	  return this.DEFAULT_EU_TSL_URL;
+	  return this.euTSLUrl;
   }
 
   public long getUpdateSchedulePeriod() {
@@ -64,10 +69,14 @@ public class TSLConfigurationImpl implements TSLConfiguration {
   public String getWorkingDirectory() {
 	  return this.workingDirectory;
   }
+  
+  public URI getWorkingDirectoryAsURI() {
+	  return this.workingDirectoryAsURI;
+  }
 
-//	public void setEuTSLUrl(String euTSLUrl) {
-//		this.euTSLUrl = euTSLUrl;
-//	}
+	public void setEuTSLUrl(String euTSLUrl) {
+		this.euTSLUrl = euTSLUrl;
+	}
 	
 	public void setUpdateSchedulePeriod(long updateSchedulePeriod) {
 		this.updateSchedulePeriod = updateSchedulePeriod;
@@ -80,6 +89,10 @@ public class TSLConfigurationImpl implements TSLConfiguration {
 	public void setWorkingDirectory(String workingDirectory) {
 		this.workingDirectory = workingDirectory;
 	}
+	
+	public void setWorkingDirectoryURI(URI workingDirectoryAsURI) {
+		this.workingDirectoryAsURI = workingDirectoryAsURI;
+	}
 
   
  
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
index a228a0db8..505303bc1 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
@@ -117,9 +117,11 @@ class ResponseBuilderUtils {
     Element root,
     X509Certificate cert,
     boolean isQualified,
+    String qcSource,
     boolean isPublicAuthority,
     String publicAuthorityID,
-    boolean isSSCD)
+    boolean isSSCD,
+    String sscdSource)
     throws MOAApplicationException {
 
     Element signerInfoElem = response.createElementNS(MOA_NS_URI, "SignerInfo");
@@ -182,6 +184,7 @@ class ResponseBuilderUtils {
     x509DataElem.appendChild(x509IssuerSerialElem);
     x509DataElem.appendChild(x509CertificateElem);
     if (isQualified) {
+    	qualifiedCertificateElem.setAttributeNS(MOA_NS_URI, "Source", qcSource);
       x509DataElem.appendChild(qualifiedCertificateElem);
     }
     if (isPublicAuthority) {
@@ -192,6 +195,7 @@ class ResponseBuilderUtils {
       }
     }
     if (isSSCD) {
+    	sscdElem.setAttributeNS(MOA_NS_URI, "Source", sscdSource);
         x509DataElem.appendChild(sscdElem);
       }
     signerInfoElem.appendChild(x509DataElem);
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
index 7ad838822..238875351 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
@@ -99,14 +99,17 @@ public class VerifyCMSSignatureResponseBuilder {
     CheckResult signatureCheck = responseElement.getSignatureCheck();
     CheckResult certCheck = responseElement.getCertificateCheck();
     
+    //TODO
     ResponseBuilderUtils.addSignerInfo(
       responseDoc,
       responseElem,
       signerInfo.getSignerCertificate(),
       signerInfo.isQualifiedCertificate(),
+      signerInfo.getQCSource(),
       signerInfo.isPublicAuthority(),
       signerInfo.getPublicAuhtorityID(),
-      signerInfo.isSSCD());
+      signerInfo.isSSCD(),
+      signerInfo.getSSCDSource());
 
     ResponseBuilderUtils.addCodeInfoElement(
       responseDoc,
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
index 0d3e0c18e..8673fba1c 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
@@ -96,9 +96,11 @@ public class VerifyXMLSignatureResponseBuilder {
       responseElem,
       response.getSignerInfo().getSignerCertificate(),
       response.getSignerInfo().isQualifiedCertificate(),
+      response.getSignerInfo().getQCSource(),
       response.getSignerInfo().isPublicAuthority(),
       response.getSignerInfo().getPublicAuhtorityID(),
-      response.getSignerInfo().isSSCD());
+      response.getSignerInfo().isSSCD(),
+      response.getSignerInfo().getSSCDSource());
 
     // add HashInputData elements
     responseData = response.getHashInputDatas();
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 2dcffa014..d2ee75116 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -67,6 +67,7 @@ import at.gv.egovernment.moa.spss.api.impl.TSLConfigurationImpl;
 import at.gv.egovernment.moa.spss.util.MessageProvider;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.StringUtils;
 import at.gv.egovernment.moa.util.XPathUtils;
 
@@ -1135,11 +1136,11 @@ public class ConfigurationPartsBuilder {
   }
 
   /**
-   * Bulid the trust profile mapping.
+   * Build the trust profile mapping.
    * 
    * @return The profile ID to profile mapping.
    */
-  public Map buildTrustProfiles() 
+  public Map buildTrustProfiles(String tslWorkingDir) 
   {
     Map trustProfiles = new HashMap();
     NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH);
@@ -1213,8 +1214,62 @@ public class ConfigurationPartsBuilder {
       }
       
       signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null;
-      TrustProfile profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, tslEnabled, countries);
+      
+      TrustProfile profile = null;
+      
+      if (tslEnabled) {
+    	  // create new trust anchor location (=tslworking trust profile)
+    	  File fTslWorkingDir = new File(tslWorkingDir);
+    	  File tp = new File(fTslWorkingDir, "trustprofiles");
+    	  if (!tp.exists())
+    		  tp.mkdir();
+    	  if (!tp.isDirectory()) {
+        	  error("config.50", new Object[] { tp.getPath() });
+        	  // TODO?
+          }
+    	  
+    	  File tpid = new File(tp, id);        	 
+    	  if (!tpid.exists())
+              tpid.mkdir();
+    	  if (!tpid.isDirectory()) {
+        	  error("config.50", new Object[] { tpid.getPath() });
+        	  // TODO?
+          }
+
+    	  
+    	  //System.out.println("tps: " + tpid.getAbsolutePath());
+        	  
+    	  // create profile
+    	  profile = new TrustProfile(id, tpid.getAbsolutePath(), signerCertsLocStr, tslEnabled, countries);
+    	  
+    	  // set original uri (save original trust anchor location)    	    
+    	  profile.setUriOrig(trustAnchorsLocURI.getPath());
+    	  
+    	  // delete files in tslworking trust profile
+    	  File[] files = tpid.listFiles();
+			for (File file : files) 
+	              file.delete();
+    	  
+    	  // copy files from trustAnchorsLocURI into tslworking trust profile kopieren
+    	  File src = new File(trustAnchorsLocURI.getPath());
+    	  files = src.listFiles();                    
+          for (File file : files) { 
+              FileUtils.copyFile(file, new File(tpid, file.getName()));  
+          } 
+          
+//    	  System.out.println("ID: " + id);
+//          System.out.println("Str: " + trustAnchorsLocStr);
+//          System.out.println("URI: " + trustAnchorsLocURI.toString());
+//          System.out.println("tslWorkingDir: " + tslWorkingDir);
+          
+      } else {
+      
+    	  profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, tslEnabled, countries);
+      
+      }
+      
       trustProfiles.put(id, profile);
+      
     }
 
     return trustProfiles;
@@ -1531,11 +1586,11 @@ public class ConfigurationPartsBuilder {
 	  TSLConfigurationImpl tslconfiguration = new TSLConfigurationImpl();
 	  
 	  
-//	  String euTSLUrl = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "EUTSLUrl", null);
-//	  if (StringUtils.isEmpty(euTSLUrl)) {
-//		  warn("config.39", new Object[] { "EUTSL", euTSLUrl });
-//		  return null;
-//	  }
+	  String euTSLUrl = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "EUTSLUrl", null);
+	  if (StringUtils.isEmpty(euTSLUrl)) {
+		  euTSLUrl = TSLConfiguration.DEFAULT_EU_TSL_URL;
+		  warn("config.39", new Object[] { "EUTSL", euTSLUrl });
+	  }
 	  
 	  String updateSchedulePeriod = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "UpdateSchedule/" + CONF + "Period" , null);
 	  
@@ -1591,17 +1646,31 @@ public class ConfigurationPartsBuilder {
           return null;  
       }
       
+      File hashcache = new File(tslWorkingDir, "hashcache");
+      if (!hashcache.exists()) {
+    	  hashcache.mkdir();
+      }
+      if (!hashcache.isDirectory()) {
+    	  error("config.38", new Object[] { hashcache.getAbsolutePath() });
+          return null;  
+      }
+
+      System.setProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR", hashcache.getAbsolutePath());
+//    String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");
+//    System.out.println("Hashcache: " + hashcachedir);
+
+      debug("TSL Konfiguration - EUTSLUrl: " + euTSLUrl);
       debug("TSL Konfiguration - UpdateSchedule/Period: " + updateSchedulePeriod);
       debug("TSL Konfiguration - UpdateSchedule/StartTime: " + updateScheduleStartTime);
       debug("TSL Konfiguration - TSLWorkingDirectory: " + tslWorkingDir.getAbsolutePath());
+      debug("TSL Konfiguration - Hashcache: " + hashcache.getAbsolutePath());
       
 	  // set TSL configuration
-	  //tslconfiguration.setEuTSLUrl(euTSLUrl);
+	  tslconfiguration.setEuTSLUrl(euTSLUrl);
 	  tslconfiguration.setUpdateSchedulePeriod(Long.valueOf(updateSchedulePeriod).longValue());
 	  tslconfiguration.setUpdateScheduleStartTime(updateScheduleStartTimeDate);
 	  tslconfiguration.setWorkingDirectory(tslWorkingDir.getAbsolutePath());
-	  
-	  
+	  tslconfiguration.setWorkingDirectoryURI(workingDirectoryURI);
 	  
 	  return tslconfiguration;
   }
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
index 08478b717..2cad35763 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
@@ -361,12 +361,14 @@ public class ConfigurationProvider
       keyGroupMappings =
         builder.buildKeyGroupMappings(keyGroups, ANONYMOUS_ISSUER_SERIAL);
       
+      tslconfiguration_ = builder.getTSLConfiguration();
+      
       xadesVersion = builder.getXAdESVersion();
       defaultChainingMode = builder.getDefaultChainingMode();
       chainingModes = builder.buildChainingModes();
       useAuthorityInfoAccess_ = builder.getUseAuthorityInfoAccess();
       autoAddCertificates_ = builder.getAutoAddCertificates();
-      trustProfiles = builder.buildTrustProfiles();
+      trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory());
       distributionPoints = builder.buildDistributionPoints();
       enableRevocationChecking_ = builder.getEnableRevocationChecking();
       maxRevocationAge_ = builder.getMaxRevocationAge();
@@ -376,7 +378,7 @@ public class ConfigurationProvider
       revocationArchiveJDBCURL_ = builder.getRevocationArchiveJDBCURL();
       revocationArchiveJDBCDriverClass_ = builder.getRevocationArchiveJDBCDriverClass();
       
-      tslconfiguration_ = builder.getTSLConfiguration();
+      
       //check TSL configuration
       checkTSLConfiguration();
       
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
index 1b5f4473d..21063c77f 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
@@ -41,6 +41,8 @@ public class TrustProfile {
   private String signerCertsUri;
   /** Defines if Trustprofile makes use of EU TSL*/
   private boolean tslEnabled;
+  /** The original URI (out of the configuration) giving the location of the trust profile (used when TSL is enabled) */
+  private String uriOrig;
   /** The countries given */  
   private String countries;
   /** */
@@ -80,6 +82,15 @@ public class TrustProfile {
   public String getUri() {
     return uri;
   }
+  
+  /**
+   * Return the original URI of this <code>TrustProfile</code>.
+   * 
+   * @return The original URI of <code>TrustProfile</code>.
+   */
+  public String getUriOrig() {
+    return uriOrig;
+  }
 
   /**
    * Return the URI giving the location of the allowed signer certificates
@@ -108,20 +119,14 @@ public class TrustProfile {
 		  return countries;
   }
   
+     
   /**
-   * Return the old certificates (from previous TSL update) to be removed from the truststore before performing a new TSL update
-   * @return The old certificates (from previous TSL update) to be removed from the truststore before performing a new TSL update
+   * Sets the original URI of this <code>TrustProfile</code>.
+   * 
+   * @return The original URI of <code>TrustProfile</code>.
    */
-  public X509Certificate[] getCertficatesToBeRemoved() {
-	  return certificatesToBeRemoved;
+  public void setUriOrig(String uriOrig) {
+    this.uriOrig = uriOrig;
   }
   
-  /**
-   * Sets the old certificates (from previous TSL update) to be removed from the truststore before performing a new TSL update
-   * @param certificates The old certificates (from previous TSL update) to be removed from the truststore before performing a new TSL update
-   */
-  public void setCertificatesToBeRemoved(X509Certificate[] certificates) {
-	  this.certificatesToBeRemoved = new X509Certificate[certificates.length];
-	  this.certificatesToBeRemoved = certificates;
-  }
 }
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
index c9b76dd7e..3640dc23f 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
@@ -31,15 +31,12 @@ import iaik.server.ConfigurationData;
 import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;
 import iaik.xml.crypto.tsl.ex.TSLSearchException;
 
-import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.security.cert.CertificateException;
-import java.util.ArrayList;
 import java.util.Calendar;
 import java.util.Date;
 import java.util.GregorianCalendar;
-import java.util.Iterator;
 import java.util.Timer;
 
 import at.gv.egovernment.moa.logging.LogMsg;
@@ -125,6 +122,7 @@ public class SystemInitializer {
 
       //initialize TSL module
       TSLConfiguration tslconfig = config.getTSLConfiguration();
+      
       TSLConnector tslconnector = new TSLConnector();
       if (tslconfig != null) {
     	  //Logger.info(new LogMsg(msg.getMessage("init.01", null)));
@@ -133,10 +131,14 @@ public class SystemInitializer {
   		  
       }
       
+//      System.out.println("Hashcache 1: " + BinaryHashCache.DIR);
+      
       //start TSL Update
       TSLUpdaterTimerTask.tslconnector_ = tslconnector;
       TSLUpdaterTimerTask.update();
     	
+//      System.out.println("Hashcache 2: " + BinaryHashCache.DIR);
+      
       //initialize TSL Update Task
       initTSLUpdateTask(tslconfig);
 
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index 00f96f205..6aa34573e 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -58,6 +58,7 @@ import at.gv.egovernment.moa.spss.server.logging.TransactionId;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
 import at.gv.egovernment.moa.spss.tsl.timer.TSLUpdaterTimerTask;
+import at.gv.egovernment.moa.spss.util.CertificateUtils;
 import at.gv.egovernment.moa.spss.util.MessageProvider;
 
 /**
@@ -191,12 +192,61 @@ public class CMSSignatureVerificationInvoker {
 
       for (resultIter = results.iterator(); resultIter.hasNext();) {
         result = (CMSSignatureVerificationResult) resultIter.next();
+        boolean sscdSourceTSL = false;
+        boolean qcSourceTSL = false;
         
+        boolean checkQC = false;
+        boolean checkSSCD = false;
+        
+        List chain = result.getCertificateValidationResult().getCertificateChain();
         // check QC and SSCD via TSL (if enabled)
-        boolean checkQCFromTSL = checkQC(trustProfile.isTSLEnabled(), result.getCertificateValidationResult().getCertificateChain());
-	    boolean checkSSCDFromTSL = checkSSCD(trustProfile.isTSLEnabled(), result.getCertificateValidationResult().getCertificateChain());;
+        boolean checkQCFromTSL = checkQC(trustProfile.isTSLEnabled(), chain);
+	    boolean checkSSCDFromTSL = checkSSCD(trustProfile.isTSLEnabled(), chain);
+        
+	    if (!checkSSCDFromTSL) {
+	        
+        	boolean checkQCPPlus = CertificateUtils.checkQCPPlus((X509Certificate)chain.get(0));
+	        boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD((X509Certificate)chain.get(0));
+	        
+	        if (checkQCPPlus)
+	        	checkSSCD = true;
+	        if (checkQcEuSSCD)
+	        	checkSSCD = true;
+	        
+        	sscdSourceTSL = false;
+        	
+        	System.out.println("checkSSCDFromTSL: " + checkSSCDFromTSL);
+          	System.out.println("checkQCPPlus: " + checkQCPPlus);
+          	System.out.println("checkQcEuSSCD: " + checkQcEuSSCD);
+        }
+        else {
+        	checkSSCD = true;
+        	sscdSourceTSL = true;
+        }
+        
+        if (!checkQCFromTSL) {
+	        
+        	boolean checkQCP = CertificateUtils.checkQCP((X509Certificate)chain.get(0));
+	        boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance((X509Certificate)chain.get(0));
+	        
+	        if (checkQCP)
+	        	checkQC = true;
+	        if (checkQcEuCompliance)
+	        	checkQC = true;
+	        
+        	qcSourceTSL = false;
+        	
+        	System.out.println("checkQCFromTSL: " + checkQCFromTSL);
+	        System.out.println("checkQCP: " + checkQCP);
+	        System.out.println("checkQcEuCompliance: " + checkQcEuCompliance);
+        }
+        else {
+        	checkQC = true;
+        	qcSourceTSL = true;
+        }
+        
         
-        responseBuilder.addResult(result, trustProfile, checkQCFromTSL, checkSSCDFromTSL);
+        responseBuilder.addResult(result, trustProfile, checkQC, qcSourceTSL, checkSSCD, sscdSourceTSL);
       }
     } else {
       int i;
@@ -207,12 +257,64 @@ public class CMSSignatureVerificationInvoker {
         try {
           result =
             (CMSSignatureVerificationResult) results.get(signatories[i] - 1);
+          boolean sscdSourceTSL = false;
+          boolean qcSourceTSL = false;
+          
+          boolean checkQC = false;
+          boolean checkSSCD = false;
+          
+          List chain = result.getCertificateValidationResult().getCertificateChain();
           // check QC and SSCD via TSL (if enabled)
-          boolean checkQCFromTSL = checkQC(trustProfile.isTSLEnabled(), result.getCertificateValidationResult().getCertificateChain());
-  	      boolean checkSSCDFromTSL = checkSSCD(trustProfile.isTSLEnabled(), result.getCertificateValidationResult().getCertificateChain());;
+          boolean checkQCFromTSL = checkQC(trustProfile.isTSLEnabled(), chain);
+          boolean checkSSCDFromTSL = checkSSCD(trustProfile.isTSLEnabled(), chain);
+          
+  	    if (!checkSSCDFromTSL) {
+  	        
+          	boolean checkQCPPlus = CertificateUtils.checkQCPPlus((X509Certificate)chain.get(0));
+  	        boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD((X509Certificate)chain.get(0));
+  	        
+  	        if (checkQCPPlus)
+  	        	checkSSCD = true;
+  	        if (checkQcEuSSCD)
+  	        	checkSSCD = true;
+  	        
+          	sscdSourceTSL = false;
+          	
+          	System.out.println("checkSSCDFromTSL: " + checkSSCDFromTSL);
+          	System.out.println("checkQCPPlus: " + checkQCPPlus);
+          	System.out.println("checkQcEuSSCD: " + checkQcEuSSCD);
+          }
+          else {
+          	checkSSCD = true;
+          	sscdSourceTSL = true;
+          }
+          
+          if (!checkQCFromTSL) {
+  	        
+          	boolean checkQCP = CertificateUtils.checkQCP((X509Certificate)chain.get(0));
+  	        boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance((X509Certificate)chain.get(0));
+  	        
+  	        if (checkQCP)
+  	        	checkQC = true;
+  	        if (checkQcEuCompliance)
+  	        	checkQC = true;
+  	        
+          	qcSourceTSL = false;
+          	
+	        System.out.println("checkQCFromTSL: " + checkQCFromTSL);
+	        System.out.println("checkQCP: " + checkQCP);
+	        System.out.println("checkQcEuCompliance: " + checkQcEuCompliance);
 
-  	    
-          responseBuilder.addResult(result, trustProfile, checkQCFromTSL, checkSSCDFromTSL);
+          }
+          else {
+          	checkQC = true;
+          	qcSourceTSL = true;
+          }
+            
+  	        
+	        
+          
+          responseBuilder.addResult(result, trustProfile, checkQC, qcSourceTSL, checkSSCD, sscdSourceTSL);
         } catch (IndexOutOfBoundsException e) {
           throw new MOAApplicationException(
             "2249",
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
index 605716d5b..f44cce62a 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
@@ -73,13 +73,14 @@ public class VerifyCMSSignatureResponseBuilder {
    * @param trustprofile The actual trustprofile
    * @param checkQCFromTSL <code>true</code>, if the TSL check verifies the 
    * 		certificate as qualified, otherwise <code>false</code>.
-   * @param checkSSCDFromTSL <code>true</code>, if the TSL check verifies the 
+   * @param checkSSCD <code>true</code>, if the TSL check verifies the 
    * 		signature based on a SSDC, otherwise <code>false</code>.
+   * @param sscdSourceTSL <code>true</code>, if the SSCD information comes from the TSL, 
+   * 		otherwise <code>false</code>.
  * @throws MOAException 
    */
-  public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQCFromTSL, boolean checkSSCDFromTSL)
+  public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL)
     throws MOAException {
-
 	  
     CertificateValidationResult certResult =
       result.getCertificateValidationResult();
@@ -92,27 +93,18 @@ public class VerifyCMSSignatureResponseBuilder {
     CheckResult signatureCheck;
     CheckResult certificateCheck;
 
-    boolean qualifiedCertificate = false;
-    
-    // verify qualified certificate checks (certificate or TSL)
-    if (trustProfile.isTSLEnabled()) {
-    	// take TSL result
-    	qualifiedCertificate = checkQCFromTSL;  
-    }
-    else {
-    	// take result from certificate
-    	qualifiedCertificate = certResult.isQualifiedCertificate();
-    }
+    boolean qualifiedCertificate = checkQC;
     
     // add SignerInfo element
     signerInfo =
       factory.createSignerInfo(
         (X509Certificate) certResult.getCertificateChain().get(0),
         qualifiedCertificate,
+        qcSourceTSL,
         certResult.isPublicAuthorityCertificate(),
         certResult.getPublicAuthorityID(),
-        checkSSCDFromTSL);
-    
+        checkSSCD,
+        sscdSourceTSL);
 
     // add SignatureCheck element
     signatureCheck = factory.createCheckResult(signatureCheckCode, null);
@@ -120,9 +112,6 @@ public class VerifyCMSSignatureResponseBuilder {
     // add CertificateCheck element
     certificateCheck = factory.createCheckResult(certificateCheckCode, null);
     
-    
-   
-
     // build the response element
     responseElement =
       factory.createVerifyCMSSignatureResponseElement(
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
index 755ca82b6..4fdb1eeb7 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
@@ -125,10 +125,12 @@ public class VerifyXMLSignatureResponseBuilder {
    * @param transformsSignatureManifestCheck The overall result for the signature 
    *        manifest check.
    * @param certificateCheck The overall result for the certificate check.
-   * @param checkQCFromTSL <code>true</code>, if the TSL check verifies the 
-   * 		certificate as qualified, otherwise <code>false</code>.
-   * @param checkSSCDFromTSL <code>true</code>, if the TSL check verifies the 
-   * 		signature based on a SSDC, otherwise <code>false</code>.
+   * @param checkQC <code>true</code>, if the certificate is QC, otherwise <code>false</code>.
+   * @param qcSourceTSL <code>true</code>, if the QC information comes from the TSL, 
+   * 		otherwise <code>false</code>.
+   * @param checkSSCD <code>true</code>, if the signature is created by an SSCD, otherwise <code>false</code>.
+   * @param sscdSourceTSL <code>true</code>, if the SSCD information comes from the TSL, 
+   * 		otherwise <code>false</code>.
    * @throws MOAApplicationException An error occurred adding the result.
    */
   public void setResult(
@@ -136,8 +138,10 @@ public class VerifyXMLSignatureResponseBuilder {
     XMLSignatureVerificationProfile profile,
     ReferencesCheckResult transformsSignatureManifestCheck,
     CheckResult certificateCheck, 
-    boolean checkQCFromTSL,
-    boolean checkSSCDFromTSL,
+    boolean checkQC,
+    boolean qcSourceTSL,
+    boolean checkSSCD,
+    boolean sscdSourceTSL,
     boolean isTSLEnabledTrustprofile)
     throws MOAApplicationException {
 
@@ -152,24 +156,18 @@ public class VerifyXMLSignatureResponseBuilder {
 
     boolean qualifiedCertificate = false;
     
-    // verify qualified certificate checks (certificate or TSL)
-    if (isTSLEnabledTrustprofile) {
-    	// take TSL result
-    	qualifiedCertificate = checkQCFromTSL;  
-    }
-    else {
-    	// take result from certificate
-    	qualifiedCertificate = certResult.isQualifiedCertificate();
-    }
+    qualifiedCertificate = checkQC;
     
     // create the SignerInfo;
     signerInfo =
       factory.createSignerInfo(
         (X509Certificate) certResult.getCertificateChain().get(0),
         qualifiedCertificate,
+        qcSourceTSL,
         certResult.isPublicAuthorityCertificate(),
         certResult.getPublicAuthorityID(),
-        checkSSCDFromTSL);
+        checkSSCD,
+        sscdSourceTSL);
 
     // Create HashInputData Content objects
     referenceDataList = result.getReferenceDataList();
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
index f3ac72520..c3cc8bfe8 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
@@ -24,7 +24,10 @@
 
 package at.gv.egovernment.moa.spss.server.invoke;
 
+import at.gv.egovernment.moa.spss.util.CertificateUtils;
+
 import iaik.ixsil.exceptions.URIException;
+
 import iaik.ixsil.util.URI;
 import iaik.server.modules.IAIKException;
 import iaik.server.modules.IAIKRuntimeException;
@@ -208,8 +211,11 @@ public class XMLSignatureVerificationInvoker {
         requestElement);
     }
 
-    boolean checkQCFromTSL = false;
-    boolean checkSSCDFromTSL = false;
+    boolean sscdSourceTSL = false;
+    boolean qcSourceTSL = false;
+    
+    boolean checkQC = false;
+    boolean checkSSCD = false;
     
     String tpID =  profile.getCertificateValidationProfile().getTrustStoreProfile().getId();
     ConfigurationProvider config = ConfigurationProvider.getInstance();
@@ -242,7 +248,6 @@ public class XMLSignatureVerificationInvoker {
         if (list != null) {
 	        X509Certificate[] chain = new X509Certificate[list.size()];
 	        
-	        
 	        Iterator it = list.iterator();
 	        int i = 0;
 	        while(it.hasNext()) {
@@ -250,8 +255,49 @@ public class XMLSignatureVerificationInvoker {
 	        	i++;
 	        }
 	        
-	        checkQCFromTSL = TSLUpdaterTimerTask.tslconnector_.checkQC(chain);
-	        checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain);
+	        boolean checkQCFromTSL = TSLUpdaterTimerTask.tslconnector_.checkQC(chain);
+	        boolean checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain);
+	        
+	        if (!checkSSCDFromTSL) {
+	        
+	        	boolean checkQCPPlus = CertificateUtils.checkQCPPlus(chain[0]);
+		        boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD(chain[0]);
+		        
+		        if (checkQCPPlus)
+		        	checkSSCD = true;
+		        if (checkQcEuSSCD)
+		        	checkSSCD = true;
+		        
+	        	sscdSourceTSL = false;
+	        }
+	        else {
+	        	checkSSCD = true;
+	        	sscdSourceTSL = true;
+	        }
+	        
+	        if (!checkQCFromTSL) {
+		        
+	        	boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
+		        boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
+		        
+		        if (checkQCP)
+		        	checkQC = true;
+		        if (checkQcEuCompliance)
+		        	checkQC = true;
+		        
+	        	qcSourceTSL = false;
+	        }
+	        else {
+	        	checkQC = true;
+	        	qcSourceTSL = true;
+	        }
+	        
+//	        System.out.println("chain[0]: " + chain[0]);
+//	        
+//	        System.out.println("checkQCFromTSL: " + checkQCFromTSL);
+//	        System.out.println("checkSSCDFromTSL: " + checkSSCDFromTSL);
+//	        System.out.println("checkQCPPlus: " + checkQCPPlus);
+//	        System.out.println("checkQcEuSSCD: " + checkQcEuSSCD);
         }
       } 
     }
@@ -278,9 +324,14 @@ public class XMLSignatureVerificationInvoker {
     // Check if signer certificate is in trust profile's allowed signer certificates pool
     TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId());
     CheckResult certificateCheck = validateSignerCertificate(result, trustProfile);
-   
+
+//    System.out.println("checkQC: " + checkQC);
+//    System.out.println("qcSourceTSL: " + qcSourceTSL);
+//    System.out.println("checkSSCD: " + checkSSCD);
+//    System.out.println("sscdSourceTSL: " + sscdSourceTSL);
+
     // build the response
-    responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck, checkQCFromTSL, checkSSCDFromTSL, tp.isTSLEnabled());
+    responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck, checkQC, qcSourceTSL, checkSSCD, sscdSourceTSL, tp.isTSLEnabled());
 
     return responseBuilder.getResponse();
   }
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java
index 2e4af2817..49f715cb8 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java
@@ -88,23 +88,20 @@ public class TSLConnector implements TSLConnectorInterface {
 		
 		if (Configurator.is_isInitialised() == false)
 			new TSLEngineFatalException("The TSL Engine is not initialized!");
-	
-		//TODO: clean hascash and TLS Download folder	
-		String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");
-		
-		if (hashcachedir==null)
-			hashcachedir = DEFAULT_HASHCACHE_DIR;
-				
+
 		String tsldownloaddir = Configurator.get_TSLWorkingDirectoryPath() + "TslDownload";
 		
-		File hashcachefile = new File(hashcachedir);
-				
-			
-		File[] filelist = hashcachefile.listFiles();
-		if (filelist != null) {
-			for (File f : filelist)
-				f.delete();
-		}
+//		String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");
+//		System.out.println("hashcachedir: " + hashcachedir);
+//		if (hashcachedir==null)
+//			hashcachedir = DEFAULT_HASHCACHE_DIR;
+
+//		File hashcachefile = new File(hashcachedir);
+//		File[] filelist = hashcachefile.listFiles();
+//		if (filelist != null) {
+//			for (File f : filelist)
+//				f.delete();
+//		}
 	
 		File tsldownloadfile = new File(tsldownloaddir);
 		if (!tsldownloadfile.exists()) {
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
index c365a1121..76be8217a 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
@@ -33,6 +33,7 @@ import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStorePro
 import at.gv.egovernment.moa.spss.server.logging.TransactionId;
 import at.gv.egovernment.moa.spss.tsl.connector.TSLConnector;
 import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.StringUtils;
 
 
@@ -130,7 +131,14 @@ public class TSLUpdaterTimerTask extends TimerTask {
 					// create store updater for each TSL enabled truststore 
 					Logger.debug(new LogMsg(msg.getMessage("config.45", null)));
 					StoreUpdater storeUpdater = new StoreUpdater(certStoreParameters, trustStoreProfiles, tid);
+					
 		            
+					// delete files in trustprofile
+					File ftp = new File(tp.getUri());
+					File[] files = ftp.listFiles();
+					for (File file : files) 
+			              file.delete();   
+					
 					// convert ArrayList<File> to X509Certificate[]										
 					X509Certificate[] addCertificates = new X509Certificate[tsl_certs.size()];
 					Iterator itcert = tsl_certs.iterator();
@@ -143,20 +151,18 @@ public class TSLUpdaterTimerTask extends TimerTask {
 						i++;
 					}
 					
-					// get certificates to be removed
-					X509Certificate[] removeCertificates = tp.getCertficatesToBeRemoved();
-					
-										
-					//Logger.debug(new LogMsg(msg.getMessage("config.44", null)));	
-					Logger.debug(new LogMsg("Remove " + removeCertificates.length + " certificates."));
-					storeUpdater.removeCertificatesFromTrustStores(removeCertificates, tid);
-					
 					
+					// copy files from original trustAnchorsLocURI into tslworking trust profile
+			    	File src = new File(tp.getUriOrig());
+			    	files = src.listFiles();                    
+			        for (File file : files) { 
+			            FileUtils.copyFile(file, new File(tp.getUri(), file.getName()));  
+			        } 
+			          
 					Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));
 					storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
+					storeUpdater.addCertificatesToCertStores(addCertificates, tid);
 		
-					// set the certifcates to be removed for the next TSL update
-					tp.setCertificatesToBeRemoved(addCertificates);
 		            
 				}
 			}
diff --git a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
index 1a6e54089..e4ee607c0 100644
--- a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
+++ b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
@@ -158,6 +158,7 @@ config.45=Create store updater
 config.46=Start periodical TSL update task at {0} and then every {1} milliseconds
 config.48=No whitelisted URIs given.
 config.49=Whitelisted URI: {0}.
+config.50=Fehler beim Erstellen des TSL Vertrauensprofils: Das Verzeichnis ({0}) ist kein Verzeichnis.
 
 handler.00=Starte neue Transaktion: TID={0}, Service={1}
 handler.01=Aufruf von Adresse={0}
diff --git a/spss/server/serverws/.settings/org.eclipse.wst.common.component b/spss/server/serverws/.settings/org.eclipse.wst.common.component
index 1b3789e29..c325a5007 100644
--- a/spss/server/serverws/.settings/org.eclipse.wst.common.component
+++ b/spss/server/serverws/.settings/org.eclipse.wst.common.component
@@ -6,11 +6,9 @@
         <dependent-module archiveName="moa-common-1.5.2.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
             <dependency-type>uses</dependency-type>
         </dependent-module>
-    <property name="java-output-path" value="/target/classes"/>
-        <property name="context-root" value="moa-spss"/>
-    <wb-resource deploy-path="/WEB-INF/classes" source-path="src/main/java"/>
-        <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/java"/>
         <wb-resource deploy-path="/" source-path="/target/m2e-wtp/web-resources"/>
         <wb-resource deploy-path="/" source-path="/src/main/webapp" tag="defaultRootSource"/>
+    <property name="java-output-path" value="/target/classes"/>
+        <property name="context-root" value="moa-spss"/>
   </wb-module>
 </project-modules>
diff --git a/spss/server/serverws/pom.xml b/spss/server/serverws/pom.xml
index c61d1ae2b..101b16882 100644
--- a/spss/server/serverws/pom.xml
+++ b/spss/server/serverws/pom.xml
@@ -68,6 +68,42 @@
 			<groupId>iaik.prod</groupId>
 			<artifactId>iaik_ixsil</artifactId>
 		</dependency>
+        <dependency>
+			<groupId>iaik.prod</groupId>
+			<artifactId>iaik_tsl</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>log4j</groupId>
+			<artifactId>log4j</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>iaik.prod</groupId>
+			<artifactId>iaik_util</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>iaik.prod</groupId>
+			<artifactId>iaik_xsect</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>javax.xml.bind</groupId>
+    		<artifactId>jaxb-api</artifactId>
+  		</dependency>
+		<dependency>
+			<groupId>com.sun.xml.bind</groupId>
+			<artifactId>jaxb-impl</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.xerial</groupId>
+		  	<artifactId>sqlite-jdbc</artifactId>
+  		</dependency>
+		<dependency>
+			<groupId>iaik.prod</groupId>
+		  	<artifactId>iaik_jsse</artifactId>
+  		</dependency>		
+		<dependency>
+			<groupId>iaik.prod</groupId>
+			<artifactId>iaik_util</artifactId>
+		</dependency>
         <!-- transitive dependencies we don't want to include into the war -->
         <dependency>
             <groupId>iaik.prod</groupId>
diff --git a/spss/server/tools/.classpath b/spss/server/tools/.classpath
index 21bdbd0bc..3922cc795 100644
--- a/spss/server/tools/.classpath
+++ b/spss/server/tools/.classpath
@@ -1,16 +1,14 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <classpath>
-	<classpathentry including="**/*.java" kind="src" path="src/main/java"/>
-	<classpathentry excluding="**/*.java" kind="src" path="src/main/resources"/>
-	<classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar"/>
-	<classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.jar"/>
-	<classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_ecc/2.19/iaik_ecc-2.19.jar"/>
-	<classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
-	<classpathentry kind="var" path="M2_REPO/xalan-bin-dist/xalan/2.7.0/xalan-2.7.0.jar"/>
-	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.7">
-		<attributes>
-			<attribute name="owner.project.facets" value="java"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="output" path="target/classes"/>
-</classpath>
+  <classpathentry kind="src" path="src/main/java" including="**/*.java"/>
+  <classpathentry kind="src" path="src/main/resources" excluding="**/*.java"/>
+  <classpathentry kind="output" path="target/classes"/>
+  <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
+  <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_moa/1.5/iaik_moa-1.5.jar"/>
+  <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_jce_full/5.101/iaik_jce_full-5.101.jar"/>
+  <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_ecc/2.19/iaik_ecc-2.19.jar"/>
+  <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
+  <classpathentry kind="var" path="M2_REPO/xalan-bin-dist/xalan/2.7.1/xalan-2.7.1.jar"/>
+  <classpathentry kind="var" path="M2_REPO/xalan/serializer/2.7.1/serializer-2.7.1.jar"/>
+  <classpathentry kind="var" path="M2_REPO/xml-apis/xml-apis/1.3.04/xml-apis-1.3.04.jar"/>
+</classpath>
\ No newline at end of file
diff --git a/spss/server/tools/.settings/org.eclipse.jdt.core.prefs b/spss/server/tools/.settings/org.eclipse.jdt.core.prefs
index c788ee346..1cd6f082c 100644
--- a/spss/server/tools/.settings/org.eclipse.jdt.core.prefs
+++ b/spss/server/tools/.settings/org.eclipse.jdt.core.prefs
@@ -1,8 +1,9 @@
+#Mon Aug 05 10:52:30 CEST 2013
+org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
+org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
 eclipse.preferences.version=1
 org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.7
-org.eclipse.jdt.core.compiler.compliance=1.7
+org.eclipse.jdt.core.compiler.source=1.5
 org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
-org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
-org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
-org.eclipse.jdt.core.compiler.source=1.7
+org.eclipse.jdt.core.compiler.compliance=1.5
-- 
cgit v1.2.3


From 5b697c424d24a7523dccd210454d029368e34898 Mon Sep 17 00:00:00 2001
From: Klaus Stranacher <kstranacher@iaik.tugraz.at>
Date: Wed, 21 Aug 2013 13:12:26 +0200
Subject: Update QC/SSCD check WSDL location updated

---
 .../resources/data/deploy/tomcat/unix/moa-env.sh   |   5 +-
 .../data/deploy/tomcat/win32/startTomcat.bat       |   5 +-
 .../gv/egovernment/moa/spss/api/SPSSFactory.java   |   4 +-
 .../moa/spss/api/common/SignerInfo.java            |   6 +-
 .../moa/spss/api/impl/SPSSFactoryImpl.java         |   4 +-
 .../moa/spss/api/impl/SignerInfoImpl.java          |  10 +
 .../moa/spss/api/xmlbind/ResponseBuilderUtils.java |  20 +-
 .../xmlbind/VerifyCMSSignatureResponseBuilder.java |   4 +-
 .../xmlbind/VerifyXMLSignatureResponseBuilder.java |   3 +-
 .../server/config/ConfigurationPartsBuilder.java   |   9 -
 .../moa/spss/server/init/SystemInitializer.java    |  10 +-
 .../invoke/CMSSignatureVerificationInvoker.java    | 209 ++------
 .../invoke/VerifyCMSSignatureResponseBuilder.java  |   5 +-
 .../invoke/VerifyXMLSignatureResponseBuilder.java  |   6 +-
 .../invoke/XMLSignatureVerificationInvoker.java    | 104 +---
 .../moa/spss/tsl/connector/TSLConnector.java       | 252 ++++++++++
 .../moa/spss/tsl/timer/TSLUpdaterTimerTask.java    | 200 ++++----
 .../moa/spss/util/CertificateUtils.java            | 286 +++++++++++
 .../gv/egovernment/moa/spss/util/QCSSCDResult.java |  37 ++
 spss/server/serverws/pom.xml                       |   3 +-
 .../serverws/resources/wsdl/MOA-SPSS-1.5.2.wsdl    | 128 -----
 .../serverws/resources/wsdl/MOA-SPSS-1.5.2.xsd     | 551 ---------------------
 .../src/main/webapp/WEB-INF/server-config.wsdd     |   8 +-
 23 files changed, 813 insertions(+), 1056 deletions(-)
 create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
 create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/QCSSCDResult.java
 delete mode 100644 spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.wsdl
 delete mode 100644 spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.xsd

(limited to 'spss/server')

diff --git a/spss/server/serverlib/resources/data/deploy/tomcat/unix/moa-env.sh b/spss/server/serverlib/resources/data/deploy/tomcat/unix/moa-env.sh
index 6d5be35c0..f114a40f8 100644
--- a/spss/server/serverlib/resources/data/deploy/tomcat/unix/moa-env.sh
+++ b/spss/server/serverlib/resources/data/deploy/tomcat/unix/moa-env.sh
@@ -3,14 +3,11 @@ MOA_START=`pwd`
 CONFIG_OPT=-Dmoa.spss.server.configuration=$MOA_START/conf/moa-spss/spss.config.xml
 LOGGING_OPT=-Dlog4j.configuration=file:$MOA_START/conf/moa-spss/log4j.properties
 
-# Hashcache Parameter für TSL Unterstuetzung bei MOA-SP
-#PARAM_HASHCACHE=-Diaik.xml.crypto.tsl.BinaryHashCache.DIR=$MOA_START/conf/moa-spss/hashcache/
-
 # NODE_ID_OPT=-Dmoa.node-id=node1
 # TRUST_STORE_OPT=-Djavax.net.ssl.trustStore=truststore.jks
 # TRUST_STORE_PASS_OPT=-Djavax.net.ssl.trustStorePassword=changeit
 # TRUST_STORE_TYPE_OPT=-Djavax.net.ssl.trustStoreType=jks
 
-export CATALINA_OPTS="$CONFIG_OPT $LOGGING_OPT $NODE_ID_OPT $PARAM_HASHCACHE $TRUST_STORE_OPT $TRUST_STORE_PASS_OPT $TRUST_STORE_TYPE_OPT"
+export CATALINA_OPTS="$CONFIG_OPT $LOGGING_OPT $NODE_ID_OPT $TRUST_STORE_OPT $TRUST_STORE_PASS_OPT $TRUST_STORE_TYPE_OPT"
 
 echo CATALINA_OPTS=$CATALINA_OPTS
diff --git a/spss/server/serverlib/resources/data/deploy/tomcat/win32/startTomcat.bat b/spss/server/serverlib/resources/data/deploy/tomcat/win32/startTomcat.bat
index 729bddbf3..de36fd5c4 100644
--- a/spss/server/serverlib/resources/data/deploy/tomcat/win32/startTomcat.bat
+++ b/spss/server/serverlib/resources/data/deploy/tomcat/win32/startTomcat.bat
@@ -15,10 +15,7 @@ set PARAM_SPSSCONFIG=-Dmoa.spss.server.configuration=%MOA_SPSS_CFG_HOME%\spss.co
 set PARAM_LOGGING=-Dlog4j.configuration=file:%MOA_SPSS_CFG_HOME%\log4j.properties
 set PARAM_NODEID=-Dmoa.node-id=Node1
 
-rem Hashcache Parameter für TSL Unterstuetzung bei MOA-SP
-rem set PARAM_HASHCACHE=-Diaik.xml.crypto.tsl.BinaryHashCache.DIR=%MOA_SPSS_CFG_HOME%\hashcache\
-
-set PARAMS_MOA=%PARAM_SPSSCONFIG% %PARAM_LOGGING% %PARAM_NODEID% %PARAM_HASHCACHE%
+set PARAMS_MOA=%PARAM_SPSSCONFIG% %PARAM_LOGGING% %PARAM_NODEID%
 
 rem set PARAM_TRUST_STORE=-Djavax.net.ssl.trustStore=truststore.jks
 rem set PARAM_TRUST_STORE_PASS=-Djavax.net.ssl.trustStorePassword=changeit
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
index 80f996b36..b5cc96a04 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
@@ -1101,6 +1101,7 @@ public abstract class SPSSFactory {
    * 		signature based on a SSDC, otherwise <code>false</code>.
    * @param sscdSourceTSL <code>true</code>, if the SSCD information comes from the TSL, 
    * 		otherwise <code>false</code>.
+   * @param issuerCountryCode contains the signer certificate issuer country code.
    * @return The <code>SignerInfo</code> containing the above data.
    * 
    * @pre signerCertSubjectName != null
@@ -1114,7 +1115,8 @@ public abstract class SPSSFactory {
     boolean publicAuthority,
     String publicAuthorityID,
     boolean sscd,
-    boolean sscdSourceTSL);
+    boolean sscdSourceTSL,
+    String issuerCountryCode);
   
   /**
    * Create a new <code>X509IssuerSerial</code> object.
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/SignerInfo.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/SignerInfo.java
index 337f775bf..777365ad3 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/SignerInfo.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/SignerInfo.java
@@ -68,7 +68,11 @@ public interface SignerInfo {
    */
   public String getQCSource();
 
-  
+  /**
+   * Returns the signer certificate issuer country code
+   * @return
+   */
+  public String getIssuerCountryCode();
   /**
    * Checks, whether the certificate contained in this object is a 
    * public authority certificate.
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
index 74f65cb70..8e3bb7636 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
@@ -626,7 +626,8 @@ public class SPSSFactoryImpl extends SPSSFactory {
     boolean publicAuthority,
     String publicAuthorityID, 
     boolean sscd,
-    boolean sscdSourceTSL) {
+    boolean sscdSourceTSL,
+    String issuerCountryCode) {
     SignerInfoImpl signerInfo = new SignerInfoImpl();
     signerInfo.setSignerCertificate(signerCertificate);
     signerInfo.setQualifiedCertificate(qualifiedCertificate);
@@ -635,6 +636,7 @@ public class SPSSFactoryImpl extends SPSSFactory {
     signerInfo.setPublicAuhtorityID(publicAuthorityID);
     signerInfo.setSSCD(sscd);
     signerInfo.setSSCDSourceTSL(sscdSourceTSL);
+    signerInfo.setIssuerCountryCode(issuerCountryCode);
     return signerInfo;
   }
 
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java
index 5d26397c5..7a108e8a4 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java
@@ -56,6 +56,9 @@ public class SignerInfoImpl implements SignerInfo {
   /** Determines, if the QC check bases upon on TSL */
   private boolean qcSourceTSL;
   
+  /** The certificate issuer country code */
+  private String issuerCountryCode;
+  
   /**
   * Sets the signer certificate.
   * 
@@ -118,6 +121,13 @@ public class SignerInfoImpl implements SignerInfo {
 		  return "Certificate";
   }
   
+  public void setIssuerCountryCode(String issuerCountryCode) {
+	    this.issuerCountryCode = issuerCountryCode;
+  }
+	  public String getIssuerCountryCode() {
+		    return issuerCountryCode;
+	  }
+	  
   /**
    * Sets, whether the certificate contained in this object is an 
    * e-government certificate or not.
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
index 505303bc1..2e2afaf7c 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
@@ -121,7 +121,8 @@ class ResponseBuilderUtils {
     boolean isPublicAuthority,
     String publicAuthorityID,
     boolean isSSCD,
-    String sscdSource)
+    String sscdSource,
+    String issuerCountryCode)
     throws MOAApplicationException {
 
     Element signerInfoElem = response.createElementNS(MOA_NS_URI, "SignerInfo");
@@ -147,6 +148,12 @@ class ResponseBuilderUtils {
             isSSCD
               ? response.createElementNS(MOA_NS_URI, "SecureSignatureCreationDevice")
               : null;
+    Element issuerCountryCodeElem = null;
+    if (issuerCountryCode != null) {
+    	issuerCountryCodeElem = response.createElementNS(MOA_NS_URI, "IssuerCountryCode");
+    	issuerCountryCodeElem.setTextContent(issuerCountryCode);    	
+    }
+              
     Element publicAuthorityElem =
       isPublicAuthority
         ? response.createElementNS(MOA_NS_URI, "PublicAuthority")
@@ -184,8 +191,10 @@ class ResponseBuilderUtils {
     x509DataElem.appendChild(x509IssuerSerialElem);
     x509DataElem.appendChild(x509CertificateElem);
     if (isQualified) {
-    	qualifiedCertificateElem.setAttributeNS(MOA_NS_URI, "Source", qcSource);
-      x509DataElem.appendChild(qualifiedCertificateElem);
+    	if (qcSource.compareToIgnoreCase("TSL") == 0)
+    		qualifiedCertificateElem.setAttributeNS(MOA_NS_URI, "Source", qcSource);
+    	
+    	x509DataElem.appendChild(qualifiedCertificateElem);
     }
     if (isPublicAuthority) {
       x509DataElem.appendChild(publicAuthorityElem);
@@ -195,9 +204,12 @@ class ResponseBuilderUtils {
       }
     }
     if (isSSCD) {
-    	sscdElem.setAttributeNS(MOA_NS_URI, "Source", sscdSource);
+   		sscdElem.setAttributeNS(MOA_NS_URI, "Source", sscdSource);
         x509DataElem.appendChild(sscdElem);
       }
+    if (issuerCountryCodeElem != null)
+    	x509DataElem.appendChild(issuerCountryCodeElem);
+    
     signerInfoElem.appendChild(x509DataElem);
     root.appendChild(signerInfoElem);
   }
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
index 238875351..b11560b28 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
@@ -99,7 +99,6 @@ public class VerifyCMSSignatureResponseBuilder {
     CheckResult signatureCheck = responseElement.getSignatureCheck();
     CheckResult certCheck = responseElement.getCertificateCheck();
     
-    //TODO
     ResponseBuilderUtils.addSignerInfo(
       responseDoc,
       responseElem,
@@ -109,7 +108,8 @@ public class VerifyCMSSignatureResponseBuilder {
       signerInfo.isPublicAuthority(),
       signerInfo.getPublicAuhtorityID(),
       signerInfo.isSSCD(),
-      signerInfo.getSSCDSource());
+      signerInfo.getSSCDSource(),
+      signerInfo.getIssuerCountryCode());
 
     ResponseBuilderUtils.addCodeInfoElement(
       responseDoc,
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
index 8673fba1c..dd4e13ad9 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
@@ -100,7 +100,8 @@ public class VerifyXMLSignatureResponseBuilder {
       response.getSignerInfo().isPublicAuthority(),
       response.getSignerInfo().getPublicAuhtorityID(),
       response.getSignerInfo().isSSCD(),
-      response.getSignerInfo().getSSCDSource());
+      response.getSignerInfo().getSSCDSource(),
+      response.getSignerInfo().getIssuerCountryCode());
 
     // add HashInputData elements
     responseData = response.getHashInputDatas();
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index d2ee75116..0908d88c9 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -1225,7 +1225,6 @@ public class ConfigurationPartsBuilder {
     		  tp.mkdir();
     	  if (!tp.isDirectory()) {
         	  error("config.50", new Object[] { tp.getPath() });
-        	  // TODO?
           }
     	  
     	  File tpid = new File(tp, id);        	 
@@ -1233,11 +1232,8 @@ public class ConfigurationPartsBuilder {
               tpid.mkdir();
     	  if (!tpid.isDirectory()) {
         	  error("config.50", new Object[] { tpid.getPath() });
-        	  // TODO?
           }
 
-    	  
-    	  //System.out.println("tps: " + tpid.getAbsolutePath());
         	  
     	  // create profile
     	  profile = new TrustProfile(id, tpid.getAbsolutePath(), signerCertsLocStr, tslEnabled, countries);
@@ -1257,10 +1253,6 @@ public class ConfigurationPartsBuilder {
               FileUtils.copyFile(file, new File(tpid, file.getName()));  
           } 
           
-//    	  System.out.println("ID: " + id);
-//          System.out.println("Str: " + trustAnchorsLocStr);
-//          System.out.println("URI: " + trustAnchorsLocURI.toString());
-//          System.out.println("tslWorkingDir: " + tslWorkingDir);
           
       } else {
       
@@ -1698,7 +1690,6 @@ public class ConfigurationPartsBuilder {
            map.put(x509IssuerName, interval);
         }
 
-        //System.out.println("Name: " + x509IssuerName + " - Interval: " + interval);
      }
 
      return map;
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
index 3640dc23f..12d8b0126 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
@@ -119,7 +119,7 @@ public class SystemInitializer {
     try {
       ConfigurationProvider config = ConfigurationProvider.getInstance();
       ConfigurationData configData = new IaikConfigurator().configure(config);
-
+      
       //initialize TSL module
       TSLConfiguration tslconfig = config.getTSLConfiguration();
       
@@ -131,13 +131,11 @@ public class SystemInitializer {
   		  
       }
       
-//      System.out.println("Hashcache 1: " + BinaryHashCache.DIR);
       
       //start TSL Update
       TSLUpdaterTimerTask.tslconnector_ = tslconnector;
       TSLUpdaterTimerTask.update();
     	
-//      System.out.println("Hashcache 2: " + BinaryHashCache.DIR);
       
       //initialize TSL Update Task
       initTSLUpdateTask(tslconfig);
@@ -156,13 +154,13 @@ public class SystemInitializer {
     	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
     } catch (TrustStoreException e) {
     	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
-    } catch (CertificateException e) {
-    	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
     } catch (FileNotFoundException e) {
     	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
     } catch (IOException e) {
     	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
-    }
+    } catch (CertificateException e) {
+    	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
+	}
 
     // set IXSIL debug output
     IXSILInit.setPrintDebugLog(
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index 6aa34573e..7a4103957 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -60,6 +60,7 @@ import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
 import at.gv.egovernment.moa.spss.tsl.timer.TSLUpdaterTimerTask;
 import at.gv.egovernment.moa.spss.util.CertificateUtils;
 import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.spss.util.QCSSCDResult;
 
 /**
  * A class providing an interface to the
@@ -185,6 +186,8 @@ public class CMSSignatureVerificationInvoker {
       }
     }
 
+    QCSSCDResult qcsscdresult = new QCSSCDResult();
+    
     // build the response: for each signatory add the result to the response
     signatories = request.getSignatories();
     if (signatories == VerifyCMSSignatureRequest.ALL_SIGNATORIES) {
@@ -192,61 +195,28 @@ public class CMSSignatureVerificationInvoker {
 
       for (resultIter = results.iterator(); resultIter.hasNext();) {
         result = (CMSSignatureVerificationResult) resultIter.next();
-        boolean sscdSourceTSL = false;
-        boolean qcSourceTSL = false;
-        
-        boolean checkQC = false;
-        boolean checkSSCD = false;
-        
-        List chain = result.getCertificateValidationResult().getCertificateChain();
-        // check QC and SSCD via TSL (if enabled)
-        boolean checkQCFromTSL = checkQC(trustProfile.isTSLEnabled(), chain);
-	    boolean checkSSCDFromTSL = checkSSCD(trustProfile.isTSLEnabled(), chain);
-        
-	    if (!checkSSCDFromTSL) {
-	        
-        	boolean checkQCPPlus = CertificateUtils.checkQCPPlus((X509Certificate)chain.get(0));
-	        boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD((X509Certificate)chain.get(0));
-	        
-	        if (checkQCPPlus)
-	        	checkSSCD = true;
-	        if (checkQcEuSSCD)
-	        	checkSSCD = true;
-	        
-        	sscdSourceTSL = false;
-        	
-        	System.out.println("checkSSCDFromTSL: " + checkSSCDFromTSL);
-          	System.out.println("checkQCPPlus: " + checkQCPPlus);
-          	System.out.println("checkQcEuSSCD: " + checkQcEuSSCD);
-        }
-        else {
-        	checkSSCD = true;
-        	sscdSourceTSL = true;
-        }
-        
-        if (!checkQCFromTSL) {
-	        
-        	boolean checkQCP = CertificateUtils.checkQCP((X509Certificate)chain.get(0));
-	        boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance((X509Certificate)chain.get(0));
-	        
-	        if (checkQCP)
-	        	checkQC = true;
-	        if (checkQcEuCompliance)
-	        	checkQC = true;
-	        
-        	qcSourceTSL = false;
-        	
-        	System.out.println("checkQCFromTSL: " + checkQCFromTSL);
-	        System.out.println("checkQCP: " + checkQCP);
-	        System.out.println("checkQcEuCompliance: " + checkQcEuCompliance);
-        }
-        else {
-        	checkQC = true;
-        	qcSourceTSL = true;
+        String issuerCountryCode = null;
+        // QC/SSCD check
+        List list = result.getCertificateValidationResult().getCertificateChain();
+        if (list != null) {
+            X509Certificate[] chain = new X509Certificate[list.size()];
+            
+            Iterator it = list.iterator();
+            int i = 0;
+            while(it.hasNext()) {
+            	chain[i] = (X509Certificate)it.next();
+            	i++;
+            }
+            
+            
+            qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled());
+
+            // get signer certificate issuer country code
+            issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0));
+
         }
         
-        
-        responseBuilder.addResult(result, trustProfile, checkQC, qcSourceTSL, checkSSCD, sscdSourceTSL);
+        responseBuilder.addResult(result, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode);
       }
     } else {
       int i;
@@ -257,64 +227,27 @@ public class CMSSignatureVerificationInvoker {
         try {
           result =
             (CMSSignatureVerificationResult) results.get(signatories[i] - 1);
-          boolean sscdSourceTSL = false;
-          boolean qcSourceTSL = false;
           
-          boolean checkQC = false;
-          boolean checkSSCD = false;
-          
-          List chain = result.getCertificateValidationResult().getCertificateChain();
-          // check QC and SSCD via TSL (if enabled)
-          boolean checkQCFromTSL = checkQC(trustProfile.isTSLEnabled(), chain);
-          boolean checkSSCDFromTSL = checkSSCD(trustProfile.isTSLEnabled(), chain);
-          
-  	    if (!checkSSCDFromTSL) {
-  	        
-          	boolean checkQCPPlus = CertificateUtils.checkQCPPlus((X509Certificate)chain.get(0));
-  	        boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD((X509Certificate)chain.get(0));
-  	        
-  	        if (checkQCPPlus)
-  	        	checkSSCD = true;
-  	        if (checkQcEuSSCD)
-  	        	checkSSCD = true;
-  	        
-          	sscdSourceTSL = false;
-          	
-          	System.out.println("checkSSCDFromTSL: " + checkSSCDFromTSL);
-          	System.out.println("checkQCPPlus: " + checkQCPPlus);
-          	System.out.println("checkQcEuSSCD: " + checkQcEuSSCD);
-          }
-          else {
-          	checkSSCD = true;
-          	sscdSourceTSL = true;
-          }
-          
-          if (!checkQCFromTSL) {
-  	        
-          	boolean checkQCP = CertificateUtils.checkQCP((X509Certificate)chain.get(0));
-  	        boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance((X509Certificate)chain.get(0));
-  	        
-  	        if (checkQCP)
-  	        	checkQC = true;
-  	        if (checkQcEuCompliance)
-  	        	checkQC = true;
-  	        
-          	qcSourceTSL = false;
-          	
-	        System.out.println("checkQCFromTSL: " + checkQCFromTSL);
-	        System.out.println("checkQCP: " + checkQCP);
-	        System.out.println("checkQcEuCompliance: " + checkQcEuCompliance);
-
-          }
-          else {
-          	checkQC = true;
-          	qcSourceTSL = true;
+          String issuerCountryCode = null;
+          // QC/SSCD check
+          List list = result.getCertificateValidationResult().getCertificateChain();
+          if (list != null) {
+              X509Certificate[] chain = new X509Certificate[list.size()];
+              
+              Iterator it = list.iterator();
+              int j = 0;
+              while(it.hasNext()) {
+              	chain[j] = (X509Certificate)it.next();
+              	j++;
+              }
+              
+              
+              qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled());
+              
+              issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0)); 
           }
             
-  	        
-	        
-          
-          responseBuilder.addResult(result, trustProfile, checkQC, qcSourceTSL, checkSSCD, sscdSourceTSL);
+          responseBuilder.addResult(result, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode);
         } catch (IndexOutOfBoundsException e) {
           throw new MOAApplicationException(
             "2249",
@@ -326,65 +259,7 @@ public class CMSSignatureVerificationInvoker {
     return responseBuilder.getResponse();
   }
 
-  private boolean checkQC(boolean tslEnabledTrustProfile, List chainlist) {
-	  boolean checkQCFromTSL = false;
-	  try {
-          if (tslEnabledTrustProfile) {
-            if (chainlist != null) {
-    	        X509Certificate[] chain = new X509Certificate[chainlist.size()];
-    	              	        
-    	        Iterator it = chainlist.iterator();
-    	        int i = 0;
-    	        while(it.hasNext()) {
-    	        	chain[i] = (X509Certificate)it.next();
-    	        	i++;
-    	        }
-    	        
-    	        checkQCFromTSL =  TSLUpdaterTimerTask.tslconnector_.checkQC(chain);
-    	        //checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain);
-            }
-          } 
-        }
-       catch (TSLEngineDiedException e) {
-        	MessageProvider msg = MessageProvider.getInstance();
-            Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
-    	} catch (TSLSearchException e) {
-        	MessageProvider msg = MessageProvider.getInstance();
-            Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
-    	}
-    	
-    	return checkQCFromTSL;
-  }
-  
-  private boolean checkSSCD(boolean tslEnabledTrustProfile, List chainlist) {
-	  boolean checkSSCDFromTSL = false;
-	  try {
-          if (tslEnabledTrustProfile) {
-            if (chainlist != null) {
-    	        X509Certificate[] chain = new X509Certificate[chainlist.size()];
-    	              	        
-    	        Iterator it = chainlist.iterator();
-    	        int i = 0;
-    	        while(it.hasNext()) {
-    	        	chain[i] = (X509Certificate)it.next();
-    	        	i++;
-    	        }
-    	        
-    	        checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain);
-            }
-          } 
-        }
-       catch (TSLEngineDiedException e) {
-        	MessageProvider msg = MessageProvider.getInstance();
-            Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
-    	} catch (TSLSearchException e) {
-        	MessageProvider msg = MessageProvider.getInstance();
-            Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
-    	}
-    	
-    	return checkSSCDFromTSL;    	
-  }
-  
+ 
   /**
    * Get the signed content contained either in the request itself or given as a
    * reference to external data.
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
index f44cce62a..1ea10cb4e 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
@@ -79,7 +79,7 @@ public class VerifyCMSSignatureResponseBuilder {
    * 		otherwise <code>false</code>.
  * @throws MOAException 
    */
-  public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL)
+  public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode)
     throws MOAException {
 	  
     CertificateValidationResult certResult =
@@ -104,7 +104,8 @@ public class VerifyCMSSignatureResponseBuilder {
         certResult.isPublicAuthorityCertificate(),
         certResult.getPublicAuthorityID(),
         checkSSCD,
-        sscdSourceTSL);
+        sscdSourceTSL,
+        issuerCountryCode);
 
     // add SignatureCheck element
     signatureCheck = factory.createCheckResult(signatureCheckCode, null);
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
index 4fdb1eeb7..193495171 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
@@ -142,7 +142,8 @@ public class VerifyXMLSignatureResponseBuilder {
     boolean qcSourceTSL,
     boolean checkSSCD,
     boolean sscdSourceTSL,
-    boolean isTSLEnabledTrustprofile)
+    boolean isTSLEnabledTrustprofile,
+    String issuerCountryCode)
     throws MOAApplicationException {
 
     CertificateValidationResult certResult =
@@ -167,7 +168,8 @@ public class VerifyXMLSignatureResponseBuilder {
         certResult.isPublicAuthorityCertificate(),
         certResult.getPublicAuthorityID(),
         checkSSCD,
-        sscdSourceTSL);
+        sscdSourceTSL,
+        issuerCountryCode);
 
     // Create HashInputData Content objects
     referenceDataList = result.getReferenceDataList();
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
index c3cc8bfe8..c90bc534a 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
@@ -24,10 +24,7 @@
 
 package at.gv.egovernment.moa.spss.server.invoke;
 
-import at.gv.egovernment.moa.spss.util.CertificateUtils;
-
 import iaik.ixsil.exceptions.URIException;
-
 import iaik.ixsil.util.URI;
 import iaik.server.modules.IAIKException;
 import iaik.server.modules.IAIKRuntimeException;
@@ -43,8 +40,6 @@ import iaik.server.modules.xmlverify.XMLSignatureVerificationModuleFactory;
 import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile;
 import iaik.server.modules.xmlverify.XMLSignatureVerificationResult;
 import iaik.x509.X509Certificate;
-import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;
-import iaik.xml.crypto.tsl.ex.TSLSearchException;
 
 import java.io.File;
 import java.io.FileInputStream;
@@ -90,8 +85,9 @@ import at.gv.egovernment.moa.spss.server.logging.IaikLog;
 import at.gv.egovernment.moa.spss.server.logging.TransactionId;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
-import at.gv.egovernment.moa.spss.tsl.timer.TSLUpdaterTimerTask;
+import at.gv.egovernment.moa.spss.util.CertificateUtils;
 import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.spss.util.QCSSCDResult;
 import at.gv.egovernment.moa.util.CollectionUtils;
 import at.gv.egovernment.moa.util.Constants;
 
@@ -211,12 +207,7 @@ public class XMLSignatureVerificationInvoker {
         requestElement);
     }
 
-    boolean sscdSourceTSL = false;
-    boolean qcSourceTSL = false;
-    
-    boolean checkQC = false;
-    boolean checkSSCD = false;
-    
+    QCSSCDResult qcsscdresult = new QCSSCDResult();
     String tpID =  profile.getCertificateValidationProfile().getTrustStoreProfile().getId();
     ConfigurationProvider config = ConfigurationProvider.getInstance();
     TrustProfile tp = config.getTrustProfile(tpID);
@@ -242,73 +233,27 @@ public class XMLSignatureVerificationInvoker {
         MOAException moaException = IaikExceptionMapper.getInstance().map(e);
         throw moaException;
     } 
-    try {
-      if (tp.isTSLEnabled()) {
-        List list = result.getCertificateValidationResult().getCertificateChain();
-        if (list != null) {
-	        X509Certificate[] chain = new X509Certificate[list.size()];
-	        
-	        Iterator it = list.iterator();
-	        int i = 0;
-	        while(it.hasNext()) {
-	        	chain[i] = (X509Certificate)it.next();
-	        	i++;
-	        }
-	        
-	        boolean checkQCFromTSL = TSLUpdaterTimerTask.tslconnector_.checkQC(chain);
-	        boolean checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain);
-	        
-	        if (!checkSSCDFromTSL) {
-	        
-	        	boolean checkQCPPlus = CertificateUtils.checkQCPPlus(chain[0]);
-		        boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD(chain[0]);
-		        
-		        if (checkQCPPlus)
-		        	checkSSCD = true;
-		        if (checkQcEuSSCD)
-		        	checkSSCD = true;
-		        
-	        	sscdSourceTSL = false;
-	        }
-	        else {
-	        	checkSSCD = true;
-	        	sscdSourceTSL = true;
-	        }
-	        
-	        if (!checkQCFromTSL) {
-		        
-	        	boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
-		        boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
-		        
-		        if (checkQCP)
-		        	checkQC = true;
-		        if (checkQcEuCompliance)
-		        	checkQC = true;
-		        
-	        	qcSourceTSL = false;
-	        }
-	        else {
-	        	checkQC = true;
-	        	qcSourceTSL = true;
-	        }
-	        
-//	        System.out.println("chain[0]: " + chain[0]);
-//	        
-//	        System.out.println("checkQCFromTSL: " + checkQCFromTSL);
-//	        System.out.println("checkSSCDFromTSL: " + checkSSCDFromTSL);
-//	        System.out.println("checkQCPPlus: " + checkQCPPlus);
-//	        System.out.println("checkQcEuSSCD: " + checkQcEuSSCD);
+    
+
+    // QC/SSCD check
+    List list = result.getCertificateValidationResult().getCertificateChain();
+    if (list != null) {
+        X509Certificate[] chain = new X509Certificate[list.size()];
+        
+        Iterator it = list.iterator();
+        int i = 0;
+        while(it.hasNext()) {
+        	chain[i] = (X509Certificate)it.next();
+        	i++;
         }
-      } 
+        
+        qcsscdresult = CertificateUtils.checkQCSSCD(chain, tp.isTSLEnabled());
     }
-   catch (TSLEngineDiedException e) {
-    	MessageProvider msg = MessageProvider.getInstance();
-        Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
-	} catch (TSLSearchException e) {
-    	MessageProvider msg = MessageProvider.getInstance();
-        Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
-	}
+    	
 
+    // get signer certificate issuer country code
+    String issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0));
+    
     // swap back in the request as root document
     if (requestElement != signatureEnvironment.getElement()) {
       requestElement.getOwnerDocument().replaceChild(
@@ -325,14 +270,9 @@ public class XMLSignatureVerificationInvoker {
     TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId());
     CheckResult certificateCheck = validateSignerCertificate(result, trustProfile);
 
-//    System.out.println("checkQC: " + checkQC);
-//    System.out.println("qcSourceTSL: " + qcSourceTSL);
-//    System.out.println("checkSSCD: " + checkSSCD);
-//    System.out.println("sscdSourceTSL: " + sscdSourceTSL);
 
     // build the response
-    responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck, checkQC, qcSourceTSL, checkSSCD, sscdSourceTSL, tp.isTSLEnabled());
-
+    responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), tp.isTSLEnabled(), issuerCountryCode);
     return responseBuilder.getResponse();
   }
 
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java
index 49f715cb8..07da0a998 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java
@@ -83,6 +83,15 @@ public class TSLConnector implements TSLConnectorInterface {
 		return updateAndGetQualifiedCACertificates(dateTime, null, serviceLevelStatus);
 	}
 	
+	public void updateTSLs(Date dateTime,
+			String[] serviceLevelStatus) throws TSLEngineDiedException, TSLSearchException {
+		
+		if (Configurator.is_isInitialised() == false)
+			new TSLEngineFatalException("The TSL Engine is not initialized!");
+		
+		updateTSLs(dateTime, null, serviceLevelStatus);
+	}
+	
 	public ArrayList<File> updateAndGetQualifiedCACertificates(Date dateTime,
 			String[] countries, String[] serviceLevelStatus) throws TSLEngineDiedException, TSLSearchException {
 		
@@ -326,6 +335,249 @@ public class TSLConnector implements TSLConnectorInterface {
 		return getQualifiedCACertificates(dateTime, countries, serviceLevelStatus);
 	}
 
+	public void updateTSLs(Date dateTime,
+			String[] countries, String[] serviceLevelStatus) throws TSLEngineDiedException, TSLSearchException {
+		
+		if (Configurator.is_isInitialised() == false)
+			new TSLEngineFatalException("The TSL Engine is not initialized!");
+
+		String tsldownloaddir = Configurator.get_TSLWorkingDirectoryPath() + "TslDownload";
+		
+//		String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");
+//		System.out.println("hashcachedir: " + hashcachedir);
+//		if (hashcachedir==null)
+//			hashcachedir = DEFAULT_HASHCACHE_DIR;
+
+//		File hashcachefile = new File(hashcachedir);
+//		File[] filelist = hashcachefile.listFiles();
+//		if (filelist != null) {
+//			for (File f : filelist)
+//				f.delete();
+//		}
+	
+		File tsldownloadfile = new File(tsldownloaddir);
+		if (!tsldownloadfile.exists()) {
+			tsldownloadfile.mkdir();
+		}
+		File[] tslfilelist = tsldownloadfile.listFiles();
+		if (tslfilelist != null) {
+			for (File f : tslfilelist)
+				f.delete();
+		}
+		
+		//create sqlLite database
+		File dbFile = new File(Configurator.get_TempdbFile());
+		try {
+			dbFile.delete();
+			dbFile.createNewFile();
+		} catch (IOException e) {
+			throw new TSLEngineDiedException("Could not create temporary data base file", e);
+		}
+		
+		//the TSL library uses the iaik.util.logging environment.
+		//iaik.util.logging.Log.setLogLevel(iaik.util.logging.LogLevels.WARN);
+		iaik.util.logging.Log.setLogLevel(iaik.util.logging.LogLevels.OFF);
+		
+		log.info("Starting EU TSL import.");
+
+		// Certificates in Germany, Estonia, Greece, Cyprus,
+		// Lithuainia, Hungary, Poland, Finland, Norway use SURNAME
+		log.debug("### SURNAME registered as " + ObjectID.surName + " ###");
+		RFC2253NameParser.register("SURNAME", ObjectID.surName);
+
+		XSecProvider.addAsProvider(false);
+
+		TSLEngine tslEngine;
+		TslSqlConnectionWrapper connection = null;
+
+		try {
+			// register the Https JSSE Wrapper
+			TLS.register();
+			log.trace("### Https JSSE Wrapper registered ###");
+			
+
+			log.debug("### Connect to Database.###");
+			connection = DbTables.connectToDatabaBase(dbFile, MODE.AUTO_COMMIT_ON);
+
+			log.trace("### Connected ###");
+
+			// empty the database and recreate the tables
+			tslEngine = new TSLEngine(dbFile, Configurator.get_TSLWorkingDirectoryPath(), 
+					connection, true, true);
+			
+		} catch (TSLEngineFatalException e1) {
+			throw new TSLEngineDiedException(e1);
+			
+		}
+
+		// H.2.2.1 Same-scheme searching
+		// H.2.2.2 Known scheme searching
+		// H.2.2.3 "Blind" (unknown) scheme searching
+		Number tId = null;
+		Countries euTerritory = Countries.EU;
+		TSLImportContext topLevelTslContext = new TSLEUImportFromFileContext(
+			euTerritory, Configurator.get_euTSLURL(), Configurator.get_TSLWorkingDirectoryPath(), 
+			Configurator.is_sqlMultithreaded(), 
+			Configurator.is_throwExceptions(), Configurator.is_logExceptions(), 
+			Configurator.is_throwWarnings(), Configurator.is_logWarnings(), 
+			Configurator.is_nullRedundancies());
+
+		TSLEngineEU tslengineEU;
+		try {
+			tslengineEU = tslEngine.new TSLEngineEU();
+			
+		} catch (TSLEngineFatalException e1) {
+			throw new TSLEngineDiedException(e1);
+		}
+
+		// establish EU TSL trust anchor
+		ListIterator<java.security.cert.X509Certificate> expectedEuTslSignerCerts =
+			tslEngine.loadCertificatesFromResource(
+			Configurator.get_euTrustAnchorsPath(), topLevelTslContext);
+
+		log.debug("Process EU TSL");
+		// process the EU TSL to receive the pointers to the other TSLs
+		// and the trust anchors for the TSL signers
+		Set<Entry<Number, LocationAndCertHash>> pointersToMsTSLs = null;
+		
+		try {
+			
+			tId = tslengineEU.processEUTSL(topLevelTslContext, expectedEuTslSignerCerts);
+			log.info("Process EU TSL finished");
+			
+			log.debug(Thread.currentThread() + " waiting for other threads ...");
+			
+			topLevelTslContext.waitForAllOtherThreads();
+			log.debug(Thread.currentThread()
+				+ " reactivated after other threads finished ...");
+
+
+			// get the TSLs pointed from the EU TSL
+			LinkedHashMap<Number, LocationAndCertHash> tslMap = tslengineEU
+				.getOtherTslMap(tId, topLevelTslContext);
+
+			pointersToMsTSLs = tslMap.entrySet();
+			
+			//set Errors and Warrnings
+			
+		} catch (TSLEngineFatalRuntimeException e) {
+			throw new TSLEngineDiedException(topLevelTslContext.dumpFatals());
+			
+		} catch (TSLTransactionFailedRuntimeException e) {
+			throw new TSLEngineDiedException(topLevelTslContext.dumpTransactionFaliures());
+		}
+
+		//Backup implementation if the EU TSL includes a false signer certificate 
+		// establish additional trust anchors for member states
+//			Countries[] countriesWithPotentiallyWrongCertsOnEuTsl = {
+//				Countries.CZ,
+//				Countries.LU,
+//				Countries.ES,
+//				Countries.AT,
+//			};
+		Countries[] countriesWithPotentiallyWrongCertsOnEuTsl = {};
+
+		Map<Countries, java.util.ListIterator<java.security.cert.X509Certificate>>
+			trustAnchorsWrongOnEuTsl = loadCertificatesFromResource(
+					Configurator.get_msTrustAnchorsPath(), tslEngine, topLevelTslContext,
+					countriesWithPotentiallyWrongCertsOnEuTsl);
+
+		log.info("Starting EU member TSL import.");
+		
+		for (Entry<Number, LocationAndCertHash> entry : pointersToMsTSLs) {
+
+			TSLImportContext msTslContext;
+			
+			Countries expectedTerritory = entry.getValue().getSchemeTerritory();
+			try {
+				
+//				if (expectedTerritory.equals("RO"))
+//					System.out.println("Stop");
+				
+				Number otpId = entry.getKey();
+				LocationAndCertHash lac = entry.getValue();
+
+				URL uriReference = null;
+				try {
+					uriReference = new URL(lac.getUrl());
+					
+				} catch (MalformedURLException e) {
+					log.warn("Could not process: " + uriReference, e);
+					continue;
+				}
+
+				String baseURI = uriReference == null ? "" : "" + uriReference;
+
+				msTslContext = new TSLImportFromFileContext(
+					expectedTerritory, uriReference, otpId, Configurator.get_TSLWorkingDirectoryPath(),
+					Configurator.is_sqlMultithreaded(),
+					Configurator.is_throwExceptions(), Configurator.is_logExceptions(), 
+					Configurator.is_throwWarnings(), Configurator.is_logWarnings(), 
+					Configurator.is_nullRedundancies(), baseURI, trustAnchorsWrongOnEuTsl, 
+					topLevelTslContext);
+
+				ListIterator<X509Certificate> expectedTslSignerCerts = null;
+				expectedTslSignerCerts = tslEngine.getCertificates(lac, msTslContext);
+
+				if (expectedTslSignerCerts == null) {
+					
+					// no signer certificate on the EU TSL
+					// ignore this msTSL and log a warning
+					log.warn("NO signer certificate found on EU TSL! " 
+							+ lac.getSchemeTerritory() + "TSL ignored.");
+					
+				}
+				else {
+					tslEngine.processMSTSL(topLevelTslContext, msTslContext, expectedTslSignerCerts);
+				}
+				
+			} catch (TSLExceptionB e) {
+				log.warn("Failed to process TSL. " + entry.getValue().getSchemeTerritory() 
+						+ " TSL ignored.");
+				log.debug("Failed to process TSL. " + entry, e);
+				continue;
+			} catch (TSLRuntimeException e) {
+				log.warn("Failed to process TSL. " + entry.getValue().getSchemeTerritory()
+						+ " TSL ignored.");
+				log.debug("Failed to process TSL. " + entry, e);
+				continue;
+			}				
+		}
+				
+		log.debug(Thread.currentThread() + " waiting for other threads ...");
+		topLevelTslContext.waitForAllOtherThreads();
+
+		log.debug(_.dumpAllThreads());
+		log.debug(Thread.currentThread() + " reactivated after other threads finished ...");
+		
+		connection = null;
+		try {
+			connection = DbTables.connectToDatabaBase(dbFile, MODE.AUTO_COMMIT_ON);				
+			tslEngine.recreateTablesInvalidatedByImport(connection);
+			
+			
+			//TODO: implement database copy operation!
+			File working_database = new File(Configurator.get_dbFile());
+			working_database.delete();
+			copy(dbFile, working_database);
+
+			
+		} catch (TSLEngineFatalException e) {
+			throw new TSLEngineDiedException(e);
+			
+		} finally {
+			try {
+				connection.closeConnection();
+				
+			} catch (TSLEngineFatalException e) {
+				throw new TSLEngineDiedException(e);
+				
+			}
+		}
+		
+		//return getQualifiedCACertificates(dateTime, countries, serviceLevelStatus);
+	}
+
 	public ArrayList<File> getQualifiedCACertificates(Date dateTime,
 			String[] serviceLevelStatus) throws TSLEngineDiedException,
 			TSLSearchException {
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
index 76be8217a..0cb18a08e 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
@@ -33,13 +33,14 @@ import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStorePro
 import at.gv.egovernment.moa.spss.server.logging.TransactionId;
 import at.gv.egovernment.moa.spss.tsl.connector.TSLConnector;
 import at.gv.egovernment.moa.spss.util.MessageProvider;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.StringUtils;
 
 
 public class TSLUpdaterTimerTask extends TimerTask {
 	
 	public static TSLConnector tslconnector_;
+	
+	public static ConfigurationData configData_ = null;
 
 	@Override
 	public void run() {
@@ -49,10 +50,6 @@ public class TSLUpdaterTimerTask extends TimerTask {
 		} catch (TSLEngineDiedException e) {
 			MessageProvider msg = MessageProvider.getInstance();
 			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
-
-			// 		TODO wenn update nicht erfolgreich, dann soll TSL-Trustprofil nicht zur 
-			// Verfügung stehen?
-			
 		} catch (TSLSearchException e) {
 			MessageProvider msg = MessageProvider.getInstance();
 			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
@@ -68,105 +65,138 @@ public class TSLUpdaterTimerTask extends TimerTask {
 		} catch (TrustStoreException e) {
 			MessageProvider msg = MessageProvider.getInstance();
 			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
-		} catch (CertificateException e) {
+		}  catch (FileNotFoundException e) {
 			MessageProvider msg = MessageProvider.getInstance();
 			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
-		} catch (FileNotFoundException e) {
+		} catch (IOException e) {
 			MessageProvider msg = MessageProvider.getInstance();
 			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
-		} catch (IOException e) {
+		} catch (CertificateException e) {
 			MessageProvider msg = MessageProvider.getInstance();
 			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
 		}
 
 	}
 	
-	public static void update() throws TSLEngineDiedException, TSLSearchException, ConfigurationException, MOAApplicationException, CertStoreException, TrustStoreException, CertificateException, FileNotFoundException, IOException {
+	public static void update() throws TSLEngineDiedException, TSLSearchException, ConfigurationException, MOAApplicationException, CertStoreException, TrustStoreException, CertificateException, IOException {
 		MessageProvider msg = MessageProvider.getInstance();
 		
-		//get TSl configuration
-		ConfigurationProvider config = ConfigurationProvider.getInstance();
-		ConfigurationData configData = new IaikConfigurator().configure(config);
-		TSLConfiguration tslconfig = config.getTSLConfiguration();
-		if (tslconfig != null) {
-			
-			Logger.info(new LogMsg(msg.getMessage("config.42", null)));
+		//TrustProfile tp = null;
+		TrustStoreProfile tsp = null;
+		StoreUpdater storeUpdater = null;
+		TransactionId tid = null;
+		
+			//get TSl configuration
+			ConfigurationProvider config = ConfigurationProvider.getInstance();
+			if (configData_ == null)
+				configData_ = new IaikConfigurator().configure(config);
 			
-			// get certstore parameters
-			CertStoreParameters[] certStoreParameters = configData.getPKIConfiguration().getCertStoreConfiguration().getParameters();
+			TSLConfiguration tslconfig = config.getTSLConfiguration();
+			if (tslconfig != null) {
 				
-			// iterate over all truststores
-			Map mapTrustProfiles = config.getTrustProfiles();
-			Iterator it = mapTrustProfiles.entrySet().iterator();
-			while (it.hasNext()) {
-				Map.Entry pairs = (Map.Entry)it.next();
-				TrustProfile tp = (TrustProfile) pairs.getValue();
-				if (tp.isTSLEnabled()) {
-					TrustStoreProfile tsp = new TrustStoreProfileImpl(config, tp.getId());
-					TrustStoreProfile[] trustStoreProfiles = new TrustStoreProfile[1];
-					trustStoreProfiles[0] = tsp;
-					
-					Logger.debug(new LogMsg(msg.getMessage("config.43", new String[]{tp.getId()})));
-		         
-					TransactionId tid = new TransactionId("TSLConfigurator-" + tp.getId());
-					ArrayList tsl_certs = null;
-					if (StringUtils.isEmpty(tp.getCountries())) {
-						Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
-
-						// get certificates from TSL from all countries
-						tsl_certs = tslconnector_.updateAndGetQualifiedCACertificates(new Date(), new String[]{"accredited","undersupervision"});
-					}
-					else {
-						Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
-						// get selected countries as array
-						String countries = tp.getCountries();
-						String[] array = countries.split(",");
-						for (int i = 0; i < array.length; i++)
-							array[i] = array[i].trim();
-		                	  
-						// get certificates from TSL from given countries
-						tsl_certs = tslconnector_.updateAndGetQualifiedCACertificates(new Date(), array, new String[]{"accredited","undersupervision"});
-					}
-					
-					// create store updater for each TSL enabled truststore 
-					Logger.debug(new LogMsg(msg.getMessage("config.45", null)));
-					StoreUpdater storeUpdater = new StoreUpdater(certStoreParameters, trustStoreProfiles, tid);
-					
-		            
-					// delete files in trustprofile
-					File ftp = new File(tp.getUri());
-					File[] files = ftp.listFiles();
-					for (File file : files) 
-			              file.delete();   
+				tslconnector_.updateTSLs(new Date(), new String[]{"accredited","undersupervision"});
+				
+				Logger.info(new LogMsg(msg.getMessage("config.42", null)));
+				
+				// get certstore parameters
+				CertStoreParameters[] certStoreParameters = configData_.getPKIConfiguration().getCertStoreConfiguration().getParameters();
 					
-					// convert ArrayList<File> to X509Certificate[]										
-					X509Certificate[] addCertificates = new X509Certificate[tsl_certs.size()];
-					Iterator itcert = tsl_certs.iterator();
-					int i = 0;
-					while(itcert.hasNext()) {
-						File f = (File)itcert.next();
-						X509Certificate cert = new X509Certificate(new FileInputStream(f));
-						addCertificates[i] = cert;
+				// iterate over all truststores
+				Map mapTrustProfiles = config.getTrustProfiles();
+				Iterator it = mapTrustProfiles.entrySet().iterator();
+				while (it.hasNext()) {
+					Map.Entry pairs = (Map.Entry)it.next();
+					TrustProfile tp = (TrustProfile) pairs.getValue();
+					if (tp.isTSLEnabled()) {
+						tsp = new TrustStoreProfileImpl(config, tp.getId());
+						TrustStoreProfile[] trustStoreProfiles = new TrustStoreProfile[1];
+						trustStoreProfiles[0] = tsp;
+						
+						Logger.debug(new LogMsg(msg.getMessage("config.43", new String[]{tp.getId()})));
+			         
+						tid = new TransactionId("TSLConfigurator-" + tp.getId());
+						ArrayList tsl_certs = null;
+						if (StringUtils.isEmpty(tp.getCountries())) {
+							Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
+	
+							// get certificates from TSL from all countries
+							tsl_certs = tslconnector_.getQualifiedCACertificates(new Date(), new String[]{"accredited","undersupervision"});
+						}
+						else {
+							Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
+							// get selected countries as array
+							String countries = tp.getCountries();
+							String[] array = countries.split(",");
+							for (int i = 0; i < array.length; i++)
+								array[i] = array[i].trim();
+			                	  
+							// get certificates from TSL from given countries
+							tsl_certs = tslconnector_.getQualifiedCACertificates(new Date(), array, new String[]{"accredited","undersupervision"});
+						}
+						
+						// create store updater for each TSL enabled truststore 
+						Logger.debug(new LogMsg(msg.getMessage("config.45", null)));
+						storeUpdater = new StoreUpdater(certStoreParameters, trustStoreProfiles, tid);
+						
+						// delete files in trustprofile
+						
+						File ftp = new File(tp.getUri());
+						File[] files = ftp.listFiles();
+						X509Certificate[] removeCertificates = new X509Certificate[files.length];
+						int i = 0;
+						for (File file : files) {
+							FileInputStream fis = new FileInputStream(file);
+							removeCertificates[i] = new X509Certificate(fis);
+							i++;
+							fis.close();
+								//file.delete();
+						}
+						
+						// remove all certificates
+						storeUpdater.removeCertificatesFromTrustStores(removeCertificates, tid);
+						storeUpdater.removeCertificatesFromCertStores(removeCertificates, tid);
+						
 						
-						i++;
+						// copy files from original trustAnchorsLocURI into tslworking trust profile
+				    	File src = new File(tp.getUriOrig());
+				    	files = src.listFiles();
+				    	X509Certificate[] addCertificates = new X509Certificate[files.length];
+				    	i = 0;
+				        for (File file : files) {
+				        	FileInputStream fis = new FileInputStream(file);
+				        	addCertificates[i] = new X509Certificate(fis);
+				        	//FileUtils.copyFile(file, new File(tp.getUri(), file.getName()));
+				        	i++;
+				        	fis.close();
+				        }
+						
+				        // convert ArrayList<File> to X509Certificate[]										
+						X509Certificate[] addCertificatesTSL = new X509Certificate[tsl_certs.size()];
+						Iterator itcert = tsl_certs.iterator();
+						i = 0;
+						File f = null;
+						while(itcert.hasNext()) {
+							f = (File)itcert.next();
+							FileInputStream fis = new FileInputStream(f);
+							X509Certificate cert = new X509Certificate(fis);
+							addCertificatesTSL[i] = cert;
+								
+							i++;
+							fis.close();
+						}
+						  
+						Logger.debug(new LogMsg("Add " + addCertificatesTSL.length + " certificates."));
+						storeUpdater.addCertificatesToTrustStores(addCertificatesTSL, tid);
+						storeUpdater.addCertificatesToCertStores(addCertificatesTSL, tid);
+						
+						Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));
+						storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
+						storeUpdater.addCertificatesToCertStores(addCertificates, tid);
+			
+			            
 					}
-					
-					
-					// copy files from original trustAnchorsLocURI into tslworking trust profile
-			    	File src = new File(tp.getUriOrig());
-			    	files = src.listFiles();                    
-			        for (File file : files) { 
-			            FileUtils.copyFile(file, new File(tp.getUri(), file.getName()));  
-			        } 
-			          
-					Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));
-					storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
-					storeUpdater.addCertificatesToCertStores(addCertificates, tid);
-		
-		            
 				}
 			}
-		}
 		
 
 		
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
new file mode 100644
index 000000000..544ea916c
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
@@ -0,0 +1,286 @@
+package at.gv.egovernment.moa.spss.util;
+
+import iaik.asn1.ObjectID;
+import iaik.asn1.structures.Name;
+import iaik.asn1.structures.PolicyInformation;
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
+import iaik.x509.X509Certificate;
+import iaik.x509.X509ExtensionInitException;
+import iaik.x509.extensions.CertificatePolicies;
+import iaik.x509.extensions.qualified.QCStatements;
+import iaik.x509.extensions.qualified.structures.QCStatement;
+import iaik.x509.extensions.qualified.structures.etsi.QcEuCompliance;
+import iaik.x509.extensions.qualified.structures.etsi.QcEuSSCD;
+import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;
+import iaik.xml.crypto.tsl.ex.TSLSearchException;
+
+import java.security.Principal;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.tsl.timer.TSLUpdaterTimerTask;
+
+public class CertificateUtils {
+	
+	
+	/**
+	 * Verifies if the given certificate contains QCP+ statement
+	 * @param cert X509Certificate
+	 * @return true if the given certificate contains QCP+ statement, else false
+	 */
+	private static boolean checkQCPPlus(X509Certificate cert) {
+		Logger.debug("Checking QCP+ extension");
+		String OID_QCPPlus = "0.4.0.1456.1.1";
+		try {
+			CertificatePolicies certPol = (CertificatePolicies) cert.getExtension(CertificatePolicies.oid);
+			if (certPol == null) {
+				Logger.debug("No CertificatePolicies extension found");
+				return false;
+			}
+			
+			PolicyInformation[] polInfo = certPol.getPolicyInformation();
+			if (polInfo == null) {
+				Logger.debug("No policy information found");
+				return false;
+			}
+			
+			for (int i = 0; i < polInfo.length; i++) {
+				ObjectID oid = polInfo[i].getPolicyIdentifier();
+				String oidStr = oid.getID();
+				if (oidStr.compareToIgnoreCase(OID_QCPPlus) == 0) {
+					Logger.debug("QCP+ extension found");
+					return true;
+				}
+			}
+			
+			Logger.debug("No QCP+ extension found");
+			
+			return false;
+		} catch (X509ExtensionInitException e) {
+			Logger.debug("No QCP+ extension found");
+			
+			return false;
+		}
+		
+	}
+	
+	/**
+	 * Verifies if the given certificate contains QCP statement
+	 * @param cert X509Certificate
+	 * @return true if the given certificate contains QCP statement, else false
+	 */
+	private static boolean checkQCP(X509Certificate cert) {
+		Logger.debug("Checking QCP extension");
+		String OID_QCP = "0.4.0.1456.1.2";
+		try {
+			CertificatePolicies certPol = (CertificatePolicies) cert.getExtension(CertificatePolicies.oid);
+			if (certPol == null) {
+				Logger.debug("No CertificatePolicies extension found");
+				return false;
+			}
+			
+			PolicyInformation[] polInfo = certPol.getPolicyInformation();
+			if (polInfo == null) {
+				Logger.debug("No policy information found");
+				return false;
+			}
+			
+			for (int i = 0; i < polInfo.length; i++) {
+				ObjectID oid = polInfo[i].getPolicyIdentifier();
+				String oidStr = oid.getID();
+				if (oidStr.compareToIgnoreCase(OID_QCP) == 0) {
+					Logger.debug("QCP extension found");
+					return true;
+				}
+				
+			}
+			
+			Logger.debug("No QCP extension found");
+			return false;
+
+		} catch (X509ExtensionInitException e) {
+			Logger.debug("No QCP extension found");
+			return false;
+		}
+		
+	}
+	
+	/**
+	 * Verifies if the given certificate contains QcEuCompliance statement
+	 * @param cert X509Certificate
+	 * @return true if the given certificate contains QcEuCompliance statement, else false
+	 */
+	private static boolean checkQcEuCompliance(X509Certificate cert) {
+		Logger.debug("Checking QcEUCompliance extension");
+		try {
+			QCStatements qcStatements = (QCStatements) cert.getExtension(QCStatements.oid);
+			
+			if (qcStatements == null) {
+				Logger.debug("No QcStatements extension found");
+				return false;
+			}
+			
+			QCStatement qcEuCompliance = qcStatements.getQCStatements(QcEuCompliance.statementID);
+			
+			if (qcEuCompliance != null) {
+				Logger.debug("QcEuCompliance extension found");
+				return true;
+			}
+			
+			Logger.debug("No QcEuCompliance extension found");
+			return false;
+
+		} catch (X509ExtensionInitException e) {
+			Logger.debug("No QcEuCompliance extension found");
+			return false;
+		}
+		
+	}
+	
+	/**
+	 * Verifies if the given certificate contains QcEuSSCD statement
+	 * @param cert X509Certificate
+	 * @return true if the given certificate contains QcEuSSCD statement, else false
+	 */
+	private static boolean checkQcEuSSCD(X509Certificate cert) {
+		Logger.debug("Checking QcEuSSCD extension");
+		try {
+			QCStatements qcStatements = (QCStatements) cert.getExtension(QCStatements.oid);
+			if (qcStatements == null) {
+				Logger.debug("No QcStatements extension found");
+				return false;
+			}
+			
+			QCStatement qcEuSSCD = qcStatements.getQCStatements(QcEuSSCD.statementID);
+			
+			if (qcEuSSCD != null) {
+				Logger.debug("QcEuSSCD extension found");
+				return true;
+			}
+						
+			Logger.debug("No QcEuSSCD extension found");
+			return false;
+
+		} catch (X509ExtensionInitException e) {
+			Logger.debug("No QcEuSSCD extension found");
+			return false;
+		}
+		
+	}
+
+	public static QCSSCDResult checkQCSSCD(X509Certificate[] chain, boolean isTSLenabledTrustprofile) {
+		
+		boolean qc = false;
+		boolean qcSourceTSL = false;
+		boolean sscd = false;
+		boolean sscdSourceTSL = false;
+		
+		try { 
+		
+			if (isTSLenabledTrustprofile) {
+				// perform QC check via TSL
+				boolean checkQCFromTSL = TSLUpdaterTimerTask.tslconnector_.checkQC(chain);
+				if (!checkQCFromTSL) { 
+					// if QC check via TSL returns false
+					// try certificate extensions QCP and QcEuCompliance
+					Logger.debug("QC check via TSL returned false - checking certificate extensions");
+			     	boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
+			        boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
+			        
+			        if (checkQCP || checkQcEuCompliance) {
+			        	Logger.debug("Certificate is QC (Source: Certificate)");
+			        	qc = true;			        	
+			        }
+			        
+		        	qcSourceTSL = false;
+		        }
+		        else {
+		        	// use TSL result
+		        	Logger.debug("Certificate is QC (Source: TSL)");
+		        	qc = true;
+		        	qcSourceTSL = true;
+		        }
+				
+				// perform SSCD check via TSL
+	        	boolean checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain);
+	        	if (!checkSSCDFromTSL) {
+	        		// if SSCD check via TSL returns false
+					// try certificate extensions QCP+ and QcEuSSCD			       
+	        		Logger.debug("SSCD check via TSL returned false - checking certificate extensions");
+		        	boolean checkQCPPlus = CertificateUtils.checkQCPPlus(chain[0]);
+			        boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD(chain[0]);
+			        
+			        if (checkQCPPlus || checkQcEuSSCD) {
+			        	Logger.debug("Certificate is SSCD (Source: Certificate)");
+			        	sscd = true;
+			        }
+			        
+		        	sscdSourceTSL = false;
+		        }
+		        else {
+		        	// use TSL result
+		        	Logger.debug("Certificate is SSCD (Source: TSL)");
+		        	sscd = true;
+		        	sscdSourceTSL = true;
+		        }
+	        	
+			}
+			else {
+				// Trustprofile is not TSL enabled - use certificate extensions only
+
+				// perform QC check
+				// try certificate extensions QCP and QcEuCompliance
+		     	boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
+		        boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
+		        
+		        if (checkQCP || checkQcEuCompliance)
+		        	qc = true;
+		        
+	        	qcSourceTSL = false;
+	        	
+	        	// perform SSCD check
+	        	// try certificate extensions QCP+ and QcEuSSCD			       
+	        	boolean checkQCPPlus = CertificateUtils.checkQCPPlus(chain[0]);
+		        boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD(chain[0]);
+		        
+		        if (checkQCPPlus || checkQcEuSSCD)
+		        	sscd = true;
+		        
+	        	sscdSourceTSL = false;
+			}
+		}
+		catch (TSLEngineDiedException e) {
+	    	MessageProvider msg = MessageProvider.getInstance();
+	        Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
+		} catch (TSLSearchException e) {
+	    	MessageProvider msg = MessageProvider.getInstance();
+	        Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
+		}
+		
+		QCSSCDResult result = new QCSSCDResult(qc, qcSourceTSL, sscd, sscdSourceTSL);
+		
+		return result;
+	}
+	
+	/**
+	    * Gets the country from the certificate issuer
+	    * @param cert X509 certificate
+	    * @return Country code from the certificate issuer
+	    */
+	   public static String getIssuerCountry(X509Certificate cert) {
+		   String country = null;
+		   Principal issuerdn = cert.getIssuerX500Principal();
+		   RFC2253NameParser nameParser = new RFC2253NameParser(issuerdn.getName());
+		   
+		   try {
+			   Name name = nameParser.parse();
+			   country = name.getRDN(ObjectID.country);
+		   } catch (RFC2253NameParserException e) {
+			   Logger.warn("Could not get country code from issuer.");
+		   }
+		   
+		    
+		   return country;
+	   }
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/QCSSCDResult.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/QCSSCDResult.java
new file mode 100644
index 000000000..99af84308
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/QCSSCDResult.java
@@ -0,0 +1,37 @@
+package at.gv.egovernment.moa.spss.util;
+
+public class QCSSCDResult {
+
+	private boolean qc;
+	private boolean qcSourceTSL;
+	
+	private boolean sscd;
+	private boolean sscdSourceTSL;
+	
+	public QCSSCDResult() {
+		this.qc = false;
+		this.qcSourceTSL = false;
+		this.sscd = false;
+		this.sscdSourceTSL = false;
+	}
+	
+	public QCSSCDResult(boolean qc, boolean qcSourceTSL, boolean sscd, boolean sscdSourceTSL) {
+		this.qc = qc;
+		this.qcSourceTSL = qcSourceTSL;
+		this.sscd = sscd;
+		this.sscdSourceTSL = sscdSourceTSL;
+	}
+	
+	public boolean isQC() {
+		return this.qc;
+	}
+	public boolean isQCSourceTSL() {
+		return this.qcSourceTSL;
+	}
+	public boolean isSSCD() {
+		return this.sscd;
+	}
+	public boolean isSSCDSourceTSL() {
+		return this.sscdSourceTSL;
+	}
+}
diff --git a/spss/server/serverws/pom.xml b/spss/server/serverws/pom.xml
index 101b16882..4372c76d0 100644
--- a/spss/server/serverws/pom.xml
+++ b/spss/server/serverws/pom.xml
@@ -38,7 +38,8 @@
                             <directory>${basedir}/resources/wsdl</directory>
                             <targetPath>resources/schemas</targetPath>
                             <includes>
-                                <inclulde>*.xsd</inclulde>
+                                <include>*.xsd</include>
+                                <include>*.wsdl</include>
                             </includes>
                         </resource>
                         <resource>
diff --git a/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.wsdl b/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.wsdl
deleted file mode 100644
index 135f26f68..000000000
--- a/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.wsdl
+++ /dev/null
@@ -1,128 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- 
-  Web Service Description for MOA SP/SS 1.4
--->
-<definitions xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
-	<import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="../resources/schemas/MOA-SPSS-1.5.2.xsd"/>
-	<message name="CreateCMSSignatureInput">
-		<part name="body" element="moa:CreateCMSSignatureRequest"/>
-	</message>
-	<message name="CreateCMSSignatureOutput">
-		<part name="body" element="moa:CreateCMSSignatureResponse"/>
-	</message>
-	<message name="CreateXMLSignatureInput">
-		<part name="body" element="moa:CreateXMLSignatureRequest"/>
-	</message>
-	<message name="CreateXMLSignatureOutput">
-		<part name="body" element="moa:CreateXMLSignatureResponse"/>
-	</message>
-	<message name="VerifyCMSSignatureInput">
-		<part name="body" element="moa:VerifyCMSSignatureRequest"/>
-	</message>
-	<message name="VerifyCMSSignatureOutput">
-		<part name="body" element="moa:VerifyCMSSignatureResponse"/>
-	</message>
-	<message name="VerifyXMLSignatureInput">
-		<part name="body" element="moa:VerifyXMLSignatureRequest"/>
-	</message>
-	<message name="VerifyXMLSignatureOutput">
-		<part name="body" element="moa:VerifyXMLSignatureResponse"/>
-	</message>
-	<message name="MOAFault">
-		<part name="body" element="moa:ErrorResponse"/>
-	</message>
-	<portType name="SignatureCreationPortType">
-		<operation name="createXMLSignature">
-			<input message="tns:CreateXMLSignatureInput"/>
-			<output message="tns:CreateXMLSignatureOutput"/>
-			<fault name="MOAFault" message="tns:MOAFault"/>
-		</operation>
-		<operation name="createCMSSignature">
-			<input message="tns:CreateCMSSignatureInput"/>
-			<output message="tns:CreateCMSSignatureOutput"/>
-			<fault name="MOAFault" message="tns:MOAFault"/>
-		</operation>
-	</portType>
-	<portType name="SignatureVerificationPortType">
-		<operation name="verifyCMSSignature">
-			<input message="tns:VerifyCMSSignatureInput"/>
-			<output message="tns:VerifyCMSSignatureOutput"/>
-			<fault name="MOAFault" message="tns:MOAFault"/>
-		</operation>
-		<operation name="verifyXMLSignature">
-			<input message="tns:VerifyXMLSignatureInput"/>
-			<output message="tns:VerifyXMLSignatureOutput"/>
-			<fault name="MOAFault" message="tns:MOAFault"/>
-		</operation>
-	</portType>
-	<binding name="SignatureCreationBinding" type="tns:SignatureCreationPortType">
-		<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
-		<operation name="createXMLSignature">
-			<soap:operation soapAction="urn:CreateXMLSignatureAction"/>
-			<input>
-				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-			</input>
-			<output>
-				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-			</output>
-			<fault name="MOAFault">
-				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-			</fault>
-		</operation>
-		<operation name="createCMSSignature">
-			<soap:operation soapAction="urn:CreateCMSSignatureAction"/>
-			<input>
-				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-			</input>
-			<output>
-				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-			</output>
-			<fault name="MOAFault">
-				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-			</fault>
-		</operation>
-	</binding>
-	<binding name="SignatureVerificationBinding" type="tns:SignatureVerificationPortType">
-		<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
-		<operation name="verifyCMSSignature">
-			<soap:operation soapAction="urn:VerifyCMSSignatureAction"/>
-			<input>
-				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-			</input>
-			<output>
-				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-			</output>
-			<fault name="MOAFault">
-				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-			</fault>
-		</operation>
-		<operation name="verifyXMLSignature">
-			<soap:operation soapAction="urn:VerifyXMLSignatureAction"/>
-			<input>
-				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-			</input>
-			<output>
-				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-			</output>
-			<fault name="MOAFault">
-				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-			</fault>
-		</operation>
-	</binding>
-	<service name="SignatureCreationService">
-		<port name="SignatureCreationPort" binding="tns:SignatureCreationBinding">
-			<!--
-        Please note that the location URL must be adapted to the actual service URL.
-      <soap:address location="http://localhost/moa-spss/services/SignatureCreation"/>
-      -->
-		</port>
-	</service>
-	<service name="SignatureVerificationService">
-		<port name="SignatureVerificationPort" binding="tns:SignatureVerificationBinding">
-			<!--
-        Please note that the location URL must be adapted to the actual service URL.
-      <soap:address location="http://localhost/moa-spss/services/SignatureVerification"/>
-      -->
-		</port>
-	</service>
-</definitions>
diff --git a/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.xsd b/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.xsd
deleted file mode 100644
index 06232f189..000000000
--- a/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.xsd
+++ /dev/null
@@ -1,551 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  MOA SP/SS 1.5.2 Schema
--->
-<xsd:schema xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.2">
-	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
-	<xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
-	<!--########## Create CMS Signature ###-->
-	<!--### Create CMS Signature Request ###-->
-	<xsd:element name="CreateCMSSignatureRequest">
-		<xsd:complexType>
-			<xsd:complexContent>
-				<xsd:extension base="CreateCMSSignatureRequestType"/>
-			</xsd:complexContent>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:complexType name="CreateCMSSignatureRequestType">
-		<xsd:sequence>
-			<xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
-			<xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
-				<xsd:annotation>
-					<xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="DataObjectInfo" maxOccurs="unbounded">
-							<xsd:complexType>
-								<xsd:complexContent>
-									<xsd:extension base="CMSDataObjectInfoType"/>
-								</xsd:complexContent>
-							</xsd:complexType>
-						</xsd:element>
-					</xsd:sequence>
-					<xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>
-				</xsd:complexType>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!--### Create CMS Signature Response ###-->
-	<xsd:element name="CreateCMSSignatureResponse" type="CreateCMSSignatureResponseType"/>
-	<xsd:complexType name="CreateCMSSignatureResponseType">
-		<xsd:choice maxOccurs="unbounded">
-			<xsd:annotation>
-				<xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage</xsd:documentation>
-			</xsd:annotation>
-			<xsd:element name="CMSSignature" type="xsd:base64Binary">
-				<xsd:annotation>
-					<xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element ref="ErrorResponse"/>
-		</xsd:choice>
-	</xsd:complexType>
-	<!--########## Create XML Signature ###-->
-	<!--### Create XML Signature Request ###-->
-	<xsd:element name="CreateXMLSignatureRequest">
-		<xsd:complexType>
-			<xsd:complexContent>
-				<xsd:extension base="CreateXMLSignatureRequestType"/>
-			</xsd:complexContent>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:complexType name="CreateXMLSignatureRequestType">
-		<xsd:sequence>
-			<xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
-			<xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
-				<xsd:annotation>
-					<xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="DataObjectInfo" maxOccurs="unbounded">
-							<xsd:complexType>
-								<xsd:complexContent>
-									<xsd:extension base="DataObjectInfoType">
-										<xsd:attribute name="ChildOfManifest" type="xsd:boolean" use="optional" default="false"/>
-									</xsd:extension>
-								</xsd:complexContent>
-							</xsd:complexType>
-						</xsd:element>
-						<xsd:element name="CreateSignatureInfo" minOccurs="0">
-							<xsd:complexType>
-								<xsd:sequence>
-									<xsd:element name="CreateSignatureEnvironment" type="ContentOptionalRefType"/>
-									<xsd:choice>
-										<xsd:annotation>
-											<xsd:documentation>Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil</xsd:documentation>
-										</xsd:annotation>
-										<xsd:element ref="CreateSignatureEnvironmentProfile"/>
-										<xsd:element name="CreateSignatureEnvironmentProfileID" type="ProfileIdentifierType"/>
-									</xsd:choice>
-								</xsd:sequence>
-							</xsd:complexType>
-						</xsd:element>
-					</xsd:sequence>
-					<xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>
-				</xsd:complexType>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!--### Create XML Signature Response ###-->
-	<xsd:complexType name="CreateXMLSignatureResponseType">
-		<xsd:choice maxOccurs="unbounded">
-			<xsd:annotation>
-				<xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage</xsd:documentation>
-			</xsd:annotation>
-			<xsd:element name="SignatureEnvironment">
-				<xsd:annotation>
-					<xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:any namespace="##any" processContents="lax"/>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element ref="ErrorResponse"/>
-		</xsd:choice>
-	</xsd:complexType>
-	<xsd:element name="CreateXMLSignatureResponse" type="CreateXMLSignatureResponseType"/>
-	<!--########## Verify CMS Signature ###-->
-	<!--### Verifiy CMS Signature Request ###-->
-	<xsd:element name="VerifyCMSSignatureRequest">
-		<xsd:complexType>
-			<xsd:complexContent>
-				<xsd:extension base="VerifyCMSSignatureRequestType">
-					<xsd:attribute name="Signatories" type="SignatoriesType" use="optional" default="1"/>
-				</xsd:extension>
-			</xsd:complexContent>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:complexType name="VerifyCMSSignatureRequestType">
-		<xsd:sequence>
-			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
-			<xsd:element name="CMSSignature" type="xsd:base64Binary"/>
-			<xsd:element name="DataObject" type="CMSDataObjectOptionalMetaType" minOccurs="0"/>
-			<xsd:element name="TrustProfileID" type="xsd:token">
-				<xsd:annotation>
-					<xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!--### Verify CMS Signature Response ###-->
-	<xsd:element name="VerifyCMSSignatureResponse" type="VerifyCMSSignatureResponseType"/>
-	<xsd:complexType name="VerifyCMSSignatureResponseType">
-		<xsd:sequence maxOccurs="unbounded">
-			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">
-				<xsd:annotation>
-					<xsd:documentation>only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="SignatureCheck" type="CheckResultType"/>
-			<xsd:element name="CertificateCheck" type="CheckResultType"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!--########## Verify XML Signature ###-->
-	<!--### Verify XML Signature Request ###-->
-	<xsd:element name="VerifyXMLSignatureRequest" type="VerifyXMLSignatureRequestType"/>
-	<xsd:complexType name="VerifyXMLSignatureRequestType">
-		<xsd:sequence>
-			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
-			<xsd:element name="VerifySignatureInfo">
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="VerifySignatureEnvironment" type="ContentOptionalRefType"/>
-						<xsd:element name="VerifySignatureLocation" type="xsd:token"/>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:choice minOccurs="0" maxOccurs="unbounded">
-				<xsd:element ref="SupplementProfile"/>
-				<xsd:element name="SupplementProfileID" type="xsd:string"/>
-			</xsd:choice>
-			<xsd:element name="SignatureManifestCheckParams" minOccurs="0">
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="ReferenceInfo" type="VerifyTransformsDataType" maxOccurs="unbounded">
-							<xsd:annotation>
-								<xsd:documentation>Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur.</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-					</xsd:sequence>
-					<xsd:attribute name="ReturnReferenceInputData" type="xsd:boolean" use="optional" default="true"/>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="ReturnHashInputData" minOccurs="0"/>
-			<xsd:element name="TrustProfileID" type="xsd:token">
-				<xsd:annotation>
-					<xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!--### Verify XML Signature Response ###-->
-	<xsd:element name="VerifyXMLSignatureResponse" type="VerifyXMLSignatureResponseType"/>
-	<xsd:complexType name="VerifyXMLSignatureResponseType">
-		<xsd:sequence>
-			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">
-				<xsd:annotation>
-					<xsd:documentation>only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="HashInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
-			<xsd:element name="ReferenceInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
-			<xsd:element name="SignatureCheck" type="ReferencesCheckResultType"/>
-			<xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" minOccurs="0"/>
-			<xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/>
-			<xsd:element name="CertificateCheck" type="CheckResultType"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:simpleType name="ProfileIdentifierType">
-		<xsd:restriction base="xsd:token"/>
-	</xsd:simpleType>
-	<xsd:complexType name="InputDataType">
-		<xsd:complexContent>
-			<xsd:extension base="ContentExLocRefBaseType">
-				<xsd:attribute name="PartOf" use="optional" default="SignedInfo">
-					<xsd:simpleType>
-						<xsd:restriction base="xsd:token">
-							<xsd:enumeration value="SignedInfo"/>
-							<xsd:enumeration value="XMLDSIGManifest"/>
-						</xsd:restriction>
-					</xsd:simpleType>
-				</xsd:attribute>
-				<xsd:attribute name="ReferringSigReference" type="xsd:nonNegativeInteger" use="optional"/>
-			</xsd:extension>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<xsd:complexType name="MetaInfoType">
-		<xsd:sequence>
-			<xsd:element name="MimeType" type="MimeTypeType"/>
-			<xsd:element name="Description" type="xsd:anyURI" minOccurs="0"/>
-			<xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="FinalDataMetaInfoType">
-		<xsd:complexContent>
-			<xsd:extension base="MetaInfoType">
-				<xsd:sequence>
-					<xsd:element name="Type" type="xsd:anyURI" minOccurs="0"/>
-				</xsd:sequence>
-			</xsd:extension>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<xsd:complexType name="DataObjectInfoType">
-		<xsd:sequence>
-			<xsd:element name="DataObject">
-				<xsd:complexType>
-					<xsd:complexContent>
-						<xsd:extension base="ContentOptionalRefType"/>
-					</xsd:complexContent>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:choice>
-				<xsd:annotation>
-					<xsd:documentation>Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil</xsd:documentation>
-				</xsd:annotation>
-				<xsd:element ref="CreateTransformsInfoProfile"/>
-				<xsd:element name="CreateTransformsInfoProfileID" type="ProfileIdentifierType"/>
-			</xsd:choice>
-		</xsd:sequence>
-		<xsd:attribute name="Structure" use="required">
-			<xsd:simpleType>
-				<xsd:restriction base="xsd:string">
-					<xsd:enumeration value="detached"/>
-					<xsd:enumeration value="enveloping"/>
-				</xsd:restriction>
-			</xsd:simpleType>
-		</xsd:attribute>
-	</xsd:complexType>
-	<xsd:complexType name="CMSDataObjectInfoType">
-		<xsd:sequence>
-			<xsd:element name="DataObject">
-				<xsd:complexType>
-					<xsd:complexContent>
-						<xsd:extension base="CMSDataObjectRequiredMetaType"/>
-					</xsd:complexContent>
-				</xsd:complexType>
-			</xsd:element>
-		</xsd:sequence>
-		<xsd:attribute name="Structure" use="required">
-			<xsd:simpleType>
-				<xsd:restriction base="xsd:string">
-					<xsd:enumeration value="detached"/>
-					<xsd:enumeration value="enveloping"/>
-				</xsd:restriction>
-			</xsd:simpleType>
-		</xsd:attribute>
-	</xsd:complexType>
-	<xsd:complexType name="TransformsInfoType">
-		<xsd:sequence>
-			<xsd:element ref="dsig:Transforms" minOccurs="0"/>
-			<xsd:element name="FinalDataMetaInfo" type="FinalDataMetaInfoType"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="XMLDataObjectAssociationType">
-		<xsd:sequence>
-			<xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
-			<xsd:element name="Content" type="ContentRequiredRefType"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="CMSDataObjectOptionalMetaType">
-		<xsd:sequence>
-			<xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
-			<xsd:element name="Content" type="CMSContentBaseType"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="CMSDataObjectRequiredMetaType">
-		<xsd:sequence>
-			<xsd:element name="MetaInfo" type="MetaInfoType"/>
-			<xsd:element name="Content" type="CMSContentBaseTypeLocRef"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="CMSContentBaseType">
-		<xsd:complexContent>
-			<xsd:restriction base="ContentOptionalRefType">
-				<xsd:choice minOccurs="0">
-					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
-				</xsd:choice>
-			</xsd:restriction>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<xsd:complexType name="CMSContentBaseTypeLocRef">
-		<xsd:complexContent>
-			<xsd:restriction base="ContentOptionalRefType">
-				<xsd:choice minOccurs="0">
-					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
-					<xsd:element name="LocRefContent" type="xsd:anyURI"/>
-				</xsd:choice>
-			</xsd:restriction>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<xsd:complexType name="CheckResultType">
-		<xsd:sequence>
-			<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
-			<xsd:element name="Info" type="AnyChildrenType" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="ReferencesCheckResultType">
-		<xsd:complexContent>
-			<xsd:restriction base="CheckResultType">
-				<xsd:sequence>
-					<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
-					<xsd:element name="Info" type="ReferencesCheckResultInfoType" minOccurs="0"/>
-				</xsd:sequence>
-			</xsd:restriction>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<xsd:complexType name="ReferencesCheckResultInfoType" mixed="true">
-		<xsd:complexContent>
-			<xsd:restriction base="AnyChildrenType">
-				<xsd:sequence>
-					<xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
-					<xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
-				</xsd:sequence>
-			</xsd:restriction>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<xsd:complexType name="ManifestRefsCheckResultType">
-		<xsd:complexContent>
-			<xsd:restriction base="CheckResultType">
-				<xsd:sequence>
-					<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
-					<xsd:element name="Info" type="ManifestRefsCheckResultInfoType"/>
-				</xsd:sequence>
-			</xsd:restriction>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<xsd:complexType name="ManifestRefsCheckResultInfoType" mixed="true">
-		<xsd:complexContent>
-			<xsd:restriction base="AnyChildrenType">
-				<xsd:sequence>
-					<xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
-					<xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
-					<xsd:element name="ReferringSigReference" type="xsd:positiveInteger"/>
-				</xsd:sequence>
-			</xsd:restriction>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<!--########## Error Response ###-->
-	<xsd:element name="ErrorResponse" type="ErrorResponseType">
-		<xsd:annotation>
-			<xsd:documentation>Resultat, falls die Signaturerstellung gescheitert ist</xsd:documentation>
-		</xsd:annotation>
-	</xsd:element>
-	<xsd:complexType name="ErrorResponseType">
-		<xsd:sequence>
-			<xsd:element name="ErrorCode" type="xsd:integer"/>
-			<xsd:element name="Info" type="xsd:string"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!--########## Auxiliary Types ###-->
-	<xsd:simpleType name="KeyIdentifierType">
-		<xsd:restriction base="xsd:string"/>
-	</xsd:simpleType>
-	<xsd:simpleType name="KeyStorageType">
-		<xsd:restriction base="xsd:string">
-			<xsd:enumeration value="Software"/>
-			<xsd:enumeration value="Hardware"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:simpleType name="MimeTypeType">
-		<xsd:restriction base="xsd:token"/>
-	</xsd:simpleType>
-	<xsd:complexType name="AnyChildrenType" mixed="true">
-		<xsd:sequence>
-			<xsd:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="XMLContentType" mixed="true">
-		<xsd:complexContent>
-			<xsd:extension base="AnyChildrenType">
-				<xsd:attribute ref="xml:space" use="optional"/>
-			</xsd:extension>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<xsd:complexType name="ContentBaseType">
-		<xsd:choice minOccurs="0">
-			<xsd:element name="Base64Content" type="xsd:base64Binary"/>
-			<xsd:element name="XMLContent" type="XMLContentType"/>
-			<xsd:element name="LocRefContent" type="xsd:anyURI"/>
-		</xsd:choice>
-	</xsd:complexType>
-	<xsd:complexType name="ContentExLocRefBaseType">
-		<xsd:complexContent>
-			<xsd:restriction base="ContentBaseType">
-				<xsd:choice minOccurs="0">
-					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
-					<xsd:element name="XMLContent" type="XMLContentType"/>
-				</xsd:choice>
-			</xsd:restriction>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<xsd:complexType name="ContentOptionalRefType">
-		<xsd:complexContent>
-			<xsd:extension base="ContentBaseType">
-				<xsd:attribute name="Reference" type="xsd:anyURI" use="optional"/>
-			</xsd:extension>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<xsd:complexType name="ContentRequiredRefType">
-		<xsd:complexContent>
-			<xsd:restriction base="ContentOptionalRefType">
-				<xsd:choice minOccurs="0">
-					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
-					<xsd:element name="XMLContent" type="XMLContentType"/>
-					<xsd:element name="LocRefContent" type="xsd:anyURI"/>
-				</xsd:choice>
-				<xsd:attribute name="Reference" type="xsd:anyURI" use="required"/>
-			</xsd:restriction>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<xsd:complexType name="VerifyTransformsDataType">
-		<xsd:choice maxOccurs="unbounded">
-			<xsd:annotation>
-				<xsd:documentation>Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen.</xsd:documentation>
-			</xsd:annotation>
-			<xsd:element ref="VerifyTransformsInfoProfile"/>
-			<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string">
-				<xsd:annotation>
-					<xsd:documentation>Profilbezeichner für einen Transformationsweg</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:choice>
-	</xsd:complexType>
-	<xsd:element name="QualifiedCertificate"/>
-	<xsd:element name="SecureSignatureCreationDevice"/>
-	<xsd:element name="PublicAuthority" type="PublicAuthorityType"/>
-	<xsd:complexType name="PublicAuthorityType">
-		<xsd:sequence>
-			<xsd:element name="Code" type="xsd:string" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:simpleType name="SignatoriesType">
-		<xsd:union memberTypes="AllSignatoriesType">
-			<xsd:simpleType>
-				<xsd:list itemType="xsd:positiveInteger"/>
-			</xsd:simpleType>
-		</xsd:union>
-	</xsd:simpleType>
-	<xsd:simpleType name="AllSignatoriesType">
-		<xsd:restriction base="xsd:string">
-			<xsd:enumeration value="all"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:complexType name="CreateSignatureLocationType">
-		<xsd:simpleContent>
-			<xsd:extension base="xsd:token">
-				<xsd:attribute name="Index" type="xsd:integer" use="required"/>
-			</xsd:extension>
-		</xsd:simpleContent>
-	</xsd:complexType>
-	<xsd:complexType name="TransformParameterType">
-		<xsd:choice minOccurs="0">
-			<xsd:annotation>
-				<xsd:documentation>Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann.</xsd:documentation>
-			</xsd:annotation>
-			<xsd:element name="Base64Content" type="xsd:base64Binary">
-				<xsd:annotation>
-					<xsd:documentation>Der Transformationsparameter explizit angegeben.</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="Hash">
-				<xsd:annotation>
-					<xsd:documentation>Der Hashwert des Transformationsparameters.</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element ref="dsig:DigestMethod"/>
-						<xsd:element ref="dsig:DigestValue"/>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-		</xsd:choice>
-		<xsd:attribute name="URI" type="xsd:anyURI" use="required"/>
-	</xsd:complexType>
-	<xsd:element name="CreateSignatureEnvironmentProfile">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element name="CreateSignatureLocation" type="CreateSignatureLocationType"/>
-				<xsd:element name="Supplement" type="XMLDataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="VerifyTransformsInfoProfile">
-		<xsd:annotation>
-			<xsd:documentation>Explizite Angabe des Transformationswegs</xsd:documentation>
-		</xsd:annotation>
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element ref="dsig:Transforms" minOccurs="0"/>
-				<xsd:element name="TransformParameter" type="TransformParameterType" minOccurs="0" maxOccurs="unbounded">
-					<xsd:annotation>
-						<xsd:documentation>Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird.</xsd:documentation>
-					</xsd:annotation>
-				</xsd:element>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="Supplement" type="XMLDataObjectAssociationType"/>
-	<xsd:element name="SupplementProfile" type="XMLDataObjectAssociationType"/>
-	<xsd:element name="CreateTransformsInfoProfile">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element name="CreateTransformsInfo" type="TransformsInfoType"/>
-				<xsd:element ref="Supplement" minOccurs="0" maxOccurs="unbounded"/>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-</xsd:schema>
diff --git a/spss/server/serverws/src/main/webapp/WEB-INF/server-config.wsdd b/spss/server/serverws/src/main/webapp/WEB-INF/server-config.wsdd
index eaa50865d..86d37c8bc 100644
--- a/spss/server/serverws/src/main/webapp/WEB-INF/server-config.wsdd
+++ b/spss/server/serverws/src/main/webapp/WEB-INF/server-config.wsdd
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  Axis Deployment Descriptor for MOA SP/SS 1.4
+  Axis Deployment Descriptor for MOA SP/SS 1.5
 -->
 <deployment name="defaultClientConfig"
             xmlns="http://xml.apache.org/axis/wsdd/"
@@ -16,10 +16,8 @@
     <namespace>http://reference.e-government.gv.at/namespace/moa/20020822#</namespace>
     <parameter name="allowedMethods" value="CreateCMSSignatureRequest CreateXMLSignatureRequest"/>
     <parameter name="className" value="at.gv.egovernment.moa.spss.server.service.SignatureCreationService"/>
-    <!-- TODO -->
-    <wsdlFile>C:\eclipse_workspaces\MOA_Git01\moa-idspss\spss\server\serverws\resources\wsdl\MOA-SPSS-1.5.2.wsdl</wsdlFile>
+    <wsdlFile>webapps/moa-spss/resources/schemas/MOA-SPSS-1.5.2.wsdl</wsdlFile>
     
-    <!-- <wsdlFile>/resources/wsdl/MOA-SPSS-1.5.2.wsdl</wsdlFile>-->
     <requestFlow>
       <handler type="MOAHandler"/>
     </requestFlow>
@@ -32,7 +30,7 @@
     <namespace>http://reference.e-government.gv.at/namespace/moa/20020822#</namespace>
     <parameter name="allowedMethods" value="VerifyCMSSignatureRequest VerifyXMLSignatureRequest"/>
     <parameter name="className" value="at.gv.egovernment.moa.spss.server.service.SignatureVerificationService"/>
-    <wsdlFile>/resources/wsdl/MOA-SPSS-1.5.2.wsdl</wsdlFile>
+        <wsdlFile>webapps/moa-spss/resources/schemas/MOA-SPSS-1.5.2.wsdl</wsdlFile>
     <requestFlow>
       <handler type="MOAHandler"/>
     </requestFlow>
-- 
cgit v1.2.3


From 69f2dfdf3e0b5d976df3cdece6a8ead4848d746a Mon Sep 17 00:00:00 2001
From: Klaus Stranacher <kstranacher@iaik.tugraz.at>
Date: Wed, 21 Aug 2013 19:02:57 +0200
Subject: Update standard configuration Update truststores and certstore Update
 wsdl location

---
 .../serverws/resources/wsdl/MOA-SPSS-1.5.2.wsdl    | 128 +++++
 .../serverws/resources/wsdl/MOA-SPSS-1.5.2.xsd     | 564 +++++++++++++++++++++
 2 files changed, 692 insertions(+)
 create mode 100644 spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.wsdl
 create mode 100644 spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.xsd

(limited to 'spss/server')

diff --git a/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.wsdl b/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.wsdl
new file mode 100644
index 000000000..135f26f68
--- /dev/null
+++ b/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.wsdl
@@ -0,0 +1,128 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- 
+  Web Service Description for MOA SP/SS 1.4
+-->
+<definitions xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+	<import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="../resources/schemas/MOA-SPSS-1.5.2.xsd"/>
+	<message name="CreateCMSSignatureInput">
+		<part name="body" element="moa:CreateCMSSignatureRequest"/>
+	</message>
+	<message name="CreateCMSSignatureOutput">
+		<part name="body" element="moa:CreateCMSSignatureResponse"/>
+	</message>
+	<message name="CreateXMLSignatureInput">
+		<part name="body" element="moa:CreateXMLSignatureRequest"/>
+	</message>
+	<message name="CreateXMLSignatureOutput">
+		<part name="body" element="moa:CreateXMLSignatureResponse"/>
+	</message>
+	<message name="VerifyCMSSignatureInput">
+		<part name="body" element="moa:VerifyCMSSignatureRequest"/>
+	</message>
+	<message name="VerifyCMSSignatureOutput">
+		<part name="body" element="moa:VerifyCMSSignatureResponse"/>
+	</message>
+	<message name="VerifyXMLSignatureInput">
+		<part name="body" element="moa:VerifyXMLSignatureRequest"/>
+	</message>
+	<message name="VerifyXMLSignatureOutput">
+		<part name="body" element="moa:VerifyXMLSignatureResponse"/>
+	</message>
+	<message name="MOAFault">
+		<part name="body" element="moa:ErrorResponse"/>
+	</message>
+	<portType name="SignatureCreationPortType">
+		<operation name="createXMLSignature">
+			<input message="tns:CreateXMLSignatureInput"/>
+			<output message="tns:CreateXMLSignatureOutput"/>
+			<fault name="MOAFault" message="tns:MOAFault"/>
+		</operation>
+		<operation name="createCMSSignature">
+			<input message="tns:CreateCMSSignatureInput"/>
+			<output message="tns:CreateCMSSignatureOutput"/>
+			<fault name="MOAFault" message="tns:MOAFault"/>
+		</operation>
+	</portType>
+	<portType name="SignatureVerificationPortType">
+		<operation name="verifyCMSSignature">
+			<input message="tns:VerifyCMSSignatureInput"/>
+			<output message="tns:VerifyCMSSignatureOutput"/>
+			<fault name="MOAFault" message="tns:MOAFault"/>
+		</operation>
+		<operation name="verifyXMLSignature">
+			<input message="tns:VerifyXMLSignatureInput"/>
+			<output message="tns:VerifyXMLSignatureOutput"/>
+			<fault name="MOAFault" message="tns:MOAFault"/>
+		</operation>
+	</portType>
+	<binding name="SignatureCreationBinding" type="tns:SignatureCreationPortType">
+		<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+		<operation name="createXMLSignature">
+			<soap:operation soapAction="urn:CreateXMLSignatureAction"/>
+			<input>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</input>
+			<output>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</output>
+			<fault name="MOAFault">
+				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</fault>
+		</operation>
+		<operation name="createCMSSignature">
+			<soap:operation soapAction="urn:CreateCMSSignatureAction"/>
+			<input>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</input>
+			<output>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</output>
+			<fault name="MOAFault">
+				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</fault>
+		</operation>
+	</binding>
+	<binding name="SignatureVerificationBinding" type="tns:SignatureVerificationPortType">
+		<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+		<operation name="verifyCMSSignature">
+			<soap:operation soapAction="urn:VerifyCMSSignatureAction"/>
+			<input>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</input>
+			<output>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</output>
+			<fault name="MOAFault">
+				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</fault>
+		</operation>
+		<operation name="verifyXMLSignature">
+			<soap:operation soapAction="urn:VerifyXMLSignatureAction"/>
+			<input>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</input>
+			<output>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</output>
+			<fault name="MOAFault">
+				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</fault>
+		</operation>
+	</binding>
+	<service name="SignatureCreationService">
+		<port name="SignatureCreationPort" binding="tns:SignatureCreationBinding">
+			<!--
+        Please note that the location URL must be adapted to the actual service URL.
+      <soap:address location="http://localhost/moa-spss/services/SignatureCreation"/>
+      -->
+		</port>
+	</service>
+	<service name="SignatureVerificationService">
+		<port name="SignatureVerificationPort" binding="tns:SignatureVerificationBinding">
+			<!--
+        Please note that the location URL must be adapted to the actual service URL.
+      <soap:address location="http://localhost/moa-spss/services/SignatureVerification"/>
+      -->
+		</port>
+	</service>
+</definitions>
diff --git a/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.xsd b/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.xsd
new file mode 100644
index 000000000..144918778
--- /dev/null
+++ b/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.xsd
@@ -0,0 +1,564 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  MOA SP/SS 1.5.2 Schema
+-->
+<xsd:schema xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.2">
+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+	<xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
+	<!--########## Create CMS Signature ###-->
+	<!--### Create CMS Signature Request ###-->
+	<xsd:element name="CreateCMSSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="CreateCMSSignatureRequestType"/>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="CreateCMSSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
+			<xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="DataObjectInfo">
+							<xsd:complexType>
+								<xsd:complexContent>
+									<xsd:extension base="CMSDataObjectInfoType"/>
+								</xsd:complexContent>
+							</xsd:complexType>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Create CMS Signature Response ###-->
+	<xsd:element name="CreateCMSSignatureResponse" type="CreateCMSSignatureResponseType"/>
+	<xsd:complexType name="CreateCMSSignatureResponseType">
+		<xsd:choice maxOccurs="unbounded">
+			<xsd:annotation>
+				<xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element name="CMSSignature" type="xsd:base64Binary">
+				<xsd:annotation>
+					<xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element ref="ErrorResponse"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<!--########## Create XML Signature ###-->
+	<!--### Create XML Signature Request ###-->
+	<xsd:element name="CreateXMLSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="CreateXMLSignatureRequestType"/>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="CreateXMLSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
+			<xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="DataObjectInfo" maxOccurs="unbounded">
+							<xsd:complexType>
+								<xsd:complexContent>
+									<xsd:extension base="DataObjectInfoType">
+										<xsd:attribute name="ChildOfManifest" type="xsd:boolean" use="optional" default="false"/>
+									</xsd:extension>
+								</xsd:complexContent>
+							</xsd:complexType>
+						</xsd:element>
+						<xsd:element name="CreateSignatureInfo" minOccurs="0">
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element name="CreateSignatureEnvironment" type="ContentOptionalRefType"/>
+									<xsd:choice>
+										<xsd:annotation>
+											<xsd:documentation>Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil</xsd:documentation>
+										</xsd:annotation>
+										<xsd:element ref="CreateSignatureEnvironmentProfile"/>
+										<xsd:element name="CreateSignatureEnvironmentProfileID" type="ProfileIdentifierType"/>
+									</xsd:choice>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Create XML Signature Response ###-->
+	<xsd:complexType name="CreateXMLSignatureResponseType">
+		<xsd:choice maxOccurs="unbounded">
+			<xsd:annotation>
+				<xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element name="SignatureEnvironment">
+				<xsd:annotation>
+					<xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:any namespace="##any" processContents="lax"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element ref="ErrorResponse"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:element name="CreateXMLSignatureResponse" type="CreateXMLSignatureResponseType"/>
+	<!--########## Verify CMS Signature ###-->
+	<!--### Verifiy CMS Signature Request ###-->
+	<xsd:element name="VerifyCMSSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="VerifyCMSSignatureRequestType">
+					<xsd:attribute name="Signatories" type="SignatoriesType" use="optional" default="1"/>
+				</xsd:extension>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="VerifyCMSSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+			<xsd:element name="CMSSignature" type="xsd:base64Binary"/>
+			<xsd:element name="DataObject" type="CMSDataObjectOptionalMetaType" minOccurs="0"/>
+			<xsd:element name="TrustProfileID" type="xsd:token">
+				<xsd:annotation>
+					<xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Verify CMS Signature Response ###-->
+	<xsd:element name="VerifyCMSSignatureResponse" type="VerifyCMSSignatureResponseType"/>
+	<xsd:complexType name="VerifyCMSSignatureResponseType">
+		<xsd:sequence maxOccurs="unbounded">
+			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+				<xsd:annotation>
+					<xsd:documentation>only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="SignatureCheck" type="CheckResultType"/>
+			<xsd:element name="CertificateCheck" type="CheckResultType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--########## Verify XML Signature ###-->
+	<!--### Verify XML Signature Request ###-->
+	<xsd:element name="VerifyXMLSignatureRequest" type="VerifyXMLSignatureRequestType"/>
+	<xsd:complexType name="VerifyXMLSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+			<xsd:element name="VerifySignatureInfo">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="VerifySignatureEnvironment" type="ContentOptionalRefType"/>
+						<xsd:element name="VerifySignatureLocation" type="xsd:token"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:choice minOccurs="0" maxOccurs="unbounded">
+				<xsd:element ref="SupplementProfile"/>
+				<xsd:element name="SupplementProfileID" type="xsd:string"/>
+			</xsd:choice>
+			<xsd:element name="SignatureManifestCheckParams" minOccurs="0">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ReferenceInfo" type="VerifyTransformsDataType" maxOccurs="unbounded">
+							<xsd:annotation>
+								<xsd:documentation>Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur.</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="ReturnReferenceInputData" type="xsd:boolean" use="optional" default="true"/>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="ReturnHashInputData" minOccurs="0"/>
+			<xsd:element name="TrustProfileID" type="xsd:token">
+				<xsd:annotation>
+					<xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Verify XML Signature Response ###-->
+	<xsd:element name="VerifyXMLSignatureResponse" type="VerifyXMLSignatureResponseType"/>
+	<xsd:complexType name="VerifyXMLSignatureResponseType">
+		<xsd:sequence>
+			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+				<xsd:annotation>
+					<xsd:documentation>only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="HashInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="ReferenceInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="SignatureCheck" type="ReferencesCheckResultType"/>
+			<xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" minOccurs="0"/>
+			<xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="CertificateCheck" type="CheckResultType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:simpleType name="ProfileIdentifierType">
+		<xsd:restriction base="xsd:token"/>
+	</xsd:simpleType>
+	<xsd:complexType name="InputDataType">
+		<xsd:complexContent>
+			<xsd:extension base="ContentExLocRefBaseType">
+				<xsd:attribute name="PartOf" use="optional" default="SignedInfo">
+					<xsd:simpleType>
+						<xsd:restriction base="xsd:token">
+							<xsd:enumeration value="SignedInfo"/>
+							<xsd:enumeration value="XMLDSIGManifest"/>
+						</xsd:restriction>
+					</xsd:simpleType>
+				</xsd:attribute>
+				<xsd:attribute name="ReferringSigReference" type="xsd:nonNegativeInteger" use="optional"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="MetaInfoType">
+		<xsd:sequence>
+			<xsd:element name="MimeType" type="MimeTypeType"/>
+			<xsd:element name="Description" type="xsd:anyURI" minOccurs="0"/>
+			<xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="FinalDataMetaInfoType">
+		<xsd:complexContent>
+			<xsd:extension base="MetaInfoType">
+				<xsd:sequence>
+					<xsd:element name="Type" type="xsd:anyURI" minOccurs="0"/>
+				</xsd:sequence>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="DataObjectInfoType">
+		<xsd:sequence>
+			<xsd:element name="DataObject">
+				<xsd:complexType>
+					<xsd:complexContent>
+						<xsd:extension base="ContentOptionalRefType"/>
+					</xsd:complexContent>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:choice>
+				<xsd:annotation>
+					<xsd:documentation>Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil</xsd:documentation>
+				</xsd:annotation>
+				<xsd:element ref="CreateTransformsInfoProfile"/>
+				<xsd:element name="CreateTransformsInfoProfileID" type="ProfileIdentifierType"/>
+			</xsd:choice>
+		</xsd:sequence>
+		<xsd:attribute name="Structure" use="required">
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="detached"/>
+					<xsd:enumeration value="enveloping"/>
+				</xsd:restriction>
+			</xsd:simpleType>
+		</xsd:attribute>
+	</xsd:complexType>
+	<xsd:complexType name="CMSDataObjectInfoType">
+		<xsd:sequence>
+			<xsd:element name="DataObject">
+				<xsd:complexType>
+					<xsd:complexContent>
+						<xsd:extension base="CMSDataObjectRequiredMetaType"/>
+					</xsd:complexContent>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+		<xsd:attribute name="Structure" use="required">
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="detached"/>
+					<xsd:enumeration value="enveloping"/>
+				</xsd:restriction>
+			</xsd:simpleType>
+		</xsd:attribute>
+	</xsd:complexType>
+	<xsd:complexType name="TransformsInfoType">
+		<xsd:sequence>
+			<xsd:element ref="dsig:Transforms" minOccurs="0"/>
+			<xsd:element name="FinalDataMetaInfo" type="FinalDataMetaInfoType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="XMLDataObjectAssociationType">
+		<xsd:sequence>
+			<xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
+			<xsd:element name="Content" type="ContentRequiredRefType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="CMSDataObjectOptionalMetaType">
+		<xsd:sequence>
+			<xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
+			<xsd:element name="Content" type="CMSContentBaseType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="CMSDataObjectRequiredMetaType">
+		<xsd:sequence>
+			<xsd:element name="MetaInfo" type="MetaInfoType"/>
+			<xsd:element name="Content" type="CMSContentBaseType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="CMSContentBaseType">
+		<xsd:complexContent>
+			<xsd:restriction base="ContentOptionalRefType">
+				<xsd:choice minOccurs="0">
+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+				</xsd:choice>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="CheckResultType">
+		<xsd:sequence>
+			<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+			<xsd:element name="Info" type="AnyChildrenType" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="ReferencesCheckResultType">
+		<xsd:complexContent>
+			<xsd:restriction base="CheckResultType">
+				<xsd:sequence>
+					<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+					<xsd:element name="Info" type="ReferencesCheckResultInfoType" minOccurs="0"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ReferencesCheckResultInfoType" mixed="true">
+		<xsd:complexContent>
+			<xsd:restriction base="AnyChildrenType">
+				<xsd:sequence>
+					<xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+					<xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ManifestRefsCheckResultType">
+		<xsd:complexContent>
+			<xsd:restriction base="CheckResultType">
+				<xsd:sequence>
+					<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+					<xsd:element name="Info" type="ManifestRefsCheckResultInfoType"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ManifestRefsCheckResultInfoType" mixed="true">
+		<xsd:complexContent>
+			<xsd:restriction base="AnyChildrenType">
+				<xsd:sequence>
+					<xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+					<xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
+					<xsd:element name="ReferringSigReference" type="xsd:positiveInteger"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<!--########## Error Response ###-->
+	<xsd:element name="ErrorResponse" type="ErrorResponseType">
+		<xsd:annotation>
+			<xsd:documentation>Resultat, falls die Signaturerstellung gescheitert ist</xsd:documentation>
+		</xsd:annotation>
+	</xsd:element>
+	<xsd:complexType name="ErrorResponseType">
+		<xsd:sequence>
+			<xsd:element name="ErrorCode" type="xsd:integer"/>
+			<xsd:element name="Info" type="xsd:string"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--########## Auxiliary Types ###-->
+	<xsd:simpleType name="KeyIdentifierType">
+		<xsd:restriction base="xsd:string"/>
+	</xsd:simpleType>
+	<xsd:simpleType name="KeyStorageType">
+		<xsd:restriction base="xsd:string">
+			<xsd:enumeration value="Software"/>
+			<xsd:enumeration value="Hardware"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:simpleType name="MimeTypeType">
+		<xsd:restriction base="xsd:token"/>
+	</xsd:simpleType>
+	<xsd:complexType name="AnyChildrenType" mixed="true">
+		<xsd:sequence>
+			<xsd:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="XMLContentType" mixed="true">
+		<xsd:complexContent>
+			<xsd:extension base="AnyChildrenType">
+				<xsd:attribute ref="xml:space" use="optional"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ContentBaseType">
+		<xsd:choice minOccurs="0">
+			<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+			<xsd:element name="XMLContent" type="XMLContentType"/>
+			<xsd:element name="LocRefContent" type="xsd:anyURI"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:complexType name="ContentExLocRefBaseType">
+		<xsd:complexContent>
+			<xsd:restriction base="ContentBaseType">
+				<xsd:choice minOccurs="0">
+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+					<xsd:element name="XMLContent" type="XMLContentType"/>
+				</xsd:choice>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ContentOptionalRefType">
+		<xsd:complexContent>
+			<xsd:extension base="ContentBaseType">
+				<xsd:attribute name="Reference" type="xsd:anyURI" use="optional"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ContentRequiredRefType">
+		<xsd:complexContent>
+			<xsd:restriction base="ContentOptionalRefType">
+				<xsd:choice minOccurs="0">
+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+					<xsd:element name="XMLContent" type="XMLContentType"/>
+					<xsd:element name="LocRefContent" type="xsd:anyURI"/>
+				</xsd:choice>
+				<xsd:attribute name="Reference" type="xsd:anyURI" use="required"/>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="VerifyTransformsDataType">
+		<xsd:choice maxOccurs="unbounded">
+			<xsd:annotation>
+				<xsd:documentation>Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen.</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element ref="VerifyTransformsInfoProfile"/>
+			<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string">
+				<xsd:annotation>
+					<xsd:documentation>Profilbezeichner für einen Transformationsweg</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:element name="QualifiedCertificate">
+		<xsd:complexType>
+			<xsd:attribute name="source" use="optional">
+				<xsd:simpleType>
+					<xsd:restriction base="xsd:token">
+						<xsd:enumeration value="TSL"/>
+						<xsd:enumeration value="Certificate"/>
+					</xsd:restriction>
+				</xsd:simpleType>
+			</xsd:attribute>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="SecureSignatureCreationDevice">
+		<xsd:complexType>
+			<xsd:attribute name="source" use="optional">
+				<xsd:simpleType>
+					<xsd:restriction base="xsd:token">
+						<xsd:enumeration value="TSL"/>
+						<xsd:enumeration value="Certificate"/>
+					</xsd:restriction>
+				</xsd:simpleType>
+			</xsd:attribute>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="IssuingCountry" type="xsd:token"/>
+	<xsd:element name="PublicAuthority" type="PublicAuthorityType"/>
+	<xsd:complexType name="PublicAuthorityType">
+		<xsd:sequence>
+			<xsd:element name="Code" type="xsd:string" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:simpleType name="SignatoriesType">
+		<xsd:union memberTypes="AllSignatoriesType">
+			<xsd:simpleType>
+				<xsd:list itemType="xsd:positiveInteger"/>
+			</xsd:simpleType>
+		</xsd:union>
+	</xsd:simpleType>
+	<xsd:simpleType name="AllSignatoriesType">
+		<xsd:restriction base="xsd:string">
+			<xsd:enumeration value="all"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:complexType name="CreateSignatureLocationType">
+		<xsd:simpleContent>
+			<xsd:extension base="xsd:token">
+				<xsd:attribute name="Index" type="xsd:integer" use="required"/>
+			</xsd:extension>
+		</xsd:simpleContent>
+	</xsd:complexType>
+	<xsd:complexType name="TransformParameterType">
+		<xsd:choice minOccurs="0">
+			<xsd:annotation>
+				<xsd:documentation>Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann.</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element name="Base64Content" type="xsd:base64Binary">
+				<xsd:annotation>
+					<xsd:documentation>Der Transformationsparameter explizit angegeben.</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="Hash">
+				<xsd:annotation>
+					<xsd:documentation>Der Hashwert des Transformationsparameters.</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element ref="dsig:DigestMethod"/>
+						<xsd:element ref="dsig:DigestValue"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:choice>
+		<xsd:attribute name="URI" type="xsd:anyURI" use="required"/>
+	</xsd:complexType>
+	<xsd:element name="CreateSignatureEnvironmentProfile">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="CreateSignatureLocation" type="CreateSignatureLocationType"/>
+				<xsd:element name="Supplement" type="XMLDataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="VerifyTransformsInfoProfile">
+		<xsd:annotation>
+			<xsd:documentation>Explizite Angabe des Transformationswegs</xsd:documentation>
+		</xsd:annotation>
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element ref="dsig:Transforms" minOccurs="0"/>
+				<xsd:element name="TransformParameter" type="TransformParameterType" minOccurs="0" maxOccurs="unbounded">
+					<xsd:annotation>
+						<xsd:documentation>Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird.</xsd:documentation>
+					</xsd:annotation>
+				</xsd:element>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="Supplement" type="XMLDataObjectAssociationType"/>
+	<xsd:element name="SupplementProfile" type="XMLDataObjectAssociationType"/>
+	<xsd:element name="CreateTransformsInfoProfile">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="CreateTransformsInfo" type="TransformsInfoType"/>
+				<xsd:element ref="Supplement" minOccurs="0" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+</xsd:schema>
-- 
cgit v1.2.3